Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/726a52-5c73-4905-a19d-9f72f8dec468/1/hyeaa7WHUt2Rcq_9qyU3ynO8FJA.roa
File:                     hyeaa7WHUt2Rcq_9qyU3ynO8FJA.roa (raw, json)
Hash identifier:          1lxOMkF/m/0MqdFiTX81zywF3SRcX+JuIQEJSNJChMU=
Subject key identifier:   87:27:9A:6B:B5:87:52:DD:91:72:AF:FD:AB:25:37:CA:73:BC:14:90
Certificate issuer:       /CN=7184c805d4e53c2a132c739c4e3752afc35ae995
Certificate serial:       019425FC36C34540A4387601C21CDA3DF0DE
Authority key identifier: 71:84:C8:05:D4:E5:3C:2A:13:2C:73:9C:4E:37:52:AF:C3:5A:E9:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cYTIBdTlPCoTLHOcTjdSr8Na6ZU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/726a52-5c73-4905-a19d-9f72f8dec468/1/hyeaa7WHUt2Rcq_9qyU3ynO8FJA.roa
Signing time:             Thu 02 Jan 2025 07:47:53 +0000
ROA not before:           Thu 02 Jan 2025 07:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3347
IP address blocks:        192.207.142.0/24 maxlen: 24
                          217.117.192.0/20 maxlen: 24
                          2a00:10f8::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/726a52-5c73-4905-a19d-9f72f8dec468/1/cYTIBdTlPCoTLHOcTjdSr8Na6ZU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/726a52-5c73-4905-a19d-9f72f8dec468/1/cYTIBdTlPCoTLHOcTjdSr8Na6ZU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cYTIBdTlPCoTLHOcTjdSr8Na6ZU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 04:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:36:c3:45:40:a4:38:76:01:c2:1c:da:3d:f0:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7184c805d4e53c2a132c739c4e3752afc35ae995
        Validity
            Not Before: Jan  2 07:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=87279a6bb58752dd9172affdab2537ca73bc1490
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:ff:da:00:e3:9b:f9:ea:d3:52:22:19:04:02:
                    3f:0f:38:38:ee:f7:91:ee:32:24:26:bf:81:f6:ce:
                    b3:45:c1:2b:99:8b:79:f4:04:24:40:6f:ff:90:4f:
                    ca:2d:b4:0f:dd:6f:ab:d9:7a:10:2a:27:df:b3:dc:
                    00:eb:72:00:8f:b6:db:ce:1c:d3:a5:ce:ab:e9:09:
                    96:a2:02:e2:25:53:b9:09:49:12:be:57:ca:5b:15:
                    ae:52:2e:84:a4:55:5b:fd:97:bc:80:1a:04:00:78:
                    81:02:cd:fc:bf:e1:f5:5e:be:f6:3c:ce:08:12:19:
                    61:90:2e:5f:92:fd:53:58:aa:9d:bd:75:8b:d8:32:
                    62:c7:30:e4:68:88:b8:77:75:a2:e9:b9:da:4d:7e:
                    9e:48:2d:c0:71:87:12:1b:8f:ad:ff:e9:63:33:3b:
                    58:e2:77:13:5e:2c:d8:ab:dc:e4:43:da:a0:61:e5:
                    c5:c2:ba:50:b5:97:1a:c3:36:92:25:7b:6d:0a:c3:
                    e7:ce:a7:de:22:62:8a:eb:9c:ab:7b:05:79:af:4e:
                    bb:8a:64:c7:5f:63:15:62:0f:93:4b:35:e1:81:6a:
                    b1:61:1a:d6:59:66:6e:e7:41:8e:74:e4:0c:21:3b:
                    e8:84:7f:d9:fe:8d:0d:c3:0a:5c:d7:88:8a:c3:f1:
                    be:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:27:9A:6B:B5:87:52:DD:91:72:AF:FD:AB:25:37:CA:73:BC:14:90
            X509v3 Authority Key Identifier:
