Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/yGGcjEeLN1XoDfUFDjJG_DO_4S4.roa
File:                     yGGcjEeLN1XoDfUFDjJG_DO_4S4.roa (raw, json)
Hash identifier:          4dm551rsf+KoQu6R40JInSbMzcNHDKJhMN9+xzX7jtw=
Subject key identifier:   C8:61:9C:8C:47:8B:37:55:E8:0D:F5:05:0E:32:46:FC:33:BF:E1:2E
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       0194228D960EC746727658DF40855001ED7C
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/yGGcjEeLN1XoDfUFDjJG_DO_4S4.roa
Signing time:             Wed 01 Jan 2025 15:48:11 +0000
ROA not before:           Wed 01 Jan 2025 15:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     36062
IP address blocks:        213.254.244.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:96:0e:c7:46:72:76:58:df:40:85:50:01:ed:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jan  1 15:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c8619c8c478b3755e80df5050e3246fc33bfe12e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:78:39:ba:4f:9e:66:da:da:c2:e1:e8:da:42:
                    8e:72:11:bf:69:b5:15:ac:21:37:f1:95:0c:ca:62:
                    0c:8e:59:6a:08:f1:61:7e:1c:a3:51:62:8a:d6:07:
                    83:b3:7c:ae:49:08:11:ff:75:cd:97:2e:bb:5e:58:
                    92:97:fd:93:a1:ed:2b:06:e3:f6:96:ff:89:3f:0d:
                    4f:5f:cd:d6:44:b1:2c:3f:f4:a4:b3:51:7c:29:35:
                    b5:d7:d5:6f:09:49:5e:0c:b6:8b:0f:69:e4:ff:a8:
                    7e:0e:45:03:e8:43:5b:40:eb:ca:83:c7:ab:6b:a2:
                    3a:8f:39:30:3b:98:55:e3:80:fb:b1:4d:ce:b8:6d:
                    50:f9:63:b3:7b:e2:d2:16:a4:8c:3d:6e:ad:11:4d:
                    11:54:8d:26:f6:70:4e:2a:84:58:92:76:7a:e8:2c:
                    22:6e:58:3b:04:f0:e5:2b:e9:8d:02:6c:74:bd:b7:
                    f5:4d:85:ef:6f:df:be:d7:6b:fa:90:b8:09:77:5d:
                    db:6c:86:15:3b:08:9b:9f:5a:8b:df:0f:2b:f5:aa:
                    24:16:41:c0:fe:2f:bc:3f:02:87:1d:74:3f:78:3e:
                    47:69:e8:ab:54:4b:ee:4f:65:15:02:c6:d7:2b:90:
                    b0:63:b0:37:f0:50:42:9f:62:4b:8a:df:32:ab:d8:
                    af:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:61:9C:8C:47:8B:37:55:E8:0D:F5:05:0E:32:46:FC:33:BF:E1:2E
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/yGGcjEeLN1XoDfUFDjJG_DO_4S4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.254.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:15:d2:07:ae:32:1b:53:62:da:ca:05:38:de:d2:f4:69:d3:
         a0:7a:d1:94:fa:5e:8f:42:f8:0b:7e:de:7e:fc:0f:26:c7:6e:
         0d:cc:38:a7:0e:5a:06:dc:96:b8:81:d8:9f:80:fb:34:a8:36:
         57:ab:01:3f:a3:3b:e1:f4:b6:98:9c:50:c0:c2:4a:24:36:73:
         5a:ff:5e:7d:06:99:bb:7a:8b:c4:e0:c3:3d:4d:e2:6b:c6:46:
         0c:c3:83:b4:d3:b0:44:17:a6:3e:43:f3:6e:4c:58:36:f2:b3:
         ea:ab:97:3b:91:b4:6b:24:ba:7f:9a:51:d3:21:47:d9:64:4b:
         39:e7:a5:4f:1e:1c:6c:af:70:27:b6:69:b8:b8:35:2b:23:8e:
         a9:74:da:e2:31:88:1c:61:c7:6a:d8:71:8a:f4:1e:97:50:57:
         10:8f:13:4c:d6:09:0f:d0:89:44:43:2c:32:c4:0c:12:93:cc:
         b9:ed:56:db:db:b4:9d:7f:4b:f1:02:e8:58:59:9c:d6:ee:3d:
         dd:42:c5:d4:08:75:63:b7:50:c0:e3:38:10:94:8e:4f:95:6b:
         85:4a:37:85:45:fd:e7:28:c1:ed:ef:f2:71:d5:d7:fe:c9:ac:
         8c:7b:f0:f9:b5:f8:30:a8:95:ae:90:6b:c3:bb:81:19:05:cc:
         e9:74:32:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijZYOx0ZydljfQIVQAe18MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjUwMTAxMTU0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODYxOWM4YzQ3OGIzNzU1ZTgwZGY1MDUwZTMyNDZmYzMzYmZlMTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn3g5uk+eZtrawuHo2kKOchG/abUV
rCE38ZUMymIMjllqCPFhfhyjUWKK1geDs3yuSQgR/3XNly67XliSl/2Toe0rBuP2
lv+JPw1PX83WRLEsP/Sks1F8KTW119VvCUleDLaLD2nk/6h+DkUD6ENbQOvKg8er
a6I6jzkwO5hV44D7sU3OuG1Q+WOze+LSFqSMPW6tEU0RVI0m9nBOKoRYknZ66Cwi
blg7BPDlK+mNAmx0vbf1TYXvb9++12v6kLgJd13bbIYVOwibn1qL3w8r9aokFkHA
/i+8PwKHHXQ/eD5HaeirVEvuT2UVAsbXK5CwY7A38FBCn2JLit8yq9iveQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMhhnIxHizdV6A31BQ4yRvwzv+EuMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEveUdHY2pFZUxOMVhvRGZVRkRqSkdfRE9fNFM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1f70MA0G
CSqGSIb3DQEBCwUAA4IBAQAOFdIHrjIbU2LaygU43tL0adOgetGU+l6PQvgLft5+
/A8mx24NzDinDloG3Ja4gdifgPs0qDZXqwE/ozvh9LaYnFDAwkokNnNa/159Bpm7
eovE4MM9TeJrxkYMw4O007BEF6Y+Q/NuTFg28rPqq5c7kbRrJLp/mlHTIUfZZEs5
56VPHhxsr3Antmm4uDUrI46pdNriMYgcYcdq2HGK9B6XUFcQjxNM1gkP0IlEQywy
xAwSk8y57Vbb27Sdf0vxAuhYWZzW7j3dQsXUCHVjt1DA4zgQlI5PlWuFSjeFRf3n
KMHt7/Jx1df+yayMe/D5tfgwqJWukGvDu4EZBczpdDJ/
-----END CERTIFICATE-----