Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/hyP-onOKyWHgj_dKP8FyOg24Li8.roa
File:                     hyP-onOKyWHgj_dKP8FyOg24Li8.roa (raw, json)
Hash identifier:          VvfOYJ/CgSuJThTGSp9GiqzlL1K1npGS8n3FTayI+rs=
Subject key identifier:   87:23:FE:A2:73:8A:C9:61:E0:8F:F7:4A:3F:C1:72:3A:0D:B8:2E:2F
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019428275DAE0F3956BDEB82E06665AFDF84
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/hyP-onOKyWHgj_dKP8FyOg24Li8.roa
Signing time:             Thu 02 Jan 2025 17:54:16 +0000
ROA not before:           Thu 02 Jan 2025 17:54:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49981
IP address blocks:        185.141.217.0/24 maxlen: 24
                          188.213.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:5d:ae:0f:39:56:bd:eb:82:e0:66:65:af:df:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan  2 17:54:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8723fea2738ac961e08ff74a3fc1723a0db82e2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:d4:75:dd:7b:4c:44:22:56:2a:a6:0c:f0:54:
                    33:c5:ac:2a:81:39:ca:b6:a7:69:e4:54:7e:6c:58:
                    c5:ca:da:92:8c:c8:81:54:73:73:2d:2d:58:8f:c0:
                    ab:b7:97:2a:d0:c3:ba:40:9a:4b:e1:1a:b5:30:a5:
                    ee:5c:91:e9:41:ad:4c:d1:c6:fb:aa:13:fe:e9:83:
                    72:89:01:61:12:3b:07:73:dc:ec:35:9c:bd:e3:9e:
                    a2:11:cf:f9:ed:f1:70:39:b8:9e:9e:dc:02:26:df:
                    eb:83:39:4c:3c:f8:9a:22:15:07:99:48:ed:ab:65:
                    8c:76:38:cf:7d:47:ea:6d:07:97:d0:82:b9:55:8f:
                    b5:06:45:b9:93:ef:56:a0:7c:65:2c:12:37:08:07:
                    ab:72:f9:a7:e0:c7:ee:ca:db:84:05:23:4c:a2:78:
                    ad:99:17:41:26:6a:75:f6:d3:fc:3e:03:32:c8:4a:
                    28:8b:da:5f:ac:a0:02:35:07:8e:a4:b7:8c:8d:f6:
                    68:15:85:76:9e:5b:e2:6a:15:59:39:10:14:a7:f9:
                    67:b7:0e:05:ae:fa:6e:eb:c6:ab:5d:40:a6:db:ed:
                    ca:04:09:3e:55:a8:34:0e:5a:b4:6f:ef:f0:29:25:
                    35:3d:6c:ef:cc:a5:8b:8b:ef:a8:83:e3:c1:5d:14:
                    e4:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:23:FE:A2:73:8A:C9:61:E0:8F:F7:4A:3F:C1:72:3A:0D:B8:2E:2F
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/hyP-onOKyWHgj_dKP8FyOg24Li8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.141.217.0/24
                  188.213.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:79:12:e1:1f:c1:d7:79:19:26:83:fc:37:d7:fa:18:d8:f8:
         a8:a6:42:6c:a5:b9:36:98:b1:bf:32:32:8f:5c:ea:14:c6:cb:
         e2:ce:87:f8:62:cd:49:be:de:55:cd:2b:8d:8f:f7:f0:fe:a8:
         4f:96:0b:0a:df:0b:b9:38:dd:de:fb:1d:1f:b8:8f:d5:6e:2b:
         ca:3f:af:ca:73:99:e0:d5:e4:32:62:d4:42:75:ad:2e:c4:ef:
         e0:2c:d8:c5:8f:e4:20:58:d8:92:69:d0:3f:89:f9:d0:d1:ad:
         35:d0:43:6b:29:f5:fd:1d:50:04:5c:96:5e:0c:49:34:a8:4d:
         00:75:bd:1b:c7:52:1c:c7:2c:73:99:b8:d3:dd:35:44:42:44:
         1c:63:a7:b4:3c:01:b0:f5:7c:63:d6:2c:d9:87:f0:6f:2b:52:
         48:2c:cf:1d:d3:35:3b:2e:db:4e:19:a4:5f:fb:f6:2b:1c:24:
         29:76:35:00:cb:6d:ac:94:15:2f:2c:28:f7:87:27:87:84:c4:
         49:b9:95:b7:56:28:ab:10:84:a7:ba:94:b0:bf:68:1b:27:ae:
         14:74:da:44:4c:e5:31:7e:1b:6d:d8:a5:02:d9:30:45:8a:73:
         b9:11:a2:5c:80:15:89:ea:c5:c5:99:af:b8:5e:59:ee:35:bd:
         72:7e:86:96
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQoJ12uDzlWveuC4GZlr9+EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwMTAyMTc1NDE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzIzZmVhMjczOGFjOTYxZTA4ZmY3NGEzZmMxNzIzYTBkYjgyZTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyNR13XtMRCJWKqYM8FQzxawqgTnK
tqdp5FR+bFjFytqSjMiBVHNzLS1Yj8Crt5cq0MO6QJpL4Rq1MKXuXJHpQa1M0cb7
qhP+6YNyiQFhEjsHc9zsNZy9456iEc/57fFwObientwCJt/rgzlMPPiaIhUHmUjt
q2WMdjjPfUfqbQeX0IK5VY+1BkW5k+9WoHxlLBI3CAercvmn4MfuytuEBSNMonit
mRdBJmp19tP8PgMyyEooi9pfrKACNQeOpLeMjfZoFYV2nlviahVZORAUp/lntw4F
rvpu68arXUCm2+3KBAk+Vag0Dlq0b+/wKSU1PWzvzKWLi++og+PBXRTk5QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIcj/qJzislh4I/3Sj/BcjoNuC4vMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvaHlQLW9uT0t5V0hnal9kS1A4RnlPZzI0TGk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuY3ZAwQA
vNXYMA0GCSqGSIb3DQEBCwUAA4IBAQAMeRLhH8HXeRkmg/w31/oY2PiopkJspbk2
mLG/MjKPXOoUxsvizof4Ys1Jvt5VzSuNj/fw/qhPlgsK3wu5ON3e+x0fuI/VbivK
P6/Kc5ng1eQyYtRCda0uxO/gLNjFj+QgWNiSadA/ifnQ0a010ENrKfX9HVAEXJZe
DEk0qE0Adb0bx1IcxyxzmbjT3TVEQkQcY6e0PAGw9Xxj1izZh/BvK1JILM8d0zU7
LttOGaRf+/YrHCQpdjUAy22slBUvLCj3hyeHhMRJuZW3ViirEISnupSwv2gbJ64U
dNpETOUxfhtt2KUC2TBFinO5EaJcgBWJ6sXFma+4XlnuNb1yfoaW
-----END CERTIFICATE-----