Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/74f5b2-c7e2-4a7e-b6c4-58765f193fec/1/YKFTV_Osz3tEHBL-tBtNNKG_uGY.roa
File:                     YKFTV_Osz3tEHBL-tBtNNKG_uGY.roa (raw, json)
Hash identifier:          ofAuwRpYik4IXKEsnZ8uX3EkPuXFlEDgyGW2JXk71VA=
Subject key identifier:   60:A1:53:57:F3:AC:CF:7B:44:1C:12:FE:B4:1B:4D:34:A1:BF:B8:66
Certificate issuer:       /CN=12d72718d155ac0e7d327f6384a2e4c95416d760
Certificate serial:       019421443606237EEFA30E0236A168E26635
Authority key identifier: 12:D7:27:18:D1:55:AC:0E:7D:32:7F:63:84:A2:E4:C9:54:16:D7:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EtcnGNFVrA59Mn9jhKLkyVQW12A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/74f5b2-c7e2-4a7e-b6c4-58765f193fec/1/YKFTV_Osz3tEHBL-tBtNNKG_uGY.roa
Signing time:             Wed 01 Jan 2025 09:48:25 +0000
ROA not before:           Wed 01 Jan 2025 09:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51088
IP address blocks:        192.166.96.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/74f5b2-c7e2-4a7e-b6c4-58765f193fec/1/EtcnGNFVrA59Mn9jhKLkyVQW12A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/74f5b2-c7e2-4a7e-b6c4-58765f193fec/1/EtcnGNFVrA59Mn9jhKLkyVQW12A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EtcnGNFVrA59Mn9jhKLkyVQW12A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 12:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:36:06:23:7e:ef:a3:0e:02:36:a1:68:e2:66:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12d72718d155ac0e7d327f6384a2e4c95416d760
        Validity
            Not Before: Jan  1 09:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=60a15357f3accf7b441c12feb41b4d34a1bfb866
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:eb:64:fa:00:1e:11:7e:69:95:c5:d6:48:ed:
                    7a:33:16:eb:f4:13:1c:1d:56:6f:30:16:dc:25:a7:
                    d8:bd:63:b6:d3:f7:16:77:3a:ca:b2:f2:b2:6d:78:
                    f2:6c:cd:6b:ad:c5:02:3c:c8:08:f3:37:54:56:a4:
                    d9:b7:98:f1:6a:4e:7a:96:7a:1b:93:3a:24:68:99:
                    07:4f:f5:39:87:08:37:f2:82:e5:f1:44:9e:ef:2d:
                    b2:94:c9:82:5a:43:21:27:15:6b:8b:a9:29:9b:ae:
                    83:1d:82:d1:cc:6a:39:b8:66:97:05:37:65:05:af:
                    e2:97:36:ad:32:1e:dd:e3:2f:5a:21:85:db:46:80:
                    4a:5b:ae:47:b6:d1:10:9e:55:4d:8f:5f:2b:0b:ab:
                    2b:d4:35:cc:53:d2:54:3c:8d:0a:5b:56:e6:7b:f7:
                    c2:55:ed:90:45:f0:d0:03:84:81:57:68:d0:40:33:
                    9e:c7:c1:da:a7:27:f3:30:33:24:6e:b6:bf:40:cc:
                    6e:1b:bf:58:af:6c:12:a2:f5:f0:2b:c0:27:d7:15:
                    98:05:26:d6:2e:b7:fb:d0:48:6d:ab:a1:f2:17:9b:
                    ea:9f:20:16:fe:75:f0:bc:2a:b8:e8:d3:0a:a3:1c:
                    5c:aa:f3:c3:19:0b:9d:ee:d4:61:0e:9b:a9:a8:25:
                    4f:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:A1:53:57:F3:AC:CF:7B:44:1C:12:FE:B4:1B:4D:34:A1:BF:B8:66
            X509v3 Authority Key Identifier:
                keyid:12:D7:27:18:D1:55:AC:0E:7D:32:7F:63:84:A2:E4:C9:54:16:D7:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EtcnGNFVrA59Mn9jhKLkyVQW12A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/74f5b2-c7e2-4a7e-b6c4-58765f193fec/1/YKFTV_Osz3tEHBL-tBtNNKG_uGY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/74f5b2-c7e2-4a7e-b6c4-58765f193fec/1/EtcnGNFVrA59Mn9jhKLkyVQW12A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.166.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         31:11:55:a3:71:79:ca:f3:bd:67:d3:b5:9c:c5:bd:ec:bb:f6:
         40:5b:0f:79:00:ea:a7:45:53:e2:68:e4:bc:02:2d:5f:fe:b8:
         e6:00:4d:bc:4b:54:61:be:1b:b8:e6:ba:21:d1:39:88:83:0b:
         e0:74:ec:b6:3b:a9:5d:04:d8:d4:2b:c2:4b:3b:6a:5c:24:cb:
         a6:f6:ed:63:31:01:ae:bd:e0:df:76:82:e0:2b:15:d0:02:f2:
         d6:88:9b:56:b9:7a:4f:0a:32:6c:d0:00:2a:25:3b:d7:e9:84:
         5c:a1:13:e1:0e:9c:5f:91:9f:d5:7c:f1:5b:3e:af:8d:69:64:
         09:56:ff:2e:ef:87:26:36:c4:ee:69:31:83:0c:9a:60:18:10:
         7b:ad:45:dd:5e:fa:1b:f0:5c:fe:e5:cf:7a:66:b0:c9:32:6c:
         f0:72:10:9d:de:a3:0a:dd:5e:60:d1:8e:a6:d7:b0:a3:6d:19:
         11:fe:33:b3:1e:2f:e9:c5:dc:4c:b1:53:9b:3a:d2:20:f7:b1:
         5b:bf:d1:46:71:5e:d9:16:70:65:b2:40:a1:ab:c7:0e:7d:12:
         8d:85:63:44:d7:61:9c:3d:ee:a3:ff:6f:a6:9f:19:7d:8d:ca:
         ab:ce:86:4c:4c:60:5f:98:47:7d:9a:8e:d5:e2:51:a4:5c:47:
         e6:12:87:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRDYGI37vow4CNqFo4mY1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyZDcyNzE4ZDE1NWFjMGU3ZDMyN2Y2Mzg0YTJlNGM5NTQx
NmQ3NjAwHhcNMjUwMTAxMDk0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGExNTM1N2YzYWNjZjdiNDQxYzEyZmViNDFiNGQzNGExYmZiODY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+tk+gAeEX5plcXWSO16Mxbr9BMc
HVZvMBbcJafYvWO20/cWdzrKsvKybXjybM1rrcUCPMgI8zdUVqTZt5jxak56lnob
kzokaJkHT/U5hwg38oLl8USe7y2ylMmCWkMhJxVri6kpm66DHYLRzGo5uGaXBTdl
Ba/ilzatMh7d4y9aIYXbRoBKW65HttEQnlVNj18rC6sr1DXMU9JUPI0KW1bme/fC
Ve2QRfDQA4SBV2jQQDOex8HapyfzMDMkbra/QMxuG79Yr2wSovXwK8An1xWYBSbW
Lrf70Ehtq6HyF5vqnyAW/nXwvCq46NMKoxxcqvPDGQud7tRhDpupqCVPFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGChU1fzrM97RBwS/rQbTTShv7hmMB8GA1UdIwQY
MBaAFBLXJxjRVawOfTJ/Y4Si5MlUFtdgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXRjbkdORlZyQTU5TW45amhLTGt5VlFXMTJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS83NGY1YjItYzdlMi00YTdlLWI2YzQt
NTg3NjVmMTkzZmVjLzEvWUtGVFZfT3N6M3RFSEJMLXRCdE5OS0dfdUdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS83NGY1YjItYzdlMi00YTdlLWI2YzQtNTg3NjVmMTkzZmVj
LzEvRXRjbkdORlZyQTU5TW45amhLTGt5VlFXMTJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwKZgMA0G
CSqGSIb3DQEBCwUAA4IBAQAxEVWjcXnK871n07Wcxb3su/ZAWw95AOqnRVPiaOS8
Ai1f/rjmAE28S1Rhvhu45roh0TmIgwvgdOy2O6ldBNjUK8JLO2pcJMum9u1jMQGu
veDfdoLgKxXQAvLWiJtWuXpPCjJs0AAqJTvX6YRcoRPhDpxfkZ/VfPFbPq+NaWQJ
Vv8u74cmNsTuaTGDDJpgGBB7rUXdXvob8Fz+5c96ZrDJMmzwchCd3qMK3V5g0Y6m
17CjbRkR/jOzHi/pxdxMsVObOtIg97Fbv9FGcV7ZFnBlskChq8cOfRKNhWNE12Gc
Pe6j/2+mnxl9jcqrzoZMTGBfmEd9mo7V4lGkXEfmEofb
-----END CERTIFICATE-----