Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/y_1DokJhuMn6KiVy0_PFo2uwqL4.roa
File:                     y_1DokJhuMn6KiVy0_PFo2uwqL4.roa (raw, json)
Hash identifier:          CyQURB7g+UVvvUP5P21dxzNPaEmL0tzfzogezhC6J2I=
Subject key identifier:   CB:FD:43:A2:42:61:B8:C9:FA:2A:25:72:D3:F3:C5:A3:6B:B0:A8:BE
Certificate issuer:       /CN=7afb5441d8ef8e41aa28dd51cdde925943aef7fa
Certificate serial:       0194B19A9986B2CE2DBB8C2A3FB83F2807F0
Authority key identifier: 7A:FB:54:41:D8:EF:8E:41:AA:28:DD:51:CD:DE:92:59:43:AE:F7:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/evtUQdjvjkGqKN1Rzd6SWUOu9_o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/y_1DokJhuMn6KiVy0_PFo2uwqL4.roa
Signing time:             Wed 29 Jan 2025 10:28:06 +0000
ROA not before:           Wed 29 Jan 2025 10:28:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        116.199.224.0/21 maxlen: 21
                          116.199.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/evtUQdjvjkGqKN1Rzd6SWUOu9_o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/evtUQdjvjkGqKN1Rzd6SWUOu9_o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/evtUQdjvjkGqKN1Rzd6SWUOu9_o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b1:9a:99:86:b2:ce:2d:bb:8c:2a:3f:b8:3f:28:07:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7afb5441d8ef8e41aa28dd51cdde925943aef7fa
        Validity
            Not Before: Jan 29 10:28:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cbfd43a24261b8c9fa2a2572d3f3c5a36bb0a8be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:81:e4:d4:cb:0e:76:de:a6:68:79:d0:ba:0b:
                    f0:20:dd:c1:cb:41:31:81:3c:72:be:0d:43:ae:7e:
                    12:3d:fa:fc:62:fe:59:13:63:24:26:11:ef:97:54:
                    9a:d3:33:8b:c3:bf:f7:4d:bf:7f:32:dc:30:4c:8e:
                    9f:ed:aa:21:7c:c7:c0:92:0d:8c:9d:9c:71:c2:fb:
                    28:49:a6:d4:e9:e6:e1:cf:24:d9:f8:32:c0:a7:5e:
                    a5:b9:a0:57:fb:47:91:62:b1:4a:ef:4a:24:a1:b7:
                    65:bf:86:db:0c:54:d2:27:aa:96:ea:03:68:5d:ca:
                    fd:e7:dd:1d:e9:2c:67:75:22:79:31:d7:d2:98:54:
                    cd:37:b3:c7:6c:20:39:1f:53:13:c1:bd:91:06:e0:
                    32:f0:1b:b6:1e:6e:70:b9:0d:07:e8:10:f1:97:2f:
                    72:eb:d8:f8:29:19:b5:9c:aa:ca:55:87:4b:0d:98:
                    89:89:59:b6:f2:1d:2e:7a:56:91:a2:9a:a2:f3:cc:
                    f2:ab:ea:63:08:fd:9e:d0:4b:67:bc:68:01:32:52:
                    cb:c0:e6:2c:4e:ab:6d:24:72:45:0e:96:51:2e:01:
                    9e:5d:77:ca:3c:c7:8c:da:92:aa:15:01:1c:df:51:
                    d1:7d:93:37:c4:5e:90:04:74:e2:b7:1f:d8:d6:f0:
                    54:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:FD:43:A2:42:61:B8:C9:FA:2A:25:72:D3:F3:C5:A3:6B:B0:A8:BE
            X509v3 Authority Key Identifier:
                keyid:7A:FB:54:41:D8:EF:8E:41:AA:28:DD:51:CD:DE:92:59:43:AE:F7:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/evtUQdjvjkGqKN1Rzd6SWUOu9_o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/y_1DokJhuMn6KiVy0_PFo2uwqL4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/evtUQdjvjkGqKN1Rzd6SWUOu9_o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  116.199.224.0/21
                  116.199.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:df:e4:fc:8e:01:02:70:54:96:bf:53:26:a4:f4:28:60:ac:
         d4:13:f5:2e:39:97:1e:d2:35:b9:b3:64:53:d4:62:f4:b7:ba:
         cb:24:86:12:ae:ab:0d:48:ff:2c:f9:75:d0:cd:9b:58:34:5c:
         55:0c:31:f0:91:f4:c8:12:b0:0b:39:4d:13:bf:86:6e:95:53:
         f5:96:40:cd:25:e1:50:d5:0a:ce:6c:b0:00:c1:28:d8:87:21:
         9b:04:76:89:02:37:0f:11:e3:0c:ca:4f:0d:cf:4c:19:8f:ed:
         df:21:6e:7b:a1:f5:78:16:a2:6d:0b:92:b8:9a:8a:57:bd:97:
         d2:e7:b8:62:20:4d:ac:3c:da:66:a4:8f:92:7c:f1:91:d0:b0:
         73:92:49:9d:76:2e:1f:7c:57:d2:f6:d6:45:d8:ce:c4:15:a6:
         9d:e9:2e:f5:8b:90:d6:ab:db:36:4b:79:9b:fe:ff:83:19:fc:
         eb:6e:64:02:bb:f3:de:59:79:ef:a0:91:16:9f:9c:7e:e1:1c:
         e9:d9:d7:a1:58:01:54:bc:fe:e7:02:7e:52:5e:0f:36:97:39:
         ad:d4:b3:9c:73:6f:26:3c:1a:b9:53:95:a1:d5:3f:92:ec:90:
         5a:60:86:b6:fe:e5:c5:e7:a6:03:c9:30:e5:89:fb:5c:55:d1:
         95:28:e2:ce
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZSxmpmGss4tu4wqP7g/KAfwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhZmI1NDQxZDhlZjhlNDFhYTI4ZGQ1MWNkZGU5MjU5NDNh
ZWY3ZmEwHhcNMjUwMTI5MTAyODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmZkNDNhMjQyNjFiOGM5ZmEyYTI1NzJkM2YzYzVhMzZiYjBhOGJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYHk1MsOdt6maHnQugvwIN3By0Ex
gTxyvg1Drn4SPfr8Yv5ZE2MkJhHvl1Sa0zOLw7/3Tb9/MtwwTI6f7aohfMfAkg2M
nZxxwvsoSabU6ebhzyTZ+DLAp16luaBX+0eRYrFK70okobdlv4bbDFTSJ6qW6gNo
Xcr9590d6SxndSJ5MdfSmFTNN7PHbCA5H1MTwb2RBuAy8Bu2Hm5wuQ0H6BDxly9y
69j4KRm1nKrKVYdLDZiJiVm28h0uelaRopqi88zyq+pjCP2e0EtnvGgBMlLLwOYs
TqttJHJFDpZRLgGeXXfKPMeM2pKqFQEc31HRfZM3xF6QBHTitx/Y1vBUDwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMv9Q6JCYbjJ+iolctPzxaNrsKi+MB8GA1UdIwQY
MBaAFHr7VEHY745BqijdUc3ekllDrvf6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXZ0VVFkanZqa0dxS04xUnpkNlNXVU91OV9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny80ZDc2ZjUtNDJlYy00NTNlLTg5OTIt
ZDg5NzNhY2FmNDFkLzEveV8xRG9rSmh1TW42S2lWeTBfUEZvMnV3cUw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny80ZDc2ZjUtNDJlYy00NTNlLTg5OTItZDg5NzNhY2FmNDFk
LzEvZXZ0VVFkanZqa0dxS04xUnpkNlNXVU91OV9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDdMfgAwQA
dMfqMA0GCSqGSIb3DQEBCwUAA4IBAQBh3+T8jgECcFSWv1MmpPQoYKzUE/UuOZce
0jW5s2RT1GL0t7rLJIYSrqsNSP8s+XXQzZtYNFxVDDHwkfTIErALOU0Tv4ZulVP1
lkDNJeFQ1QrObLAAwSjYhyGbBHaJAjcPEeMMyk8Nz0wZj+3fIW57ofV4FqJtC5K4
mopXvZfS57hiIE2sPNpmpI+SfPGR0LBzkkmddi4ffFfS9tZF2M7EFaad6S71i5DW
q9s2S3mb/v+DGfzrbmQCu/PeWXnvoJEWn5x+4Rzp2dehWAFUvP7nAn5SXg82lzmt
1LOcc28mPBq5U5Wh1T+S7JBaYIa2/uXF56YDyTDliftcVdGVKOLO
-----END CERTIFICATE-----