Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/773e49-f4ea-47a7-8a60-d42d4e9c767d/1/yojAQ3oth9lVhqX5wg8l8cBEUmI.roa
File:                     yojAQ3oth9lVhqX5wg8l8cBEUmI.roa (raw, json)
Hash identifier:          o7RnG1CkyxwhqBFMnhN8mnO/r8Gaf2uetg2QG+K1/Js=
Subject key identifier:   CA:88:C0:43:7A:2D:87:D9:55:86:A5:F9:C2:0F:25:F1:C0:44:52:62
Certificate issuer:       /CN=67a4ec38f2ff69d2505f7f62e94c3bd798b58552
Certificate serial:       0194228E40F630985DB70F467CCEB42507EF
Authority key identifier: 67:A4:EC:38:F2:FF:69:D2:50:5F:7F:62:E9:4C:3B:D7:98:B5:85:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z6TsOPL_adJQX39i6Uw715i1hVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/773e49-f4ea-47a7-8a60-d42d4e9c767d/1/yojAQ3oth9lVhqX5wg8l8cBEUmI.roa
Signing time:             Wed 01 Jan 2025 15:48:55 +0000
ROA not before:           Wed 01 Jan 2025 15:48:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39657
IP address blocks:        217.30.0.0/22 maxlen: 24
                          217.30.0.0/23 maxlen: 24
                          217.30.2.0/24 maxlen: 24
                          217.30.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/773e49-f4ea-47a7-8a60-d42d4e9c767d/1/Z6TsOPL_adJQX39i6Uw715i1hVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/773e49-f4ea-47a7-8a60-d42d4e9c767d/1/Z6TsOPL_adJQX39i6Uw715i1hVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z6TsOPL_adJQX39i6Uw715i1hVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:40:f6:30:98:5d:b7:0f:46:7c:ce:b4:25:07:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67a4ec38f2ff69d2505f7f62e94c3bd798b58552
        Validity
            Not Before: Jan  1 15:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ca88c0437a2d87d95586a5f9c20f25f1c0445262
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:b5:ec:3f:50:64:a7:de:fe:e5:c5:a3:74:1d:
                    43:b0:b2:85:64:61:dc:40:6f:67:8c:56:3d:09:16:
                    e9:5c:ce:17:cb:df:2d:25:ea:c3:01:86:2f:96:ef:
                    88:20:8b:d1:ae:ff:a6:6e:fe:15:4b:c7:c5:9f:b7:
                    79:95:26:dd:32:b2:26:91:61:87:ea:09:71:a9:64:
                    53:20:b8:f1:4c:9b:64:91:65:84:24:ca:bc:f5:83:
                    71:02:9e:c0:79:ea:47:ff:00:32:fd:92:75:ff:83:
                    6a:63:fe:bf:d5:f6:a6:24:ba:34:5c:20:b7:e5:35:
                    dc:89:ec:60:af:2b:9e:26:71:52:e5:93:8a:08:87:
                    ae:55:fa:8b:ce:2a:93:9d:f2:23:87:c6:25:d0:5a:
                    7b:a0:4e:1a:64:6b:4b:90:62:ac:43:ce:25:e9:43:
                    70:27:2b:77:c7:86:ce:51:61:40:ba:9d:7f:bc:1b:
                    3e:7d:55:e8:1e:49:cd:f9:3a:d0:5a:30:e9:39:05:
                    e3:3c:fd:ef:ae:56:b1:fd:a1:3b:77:50:1c:9b:b8:
                    6a:ed:7e:d4:cb:58:95:6f:f2:f3:d4:51:d9:90:ba:
                    50:02:39:45:ad:01:05:fc:c6:00:7b:8e:77:95:62:
                    8b:02:a3:4d:1f:ab:6f:3e:e5:86:57:c3:0f:d8:48:
                    0b:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:88:C0:43:7A:2D:87:D9:55:86:A5:F9:C2:0F:25:F1:C0:44:52:62
            X509v3 Authority Key Identifier:
