Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/08cd46-1019-4f7d-867b-297e03066f7d/1/hyhfndoa_Z24zyoZ7ygYaeGIqPw.roa
File:                     hyhfndoa_Z24zyoZ7ygYaeGIqPw.roa (raw, json)
Hash identifier:          08nYzAa42CtGg2k7nkGWsd8V/SDqafxamCeCjRVW6Yw=
Subject key identifier:   87:28:5F:9D:DA:1A:FD:9D:B8:CF:2A:19:EF:28:18:69:E1:88:A8:FC
Certificate issuer:       /CN=b02b1f76e8c2ba4928ac280b27aa84d5967a3504
Certificate serial:       01941FFA19C427798A01DC314BEC4549BADB
Authority key identifier: B0:2B:1F:76:E8:C2:BA:49:28:AC:28:0B:27:AA:84:D5:96:7A:35:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sCsfdujCukkorCgLJ6qE1ZZ6NQQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/08cd46-1019-4f7d-867b-297e03066f7d/1/hyhfndoa_Z24zyoZ7ygYaeGIqPw.roa
Signing time:             Wed 01 Jan 2025 03:47:51 +0000
ROA not before:           Wed 01 Jan 2025 03:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     196822
IP address blocks:        188.116.64.0/18 maxlen: 18
                          2a09:4dc0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/08cd46-1019-4f7d-867b-297e03066f7d/1/sCsfdujCukkorCgLJ6qE1ZZ6NQQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/08cd46-1019-4f7d-867b-297e03066f7d/1/sCsfdujCukkorCgLJ6qE1ZZ6NQQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sCsfdujCukkorCgLJ6qE1ZZ6NQQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:19:c4:27:79:8a:01:dc:31:4b:ec:45:49:ba:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b02b1f76e8c2ba4928ac280b27aa84d5967a3504
        Validity
            Not Before: Jan  1 03:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=87285f9dda1afd9db8cf2a19ef281869e188a8fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:b7:13:af:1c:f9:4a:04:0e:7b:51:f8:39:33:
                    23:fa:7a:1b:48:28:ee:91:20:95:f2:a4:2b:58:e4:
                    ed:6a:d0:4d:6d:5e:ff:a1:0e:12:9d:ad:0b:6b:8e:
                    32:99:cf:d5:5d:e1:0a:de:89:a6:a0:e2:6b:19:41:
                    4c:0f:5a:b1:4a:94:15:d7:91:8f:d3:5d:c7:7a:29:
                    fb:ff:9e:9c:7a:4f:6e:ec:fd:37:06:78:61:35:e9:
                    c2:30:17:16:83:c4:c9:9b:cf:0e:36:eb:f6:0f:91:
                    02:48:31:2e:6e:bf:a8:81:d8:f9:79:5a:ff:ac:98:
                    72:ee:f8:97:da:b2:d1:49:9e:43:9a:3a:29:1f:84:
                    78:7d:ac:f8:ed:6a:e9:47:fb:63:df:71:fe:09:b1:
                    3e:ea:5d:1f:ce:5b:29:73:63:5f:85:0d:05:f8:8b:
                    48:c4:32:29:bc:98:51:17:46:57:3e:b2:13:39:eb:
                    be:23:13:d5:4c:f2:da:75:e6:b8:82:96:ba:bd:f2:
                    65:86:f0:47:b6:b9:78:b2:43:93:08:66:c6:34:0d:
                    fa:f4:a1:cd:ef:f7:f2:70:46:df:0a:d2:0b:f6:66:
                    62:2c:80:b3:af:a3:62:07:36:cb:ec:61:85:d8:dc:
                    24:1c:28:b3:a0:ef:c3:f6:a5:71:c9:e4:ec:6d:d5:
                    3a:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:28:5F:9D:DA:1A:FD:9D:B8:CF:2A:19:EF:28:18:69:E1:88:A8:FC
            X509v3 Authority Key Identifier:
