Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/e5dfa9-5196-48cd-9178-5a31f620b04a/1/hy1vd6FMybZThTm3SvjJ_hE7qn4.roa
File:                     hy1vd6FMybZThTm3SvjJ_hE7qn4.roa (raw, json)
Hash identifier:          vLPWUWT2tszs2HUF2XNEiqkWjYMRC5uDHz+kbz1YJLg=
Subject key identifier:   87:2D:6F:77:A1:4C:C9:B6:53:85:39:B7:4A:F8:C9:FE:11:3B:AA:7E
Certificate issuer:       /CN=283deba3b1305c9a48d374ba47369bf1f827ee08
Certificate serial:       01942444DB5F4BA30D0952DE984D211052D0
Authority key identifier: 28:3D:EB:A3:B1:30:5C:9A:48:D3:74:BA:47:36:9B:F1:F8:27:EE:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KD3ro7EwXJpI03S6Rzab8fgn7gg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/e5dfa9-5196-48cd-9178-5a31f620b04a/1/hy1vd6FMybZThTm3SvjJ_hE7qn4.roa
Signing time:             Wed 01 Jan 2025 23:47:59 +0000
ROA not before:           Wed 01 Jan 2025 23:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6730
IP address blocks:        87.236.200.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/e5dfa9-5196-48cd-9178-5a31f620b04a/1/KD3ro7EwXJpI03S6Rzab8fgn7gg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/e5dfa9-5196-48cd-9178-5a31f620b04a/1/KD3ro7EwXJpI03S6Rzab8fgn7gg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KD3ro7EwXJpI03S6Rzab8fgn7gg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:db:5f:4b:a3:0d:09:52:de:98:4d:21:10:52:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=283deba3b1305c9a48d374ba47369bf1f827ee08
        Validity
            Not Before: Jan  1 23:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=872d6f77a14cc9b6538539b74af8c9fe113baa7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:f8:ef:69:73:f2:67:9b:8e:c5:9a:55:d0:ba:
                    ab:91:22:0b:e9:77:77:78:82:35:ae:0c:a8:88:33:
                    e7:28:4b:02:0d:c3:9d:2c:58:a1:5c:ff:2c:23:15:
                    71:de:94:99:68:30:1b:8c:9b:0e:b9:7b:e3:2a:fb:
                    ee:cf:b5:69:d0:e8:5a:49:6f:71:cf:02:b8:8b:87:
                    22:f8:73:8c:49:fb:cf:e9:ae:ac:02:9e:cc:51:cc:
                    d5:d6:87:80:4e:30:91:a3:4c:1b:89:fd:6c:20:b3:
                    76:2c:3d:80:07:92:39:18:fa:bb:f4:26:c1:26:b6:
                    17:92:67:f3:3a:98:b0:60:bd:16:2e:63:8f:a2:cb:
                    70:44:35:04:80:78:e3:2f:4c:07:a3:bb:d7:d5:7e:
                    37:e4:9c:ab:62:70:0f:04:ce:87:cc:7e:77:68:ee:
                    31:fc:45:00:1b:4a:4c:27:6c:92:60:d6:f4:eb:b8:
                    9b:d4:73:ef:1a:bb:0b:ee:bd:ae:9d:42:4c:1c:40:
                    cd:50:13:63:42:5a:2b:90:ad:ba:0c:66:c0:4f:80:
                    86:8a:10:fb:ea:de:c5:51:1a:ce:b1:a5:f5:2c:1d:
                    4c:cc:88:46:58:69:f9:70:b7:d5:a9:6f:3d:61:20:
                    6b:f8:d4:28:d0:37:c7:79:94:60:79:98:65:53:71:
                    9e:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:2D:6F:77:A1:4C:C9:B6:53:85:39:B7:4A:F8:C9:FE:11:3B:AA:7E
            X509v3 Authority Key Identifier:
                keyid:28:3D:EB:A3:B1:30:5C:9A:48:D3:74:BA:47:36:9B:F1:F8:27:EE:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KD3ro7EwXJpI03S6Rzab8fgn7gg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/e5dfa9-5196-48cd-9178-5a31f620b04a/1/hy1vd6FMybZThTm3SvjJ_hE7qn4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/e5dfa9-5196-48cd-9178-5a31f620b04a/1/KD3ro7EwXJpI03S6Rzab8fgn7gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.236.200.0/21

    Signature Algorithm: sha256WithRSAEncryption
         8c:c2:2e:96:e2:bc:86:9d:6e:25:f9:89:98:ab:5f:23:cc:5c:
         82:14:f6:0a:a2:c0:b2:5b:02:b0:1c:9d:cc:a4:fb:49:2e:e4:
         fc:26:92:4b:9f:d1:70:1b:39:89:5a:3d:6b:e3:05:e3:49:0f:
         15:61:02:3d:6c:6c:a9:06:94:21:29:c4:ec:7d:e1:f4:23:36:
         14:df:81:cf:78:fe:05:13:c8:a2:bd:74:71:92:6e:3f:93:11:
         d6:6b:99:ae:f4:52:68:c7:c9:8b:db:99:4a:fb:4c:db:ff:3f:
         ef:ef:13:f8:3c:19:37:97:9f:af:b4:b3:ef:f4:72:4b:75:1c:
         a7:19:f4:e8:d5:ec:89:3c:b4:dc:44:73:9a:89:dd:8d:4d:7b:
         8d:89:cb:bf:c9:c1:02:f3:9a:6c:1b:59:04:46:7b:3f:98:c7:
         6d:01:eb:7f:e5:ef:25:4f:97:7c:32:55:92:57:a2:b8:a1:3c:
         01:67:8a:12:8d:a9:b1:35:f2:42:a8:21:89:e0:c8:f0:45:eb:
         64:4b:9e:cf:d0:64:3b:10:f5:8c:e9:63:22:c7:3e:95:76:b7:
         b0:1c:d8:14:8a:44:0c:ea:f7:99:16:01:da:f0:dc:87:1d:b3:
         57:7f:cb:1a:45:17:36:91:65:42:cf:ed:05:20:6f:22:0c:e3:
         7c:4f:db:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRNtfS6MNCVLemE0hEFLQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4M2RlYmEzYjEzMDVjOWE0OGQzNzRiYTQ3MzY5YmYxZjgy
N2VlMDgwHhcNMjUwMTAxMjM0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzJkNmY3N2ExNGNjOWI2NTM4NTM5Yjc0YWY4YzlmZTExM2JhYTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAovjvaXPyZ5uOxZpV0LqrkSIL6Xd3
eII1rgyoiDPnKEsCDcOdLFihXP8sIxVx3pSZaDAbjJsOuXvjKvvuz7Vp0OhaSW9x
zwK4i4ci+HOMSfvP6a6sAp7MUczV1oeATjCRo0wbif1sILN2LD2AB5I5GPq79CbB
JrYXkmfzOpiwYL0WLmOPostwRDUEgHjjL0wHo7vX1X435JyrYnAPBM6HzH53aO4x
/EUAG0pMJ2ySYNb067ib1HPvGrsL7r2unUJMHEDNUBNjQlorkK26DGbAT4CGihD7
6t7FURrOsaX1LB1MzIhGWGn5cLfVqW89YSBr+NQo0DfHeZRgeZhlU3Ge+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIctb3ehTMm2U4U5t0r4yf4RO6p+MB8GA1UdIwQY
MBaAFCg966OxMFyaSNN0ukc2m/H4J+4IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0Qzcm83RXdYSnBJMDNTNlJ6YWI4ZmduN2dnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS9lNWRmYTktNTE5Ni00OGNkLTkxNzgt
NWEzMWY2MjBiMDRhLzEvaHkxdmQ2Rk15YlpUaFRtM1N2akpfaEU3cW40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS9lNWRmYTktNTE5Ni00OGNkLTkxNzgtNWEzMWY2MjBiMDRh
LzEvS0Qzcm83RXdYSnBJMDNTNlJ6YWI4ZmduN2dnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDV+zIMA0G
CSqGSIb3DQEBCwUAA4IBAQCMwi6W4ryGnW4l+YmYq18jzFyCFPYKosCyWwKwHJ3M
pPtJLuT8JpJLn9FwGzmJWj1r4wXjSQ8VYQI9bGypBpQhKcTsfeH0IzYU34HPeP4F
E8iivXRxkm4/kxHWa5mu9FJox8mL25lK+0zb/z/v7xP4PBk3l5+vtLPv9HJLdRyn
GfTo1eyJPLTcRHOaid2NTXuNicu/ycEC85psG1kERns/mMdtAet/5e8lT5d8MlWS
V6K4oTwBZ4oSjamxNfJCqCGJ4MjwRetkS57P0GQ7EPWM6WMixz6VdrewHNgUikQM
6veZFgHa8NyHHbNXf8saRRc2kWVCz+0FIG8iDON8T9tn
-----END CERTIFICATE-----