Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/c7417c-4cab-4d51-b5ad-e30387b3f211/1/1iyiGCCaZCOIy-3SK8-ztkCORB0.roa
File:                     1iyiGCCaZCOIy-3SK8-ztkCORB0.roa (raw, json)
Hash identifier:          4+8lvNVy48rfdEy8LO/Fif5vr+YXhPfmQva+BSbThYY=
Subject key identifier:   D6:2C:A2:18:20:9A:64:23:88:CB:ED:D2:2B:CF:B3:B6:40:8E:44:1D
Certificate issuer:       /CN=c8cc8bda0c63e7d2d65c19ed7043b5a2d791c1f1
Certificate serial:       019427B5BA702FB0367D0A65707589037903
Authority key identifier: C8:CC:8B:DA:0C:63:E7:D2:D6:5C:19:ED:70:43:B5:A2:D7:91:C1:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yMyL2gxj59LWXBntcEO1oteRwfE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/c7417c-4cab-4d51-b5ad-e30387b3f211/1/1iyiGCCaZCOIy-3SK8-ztkCORB0.roa
Signing time:             Thu 02 Jan 2025 15:50:08 +0000
ROA not before:           Thu 02 Jan 2025 15:50:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        194.140.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/c7417c-4cab-4d51-b5ad-e30387b3f211/1/yMyL2gxj59LWXBntcEO1oteRwfE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/c7417c-4cab-4d51-b5ad-e30387b3f211/1/yMyL2gxj59LWXBntcEO1oteRwfE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yMyL2gxj59LWXBntcEO1oteRwfE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:ba:70:2f:b0:36:7d:0a:65:70:75:89:03:79:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8cc8bda0c63e7d2d65c19ed7043b5a2d791c1f1
        Validity
            Not Before: Jan  2 15:50:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d62ca218209a642388cbedd22bcfb3b6408e441d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:26:b7:d7:02:88:66:58:cd:31:08:2a:de:10:
                    59:04:04:ba:3d:e7:c1:56:f1:aa:11:e0:e0:8e:24:
                    3b:e3:f9:d2:82:d6:2c:f6:8e:27:af:3a:94:4f:47:
                    22:dd:8a:3c:7a:bb:29:75:98:9a:d5:ab:81:ff:03:
                    d3:4e:9d:f2:fd:5b:b8:e7:59:7c:a5:ae:04:58:9e:
                    fc:24:86:3a:2c:d4:fb:1d:33:36:9e:cf:bc:5d:03:
                    92:cc:1b:a4:a3:33:46:bb:7c:a8:5a:7a:3d:ef:f7:
                    83:3f:e4:c7:3b:4c:24:79:01:34:2c:af:70:9a:79:
                    91:23:85:ac:88:1f:a4:42:73:4b:5c:7c:f0:bc:ec:
                    64:fb:c5:66:af:2c:45:23:31:79:0d:3e:a0:7e:d9:
                    7f:11:ea:a1:d7:bf:bc:34:0b:25:f5:be:b3:a4:5a:
                    03:73:88:39:86:74:1b:28:d2:fa:2b:55:9b:ee:1b:
                    be:a9:66:11:e1:2e:4c:57:c7:eb:d0:14:2a:2e:9d:
                    88:46:96:ed:c9:89:be:55:b4:f2:62:a8:7b:f8:4f:
                    89:1a:5d:af:39:6e:89:98:56:ec:01:5e:9c:16:4c:
                    c2:9a:e9:f8:76:4d:c6:50:42:1b:47:54:5c:ed:6a:
                    c3:61:65:ed:77:00:65:93:72:ac:3c:44:7b:d3:ab:
                    c1:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:2C:A2:18:20:9A:64:23:88:CB:ED:D2:2B:CF:B3:B6:40:8E:44:1D
            X509v3 Authority Key Identifier:
                keyid:C8:CC:8B:DA:0C:63:E7:D2:D6:5C:19:ED:70:43:B5:A2:D7:91:C1:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yMyL2gxj59LWXBntcEO1oteRwfE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/c7417c-4cab-4d51-b5ad-e30387b3f211/1/1iyiGCCaZCOIy-3SK8-ztkCORB0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/c7417c-4cab-4d51-b5ad-e30387b3f211/1/yMyL2gxj59LWXBntcEO1oteRwfE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.140.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:c6:6e:13:78:90:63:f1:90:28:19:43:92:c4:d5:8e:9c:7b:
         b5:de:3d:e5:2b:d2:e0:be:c8:25:fc:38:d2:75:2b:cd:39:a5:
         1a:b6:05:d6:89:62:89:64:db:09:96:e4:24:aa:1b:82:35:8e:
         c5:7a:f8:53:c0:1c:fa:8b:dc:a9:d3:3a:67:95:70:3f:44:fd:
         e5:b8:1f:0e:26:f0:48:e9:78:53:e8:11:c6:28:8b:ee:fb:9c:
         1c:df:53:02:84:86:05:78:d4:9e:43:39:11:21:23:f7:02:d8:
         ff:74:c6:ab:81:70:f7:a4:9b:e6:70:9e:41:d7:f1:35:1f:77:
         0a:0f:08:80:ea:cd:4f:27:7b:f3:5d:4b:35:af:ca:e0:af:e8:
         36:88:e8:d4:b0:a6:f7:c2:22:6f:47:e2:99:fe:c4:d7:9e:ca:
         2a:96:a6:46:78:80:f6:9d:cc:28:e7:30:4b:29:e8:75:5b:90:
         a7:80:fc:71:a5:71:e8:15:e9:bf:08:a5:25:a7:97:32:a1:da:
         64:f8:51:e0:10:f9:13:1e:5a:8d:9f:50:cf:61:f2:8d:ff:d4:
         5a:04:ae:45:eb:e4:92:5b:6d:b3:38:b8:97:9c:b8:83:90:56:
         c3:5d:79:89:71:6d:34:c3:1b:b5:2e:54:fb:7e:1b:95:1e:24:
         13:3c:83:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntbpwL7A2fQplcHWJA3kDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4Y2M4YmRhMGM2M2U3ZDJkNjVjMTllZDcwNDNiNWEyZDc5
MWMxZjEwHhcNMjUwMTAyMTU1MDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjJjYTIxODIwOWE2NDIzODhjYmVkZDIyYmNmYjNiNjQwOGU0NDFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ya31wKIZljNMQgq3hBZBAS6PefB
VvGqEeDgjiQ74/nSgtYs9o4nrzqUT0ci3Yo8erspdZia1auB/wPTTp3y/Vu451l8
pa4EWJ78JIY6LNT7HTM2ns+8XQOSzBukozNGu3yoWno97/eDP+THO0wkeQE0LK9w
mnmRI4WsiB+kQnNLXHzwvOxk+8VmryxFIzF5DT6gftl/Eeqh17+8NAsl9b6zpFoD
c4g5hnQbKNL6K1Wb7hu+qWYR4S5MV8fr0BQqLp2IRpbtyYm+VbTyYqh7+E+JGl2v
OW6JmFbsAV6cFkzCmun4dk3GUEIbR1Rc7WrDYWXtdwBlk3KsPER706vBlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNYsohggmmQjiMvt0ivPs7ZAjkQdMB8GA1UdIwQY
MBaAFMjMi9oMY+fS1lwZ7XBDtaLXkcHxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveU15TDJneGo1OUxXWEJudGNFTzFvdGVSd2ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9jNzQxN2MtNGNhYi00ZDUxLWI1YWQt
ZTMwMzg3YjNmMjExLzEvMWl5aUdDQ2FaQ09JeS0zU0s4LXp0a0NPUkIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9jNzQxN2MtNGNhYi00ZDUxLWI1YWQtZTMwMzg3YjNmMjEx
LzEveU15TDJneGo1OUxXWEJudGNFTzFvdGVSd2ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwoz4MA0G
CSqGSIb3DQEBCwUAA4IBAQAbxm4TeJBj8ZAoGUOSxNWOnHu13j3lK9Lgvsgl/DjS
dSvNOaUatgXWiWKJZNsJluQkqhuCNY7FevhTwBz6i9yp0zpnlXA/RP3luB8OJvBI
6XhT6BHGKIvu+5wc31MChIYFeNSeQzkRISP3Atj/dMargXD3pJvmcJ5B1/E1H3cK
DwiA6s1PJ3vzXUs1r8rgr+g2iOjUsKb3wiJvR+KZ/sTXnsoqlqZGeID2ncwo5zBL
Keh1W5CngPxxpXHoFem/CKUlp5cyodpk+FHgEPkTHlqNn1DPYfKN/9RaBK5F6+SS
W22zOLiXnLiDkFbDXXmJcW00wxu1LlT7fhuVHiQTPIMU
-----END CERTIFICATE-----