Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/yKPpEfXuR3hgVnHrW-SosrWvchI.roa
File:                     yKPpEfXuR3hgVnHrW-SosrWvchI.roa (raw, json)
Hash identifier:          JRlziFyrSVh96Xmb3+ZOE6HFj6jm/zMUIwmBAAhdoq8=
Subject key identifier:   C8:A3:E9:11:F5:EE:47:78:60:56:71:EB:5B:E4:A8:B2:B5:AF:72:12
Certificate issuer:       /CN=72ed2fbb7213fbf32ad4c087f8b0b22cecef4fea
Certificate serial:       019426D8A0FBB0BABF9E70DBD55F3F8AA0DF
Authority key identifier: 72:ED:2F:BB:72:13:FB:F3:2A:D4:C0:87:F8:B0:B2:2C:EC:EF:4F:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/yKPpEfXuR3hgVnHrW-SosrWvchI.roa
Signing time:             Thu 02 Jan 2025 11:48:38 +0000
ROA not before:           Thu 02 Jan 2025 11:48:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60197
IP address blocks:        80.67.188.0/24 maxlen: 24
                          2001:913::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d8:a0:fb:b0:ba:bf:9e:70:db:d5:5f:3f:8a:a0:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72ed2fbb7213fbf32ad4c087f8b0b22cecef4fea
        Validity
            Not Before: Jan  2 11:48:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c8a3e911f5ee4778605671eb5be4a8b2b5af7212
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:63:87:2d:46:85:93:f1:26:bb:da:b1:84:e2:
                    16:28:fb:50:ab:23:71:77:0e:4b:d2:27:28:57:c7:
                    8f:01:3f:fb:07:64:97:89:72:46:51:16:11:fa:ca:
                    d7:9f:b4:74:36:70:29:40:66:3b:24:3b:cf:e8:23:
                    40:3f:a4:62:39:b6:b7:e4:16:0e:4d:33:47:4f:c0:
                    46:0d:47:85:a6:31:e3:8c:1a:74:0c:af:97:3b:eb:
                    cd:ee:e4:c5:d6:19:1e:55:d3:15:a6:bb:96:29:91:
                    b1:98:f8:0f:31:1d:6f:3b:74:0d:ef:5e:8b:81:8a:
                    80:a2:13:74:78:fd:1b:f8:b2:d8:e7:25:09:b0:d3:
                    a1:ed:97:62:67:f6:3d:04:04:fe:12:17:78:f9:a5:
                    43:cc:67:fd:eb:8a:c7:5f:c4:af:0f:62:a0:a0:bd:
                    91:f0:af:f9:7e:ce:f9:1a:09:18:8c:87:48:04:45:
                    8c:fa:dc:d4:3b:1b:8e:ae:a3:e5:e7:74:d5:5f:07:
                    0d:f7:0a:3a:2f:14:3b:58:62:46:73:bf:36:cb:de:
                    01:cf:a7:78:bc:75:ee:5c:d0:37:8b:41:1a:1b:03:
                    d6:ec:ca:84:d0:51:81:09:b6:de:c3:25:fa:e9:f9:
                    93:0c:ff:27:a2:30:58:73:0c:7e:d3:f8:b6:f0:5c:
                    e7:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:A3:E9:11:F5:EE:47:78:60:56:71:EB:5B:E4:A8:B2:B5:AF:72:12
            X509v3 Authority Key Identifier:
                keyid:72:ED:2F:BB:72:13:FB:F3:2A:D4:C0:87:F8:B0:B2:2C:EC:EF:4F:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/yKPpEfXuR3hgVnHrW-SosrWvchI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.67.188.0/24