                keyid:B0:2B:1F:76:E8:C2:BA:49:28:AC:28:0B:27:AA:84:D5:96:7A:35:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sCsfdujCukkorCgLJ6qE1ZZ6NQQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/08cd46-1019-4f7d-867b-297e03066f7d/1/hyhfndoa_Z24zyoZ7ygYaeGIqPw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/08cd46-1019-4f7d-867b-297e03066f7d/1/sCsfdujCukkorCgLJ6qE1ZZ6NQQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.116.64.0/18
                IPv6:
                  2a09:4dc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         63:62:82:71:0d:58:5a:98:03:e9:9f:0a:73:2a:73:85:12:5e:
         95:90:ef:55:ba:82:5c:51:ce:75:0b:cd:fb:39:82:ef:fe:31:
         e6:fd:47:86:86:94:40:af:70:cc:a3:a9:30:ea:3b:61:b8:71:
         66:da:d7:bf:cb:f3:a2:cd:44:93:b8:ed:2d:e2:95:6c:51:d4:
         26:f8:66:04:59:b7:67:8c:5f:cd:0f:6b:ef:25:3d:ec:85:6d:
         d3:67:ab:c5:80:82:f8:b2:6e:fd:ca:da:99:0d:8e:e3:48:94:
         6f:d6:36:cd:c7:28:3e:e0:9e:65:3a:b6:21:de:06:b0:e7:96:
         fe:bd:6a:99:cb:9b:50:7a:1b:d3:08:40:54:9d:65:34:9c:7d:
         54:36:50:0b:28:42:b6:c1:b4:59:27:3f:6c:d9:8a:61:2c:2a:
         c9:84:5a:57:ca:e3:a4:e3:6e:a5:ef:e2:9f:f1:b1:ad:24:b6:
         25:31:f1:8e:37:fa:bf:71:0f:cf:8e:5b:e7:3a:67:61:88:e9:
         e5:d4:b9:5a:d5:50:2d:1f:68:cc:e5:9d:6e:59:ca:ee:99:6d:
         d4:eb:16:96:83:54:2f:53:c4:f6:7f:c3:bb:a2:b6:f4:3c:cc:
         18:5a:c9:25:02:12:54:74:62:8a:57:28:6a:31:13:dc:1c:d4:
         34:21:dc:c5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQf+hnEJ3mKAdwxS+xFSbrbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwMmIxZjc2ZThjMmJhNDkyOGFjMjgwYjI3YWE4NGQ1OTY3
YTM1MDQwHhcNMjUwMTAxMDM0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzI4NWY5ZGRhMWFmZDlkYjhjZjJhMTllZjI4MTg2OWUxODhhOGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi7cTrxz5SgQOe1H4OTMj+nobSCju
kSCV8qQrWOTtatBNbV7/oQ4Sna0La44ymc/VXeEK3ommoOJrGUFMD1qxSpQV15GP
013Hein7/56cek9u7P03BnhhNenCMBcWg8TJm88ONuv2D5ECSDEubr+ogdj5eVr/
rJhy7viX2rLRSZ5DmjopH4R4faz47WrpR/tj33H+CbE+6l0fzlspc2NfhQ0F+ItI
xDIpvJhRF0ZXPrITOeu+IxPVTPLadea4gpa6vfJlhvBHtrl4skOTCGbGNA369KHN
7/fycEbfCtIL9mZiLICzr6NiBzbL7GGF2NwkHCizoO/D9qVxyeTsbdU6uQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIcoX53aGv2duM8qGe8oGGnhiKj8MB8GA1UdIwQY
MBaAFLArH3bowrpJKKwoCyeqhNWWejUEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0NzZmR1akN1a2tvckNnTEo2cUUxWlo2TlFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS8wOGNkNDYtMTAxOS00ZjdkLTg2N2It
Mjk3ZTAzMDY2ZjdkLzEvaHloZm5kb2FfWjI0enlvWjd5Z1lhZUdJcVB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS8wOGNkNDYtMTAxOS00ZjdkLTg2N2ItMjk3ZTAzMDY2Zjdk
LzEvc0NzZmR1akN1a2tvckNnTEo2cUUxWlo2TlFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQGvHRAMA0E
AgACMAcDBQAqCU3AMA0GCSqGSIb3DQEBCwUAA4IBAQBjYoJxDVhamAPpnwpzKnOF
El6VkO9VuoJcUc51C837OYLv/jHm/UeGhpRAr3DMo6kw6jthuHFm2te/y/OizUST
uO0t4pVsUdQm+GYEWbdnjF/ND2vvJT3shW3TZ6vFgIL4sm79ytqZDY7jSJRv1jbN
xyg+4J5lOrYh3gaw55b+vWqZy5tQehvTCEBUnWU0nH1UNlALKEK2wbRZJz9s2Yph
LCrJhFpXyuOk426l7+Kf8bGtJLYlMfGON/q/cQ/PjlvnOmdhiOnl1Lla1VAtH2jM
5Z1uWcrumW3U6xaWg1QvU8T2f8O7orb0PMwYWsklAhJUdGKKVyhqMRPcHNQ0IdzF
-----END CERTIFICATE-----