Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/YumDYRQo9HtCukH0ICbLTj4sm6E.roa
File:                     YumDYRQo9HtCukH0ICbLTj4sm6E.roa (raw, json)
Hash identifier:          uJlodYTHyrm8TBrJ4Ti5qBaxXxxyDU8iASBhLRDbIQw=
Subject key identifier:   62:E9:83:61:14:28:F4:7B:42:BA:41:F4:20:26:CB:4E:3E:2C:9B:A1
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       01946E32BDDADF40F4AFAAD550A9C9F2D91D
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/YumDYRQo9HtCukH0ICbLTj4sm6E.roa
Signing time:             Thu 16 Jan 2025 08:20:06 +0000
ROA not before:           Thu 16 Jan 2025 08:20:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212477
IP address blocks:        103.245.231.0/24 maxlen: 24
                          185.198.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:6e:32:bd:da:df:40:f4:af:aa:d5:50:a9:c9:f2:d9:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan 16 08:20:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=62e983611428f47b42ba41f42026cb4e3e2c9ba1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:eb:33:13:ff:aa:f0:8c:f1:eb:61:6a:ef:02:
                    e8:1c:f6:da:7c:0b:cc:c2:80:7a:48:61:3b:0d:57:
                    ea:ed:c1:c0:aa:71:b6:92:ec:c7:63:fd:f6:79:0a:
                    f4:76:c5:58:46:66:de:a0:ce:37:5c:d7:11:81:64:
                    df:8b:3b:7c:3d:b6:ba:f5:b9:19:e3:62:9d:a6:91:
                    13:a9:5e:1c:2b:24:84:89:40:84:b3:8a:f9:f6:26:
                    cb:66:29:de:14:36:59:fe:cc:5e:17:35:3f:0a:19:
                    d7:8e:af:5e:56:81:29:2f:1b:97:0e:c9:b9:f9:24:
                    11:62:22:78:8a:c9:18:89:0b:02:ae:32:a4:5f:02:
                    cf:28:bb:40:47:0a:e3:d2:5b:8d:68:b1:92:4e:e8:
                    a2:fb:5f:7a:54:46:bf:e3:cc:ca:a9:e2:41:8f:17:
                    ba:c7:98:de:aa:f0:59:60:f3:4a:09:f6:5a:5b:01:
                    16:2a:ae:a5:1e:e8:1b:f3:c1:05:4e:73:0e:2f:d8:
                    5e:6c:3e:3e:1d:5f:ac:b3:1f:df:f2:a5:36:f4:13:
                    b2:c4:26:e1:96:bd:c6:22:ba:80:ae:a7:99:1e:cf:
                    14:41:ff:36:21:0a:e3:74:88:01:5c:f2:98:91:11:
                    0c:29:fb:a4:2d:cd:86:28:75:98:45:73:70:88:a6:
                    a4:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:E9:83:61:14:28:F4:7B:42:BA:41:F4:20:26:CB:4E:3E:2C:9B:A1
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/YumDYRQo9HtCukH0ICbLTj4sm6E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.245.231.0/24
                  185.198.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:b8:13:77:6d:57:ca:ba:97:9d:5c:97:c8:75:b6:d7:20:47:
         db:6b:d2:64:49:08:34:e5:87:ff:1d:de:d1:bd:15:ce:e1:6f:
         02:64:12:5e:a7:63:91:de:20:dc:bb:43:a9:57:81:80:f8:1c:
         30:97:c6:7e:24:ca:23:08:8f:a9:a1:c1:2e:58:8d:66:bd:9b:
         75:20:81:d5:a0:0b:dd:89:c9:16:4f:fe:75:7f:e9:c7:b1:40:
         ca:57:c8:53:d8:02:7e:8a:db:1e:5a:e1:09:cd:af:88:34:b2:
         a2:5a:e5:b8:77:1b:d2:eb:7f:49:2c:9a:b8:b6:82:46:72:46:
         e0:ab:97:46:e4:41:c5:5c:ea:eb:a4:02:ec:8f:a1:30:6e:15:
         0c:63:21:be:a5:f8:29:81:98:4c:83:4b:69:4b:56:d6:c7:89:
         68:97:c2:e4:a8:69:fc:77:ca:c3:39:5e:47:fb:24:fd:e2:d4:
         8e:14:7d:0b:18:93:fd:13:45:13:8d:02:02:64:ba:5e:a6:15:
         4b:bc:b0:dc:83:80:5d:e8:b8:45:e8:d2:51:b0:8d:a2:08:fa:
         78:a9:cf:eb:e4:89:3d:c4:1e:de:a2:a2:b9:7c:4e:00:bc:29:
         6f:16:e0:54:8e:57:0d:97:15:68:e5:a9:40:1d:29:20:62:33:
         1b:37:13:b9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZRuMr3a30D0r6rVUKnJ8tkdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwMTE2MDgyMDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmU5ODM2MTE0MjhmNDdiNDJiYTQxZjQyMDI2Y2I0ZTNlMmM5YmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+szE/+q8Izx62Fq7wLoHPbafAvM
woB6SGE7DVfq7cHAqnG2kuzHY/32eQr0dsVYRmbeoM43XNcRgWTfizt8Pba69bkZ
42KdppETqV4cKySEiUCEs4r59ibLZineFDZZ/sxeFzU/ChnXjq9eVoEpLxuXDsm5
+SQRYiJ4iskYiQsCrjKkXwLPKLtARwrj0luNaLGSTuii+196VEa/48zKqeJBjxe6
x5jeqvBZYPNKCfZaWwEWKq6lHugb88EFTnMOL9hebD4+HV+ssx/f8qU29BOyxCbh
lr3GIrqArqeZHs8UQf82IQrjdIgBXPKYkREMKfukLc2GKHWYRXNwiKakxwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGLpg2EUKPR7QrpB9CAmy04+LJuhMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvWXVtRFlSUW85SHRDdWtIMElDYkxUajRzbTZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAZ/XnAwQA
ucbqMA0GCSqGSIb3DQEBCwUAA4IBAQA4uBN3bVfKupedXJfIdbbXIEfba9JkSQg0
5Yf/Hd7RvRXO4W8CZBJep2OR3iDcu0OpV4GA+Bwwl8Z+JMojCI+pocEuWI1mvZt1
IIHVoAvdickWT/51f+nHsUDKV8hT2AJ+itseWuEJza+INLKiWuW4dxvS639JLJq4
toJGckbgq5dG5EHFXOrrpALsj6EwbhUMYyG+pfgpgZhMg0tpS1bWx4lol8LkqGn8
d8rDOV5H+yT94tSOFH0LGJP9E0UTjQICZLpephVLvLDcg4Bd6LhF6NJRsI2iCPp4
qc/r5Ik9xB7eoqK5fE4AvClvFuBUjlcNlxVo5alAHSkgYjMbNxO5
-----END CERTIFICATE-----