                keyid:71:84:C8:05:D4:E5:3C:2A:13:2C:73:9C:4E:37:52:AF:C3:5A:E9:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cYTIBdTlPCoTLHOcTjdSr8Na6ZU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/726a52-5c73-4905-a19d-9f72f8dec468/1/hyeaa7WHUt2Rcq_9qyU3ynO8FJA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/726a52-5c73-4905-a19d-9f72f8dec468/1/cYTIBdTlPCoTLHOcTjdSr8Na6ZU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.207.142.0/24
                  217.117.192.0/20
                IPv6:
                  2a00:10f8::/32

    Signature Algorithm: sha256WithRSAEncryption
         8a:cf:16:0c:28:23:35:66:5d:2e:06:8e:ef:53:4f:b4:e9:01:
         d3:b8:e9:52:52:94:11:4b:e4:73:20:7f:c1:fc:0a:68:1d:94:
         2a:ad:55:cb:e8:41:a5:09:04:0c:ec:0d:7c:2a:fb:ab:68:3f:
         a3:38:ff:7b:ec:04:85:e0:85:ce:5d:c4:7f:20:90:14:61:b3:
         66:22:f4:9c:e8:02:32:82:36:e3:91:7d:e6:fa:29:8d:c0:73:
         21:30:b4:70:08:b0:c6:97:2a:69:c2:d6:a4:38:f6:b0:88:90:
         eb:b3:41:c2:09:46:0e:38:d8:12:2c:cc:3f:1d:a7:ca:35:13:
         78:8e:28:f7:4d:79:d0:21:72:79:f5:3d:9b:a5:c7:ad:f2:41:
         62:82:8c:70:d7:30:48:9a:77:fa:44:e0:f7:29:d7:50:44:bf:
         a4:11:bd:fa:f6:b8:b7:78:7a:d0:88:d1:70:4d:d5:b5:34:f4:
         a5:6f:b7:e3:6e:0a:a8:de:a3:ba:0f:91:be:0d:c6:5c:81:a0:
         31:6c:bd:3f:df:6b:4f:e6:9c:e8:c0:95:39:73:ee:50:1c:54:
         9c:66:81:77:30:cc:94:e1:c4:da:fa:c0:f8:db:75:28:50:6d:
         69:d6:de:2b:d2:aa:de:62:f7:56:cd:f3:76:cd:7f:6b:bd:6d:
         28:e1:46:a5
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQl/DbDRUCkOHYBwhzaPfDeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxODRjODA1ZDRlNTNjMmExMzJjNzM5YzRlMzc1MmFmYzM1
YWU5OTUwHhcNMjUwMTAyMDc0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzI3OWE2YmI1ODc1MmRkOTE3MmFmZmRhYjI1MzdjYTczYmMxNDkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu//aAOOb+erTUiIZBAI/Dzg47veR
7jIkJr+B9s6zRcErmYt59AQkQG//kE/KLbQP3W+r2XoQKiffs9wA63IAj7bbzhzT
pc6r6QmWogLiJVO5CUkSvlfKWxWuUi6EpFVb/Ze8gBoEAHiBAs38v+H1Xr72PM4I
EhlhkC5fkv1TWKqdvXWL2DJixzDkaIi4d3Wi6bnaTX6eSC3AcYcSG4+t/+ljMztY
4ncTXizYq9zkQ9qgYeXFwrpQtZcawzaSJXttCsPnzqfeImKK65yrewV5r067imTH
X2MVYg+TSzXhgWqxYRrWWWZu50GOdOQMITvohH/Z/o0Nwwpc14iKw/G+ZwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFIcnmmu1h1LdkXKv/aslN8pzvBSQMB8GA1UdIwQY
MBaAFHGEyAXU5TwqEyxznE43Uq/DWumVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1lUSUJkVGxQQ29UTEhPY1RqZFNyOE5hNlpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC83MjZhNTItNWM3My00OTA1LWExOWQt
OWY3MmY4ZGVjNDY4LzEvaHllYWE3V0hVdDJSY3FfOXF5VTN5bk84RkpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC83MjZhNTItNWM3My00OTA1LWExOWQtOWY3MmY4ZGVjNDY4
LzEvY1lUSUJkVGxQQ29UTEhPY1RqZFNyOE5hNlpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAwM+OAwQE
2XXAMA0EAgACMAcDBQAqABD4MA0GCSqGSIb3DQEBCwUAA4IBAQCKzxYMKCM1Zl0u
Bo7vU0+06QHTuOlSUpQRS+RzIH/B/ApoHZQqrVXL6EGlCQQM7A18KvuraD+jOP97
7ASF4IXOXcR/IJAUYbNmIvSc6AIygjbjkX3m+imNwHMhMLRwCLDGlyppwtakOPaw
iJDrs0HCCUYOONgSLMw/HafKNRN4jij3TXnQIXJ59T2bpcet8kFigoxw1zBImnf6
ROD3KddQRL+kEb369ri3eHrQiNFwTdW1NPSlb7fjbgqo3qO6D5G+DcZcgaAxbL0/
32tP5pzowJU5c+5QHFScZoF3MMyU4cTa+sD423UoUG1p1t4r0qreYvdWzfN2zX9r
vW0o4Ual
-----END CERTIFICATE-----