Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/THy2hv6xxwj5Wx6vdPknxpREPU8.roa
File:                     THy2hv6xxwj5Wx6vdPknxpREPU8.roa (raw, json)
Hash identifier:          6vP2jcC6A352i2NqwXeJb7rfp9IZHQFNBW88KgDg+7s=
Subject key identifier:   4C:7C:B6:86:FE:B1:C7:08:F9:5B:1E:AF:74:F9:27:C6:94:44:3D:4F
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       019425FD2E6A9F39FC97442103FB530A0891
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/THy2hv6xxwj5Wx6vdPknxpREPU8.roa
Signing time:             Thu 02 Jan 2025 07:48:56 +0000
ROA not before:           Thu 02 Jan 2025 07:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214223
IP address blocks:        104.238.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:2e:6a:9f:39:fc:97:44:21:03:fb:53:0a:08:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Jan  2 07:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4c7cb686feb1c708f95b1eaf74f927c694443d4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:d1:5f:85:9c:6c:8e:c3:13:29:59:05:82:39:
                    75:7a:40:b0:d4:ec:d7:a5:cd:62:e5:9c:80:0d:29:
                    6b:d5:cf:57:71:00:4f:4b:3e:08:1c:76:df:46:22:
                    f4:7c:87:8f:07:ad:1b:88:96:19:4f:05:08:0d:e6:
                    1a:8b:c7:ff:74:1e:03:8d:d8:bd:ff:2c:c7:7d:dc:
                    9a:b1:61:9a:78:dc:67:5e:75:fc:35:49:30:45:27:
                    d0:fd:14:1f:df:0d:76:fd:bf:1d:bc:cf:96:2a:84:
                    9e:de:ef:81:30:e8:3b:c4:a2:97:57:4b:bd:2f:c4:
                    b4:15:aa:2b:34:70:ea:12:52:e8:e1:08:62:28:27:
                    f9:9e:9d:a1:c5:cd:e5:4b:0f:b6:d0:07:51:a8:18:
                    45:60:d3:4f:04:ad:39:2b:ab:29:34:69:6a:b1:32:
                    e9:4c:1b:3b:5a:e9:9e:f0:d9:2c:50:f9:8c:2c:e1:
                    a4:c1:0e:1c:a9:8b:5f:ba:5a:76:f8:b1:40:cf:1b:
                    72:40:fb:2a:e1:18:9a:99:44:f3:e1:fb:ed:b9:22:
                    2c:50:6b:04:8c:77:cb:25:fc:49:e2:dd:a4:8f:2f:
                    3d:ce:77:04:7e:7f:3d:e3:24:e1:08:39:9c:1d:dd:
                    d2:9f:22:24:c5:3e:14:6c:95:7d:48:65:c9:b5:b3:
                    52:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:7C:B6:86:FE:B1:C7:08:F9:5B:1E:AF:74:F9:27:C6:94:44:3D:4F
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/THy2hv6xxwj5Wx6vdPknxpREPU8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.238.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:7f:c7:12:4d:18:52:0b:4a:53:f3:cc:55:62:da:a0:3d:8d:
         f9:72:f0:49:ca:28:25:5d:9b:2a:ad:ff:25:02:71:eb:4b:c3:
         36:08:5a:68:10:4e:21:96:d1:18:d2:53:1c:c7:06:c9:d7:5f:
         18:10:7e:09:c4:dd:60:e9:02:c5:dd:4c:24:60:50:e9:f0:d6:
         17:c1:7d:e3:a0:49:3c:73:20:64:86:42:57:db:bb:61:80:2f:
         27:27:e3:b8:ec:d5:d9:fd:f1:2c:61:fe:c6:bf:e2:cd:02:e9:
         da:30:1a:22:9d:14:cd:4e:e4:de:80:98:13:db:8d:da:f6:21:
         5d:a2:98:52:1c:0e:04:5c:73:1a:63:01:38:3f:2b:15:b7:6f:
         ce:ca:e6:73:cd:37:ae:34:b9:fc:14:aa:63:60:ee:36:33:c5:
         bb:cf:be:b4:a7:9c:b5:e2:00:6a:d4:22:d6:e0:97:bf:51:f5:
         91:36:36:43:fb:3f:30:78:eb:f2:56:65:b5:63:8b:86:ca:03:
         51:86:09:25:cb:db:fc:59:0f:3e:20:1f:90:6a:58:fa:94:c4:
         9f:67:4a:12:f5:4d:33:50:13:85:70:05:9f:cf:97:61:e5:2a:
         2f:a8:a4:7d:51:cd:c8:6b:97:83:03:9e:70:aa:81:e8:7e:ea:
         a1:64:fe:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/S5qnzn8l0QhA/tTCgiRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjUwMTAyMDc0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzdjYjY4NmZlYjFjNzA4Zjk1YjFlYWY3NGY5MjdjNjk0NDQzZDRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA69FfhZxsjsMTKVkFgjl1ekCw1OzX
pc1i5ZyADSlr1c9XcQBPSz4IHHbfRiL0fIePB60biJYZTwUIDeYai8f/dB4Djdi9
/yzHfdyasWGaeNxnXnX8NUkwRSfQ/RQf3w12/b8dvM+WKoSe3u+BMOg7xKKXV0u9
L8S0FaorNHDqElLo4QhiKCf5np2hxc3lSw+20AdRqBhFYNNPBK05K6spNGlqsTLp
TBs7Wume8NksUPmMLOGkwQ4cqYtfulp2+LFAzxtyQPsq4RiamUTz4fvtuSIsUGsE
jHfLJfxJ4t2kjy89zncEfn894yThCDmcHd3SnyIkxT4UbJV9SGXJtbNS/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEx8tob+sccI+Vser3T5J8aURD1PMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvVEh5Mmh2Nnh4d2o1V3g2dmRQa254cFJFUFU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAaO4aMA0G
CSqGSIb3DQEBCwUAA4IBAQCWf8cSTRhSC0pT88xVYtqgPY35cvBJyiglXZsqrf8l
AnHrS8M2CFpoEE4hltEY0lMcxwbJ118YEH4JxN1g6QLF3UwkYFDp8NYXwX3joEk8
cyBkhkJX27thgC8nJ+O47NXZ/fEsYf7Gv+LNAunaMBoinRTNTuTegJgT243a9iFd
ophSHA4EXHMaYwE4PysVt2/OyuZzzTeuNLn8FKpjYO42M8W7z760p5y14gBq1CLW
4Je/UfWRNjZD+z8weOvyVmW1Y4uGygNRhgkly9v8WQ8+IB+Qalj6lMSfZ0oS9U0z
UBOFcAWfz5dh5SovqKR9Uc3Ia5eDA55wqoHofuqhZP7P
-----END CERTIFICATE-----