Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/YI7BsdHWBwifx7Kt01-_ncEUcHY.roa
File:                     YI7BsdHWBwifx7Kt01-_ncEUcHY.roa (raw, json)
Hash identifier:          HVOFDOE8MHZk+bxGzUoBn72CCZUrO9pspE6LqId/iqE=
Subject key identifier:   60:8E:C1:B1:D1:D6:07:08:9F:C7:B2:AD:D3:5F:BF:9D:C1:14:70:76
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       0197362758ECB3559AAEA19A7DE3D77BD562
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/YI7BsdHWBwifx7Kt01-_ncEUcHY.roa
Signing time:             Tue 03 Jun 2025 14:17:17 +0000
ROA not before:           Tue 03 Jun 2025 14:17:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        207.244.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 11:21:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:36:27:58:ec:b3:55:9a:ae:a1:9a:7d:e3:d7:7b:d5:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Jun  3 14:17:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=608ec1b1d1d607089fc7b2add35fbf9dc1147076
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:e5:1c:1c:ad:d1:bf:63:b0:05:1f:a4:91:ad:
                    25:a8:55:d5:71:3e:96:0e:92:20:be:37:e0:c9:72:
                    10:48:11:f2:d8:5b:0d:96:de:0c:ac:a4:49:9e:48:
                    83:3b:7f:06:34:3e:b3:23:1f:9d:80:99:ec:52:ff:
                    89:92:e6:7a:0e:ec:96:ad:cc:b9:40:d5:4d:d1:ca:
                    82:88:84:6f:da:07:bf:51:e5:5f:d1:26:6f:e1:e1:
                    4c:e8:66:16:77:e9:e0:20:7b:81:50:c6:cd:0d:d5:
                    38:ea:fb:73:7b:a4:b7:b5:47:1e:1e:6c:1f:75:ed:
                    04:28:a4:87:ec:5a:ea:19:51:b4:87:91:77:6e:fc:
                    5c:fc:12:63:b0:61:d8:22:0a:14:21:d2:bc:80:23:
                    ef:07:4f:ba:e6:0a:3d:4c:42:b9:ee:8e:50:fb:51:
                    da:12:0e:b1:43:b7:3e:82:94:b4:49:26:72:5b:6f:
                    b1:5b:26:8b:63:fd:ff:95:d6:1e:4a:42:43:6f:63:
                    c9:e1:ef:39:0a:2b:c6:92:f8:50:d4:7e:c1:5b:75:
                    8c:b4:6d:18:8f:4d:7f:e5:25:5b:8f:24:e7:30:76:
                    7a:6c:43:40:99:e8:cd:10:f6:a6:96:7f:32:f9:28:
                    99:62:0c:51:ee:16:17:b5:46:5d:17:48:f4:1f:20:
                    f8:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:8E:C1:B1:D1:D6:07:08:9F:C7:B2:AD:D3:5F:BF:9D:C1:14:70:76
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/YI7BsdHWBwifx7Kt01-_ncEUcHY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  207.244.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:de:9b:2a:1c:09:59:0b:bc:74:23:70:91:34:a3:e6:26:52:
         53:5d:2d:d7:5f:2b:71:2f:76:c3:dc:dc:0c:5d:ec:72:09:0b:
         5e:ac:30:59:cb:66:b1:b3:1d:41:4b:e8:9f:5e:81:14:ea:d0:
         de:1c:a1:df:d2:5c:d8:20:79:b2:d5:9f:81:26:24:ad:54:e1:
         16:29:ec:7b:38:c7:d2:4c:67:20:e3:4c:6a:f0:3c:2e:b9:45:
         37:c2:2d:cb:b4:f7:88:ec:32:75:cc:02:f6:2c:e9:64:ba:59:
         a0:fc:d1:f3:86:64:a9:db:bc:bd:95:41:fc:45:fa:e9:f2:d4:
         39:48:34:b3:ec:e5:43:c5:5e:8d:4c:b6:da:eb:d7:14:8b:fc:
         78:e9:a6:2f:23:33:2a:0d:65:c5:75:85:1c:b9:f6:c2:73:50:
         0e:92:46:a5:14:08:13:e3:78:de:f2:be:6b:66:0c:4e:9a:95:
         7c:05:3b:ab:0b:12:43:56:81:ac:5a:99:34:fa:59:1b:19:aa:
         05:1f:1a:dc:0b:07:e9:84:d2:67:65:a8:a2:d7:e0:de:7b:6f:
         0c:a6:15:0e:56:2a:58:df:df:84:f6:99:01:9f:96:8e:90:ba:
         17:6b:70:d7:74:e2:68:72:d4:e7:cc:00:e1:d8:a8:cb:78:4a:
         22:3f:36:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc2J1jss1WarqGafePXe9ViMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjUwNjAzMTQxNzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDhlYzFiMWQxZDYwNzA4OWZjN2IyYWRkMzVmYmY5ZGMxMTQ3MDc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0+UcHK3Rv2OwBR+kka0lqFXVcT6W
DpIgvjfgyXIQSBHy2FsNlt4MrKRJnkiDO38GND6zIx+dgJnsUv+JkuZ6DuyWrcy5
QNVN0cqCiIRv2ge/UeVf0SZv4eFM6GYWd+ngIHuBUMbNDdU46vtze6S3tUceHmwf
de0EKKSH7FrqGVG0h5F3bvxc/BJjsGHYIgoUIdK8gCPvB0+65go9TEK57o5Q+1Ha
Eg6xQ7c+gpS0SSZyW2+xWyaLY/3/ldYeSkJDb2PJ4e85CivGkvhQ1H7BW3WMtG0Y
j01/5SVbjyTnMHZ6bENAmejNEPamln8y+SiZYgxR7hYXtUZdF0j0HyD4+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGCOwbHR1gcIn8eyrdNfv53BFHB2MB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvWUk3QnNkSFdCd2lmeDdLdDAxLV9uY0VVY0hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAz/TGMA0G
CSqGSIb3DQEBCwUAA4IBAQCQ3psqHAlZC7x0I3CRNKPmJlJTXS3XXytxL3bD3NwM
XexyCQterDBZy2axsx1BS+ifXoEU6tDeHKHf0lzYIHmy1Z+BJiStVOEWKex7OMfS
TGcg40xq8DwuuUU3wi3LtPeI7DJ1zAL2LOlkulmg/NHzhmSp27y9lUH8Rfrp8tQ5
SDSz7OVDxV6NTLba69cUi/x46aYvIzMqDWXFdYUcufbCc1AOkkalFAgT43je8r5r
ZgxOmpV8BTurCxJDVoGsWpk0+lkbGaoFHxrcCwfphNJnZaii1+Dee28MphUOVipY
39+E9pkBn5aOkLoXa3DXdOJoctTnzADh2KjLeEoiPzaT
-----END CERTIFICATE-----