Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/def647-9186-4729-bb99-142ebe869316/1/LYYtWBIrqnMkBqXL_qoGSSiMC0A.roa
File:                     LYYtWBIrqnMkBqXL_qoGSSiMC0A.roa (raw, json)
Hash identifier:          GO+MMgl638g9Pe8U4lrnZd+WeVwSJjTIvRPV7rn/M2U=
Subject key identifier:   2D:86:2D:58:12:2B:AA:73:24:06:A5:CB:FE:AA:06:49:28:8C:0B:40
Certificate issuer:       /CN=f1a06c6c108e9419b2cdb21d48b49a6bbd6c16df
Certificate serial:       01942747E2CAC341367C494A5A1711632211
Authority key identifier: F1:A0:6C:6C:10:8E:94:19:B2:CD:B2:1D:48:B4:9A:6B:BD:6C:16:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8aBsbBCOlBmyzbIdSLSaa71sFt8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/def647-9186-4729-bb99-142ebe869316/1/LYYtWBIrqnMkBqXL_qoGSSiMC0A.roa
Signing time:             Thu 02 Jan 2025 13:50:10 +0000
ROA not before:           Thu 02 Jan 2025 13:50:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207404
IP address blocks:        194.127.208.0/22 maxlen: 24
                          2001:678:c48::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/def647-9186-4729-bb99-142ebe869316/1/8aBsbBCOlBmyzbIdSLSaa71sFt8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/def647-9186-4729-bb99-142ebe869316/1/8aBsbBCOlBmyzbIdSLSaa71sFt8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8aBsbBCOlBmyzbIdSLSaa71sFt8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 13:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:e2:ca:c3:41:36:7c:49:4a:5a:17:11:63:22:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1a06c6c108e9419b2cdb21d48b49a6bbd6c16df
        Validity
            Not Before: Jan  2 13:50:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2d862d58122baa732406a5cbfeaa0649288c0b40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:a1:53:34:b8:28:68:ef:05:08:cc:29:e0:9a:
                    37:12:1c:86:94:31:dc:1c:18:c4:ea:05:26:58:bb:
                    f4:38:44:a3:98:52:b5:ad:dd:24:cd:a8:c1:3d:0f:
                    5d:06:05:09:6e:bd:51:c3:fc:a6:f6:96:64:d2:db:
                    1c:8c:e4:08:09:2f:cf:3d:3f:15:9f:02:cc:73:18:
                    89:61:78:e7:92:b4:55:cc:a0:6c:3b:7b:16:15:80:
                    2f:74:20:af:82:ba:06:9e:bb:d3:bd:90:21:18:c8:
                    5a:12:63:99:a1:0f:47:fd:f9:bc:d5:4d:b2:82:43:
                    e3:b9:21:5c:fe:d9:57:d6:ba:82:2f:c6:52:30:de:
                    4a:7f:9a:bc:dd:e3:e4:d6:4e:d3:25:11:41:07:b7:
                    37:db:8d:06:59:2c:dc:a0:d1:e5:c3:cc:08:b0:00:
                    d2:ca:93:0e:3d:2a:72:6b:90:9b:82:22:1c:4f:20:
                    41:cb:92:4f:8a:50:77:6f:c3:69:5b:15:21:9f:76:
                    70:d0:ec:cb:2d:8a:6d:36:bf:35:09:5b:31:ce:e2:
                    06:f0:e3:2f:44:6c:0e:57:79:c0:a8:49:8c:ee:7e:
                    1a:ca:86:a7:77:58:cb:c6:00:77:dc:3e:6c:dc:d3:
                    23:c1:42:de:79:36:6a:68:b1:4c:0a:26:39:8e:f2:
                    4a:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:86:2D:58:12:2B:AA:73:24:06:A5:CB:FE:AA:06:49:28:8C:0B:40
            X509v3 Authority Key Identifier:
