Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/dcc2b4-9ded-4678-8398-ab79a3789f8f/1/YcOS2Wm4uyMkkPXlfvg_yl6nKYE.roa
File:                     YcOS2Wm4uyMkkPXlfvg_yl6nKYE.roa (raw, json)
Hash identifier:          khcCUHFHG89+gqzsvASfhdPwL9xGw6oHEE1dsfVjZXE=
Subject key identifier:   61:C3:92:D9:69:B8:BB:23:24:90:F5:E5:7E:F8:3F:CA:5E:A7:29:81
Certificate issuer:       /CN=700a1231d1c27a754e46ef10e92a730ae15d0f55
Certificate serial:       019427485212FC45EE1D900E24C044EA82A5
Authority key identifier: 70:0A:12:31:D1:C2:7A:75:4E:46:EF:10:E9:2A:73:0A:E1:5D:0F:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cAoSMdHCenVORu8Q6SpzCuFdD1U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/dcc2b4-9ded-4678-8398-ab79a3789f8f/1/YcOS2Wm4uyMkkPXlfvg_yl6nKYE.roa
Signing time:             Thu 02 Jan 2025 13:50:38 +0000
ROA not before:           Thu 02 Jan 2025 13:50:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208732
IP address blocks:        217.11.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/dcc2b4-9ded-4678-8398-ab79a3789f8f/1/cAoSMdHCenVORu8Q6SpzCuFdD1U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/dcc2b4-9ded-4678-8398-ab79a3789f8f/1/cAoSMdHCenVORu8Q6SpzCuFdD1U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cAoSMdHCenVORu8Q6SpzCuFdD1U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 10:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:52:12:fc:45:ee:1d:90:0e:24:c0:44:ea:82:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=700a1231d1c27a754e46ef10e92a730ae15d0f55
        Validity
            Not Before: Jan  2 13:50:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=61c392d969b8bb232490f5e57ef83fca5ea72981
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:fa:2f:11:07:02:57:cd:64:02:00:d0:46:ce:
                    94:d7:e2:86:c2:3c:de:5a:b4:17:d5:1c:dd:83:82:
                    f3:f1:0a:5c:61:34:79:89:f3:f1:9e:b5:da:1c:4f:
                    72:36:c1:f1:76:e1:e2:0a:4a:46:2b:be:c2:77:fb:
                    55:0a:5b:a1:e6:f0:93:4a:71:a8:37:7f:06:fa:c0:
                    56:b2:86:a4:aa:01:2c:59:c9:76:fc:ab:e3:64:f6:
                    32:72:d4:9b:3c:c6:68:6c:9a:f7:95:31:ae:bd:e0:
                    5d:6e:51:80:ac:5e:0c:61:57:33:ea:cb:79:04:bb:
                    b6:dd:7f:4d:87:a8:57:11:e1:2f:cf:33:0c:d1:af:
                    68:96:5d:8f:ce:7d:82:ea:21:21:cf:35:d4:d0:39:
                    72:6c:69:ef:32:65:31:b4:58:b2:12:20:94:78:79:
                    2f:3d:2d:2a:aa:d1:38:c7:9d:10:47:3b:6b:cb:0c:
                    7f:5f:b0:4d:ef:b0:8e:27:ac:44:7c:41:57:df:c4:
                    2b:fa:31:ab:24:19:a0:d0:75:26:3e:8f:d2:a4:f9:
                    0f:0d:70:35:5e:49:59:31:33:47:80:f2:d2:44:dc:
                    ac:34:d3:c3:c2:97:dc:69:d5:9b:ac:b5:c0:f7:f9:
                    10:39:0c:93:06:c1:d9:94:5f:a0:87:70:9e:4a:1b:
                    e6:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:C3:92:D9:69:B8:BB:23:24:90:F5:E5:7E:F8:3F:CA:5E:A7:29:81
            X509v3 Authority Key Identifier:
