Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/YowyPHWKNzsjzcaBgZm5HmIJvOo.roa
File:                     YowyPHWKNzsjzcaBgZm5HmIJvOo.roa (raw, json)
Hash identifier:          JJwU3ebzzf/XYTUjxkHVaf8ZvK9tRqMl43grCaj/7kI=
Subject key identifier:   62:8C:32:3C:75:8A:37:3B:23:CD:C6:81:81:99:B9:1E:62:09:BC:EA
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       01942827707871A467A8B153DBC33EE23EFE
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/YowyPHWKNzsjzcaBgZm5HmIJvOo.roa
Signing time:             Thu 02 Jan 2025 17:54:20 +0000
ROA not before:           Thu 02 Jan 2025 17:54:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214271
IP address blocks:        188.241.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:70:78:71:a4:67:a8:b1:53:db:c3:3e:e2:3e:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan  2 17:54:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=628c323c758a373b23cdc6818199b91e6209bcea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:dd:94:2f:40:a9:b3:a1:b3:e1:44:bb:d1:50:
                    d4:f0:49:24:9f:23:bb:9b:5e:ed:53:fa:d1:2b:74:
                    4c:31:05:62:77:f6:51:f3:88:61:df:5d:0c:83:b1:
                    8b:bd:10:45:69:d4:07:f4:c0:ac:12:d9:06:fc:f5:
                    1f:44:e0:60:a6:94:fb:76:c1:10:9c:60:52:8f:3c:
                    b7:85:b7:4f:48:d2:b7:0b:b3:b3:79:48:40:dc:95:
                    dd:ff:c3:2e:27:92:b8:56:1a:2a:ce:80:36:4e:18:
                    a0:e8:ca:22:1c:fb:fa:b1:d5:9c:31:02:24:50:bd:
                    b8:ce:3e:80:d0:61:67:bc:3b:91:79:5d:82:87:fa:
                    47:30:74:c0:d1:cc:bc:6a:8d:c0:d3:e7:95:32:56:
                    af:54:70:c9:ea:b5:a2:2c:98:8e:79:79:7f:39:6c:
                    dc:88:8a:e3:37:27:86:8c:2c:0a:58:78:28:a2:8e:
                    19:4e:2b:d8:0a:3c:08:05:e6:fd:c0:74:de:94:68:
                    09:33:28:97:33:51:b7:aa:86:35:92:5a:1d:1a:37:
                    d1:b4:ee:48:71:3e:16:46:36:a4:6b:66:89:54:ad:
                    79:d2:65:50:bb:64:3f:96:b4:20:43:31:bc:ba:e6:
                    d0:65:c7:45:79:5a:e8:9e:e1:33:da:ed:6c:9f:10:
                    47:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:8C:32:3C:75:8A:37:3B:23:CD:C6:81:81:99:B9:1E:62:09:BC:EA
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/YowyPHWKNzsjzcaBgZm5HmIJvOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.241.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:bc:8c:74:0a:36:99:56:90:51:bb:e4:a8:65:7e:e6:70:3a:
         3d:2b:dc:3c:51:49:a1:31:ac:52:09:68:a5:87:11:5a:d0:fd:
         f8:af:c2:f3:a0:08:14:2f:3f:13:2f:f4:8b:83:86:ce:56:db:
         c7:19:87:7c:b8:e1:d7:9b:3a:7a:60:f7:93:e9:80:a2:aa:21:
         22:b9:75:74:50:02:95:ed:9f:ab:c5:67:53:54:c7:8f:13:8d:
         ac:b1:10:3c:b9:3d:c0:d3:d5:9a:40:95:da:81:16:46:ba:ba:
         e6:83:51:97:3f:08:7a:32:66:da:19:73:d5:ff:a1:e1:da:c1:
         04:55:cb:31:39:94:06:0f:cb:ce:3f:02:71:aa:3a:04:75:ac:
         ec:8e:b9:f7:50:3c:ee:94:64:3c:07:c2:0b:74:be:02:63:09:
         ee:2c:00:61:36:48:88:30:49:c7:a4:92:3b:a8:aa:4f:ca:e7:
         87:8c:3e:35:f9:20:91:57:da:4a:b1:bb:19:b2:7e:b7:af:ea:
         00:92:ae:15:ef:91:45:7e:86:51:de:9c:a2:3f:5e:a8:38:10:
         ef:e4:40:db:87:4e:9e:39:41:d3:57:3c:46:54:fe:fb:0a:71:
         a0:89:75:92:d8:b9:5c:de:b7:56:95:e1:50:1c:74:b7:8e:5a:
         3b:0b:fd:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJ3B4caRnqLFT28M+4j7+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwMTAyMTc1NDIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjhjMzIzYzc1OGEzNzNiMjNjZGM2ODE4MTk5YjkxZTYyMDliY2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxt2UL0Cps6Gz4US70VDU8EkknyO7
m17tU/rRK3RMMQVid/ZR84hh310Mg7GLvRBFadQH9MCsEtkG/PUfROBgppT7dsEQ
nGBSjzy3hbdPSNK3C7OzeUhA3JXd/8MuJ5K4VhoqzoA2Thig6MoiHPv6sdWcMQIk
UL24zj6A0GFnvDuReV2Ch/pHMHTA0cy8ao3A0+eVMlavVHDJ6rWiLJiOeXl/OWzc
iIrjNyeGjCwKWHgooo4ZTivYCjwIBeb9wHTelGgJMyiXM1G3qoY1klodGjfRtO5I
cT4WRjaka2aJVK150mVQu2Q/lrQgQzG8uubQZcdFeVronuEz2u1snxBHRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGKMMjx1ijc7I83GgYGZuR5iCbzqMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvWW93eVBIV0tOenNqemNhQmdabTVIbUlKdk9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvPGIMA0G
CSqGSIb3DQEBCwUAA4IBAQBGvIx0CjaZVpBRu+SoZX7mcDo9K9w8UUmhMaxSCWil
hxFa0P34r8LzoAgULz8TL/SLg4bOVtvHGYd8uOHXmzp6YPeT6YCiqiEiuXV0UAKV
7Z+rxWdTVMePE42ssRA8uT3A09WaQJXagRZGurrmg1GXPwh6MmbaGXPV/6Hh2sEE
VcsxOZQGD8vOPwJxqjoEdazsjrn3UDzulGQ8B8ILdL4CYwnuLABhNkiIMEnHpJI7
qKpPyueHjD41+SCRV9pKsbsZsn63r+oAkq4V75FFfoZR3pyiP16oOBDv5EDbh06e
OUHTVzxGVP77CnGgiXWS2Llc3rdWleFQHHS3jlo7C/0C
-----END CERTIFICATE-----