Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/ee354a-8428-4d86-9824-e5fcebdaa7f2/1/Y-fN4fkHcPUKcQjj7Sr2XkGHl3k.roa
File:                     Y-fN4fkHcPUKcQjj7Sr2XkGHl3k.roa (raw, json)
Hash identifier:          AGm7a+karsGXj1brZJla0akLv16UGZ06w+N3Iht2PgI=
Subject key identifier:   63:E7:CD:E1:F9:07:70:F5:0A:71:08:E3:ED:2A:F6:5E:41:87:97:79
Certificate issuer:       /CN=66d475bb542f61821be39dbc9b68275d6e0087d4
Certificate serial:       0194266B196FD07FBDA9915E05E6BE949238
Authority key identifier: 66:D4:75:BB:54:2F:61:82:1B:E3:9D:BC:9B:68:27:5D:6E:00:87:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZtR1u1QvYYIb4528m2gnXW4Ah9Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/ee354a-8428-4d86-9824-e5fcebdaa7f2/1/Y-fN4fkHcPUKcQjj7Sr2XkGHl3k.roa
Signing time:             Thu 02 Jan 2025 09:49:00 +0000
ROA not before:           Thu 02 Jan 2025 09:49:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     55002
IP address blocks:        194.37.250.0/23 maxlen: 24
                          194.39.78.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/ee354a-8428-4d86-9824-e5fcebdaa7f2/1/ZtR1u1QvYYIb4528m2gnXW4Ah9Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/ee354a-8428-4d86-9824-e5fcebdaa7f2/1/ZtR1u1QvYYIb4528m2gnXW4Ah9Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZtR1u1QvYYIb4528m2gnXW4Ah9Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 18:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:19:6f:d0:7f:bd:a9:91:5e:05:e6:be:94:92:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66d475bb542f61821be39dbc9b68275d6e0087d4
        Validity
            Not Before: Jan  2 09:49:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=63e7cde1f90770f50a7108e3ed2af65e41879779
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:7c:b0:39:21:61:fa:d1:22:97:08:44:13:5c:
                    df:a3:41:4a:69:12:c9:be:64:e3:9c:77:cc:b9:91:
                    70:1c:9a:d2:25:b5:e9:c9:bc:db:30:0a:2a:93:c9:
                    a3:61:28:31:30:9e:93:cf:35:38:31:f6:73:2f:ff:
                    70:63:ca:d1:c3:e3:ee:94:16:a7:7f:a1:f2:4e:3d:
                    6c:08:a9:19:ec:e9:68:cd:da:6a:08:e3:1a:ae:77:
                    a8:49:68:fd:af:2f:d1:79:f4:47:0f:5d:c4:50:e8:
                    87:de:ce:9a:70:21:18:17:84:78:58:46:14:08:96:
                    da:b4:e2:4c:9a:20:fe:ae:62:73:af:10:5e:8c:6a:
                    a3:55:62:af:df:53:3a:a6:af:b1:86:eb:bd:7d:60:
                    18:c6:0d:ef:ca:b7:42:ec:b2:93:98:e1:ea:c9:cd:
                    ac:94:d6:45:41:6e:17:b5:de:88:e0:f0:1f:8d:4a:
                    d5:ce:cc:7f:a4:4c:e0:2b:87:d9:20:c5:14:b5:bc:
                    6e:9b:35:5b:8a:19:bf:db:13:c8:ea:cf:44:60:58:
                    80:c0:6c:a2:48:56:38:74:d7:2d:e0:d2:08:26:0e:
                    7d:2f:f5:14:8f:bd:e0:df:45:87:f2:4a:4d:31:58:
                    00:13:1b:6c:ed:b2:9f:71:91:e0:5b:c7:0b:36:85:
                    a6:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:E7:CD:E1:F9:07:70:F5:0A:71:08:E3:ED:2A:F6:5E:41:87:97:79
            X509v3 Authority Key Identifier:
                keyid:66:D4:75:BB:54:2F:61:82:1B:E3:9D:BC:9B:68:27:5D:6E:00:87:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZtR1u1QvYYIb4528m2gnXW4Ah9Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/ee354a-8428-4d86-9824-e5fcebdaa7f2/1/Y-fN4fkHcPUKcQjj7Sr2XkGHl3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/ee354a-8428-4d86-9824-e5fcebdaa7f2/1/ZtR1u1QvYYIb4528m2gnXW4Ah9Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.37.250.0/23
                  194.39.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         74:3f:d1:e2:db:73:5f:a2:56:0e:5f:13:24:e4:e9:e8:a8:41:
         60:d2:1b:6a:d0:2e:27:82:af:48:50:56:98:66:79:ca:e9:ef:
         b8:ab:d8:c4:df:28:73:25:92:cf:97:94:3c:c4:68:1b:5d:39:
         13:0e:cb:9b:c2:16:4c:e8:ed:b9:d2:17:d6:4f:19:6a:ac:cc:
         6b:e5:46:03:71:2f:3c:f1:dc:5a:a3:bb:cd:de:29:90:af:bd:
         07:e6:0a:48:68:aa:85:1e:db:89:96:82:c6:50:99:ac:16:32:
         3c:74:2a:f3:74:cb:f4:ac:b2:34:db:c8:23:11:57:d5:f8:ed:
         37:01:6d:56:6a:3c:4f:4d:fa:dc:34:e7:4d:d9:35:f7:3c:9e:
         94:60:2a:3b:6b:16:af:5f:e7:e4:93:4c:b0:0a:22:b4:f4:7a:
         f7:1c:b2:98:3b:2c:af:60:68:d4:44:31:27:a1:71:cc:11:28:
         12:f2:ed:41:26:b0:81:c2:4d:ba:90:08:af:9b:95:86:2c:4d:
         9e:b3:24:2e:b7:f3:de:52:f0:ed:23:24:e1:0d:7c:ca:9b:21:
         75:f3:8e:70:6e:0b:86:27:4f:ad:45:52:d2:ef:3d:5c:4e:0d:
         b0:1f:de:4d:29:7d:70:9f:f1:fc:57:a3:7c:55:9e:a7:30:9c:
         b2:62:39:05
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQmaxlv0H+9qZFeBea+lJI4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZDQ3NWJiNTQyZjYxODIxYmUzOWRiYzliNjgyNzVkNmUw
MDg3ZDQwHhcNMjUwMTAyMDk0OTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2U3Y2RlMWY5MDc3MGY1MGE3MTA4ZTNlZDJhZjY1ZTQxODc5Nzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjHywOSFh+tEilwhEE1zfo0FKaRLJ
vmTjnHfMuZFwHJrSJbXpybzbMAoqk8mjYSgxMJ6TzzU4MfZzL/9wY8rRw+PulBan
f6HyTj1sCKkZ7OlozdpqCOMarneoSWj9ry/RefRHD13EUOiH3s6acCEYF4R4WEYU
CJbatOJMmiD+rmJzrxBejGqjVWKv31M6pq+xhuu9fWAYxg3vyrdC7LKTmOHqyc2s
lNZFQW4Xtd6I4PAfjUrVzsx/pEzgK4fZIMUUtbxumzVbihm/2xPI6s9EYFiAwGyi
SFY4dNct4NIIJg59L/UUj73g30WH8kpNMVgAExts7bKfcZHgW8cLNoWmewIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGPnzeH5B3D1CnEI4+0q9l5Bh5d5MB8GA1UdIwQY
MBaAFGbUdbtUL2GCG+OdvJtoJ11uAIfUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnRSMXUxUXZZWUliNDUyOG0yZ25YVzRBaDlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9lZTM1NGEtODQyOC00ZDg2LTk4MjQt
ZTVmY2ViZGFhN2YyLzEvWS1mTjRma0hjUFVLY1FqajdTcjJYa0dIbDNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9lZTM1NGEtODQyOC00ZDg2LTk4MjQtZTVmY2ViZGFhN2Yy
LzEvWnRSMXUxUXZZWUliNDUyOG0yZ25YVzRBaDlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwiX6AwQB
widOMA0GCSqGSIb3DQEBCwUAA4IBAQB0P9Hi23NfolYOXxMk5OnoqEFg0htq0C4n
gq9IUFaYZnnK6e+4q9jE3yhzJZLPl5Q8xGgbXTkTDsubwhZM6O250hfWTxlqrMxr
5UYDcS888dxao7vN3imQr70H5gpIaKqFHtuJloLGUJmsFjI8dCrzdMv0rLI028gj
EVfV+O03AW1WajxPTfrcNOdN2TX3PJ6UYCo7axavX+fkk0ywCiK09Hr3HLKYOyyv
YGjURDEnoXHMESgS8u1BJrCBwk26kAivm5WGLE2esyQut/PeUvDtIyThDXzKmyF1
845wbguGJ0+tRVLS7z1cTg2wH95NKX1wn/H8V6N8VZ6nMJyyYjkF
-----END CERTIFICATE-----