                keyid:70:0A:12:31:D1:C2:7A:75:4E:46:EF:10:E9:2A:73:0A:E1:5D:0F:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cAoSMdHCenVORu8Q6SpzCuFdD1U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/dcc2b4-9ded-4678-8398-ab79a3789f8f/1/YcOS2Wm4uyMkkPXlfvg_yl6nKYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/dcc2b4-9ded-4678-8398-ab79a3789f8f/1/cAoSMdHCenVORu8Q6SpzCuFdD1U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.11.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:10:86:3e:c2:45:6f:2c:37:33:45:a8:bd:bb:44:ab:f8:f6:
         56:2e:e1:cd:ef:f1:0e:cc:69:08:b6:c7:d0:d0:65:93:3c:a0:
         4b:74:52:d5:48:fb:f1:7e:64:2d:2b:20:8f:07:2d:57:3c:e1:
         2e:02:8a:50:98:3e:e3:40:7b:1c:72:4d:c5:9f:b7:b7:4f:c2:
         77:ac:ef:a8:51:eb:3e:c0:1d:cd:7f:e8:e9:07:7b:6d:34:87:
         dd:d9:2e:71:0f:bd:7b:60:99:39:74:a6:5c:dc:5b:dd:fc:06:
         cf:e7:00:03:f5:b7:fd:f9:6d:d3:9d:32:5b:f1:54:29:7a:38:
         68:0b:12:2e:a8:d9:cb:3c:9f:a8:c0:8b:f9:5b:d9:f0:09:9a:
         d2:ee:0d:a0:72:2f:20:ee:be:38:82:6d:db:97:d9:5a:58:b7:
         9f:98:df:69:e7:c1:fe:de:80:d7:bc:76:5b:71:64:f6:d3:ca:
         8b:fa:5f:d3:45:55:ad:07:25:58:1e:c4:ef:aa:1f:2c:1f:eb:
         b0:ff:81:3c:fd:94:48:2e:3f:a5:2c:45:8a:fb:02:05:5c:3b:
         5c:6c:a1:f0:e8:76:b4:92:95:03:dd:74:6e:bc:a1:4a:ff:69:
         9b:ab:cc:34:da:9a:7c:7f:36:3d:9e:69:bb:71:1c:b3:ac:bb:
         15:ef:a7:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSFIS/EXuHZAOJMBE6oKlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwMGExMjMxZDFjMjdhNzU0ZTQ2ZWYxMGU5MmE3MzBhZTE1
ZDBmNTUwHhcNMjUwMTAyMTM1MDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWMzOTJkOTY5YjhiYjIzMjQ5MGY1ZTU3ZWY4M2ZjYTVlYTcyOTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuvovEQcCV81kAgDQRs6U1+KGwjze
WrQX1Rzdg4Lz8QpcYTR5ifPxnrXaHE9yNsHxduHiCkpGK77Cd/tVCluh5vCTSnGo
N38G+sBWsoakqgEsWcl2/KvjZPYyctSbPMZobJr3lTGuveBdblGArF4MYVcz6st5
BLu23X9Nh6hXEeEvzzMM0a9oll2Pzn2C6iEhzzXU0DlybGnvMmUxtFiyEiCUeHkv
PS0qqtE4x50QRztrywx/X7BN77COJ6xEfEFX38Qr+jGrJBmg0HUmPo/SpPkPDXA1
XklZMTNHgPLSRNysNNPDwpfcadWbrLXA9/kQOQyTBsHZlF+gh3CeShvmXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGHDktlpuLsjJJD15X74P8pepymBMB8GA1UdIwQY
MBaAFHAKEjHRwnp1TkbvEOkqcwrhXQ9VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0FvU01kSENlblZPUnU4UTZTcHpDdUZkRDFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS9kY2MyYjQtOWRlZC00Njc4LTgzOTgt
YWI3OWEzNzg5ZjhmLzEvWWNPUzJXbTR1eU1ra1BYbGZ2Z195bDZuS1lFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS9kY2MyYjQtOWRlZC00Njc4LTgzOTgtYWI3OWEzNzg5Zjhm
LzEvY0FvU01kSENlblZPUnU4UTZTcHpDdUZkRDFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2QuFMA0G
CSqGSIb3DQEBCwUAA4IBAQABEIY+wkVvLDczRai9u0Sr+PZWLuHN7/EOzGkItsfQ
0GWTPKBLdFLVSPvxfmQtKyCPBy1XPOEuAopQmD7jQHscck3Fn7e3T8J3rO+oUes+
wB3Nf+jpB3ttNIfd2S5xD717YJk5dKZc3Fvd/AbP5wAD9bf9+W3TnTJb8VQpejho
CxIuqNnLPJ+owIv5W9nwCZrS7g2gci8g7r44gm3bl9laWLefmN9p58H+3oDXvHZb
cWT208qL+l/TRVWtByVYHsTvqh8sH+uw/4E8/ZRILj+lLEWK+wIFXDtcbKHw6Ha0
kpUD3XRuvKFK/2mbq8w02pp8fzY9nmm7cRyzrLsV76c6
-----END CERTIFICATE-----