Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/7ae3c7-67e4-44de-b139-87d17df74c7e/1/0YppZtvRSXBHB8NFrLn_rzdM4Wg.roa
File:                     0YppZtvRSXBHB8NFrLn_rzdM4Wg.roa (raw, json)
Hash identifier:          AIX2Owt5viXo6Wp2eQTWR2x2rHaX/2g8xn17pbf1zi4=
Subject key identifier:   D1:8A:69:66:DB:D1:49:70:47:07:C3:45:AC:B9:FF:AF:37:4C:E1:68
Certificate issuer:       /CN=94d98e8fec680775a157266e0c6b78b141a34f5e
Certificate serial:       019425FC99C1D2D433FE4E291DFC7A1A594F
Authority key identifier: 94:D9:8E:8F:EC:68:07:75:A1:57:26:6E:0C:6B:78:B1:41:A3:4F:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lNmOj-xoB3WhVyZuDGt4sUGjT14.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/7ae3c7-67e4-44de-b139-87d17df74c7e/1/0YppZtvRSXBHB8NFrLn_rzdM4Wg.roa
Signing time:             Thu 02 Jan 2025 07:48:18 +0000
ROA not before:           Thu 02 Jan 2025 07:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50979
IP address blocks:        195.123.208.0/21 maxlen: 21
                          2a02:27ac::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/7ae3c7-67e4-44de-b139-87d17df74c7e/1/lNmOj-xoB3WhVyZuDGt4sUGjT14.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/7ae3c7-67e4-44de-b139-87d17df74c7e/1/lNmOj-xoB3WhVyZuDGt4sUGjT14.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lNmOj-xoB3WhVyZuDGt4sUGjT14.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:99:c1:d2:d4:33:fe:4e:29:1d:fc:7a:1a:59:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94d98e8fec680775a157266e0c6b78b141a34f5e
        Validity
            Not Before: Jan  2 07:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d18a6966dbd149704707c345acb9ffaf374ce168
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:e2:a4:a4:b8:1d:40:f8:3c:a5:b8:a5:b7:ed:
                    82:42:5c:26:3b:02:c3:5b:00:f1:8b:24:21:c2:19:
                    66:b9:7b:27:fd:69:a4:d1:08:c2:16:41:c7:6a:6e:
                    85:d7:b8:9a:79:ac:ca:ce:e0:0a:79:9c:c5:7d:44:
                    dc:dc:75:a2:8b:cf:c2:55:85:a5:50:13:07:d2:f4:
                    f2:e6:01:96:cb:a8:c9:95:87:88:30:af:db:c3:7e:
                    6e:9a:16:62:6b:9f:06:78:27:c0:49:03:6a:1d:45:
                    8e:22:34:b4:2e:29:07:d4:59:76:71:f5:14:67:b8:
                    22:a3:20:70:41:1e:d5:78:ea:64:76:50:b9:3b:25:
                    d0:fe:8c:74:f0:9c:6c:4d:e9:ef:3f:4a:7a:3f:9a:
                    6d:35:cd:2d:7c:f9:a3:14:ff:a2:63:ec:16:b4:9e:
                    dc:c0:78:8e:ba:1c:bc:67:65:f9:51:cb:8e:04:02:
                    1e:dd:2c:58:10:5b:7b:02:8b:a8:0b:0f:52:5d:97:
                    95:b3:b2:29:72:a3:6d:4e:3c:21:7e:cc:55:02:c3:
                    d8:4c:19:43:72:5c:df:a3:4e:63:0a:ee:73:75:74:
                    94:c2:d5:00:26:28:15:50:fb:17:ea:32:50:c1:e0:
                    4d:44:18:74:04:3c:8e:bd:1d:db:14:b4:01:c5:fa:
                    a1:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:8A:69:66:DB:D1:49:70:47:07:C3:45:AC:B9:FF:AF:37:4C:E1:68
            X509v3 Authority Key Identifier:
                keyid:94:D9:8E:8F:EC:68:07:75:A1:57:26:6E:0C:6B:78:B1:41:A3:4F:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lNmOj-xoB3WhVyZuDGt4sUGjT14.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/7ae3c7-67e4-44de-b139-87d17df74c7e/1/0YppZtvRSXBHB8NFrLn_rzdM4Wg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/7ae3c7-67e4-44de-b139-87d17df74c7e/1/lNmOj-xoB3WhVyZuDGt4sUGjT14.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.123.208.0/21
                IPv6:
                  2a02:27ac::/32

    Signature Algorithm: sha256WithRSAEncryption
         48:67:cb:b2:39:f5:93:3a:6f:7b:b6:36:52:94:d5:01:8c:21:
         b7:ec:b1:e4:eb:c4:99:06:4e:0d:ac:e8:40:e3:ff:9f:99:30:
         1b:4a:33:73:10:5c:c3:ec:a7:c3:4c:09:6e:d9:54:4c:11:22:
         56:d9:cc:5d:2d:4e:46:30:df:bd:0f:84:20:b9:86:55:25:ee:
         ad:04:06:c9:18:03:62:4a:c8:c1:9a:77:52:7f:8c:1b:da:57:
         45:67:c1:03:e1:98:d1:54:be:96:dd:f1:a0:9b:c6:b6:6c:6d:
         27:1e:26:63:68:ed:04:2f:ae:17:ac:2b:7b:99:cb:74:35:7f:
         5c:8d:a0:6d:d3:4d:a6:f8:05:b2:e6:69:a0:ea:f6:64:56:16:
         88:71:72:56:71:d8:9e:8d:53:12:52:9d:aa:0a:09:fa:93:d5:
         fe:e8:35:78:6d:f0:db:47:c9:f9:55:e8:c7:86:83:9c:97:8f:
         ef:77:34:d1:75:c1:f5:b7:fb:1f:1c:59:99:72:d3:49:c4:8a:
         e3:60:2c:fc:9d:72:55:ef:30:68:fd:59:7a:60:fc:76:15:a3:
         91:f9:84:0f:35:58:85:05:0d:8b:22:17:7e:90:7e:c3:55:dc:
         9f:d5:2a:28:8b:25:fc:33:68:d3:15:61:69:89:e7:a9:93:22:
         c1:df:74:40
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQl/JnB0tQz/k4pHfx6GllPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0ZDk4ZThmZWM2ODA3NzVhMTU3MjY2ZTBjNmI3OGIxNDFh
MzRmNWUwHhcNMjUwMTAyMDc0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMThhNjk2NmRiZDE0OTcwNDcwN2MzNDVhY2I5ZmZhZjM3NGNlMTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoeKkpLgdQPg8pbilt+2CQlwmOwLD
WwDxiyQhwhlmuXsn/Wmk0QjCFkHHam6F17iaeazKzuAKeZzFfUTc3HWii8/CVYWl
UBMH0vTy5gGWy6jJlYeIMK/bw35umhZia58GeCfASQNqHUWOIjS0LikH1Fl2cfUU
Z7gioyBwQR7VeOpkdlC5OyXQ/ox08JxsTenvP0p6P5ptNc0tfPmjFP+iY+wWtJ7c
wHiOuhy8Z2X5UcuOBAIe3SxYEFt7AouoCw9SXZeVs7IpcqNtTjwhfsxVAsPYTBlD
clzfo05jCu5zdXSUwtUAJigVUPsX6jJQweBNRBh0BDyOvR3bFLQBxfqhWQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNGKaWbb0UlwRwfDRay5/683TOFoMB8GA1UdIwQY
MBaAFJTZjo/saAd1oVcmbgxreLFBo09eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbE5tT2oteG9CM1doVnladURHdDRzVUdqVDE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83YWUzYzctNjdlNC00NGRlLWIxMzkt
ODdkMTdkZjc0YzdlLzEvMFlwcFp0dlJTWEJIQjhORnJMbl9yemRNNFdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi83YWUzYzctNjdlNC00NGRlLWIxMzktODdkMTdkZjc0Yzdl
LzEvbE5tT2oteG9CM1doVnladURHdDRzVUdqVDE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDw3vQMA0E
AgACMAcDBQAqAiesMA0GCSqGSIb3DQEBCwUAA4IBAQBIZ8uyOfWTOm97tjZSlNUB
jCG37LHk68SZBk4NrOhA4/+fmTAbSjNzEFzD7KfDTAlu2VRMESJW2cxdLU5GMN+9
D4QguYZVJe6tBAbJGANiSsjBmndSf4wb2ldFZ8ED4ZjRVL6W3fGgm8a2bG0nHiZj
aO0EL64XrCt7mct0NX9cjaBt002m+AWy5mmg6vZkVhaIcXJWcdiejVMSUp2qCgn6
k9X+6DV4bfDbR8n5VejHhoOcl4/vdzTRdcH1t/sfHFmZctNJxIrjYCz8nXJV7zBo
/Vl6YPx2FaOR+YQPNViFBQ2LIhd+kH7DVdyf1SooiyX8M2jTFWFpieepkyLB33RA
-----END CERTIFICATE-----