                keyid:67:A4:EC:38:F2:FF:69:D2:50:5F:7F:62:E9:4C:3B:D7:98:B5:85:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z6TsOPL_adJQX39i6Uw715i1hVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/773e49-f4ea-47a7-8a60-d42d4e9c767d/1/yojAQ3oth9lVhqX5wg8l8cBEUmI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/773e49-f4ea-47a7-8a60-d42d4e9c767d/1/Z6TsOPL_adJQX39i6Uw715i1hVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.30.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         90:32:cd:11:67:cd:e2:21:34:2f:ad:96:90:e9:c0:66:fb:c9:
         6b:e5:6a:82:12:ce:ef:36:82:7a:ea:44:eb:bc:6c:50:5e:57:
         88:a9:6f:23:42:f3:7c:c9:97:a9:f8:56:d5:91:b3:a2:80:9d:
         46:d9:00:6f:c9:c3:fa:23:b9:e9:6b:a3:ae:21:09:09:0f:a2:
         72:25:88:dc:e7:ce:31:b6:53:2a:d1:81:2d:17:c2:f8:4e:93:
         c7:e6:7d:0f:fd:a7:e8:de:d6:aa:95:07:85:15:f1:b3:a1:3f:
         03:07:fd:58:38:28:e8:b1:0d:4e:f5:64:8f:6f:db:84:72:29:
         34:81:62:80:d0:d4:db:9a:ab:30:04:7c:89:db:55:01:f2:a5:
         e7:d1:82:a3:c9:50:43:fe:96:28:a9:d3:76:92:46:9f:7c:51:
         2b:e6:06:00:a8:62:0c:38:26:64:c0:53:f9:a1:2c:af:b7:ab:
         9c:21:0a:1b:73:ca:ff:cd:9f:c9:a6:99:38:b6:af:2e:33:a8:
         ac:01:fd:fc:3f:9e:40:d0:e2:3b:35:0c:d4:dd:fe:92:39:6f:
         4d:52:f3:57:3e:bd:30:2f:89:7e:7e:cb:cb:06:3b:53:91:d1:
         17:69:55:28:1a:78:63:3c:15:9e:c3:eb:92:4e:90:f8:f6:91:
         fd:75:7e:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijkD2MJhdtw9GfM60JQfvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3YTRlYzM4ZjJmZjY5ZDI1MDVmN2Y2MmU5NGMzYmQ3OThi
NTg1NTIwHhcNMjUwMTAxMTU0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTg4YzA0MzdhMmQ4N2Q5NTU4NmE1ZjljMjBmMjVmMWMwNDQ1MjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoLXsP1Bkp97+5cWjdB1DsLKFZGHc
QG9njFY9CRbpXM4Xy98tJerDAYYvlu+IIIvRrv+mbv4VS8fFn7d5lSbdMrImkWGH
6glxqWRTILjxTJtkkWWEJMq89YNxAp7AeepH/wAy/ZJ1/4NqY/6/1famJLo0XCC3
5TXciexgryueJnFS5ZOKCIeuVfqLziqTnfIjh8Yl0Fp7oE4aZGtLkGKsQ84l6UNw
Jyt3x4bOUWFAup1/vBs+fVXoHknN+TrQWjDpOQXjPP3vrlax/aE7d1Acm7hq7X7U
y1iVb/Lz1FHZkLpQAjlFrQEF/MYAe453lWKLAqNNH6tvPuWGV8MP2EgLfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMqIwEN6LYfZVYal+cIPJfHARFJiMB8GA1UdIwQY
MBaAFGek7Djy/2nSUF9/YulMO9eYtYVSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjZUc09QTF9hZEpRWDM5aTZVdzcxNWkxaFZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS83NzNlNDktZjRlYS00N2E3LThhNjAt
ZDQyZDRlOWM3NjdkLzEveW9qQVEzb3RoOWxWaHFYNXdnOGw4Y0JFVW1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS83NzNlNDktZjRlYS00N2E3LThhNjAtZDQyZDRlOWM3Njdk
LzEvWjZUc09QTF9hZEpRWDM5aTZVdzcxNWkxaFZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC2R4AMA0G
CSqGSIb3DQEBCwUAA4IBAQCQMs0RZ83iITQvrZaQ6cBm+8lr5WqCEs7vNoJ66kTr
vGxQXleIqW8jQvN8yZep+FbVkbOigJ1G2QBvycP6I7npa6OuIQkJD6JyJYjc584x
tlMq0YEtF8L4TpPH5n0P/afo3taqlQeFFfGzoT8DB/1YOCjosQ1O9WSPb9uEcik0
gWKA0NTbmqswBHyJ21UB8qXn0YKjyVBD/pYoqdN2kkaffFEr5gYAqGIMOCZkwFP5
oSyvt6ucIQobc8r/zZ/Jppk4tq8uM6isAf38P55A0OI7NQzU3f6SOW9NUvNXPr0w
L4l+fsvLBjtTkdEXaVUoGnhjPBWew+uSTpD49pH9dX6L
-----END CERTIFICATE-----