                IPv6:
                  2001:913::/36

    Signature Algorithm: sha256WithRSAEncryption
         91:48:57:cf:68:c6:07:b4:c1:d1:99:f5:7a:3e:96:3a:6c:c8:
         64:23:05:31:a6:24:24:4f:e4:0f:43:0e:c3:3e:f4:36:04:ac:
         ad:e0:a5:32:13:ee:82:6b:03:95:86:86:46:a0:d3:a2:7b:1d:
         10:da:66:f8:5e:4d:b8:7e:3b:1f:79:41:63:a3:30:9b:3c:29:
         3a:80:e1:60:6d:74:c8:1e:f9:a0:0e:e1:ff:24:31:35:18:4e:
         be:62:e2:79:7b:85:ed:d7:c6:0c:3d:5c:85:5c:b5:e4:57:66:
         86:51:51:cf:ef:c3:c2:cb:d8:68:39:83:7b:97:25:a2:a2:5f:
         5d:f4:bc:d2:98:41:ca:3d:0b:93:1b:f7:f9:b1:3d:c3:38:11:
         bf:f2:70:12:83:e5:5f:00:94:62:91:44:da:32:68:da:20:90:
         95:c7:06:29:11:26:2e:5b:bf:d5:d3:4b:e8:04:91:10:da:fd:
         d8:a3:fa:5e:52:50:31:eb:0d:ad:7d:a7:e9:f7:36:60:37:d1:
         af:a9:40:9e:03:ba:81:8e:64:36:8b:f9:b1:52:37:50:06:a2:
         be:44:f4:5d:4a:72:98:f8:42:29:cb:8b:5f:10:34:b3:2c:6f:
         70:ef:32:7a:59:d2:77:59:5b:a0:c7:75:2e:8e:f3:7a:18:75:
         bd:c5:c5:4e
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZQm2KD7sLq/nnDb1V8/iqDfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyZWQyZmJiNzIxM2ZiZjMyYWQ0YzA4N2Y4YjBiMjJjZWNl
ZjRmZWEwHhcNMjUwMTAyMTE0ODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGEzZTkxMWY1ZWU0Nzc4NjA1NjcxZWI1YmU0YThiMmI1YWY3MjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsWOHLUaFk/Emu9qxhOIWKPtQqyNx
dw5L0icoV8ePAT/7B2SXiXJGURYR+srXn7R0NnApQGY7JDvP6CNAP6RiOba35BYO
TTNHT8BGDUeFpjHjjBp0DK+XO+vN7uTF1hkeVdMVpruWKZGxmPgPMR1vO3QN716L
gYqAohN0eP0b+LLY5yUJsNOh7ZdiZ/Y9BAT+Ehd4+aVDzGf964rHX8SvD2KgoL2R
8K/5fs75GgkYjIdIBEWM+tzUOxuOrqPl53TVXwcN9wo6LxQ7WGJGc782y94Bz6d4
vHXuXNA3i0EaGwPW7MqE0FGBCbbewyX66fmTDP8nojBYcwx+0/i28FzntQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFMij6RH17kd4YFZx61vkqLK1r3ISMB8GA1UdIwQY
MBaAFHLtL7tyE/vzKtTAh/iwsizs70/qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3UwdnUzSVQtX01xMU1DSC1MQ3lMT3p2VC1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9lNWE4OTItMjNmNS00OWZhLWI2YTkt
YTY1MjMzYjNlOTc1LzEveUtQcEVmWHVSM2hnVm5IclctU29zcld2Y2hJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9lNWE4OTItMjNmNS00OWZhLWI2YTktYTY1MjMzYjNlOTc1
LzEvY3UwdnUzSVQtX01xMU1DSC1MQ3lMT3p2VC1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAUEO8MA4E
AgACMAgDBgQgAQkTADANBgkqhkiG9w0BAQsFAAOCAQEAkUhXz2jGB7TB0Zn1ej6W
OmzIZCMFMaYkJE/kD0MOwz70NgSsreClMhPugmsDlYaGRqDTonsdENpm+F5NuH47
H3lBY6MwmzwpOoDhYG10yB75oA7h/yQxNRhOvmLieXuF7dfGDD1chVy15FdmhlFR
z+/DwsvYaDmDe5cloqJfXfS80phByj0Lkxv3+bE9wzgRv/JwEoPlXwCUYpFE2jJo
2iCQlccGKREmLlu/1dNL6ASRENr92KP6XlJQMesNrX2n6fc2YDfRr6lAngO6gY5k
Nov5sVI3UAaivkT0XUpymPhCKcuLXxA0syxvcO8yelnSd1lboMd1Lo7zehh1vcXF
Tg==
-----END CERTIFICATE-----