Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/11be23-3be6-4881-a3d1-5386b1d963bc/1/yNFBmYXB0TSeMX21aqfi5zgqFSM.roa
File:                     yNFBmYXB0TSeMX21aqfi5zgqFSM.roa (raw, json)
Hash identifier:          v5WVhwm3HDfxqbcn6pfOpvMvcRHTwMwjG/288XsWT0s=
Subject key identifier:   C8:D1:41:99:85:C1:D1:34:9E:31:7D:B5:6A:A7:E2:E7:38:2A:15:23
Certificate issuer:       /CN=1224e5eff1abc0e6d8bf029e4f732e0ab71bc16a
Certificate serial:       01941FFA5BBDB95EF831D5E64FCF1935612C
Authority key identifier: 12:24:E5:EF:F1:AB:C0:E6:D8:BF:02:9E:4F:73:2E:0A:B7:1B:C1:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EiTl7_GrwObYvwKeT3MuCrcbwWo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/11be23-3be6-4881-a3d1-5386b1d963bc/1/yNFBmYXB0TSeMX21aqfi5zgqFSM.roa
Signing time:             Wed 01 Jan 2025 03:48:08 +0000
ROA not before:           Wed 01 Jan 2025 03:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41555
IP address blocks:        170.236.180.0/24 maxlen: 24
                          170.237.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/11be23-3be6-4881-a3d1-5386b1d963bc/1/EiTl7_GrwObYvwKeT3MuCrcbwWo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/11be23-3be6-4881-a3d1-5386b1d963bc/1/EiTl7_GrwObYvwKeT3MuCrcbwWo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EiTl7_GrwObYvwKeT3MuCrcbwWo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 03:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:5b:bd:b9:5e:f8:31:d5:e6:4f:cf:19:35:61:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1224e5eff1abc0e6d8bf029e4f732e0ab71bc16a
        Validity
            Not Before: Jan  1 03:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c8d1419985c1d1349e317db56aa7e2e7382a1523
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:28:f4:d1:d8:97:c1:ee:af:86:89:c9:62:9a:
                    97:1a:bf:7d:be:0e:34:cf:5b:71:7c:5f:5e:77:ba:
                    e6:f4:b5:a8:be:9b:e5:8e:28:78:99:06:ae:fd:65:
                    7b:16:e8:1e:8a:f4:3f:ad:45:62:a0:c2:db:17:0d:
                    40:3f:eb:73:ab:1b:14:51:f9:3c:85:63:5c:ab:46:
                    43:8a:b7:ec:2f:8c:98:54:4b:43:9c:4a:0f:78:45:
                    dd:81:29:f2:6c:e3:23:94:be:e9:44:37:14:f0:c0:
                    08:cd:85:42:69:d6:78:1b:b3:00:00:7f:4a:2d:f9:
                    38:a1:87:d5:9b:46:6d:dd:ad:61:69:ea:d1:63:9b:
                    5f:c3:28:59:54:60:95:4f:30:f7:42:a7:72:fc:af:
                    8c:66:21:a1:07:36:66:1a:62:1b:fc:fc:cd:00:a2:
                    65:26:46:4f:9b:e4:66:5e:52:b5:c9:91:6b:b0:b9:
                    ad:29:8c:8e:ee:33:bd:22:cd:8f:60:23:fc:f2:e9:
                    a1:b3:b9:95:4a:bb:3e:0a:cd:4e:e6:27:91:b2:92:
                    b5:81:1a:7c:8a:cd:59:33:37:35:b0:89:84:4d:a8:
                    7c:8d:d4:28:af:9a:4d:8e:c6:41:3a:7d:db:7a:29:
                    16:2d:44:13:8d:83:56:9b:88:a9:57:93:bc:b2:f3:
                    8c:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:D1:41:99:85:C1:D1:34:9E:31:7D:B5:6A:A7:E2:E7:38:2A:15:23
            X509v3 Authority Key Identifier:
                keyid:12:24:E5:EF:F1:AB:C0:E6:D8:BF:02:9E:4F:73:2E:0A:B7:1B:C1:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EiTl7_GrwObYvwKeT3MuCrcbwWo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/11be23-3be6-4881-a3d1-5386b1d963bc/1/yNFBmYXB0TSeMX21aqfi5zgqFSM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/11be23-3be6-4881-a3d1-5386b1d963bc/1/EiTl7_GrwObYvwKeT3MuCrcbwWo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.236.180.0/24
                  170.237.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:7f:5f:5d:6a:17:f0:6d:96:ef:32:43:79:b6:13:24:cb:21:
         d7:c2:08:36:2f:3a:70:1a:c6:8e:d3:22:f8:cf:54:d6:5b:0f:
         4d:47:f5:c2:3a:8c:a8:8f:34:06:b6:d4:ba:f4:0d:f4:10:f7:
         35:e4:71:8a:11:2e:e3:61:a4:ac:09:4c:9c:e3:64:ab:7e:eb:
         8c:09:a7:6a:65:cf:53:7c:45:e4:d9:b2:79:fa:0b:0f:6e:bb:
         19:07:2d:29:11:7b:0f:c5:b6:aa:00:47:f5:4b:91:76:f2:76:
         69:64:1e:fd:e9:8e:5a:02:69:e0:cb:3e:58:f2:3b:5b:76:04:
         e8:c5:a7:ef:e0:27:86:77:5f:4a:af:53:aa:89:0a:ea:90:48:
         22:63:52:a2:1d:79:b6:65:c0:a1:90:4a:3b:29:1c:1f:e1:90:
         23:dc:a9:90:c3:9e:5c:f5:fd:21:07:ca:79:56:37:1d:5f:0c:
         f0:8c:d9:0e:9b:b8:c7:b4:44:4e:92:83:a6:a7:63:44:38:9a:
         cf:bc:b3:ee:6d:20:5a:c9:76:80:4c:08:ec:75:4c:fc:ea:f8:
         c7:a6:b9:8c:b6:17:03:98:98:f9:55:dd:63:42:1d:3a:46:36:
         cc:91:89:3d:99:e2:77:ec:35:92:8b:92:24:51:92:61:8b:da:
         be:87:c2:f4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQf+lu9uV74MdXmT88ZNWEsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyMjRlNWVmZjFhYmMwZTZkOGJmMDI5ZTRmNzMyZTBhYjcx
YmMxNmEwHhcNMjUwMTAxMDM0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGQxNDE5OTg1YzFkMTM0OWUzMTdkYjU2YWE3ZTJlNzM4MmExNTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxSj00diXwe6vhonJYpqXGr99vg40
z1txfF9ed7rm9LWovpvljih4mQau/WV7FugeivQ/rUVioMLbFw1AP+tzqxsUUfk8
hWNcq0ZDirfsL4yYVEtDnEoPeEXdgSnybOMjlL7pRDcU8MAIzYVCadZ4G7MAAH9K
Lfk4oYfVm0Zt3a1haerRY5tfwyhZVGCVTzD3Qqdy/K+MZiGhBzZmGmIb/PzNAKJl
JkZPm+RmXlK1yZFrsLmtKYyO7jO9Is2PYCP88umhs7mVSrs+Cs1O5ieRspK1gRp8
is1ZMzc1sImETah8jdQor5pNjsZBOn3beikWLUQTjYNWm4ipV5O8svOMbwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMjRQZmFwdE0njF9tWqn4uc4KhUjMB8GA1UdIwQY
MBaAFBIk5e/xq8Dm2L8Cnk9zLgq3G8FqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWlUbDdfR3J3T2JZdndLZVQzTXVDcmNid1dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8xMWJlMjMtM2JlNi00ODgxLWEzZDEt
NTM4NmIxZDk2M2JjLzEveU5GQm1ZWEIwVFNlTVgyMWFxZmk1emdxRlNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8xMWJlMjMtM2JlNi00ODgxLWEzZDEtNTM4NmIxZDk2M2Jj
LzEvRWlUbDdfR3J3T2JZdndLZVQzTXVDcmNid1dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAquy0AwQA
qu1fMA0GCSqGSIb3DQEBCwUAA4IBAQC0f19dahfwbZbvMkN5thMkyyHXwgg2Lzpw
GsaO0yL4z1TWWw9NR/XCOoyojzQGttS69A30EPc15HGKES7jYaSsCUyc42SrfuuM
CadqZc9TfEXk2bJ5+gsPbrsZBy0pEXsPxbaqAEf1S5F28nZpZB796Y5aAmngyz5Y
8jtbdgToxafv4CeGd19Kr1OqiQrqkEgiY1KiHXm2ZcChkEo7KRwf4ZAj3KmQw55c
9f0hB8p5VjcdXwzwjNkOm7jHtEROkoOmp2NEOJrPvLPubSBayXaATAjsdUz86vjH
prmMthcDmJj5Vd1jQh06RjbMkYk9meJ37DWSi5IkUZJhi9q+h8L0
-----END CERTIFICATE-----