                keyid:F1:A0:6C:6C:10:8E:94:19:B2:CD:B2:1D:48:B4:9A:6B:BD:6C:16:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8aBsbBCOlBmyzbIdSLSaa71sFt8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/def647-9186-4729-bb99-142ebe869316/1/LYYtWBIrqnMkBqXL_qoGSSiMC0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/def647-9186-4729-bb99-142ebe869316/1/8aBsbBCOlBmyzbIdSLSaa71sFt8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.208.0/22
                IPv6:
                  2001:678:c48::/48

    Signature Algorithm: sha256WithRSAEncryption
         3e:a4:70:7f:92:4d:11:08:56:9f:d0:6d:ec:26:7c:e8:45:57:
         df:d6:89:b2:3c:19:be:61:e3:c5:c8:b0:52:c8:8d:96:4f:57:
         6e:e7:31:fc:af:d3:99:26:61:e8:b8:ef:6f:ea:5f:ac:a9:9b:
         e1:fb:b2:ac:16:ee:93:05:ea:a2:2d:4b:95:6c:65:48:32:4e:
         8c:54:cb:67:d1:39:61:de:81:de:82:d7:25:8e:d0:af:b0:76:
         61:3b:e9:23:cb:78:e1:ea:19:5f:68:90:a9:35:11:4b:96:5c:
         66:5d:f0:0a:f6:a2:a4:b4:45:f8:e5:b6:71:49:cd:e9:a7:10:
         47:02:be:80:a3:a6:b6:72:eb:a5:1d:3a:8e:bc:0c:73:2f:4d:
         5a:f5:b7:d7:75:5d:3e:90:52:ca:ef:21:fc:d0:11:f2:20:c9:
         3b:16:aa:27:cf:89:8e:92:40:5e:e3:bf:95:f2:40:18:26:d8:
         2b:e6:87:51:15:13:ad:8a:30:b4:90:c0:3e:e8:f1:83:f0:da:
         73:07:6c:27:ff:bc:25:3c:80:9b:42:e2:fd:34:61:2c:43:cf:
         88:84:cc:36:06:9e:2a:13:c2:2c:67:57:25:4c:42:a6:b6:9e:
         40:51:a4:15:5c:46:9d:4e:41:82:34:cc:3e:51:af:f1:b1:d5:
         af:5f:80:93
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQnR+LKw0E2fElKWhcRYyIRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxYTA2YzZjMTA4ZTk0MTliMmNkYjIxZDQ4YjQ5YTZiYmQ2
YzE2ZGYwHhcNMjUwMTAyMTM1MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDg2MmQ1ODEyMmJhYTczMjQwNmE1Y2JmZWFhMDY0OTI4OGMwYjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6FTNLgoaO8FCMwp4Jo3EhyGlDHc
HBjE6gUmWLv0OESjmFK1rd0kzajBPQ9dBgUJbr1Rw/ym9pZk0tscjOQICS/PPT8V
nwLMcxiJYXjnkrRVzKBsO3sWFYAvdCCvgroGnrvTvZAhGMhaEmOZoQ9H/fm81U2y
gkPjuSFc/tlX1rqCL8ZSMN5Kf5q83ePk1k7TJRFBB7c3240GWSzcoNHlw8wIsADS
ypMOPSpya5CbgiIcTyBBy5JPilB3b8NpWxUhn3Zw0OzLLYptNr81CVsxzuIG8OMv
RGwOV3nAqEmM7n4ayoand1jLxgB33D5s3NMjwULeeTZqaLFMCiY5jvJKjQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFC2GLVgSK6pzJAaly/6qBkkojAtAMB8GA1UdIwQY
MBaAFPGgbGwQjpQZss2yHUi0mmu9bBbfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGFCc2JCQ09sQm15emJJZFNMU2FhNzFzRnQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy9kZWY2NDctOTE4Ni00NzI5LWJiOTkt
MTQyZWJlODY5MzE2LzEvTFlZdFdCSXJxbk1rQnFYTF9xb0dTU2lNQzBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy9kZWY2NDctOTE4Ni00NzI5LWJiOTktMTQyZWJlODY5MzE2
LzEvOGFCc2JCQ09sQm15emJJZFNMU2FhNzFzRnQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCwn/QMA8E
AgACMAkDBwAgAQZ4DEgwDQYJKoZIhvcNAQELBQADggEBAD6kcH+STREIVp/Qbewm
fOhFV9/WibI8Gb5h48XIsFLIjZZPV27nMfyv05kmYei472/qX6ypm+H7sqwW7pMF
6qItS5VsZUgyToxUy2fROWHegd6C1yWO0K+wdmE76SPLeOHqGV9okKk1EUuWXGZd
8Ar2oqS0RfjltnFJzemnEEcCvoCjprZy66UdOo68DHMvTVr1t9d1XT6QUsrvIfzQ
EfIgyTsWqifPiY6SQF7jv5XyQBgm2Cvmh1EVE62KMLSQwD7o8YPw2nMHbCf/vCU8
gJtC4v00YSxDz4iEzDYGnioTwixnVyVMQqa2nkBRpBVcRp1OQYI0zD5Rr/Gx1a9f
gJM=
-----END CERTIFICATE-----