Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/dab420-0de3-4321-9c09-6b5f68522a7d/1/YkO14vUX3HHLD5m73eeF94u-z9Y.roa
File:                     YkO14vUX3HHLD5m73eeF94u-z9Y.roa (raw, json)
Hash identifier:          myJ7UTUt7mcT9gjy0mgRP7jrD85IU3fMUws/RpMjTT4=
Subject key identifier:   62:43:B5:E2:F5:17:DC:71:CB:0F:99:BB:DD:E7:85:F7:8B:BE:CF:D6
Certificate issuer:       /CN=a7ee182d9c43a5ce7068dfd9ba7aa8ed90e5e0ba
Certificate serial:       0194921E4C6FD6682AB1F3BA2FD697CA46C4
Authority key identifier: A7:EE:18:2D:9C:43:A5:CE:70:68:DF:D9:BA:7A:A8:ED:90:E5:E0:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p-4YLZxDpc5waN_Zunqo7ZDl4Lo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/dab420-0de3-4321-9c09-6b5f68522a7d/1/YkO14vUX3HHLD5m73eeF94u-z9Y.roa
Signing time:             Thu 23 Jan 2025 07:44:06 +0000
ROA not before:           Thu 23 Jan 2025 07:44:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15577
IP address blocks:        217.9.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/dab420-0de3-4321-9c09-6b5f68522a7d/1/p-4YLZxDpc5waN_Zunqo7ZDl4Lo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/dab420-0de3-4321-9c09-6b5f68522a7d/1/p-4YLZxDpc5waN_Zunqo7ZDl4Lo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p-4YLZxDpc5waN_Zunqo7ZDl4Lo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:92:1e:4c:6f:d6:68:2a:b1:f3:ba:2f:d6:97:ca:46:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7ee182d9c43a5ce7068dfd9ba7aa8ed90e5e0ba
        Validity
            Not Before: Jan 23 07:44:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6243b5e2f517dc71cb0f99bbdde785f78bbecfd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:d4:d5:d8:a9:6f:93:72:11:5c:3a:9f:fe:fd:
                    cc:9d:b6:82:25:92:5f:35:3f:0c:d2:e9:9f:89:c2:
                    6b:a8:04:e1:50:cf:54:31:74:5e:0c:05:d1:8f:c9:
                    a6:cd:23:0a:bd:f9:bc:80:b4:a9:91:e0:76:ec:44:
                    f0:f5:6b:4a:58:06:19:1f:be:f0:a5:18:6d:ab:ed:
                    81:77:1f:4a:64:b2:c2:fe:57:90:fa:1a:32:fd:08:
                    77:b0:a4:7b:6f:7f:8f:81:a6:84:9f:c5:95:e2:3a:
                    9d:59:39:6f:ba:74:72:0f:06:8f:b6:70:32:45:fc:
                    db:a2:52:9e:b7:6a:ff:f5:ce:3b:cc:13:50:86:36:
                    9a:42:81:88:50:9e:b3:0e:e5:c5:33:38:35:1b:bc:
                    9c:dd:e7:d1:be:b5:ce:15:2e:91:e2:24:cd:7d:f5:
                    42:46:9d:17:ff:69:31:2a:f8:c7:bf:b6:60:65:25:
                    e1:1e:a1:88:9d:32:e4:dd:33:ec:32:db:08:b1:8f:
                    7f:ed:97:1e:0f:31:17:be:20:2f:52:a5:03:de:cc:
                    ec:df:ef:d3:a1:cb:ab:79:52:56:f8:96:4f:41:26:
                    2c:13:4f:15:14:3a:85:71:09:e0:ce:3c:54:e9:70:
                    13:fc:83:db:57:bb:75:96:05:54:ec:70:00:d0:86:
                    d9:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:43:B5:E2:F5:17:DC:71:CB:0F:99:BB:DD:E7:85:F7:8B:BE:CF:D6
            X509v3 Authority Key Identifier:
                keyid:A7:EE:18:2D:9C:43:A5:CE:70:68:DF:D9:BA:7A:A8:ED:90:E5:E0:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p-4YLZxDpc5waN_Zunqo7ZDl4Lo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/dab420-0de3-4321-9c09-6b5f68522a7d/1/YkO14vUX3HHLD5m73eeF94u-z9Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/dab420-0de3-4321-9c09-6b5f68522a7d/1/p-4YLZxDpc5waN_Zunqo7ZDl4Lo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.9.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:ec:12:94:04:44:22:35:60:3e:a1:64:aa:00:b6:d3:6b:2b:
         8b:5f:7a:2d:e6:c7:fb:7e:5d:e6:a2:22:b9:0a:0e:1c:8f:5f:
         cd:0c:e2:83:b8:e8:f4:51:3e:03:9c:aa:70:7b:c2:0a:33:ae:
         16:0e:ff:48:e9:85:58:22:f2:ab:ff:be:ef:04:09:74:17:06:
         89:b3:8e:cf:e9:26:f3:bb:b3:b2:25:58:90:36:09:19:5b:88:
         85:4b:67:4f:74:8a:ce:06:ae:24:48:49:54:86:1e:52:91:8f:
         13:73:66:77:50:5a:bf:4e:23:17:b5:9d:db:f7:d5:39:10:67:
         49:39:80:9d:92:46:00:6d:e3:8b:b4:07:2b:67:a9:be:74:26:
         5a:e0:a1:2d:b5:b6:7d:d0:14:ae:57:cf:4f:18:22:e5:31:86:
         5c:8a:f4:73:28:4f:56:57:b5:9e:f0:c9:10:eb:d7:f5:4d:27:
         4f:a5:e8:d4:64:4d:5a:58:e1:a1:e7:39:4b:50:de:46:89:e9:
         34:0d:3f:69:ad:eb:94:d6:90:e3:f3:48:13:39:37:c2:a3:e9:
         5c:3c:35:ae:af:57:cf:12:4e:2e:fb:6b:61:5e:31:e0:13:b7:
         e2:a0:47:9a:22:20:7e:d1:d2:86:9b:66:a9:e7:9c:fa:27:78:
         18:0a:24:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSSHkxv1mgqsfO6L9aXykbEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3ZWUxODJkOWM0M2E1Y2U3MDY4ZGZkOWJhN2FhOGVkOTBl
NWUwYmEwHhcNMjUwMTIzMDc0NDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjQzYjVlMmY1MTdkYzcxY2IwZjk5YmJkZGU3ODVmNzhiYmVjZmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztTV2Klvk3IRXDqf/v3MnbaCJZJf
NT8M0umficJrqAThUM9UMXReDAXRj8mmzSMKvfm8gLSpkeB27ETw9WtKWAYZH77w
pRhtq+2Bdx9KZLLC/leQ+hoy/Qh3sKR7b3+PgaaEn8WV4jqdWTlvunRyDwaPtnAy
RfzbolKet2r/9c47zBNQhjaaQoGIUJ6zDuXFMzg1G7yc3efRvrXOFS6R4iTNffVC
Rp0X/2kxKvjHv7ZgZSXhHqGInTLk3TPsMtsIsY9/7ZceDzEXviAvUqUD3szs3+/T
ocureVJW+JZPQSYsE08VFDqFcQngzjxU6XAT/IPbV7t1lgVU7HAA0IbZ/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGJDteL1F9xxyw+Zu93nhfeLvs/WMB8GA1UdIwQY
MBaAFKfuGC2cQ6XOcGjf2bp6qO2Q5eC6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcC00WUxaeERwYzV3YU5fWnVucW83WkRsNExvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9kYWI0MjAtMGRlMy00MzIxLTljMDkt
NmI1ZjY4NTIyYTdkLzEvWWtPMTR2VVgzSEhMRDVtNzNlZUY5NHUtejlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9kYWI0MjAtMGRlMy00MzIxLTljMDktNmI1ZjY4NTIyYTdk
LzEvcC00WUxaeERwYzV3YU5fWnVucW83WkRsNExvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2QkAMA0G
CSqGSIb3DQEBCwUAA4IBAQBc7BKUBEQiNWA+oWSqALbTayuLX3ot5sf7fl3moiK5
Cg4cj1/NDOKDuOj0UT4DnKpwe8IKM64WDv9I6YVYIvKr/77vBAl0FwaJs47P6Sbz
u7OyJViQNgkZW4iFS2dPdIrOBq4kSElUhh5SkY8Tc2Z3UFq/TiMXtZ3b99U5EGdJ
OYCdkkYAbeOLtAcrZ6m+dCZa4KEttbZ90BSuV89PGCLlMYZcivRzKE9WV7We8MkQ
69f1TSdPpejUZE1aWOGh5zlLUN5Giek0DT9preuU1pDj80gTOTfCo+lcPDWur1fP
Ek4u+2thXjHgE7fioEeaIiB+0dKGm2ap55z6J3gYCiSp
-----END CERTIFICATE-----