Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/Cyn89nSP-A380xB9jFU-SvGwOLk.roa
File:                     Cyn89nSP-A380xB9jFU-SvGwOLk.roa (raw, json)
Hash identifier:          55NLzajp924cjij1HdQXLRUI6O4Sv4/7fK+uH+Ovruw=
Subject key identifier:   0B:29:FC:F6:74:8F:F8:0D:FC:D3:10:7D:8C:55:3E:4A:F1:B0:38:B9
Certificate issuer:       /CN=117f9d55826b42486dfc84d35c1a63a5ce87507c
Certificate serial:       0194274774C22067459A5477D85804D15E25
Authority key identifier: 11:7F:9D:55:82:6B:42:48:6D:FC:84:D3:5C:1A:63:A5:CE:87:50:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EX-dVYJrQkht_ITTXBpjpc6HUHw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/Cyn89nSP-A380xB9jFU-SvGwOLk.roa
Signing time:             Thu 02 Jan 2025 13:49:41 +0000
ROA not before:           Thu 02 Jan 2025 13:49:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199785
IP address blocks:        178.236.253.0/24 maxlen: 24
                          178.236.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/EX-dVYJrQkht_ITTXBpjpc6HUHw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/EX-dVYJrQkht_ITTXBpjpc6HUHw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EX-dVYJrQkht_ITTXBpjpc6HUHw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:74:c2:20:67:45:9a:54:77:d8:58:04:d1:5e:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=117f9d55826b42486dfc84d35c1a63a5ce87507c
        Validity
            Not Before: Jan  2 13:49:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0b29fcf6748ff80dfcd3107d8c553e4af1b038b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:16:8c:84:e1:cb:5c:39:30:d0:d3:29:b5:ae:
                    06:a2:15:2f:02:ca:08:ab:ec:01:1e:2f:16:5d:36:
                    96:50:ae:9a:21:f5:28:86:24:0b:5e:ff:20:85:38:
                    da:d5:73:fe:d5:2f:35:22:a5:9c:51:c9:2f:85:3d:
                    69:0f:d9:aa:a1:77:44:50:f2:56:b1:9e:ca:ac:3a:
                    93:58:2d:df:a2:88:76:95:c7:30:a7:5e:fb:30:d9:
                    93:f1:d1:21:44:49:ed:41:f4:88:a8:54:29:47:8a:
                    db:cb:2f:6f:0f:47:99:56:cd:8c:5e:a5:84:f6:8b:
                    a3:bf:f5:3b:2b:1e:5e:03:83:9a:41:cf:ac:1b:cc:
                    87:58:61:7c:40:83:94:79:9d:a5:6e:a0:43:54:b9:
                    af:74:fe:49:30:70:6e:ea:2e:e5:f4:c0:5e:13:78:
                    cc:59:c1:69:b0:e2:51:ae:3b:99:1c:fb:29:66:15:
                    76:7e:9f:fa:93:e9:e0:c8:58:3f:c6:48:a2:36:cd:
                    cd:d2:78:c5:92:d8:6d:a6:d8:c8:67:1f:cd:46:b3:
                    a3:88:aa:8d:a2:68:92:99:6c:fe:80:9d:c7:5d:50:
                    07:fd:50:13:36:3d:a5:ea:6a:e2:6a:7b:ef:69:32:
                    4a:0f:bf:c7:7f:98:12:33:14:a2:3e:c7:5d:2a:52:
                    17:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:29:FC:F6:74:8F:F8:0D:FC:D3:10:7D:8C:55:3E:4A:F1:B0:38:B9
            X509v3 Authority Key Identifier:
                keyid:11:7F:9D:55:82:6B:42:48:6D:FC:84:D3:5C:1A:63:A5:CE:87:50:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EX-dVYJrQkht_ITTXBpjpc6HUHw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/Cyn89nSP-A380xB9jFU-SvGwOLk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/EX-dVYJrQkht_ITTXBpjpc6HUHw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.236.253.0-178.236.254.255

    Signature Algorithm: sha256WithRSAEncryption
         77:8b:63:f6:fa:bf:30:43:5b:f8:59:b0:91:34:d0:c8:a2:72:
         db:94:b6:3e:1c:5d:20:c4:ec:0d:0a:60:9a:7b:59:02:b9:b0:
         02:fc:c3:8a:74:82:81:05:f0:23:cc:0e:7f:f5:1b:24:a8:c0:
         94:4d:a5:13:be:a8:da:d5:63:80:c1:61:b4:e5:ec:86:f1:18:
         3a:9d:40:ea:9c:5c:3a:ac:89:55:15:67:cd:69:3e:06:eb:bf:
         aa:e6:21:93:6c:bd:a7:52:8a:57:86:5f:49:be:68:81:ee:c9:
         33:93:f8:43:a6:14:a0:45:c1:8f:cd:5b:0b:ae:65:a8:02:20:
         4b:ba:ac:8a:39:57:6e:40:49:d8:25:ae:18:20:b7:4c:06:be:
         cf:f0:cc:99:dc:b2:f6:85:d3:00:e2:92:3e:f8:23:f4:90:a1:
         a1:27:85:9b:04:3f:49:ed:c1:d6:df:59:5e:f0:5b:38:8c:87:
         a3:a1:c4:c5:20:83:20:ba:70:66:73:28:ef:89:47:ff:2b:d2:
         e9:54:0e:a8:b6:88:95:ee:8d:41:49:f5:42:85:8d:8f:ec:fc:
         53:df:f4:00:2e:c8:7a:1a:ea:f7:99:0e:f1:63:24:3f:5f:eb:
         6d:91:7f:ee:c2:7e:1f:60:30:62:2d:61:3f:43:53:67:46:24:
         dc:10:d3:44
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQnR3TCIGdFmlR32FgE0V4lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExN2Y5ZDU1ODI2YjQyNDg2ZGZjODRkMzVjMWE2M2E1Y2U4
NzUwN2MwHhcNMjUwMTAyMTM0OTQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjI5ZmNmNjc0OGZmODBkZmNkMzEwN2Q4YzU1M2U0YWYxYjAzOGI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzBaMhOHLXDkw0NMpta4GohUvAsoI
q+wBHi8WXTaWUK6aIfUohiQLXv8ghTja1XP+1S81IqWcUckvhT1pD9mqoXdEUPJW
sZ7KrDqTWC3fooh2lccwp177MNmT8dEhREntQfSIqFQpR4rbyy9vD0eZVs2MXqWE
9oujv/U7Kx5eA4OaQc+sG8yHWGF8QIOUeZ2lbqBDVLmvdP5JMHBu6i7l9MBeE3jM
WcFpsOJRrjuZHPspZhV2fp/6k+ngyFg/xkiiNs3N0njFkthtptjIZx/NRrOjiKqN
omiSmWz+gJ3HXVAH/VATNj2l6mrianvvaTJKD7/Hf5gSMxSiPsddKlIX8wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFAsp/PZ0j/gN/NMQfYxVPkrxsDi5MB8GA1UdIwQY
MBaAFBF/nVWCa0JIbfyE01waY6XOh1B8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVgtZFZZSnJRa2h0X0lUVFhCcGpwYzZIVUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9lYWZjNDEtYzM1OC00YjUxLTliMWMt
M2ZiYmJhOTI0OWNkLzEvQ3luODluU1AtQTM4MHhCOWpGVS1Tdkd3T0xrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9lYWZjNDEtYzM1OC00YjUxLTliMWMtM2ZiYmJhOTI0OWNk
LzEvRVgtZFZZSnJRa2h0X0lUVFhCcGpwYzZIVUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBACy7P0D
BACy7P4wDQYJKoZIhvcNAQELBQADggEBAHeLY/b6vzBDW/hZsJE00MiictuUtj4c
XSDE7A0KYJp7WQK5sAL8w4p0goEF8CPMDn/1GySowJRNpRO+qNrVY4DBYbTl7Ibx
GDqdQOqcXDqsiVUVZ81pPgbrv6rmIZNsvadSileGX0m+aIHuyTOT+EOmFKBFwY/N
WwuuZagCIEu6rIo5V25ASdglrhggt0wGvs/wzJncsvaF0wDikj74I/SQoaEnhZsE
P0ntwdbfWV7wWziMh6OhxMUggyC6cGZzKO+JR/8r0ulUDqi2iJXujUFJ9UKFjY/s
/FPf9AAuyHoa6veZDvFjJD9f622Rf+7Cfh9gMGItYT9DU2dGJNwQ00Q=
-----END CERTIFICATE-----