Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/1fde18-2873-4fe0-869c-3820f7ee2cb8/1/yLm-AHf2Wu1baGR2558SeGJ9vpc.roa
File:                     yLm-AHf2Wu1baGR2558SeGJ9vpc.roa (raw, json)
Hash identifier:          /Bd5Eq0QqwLJoY4wAtUd+ZWldK7GG5PZ0zCSIxN6jTY=
Subject key identifier:   C8:B9:BE:00:77:F6:5A:ED:5B:68:64:76:E7:9F:12:78:62:7D:BE:97
Certificate issuer:       /CN=63495a4cecbeafb3eadf6ed0349bb0b96da464ee
Certificate serial:       0194214421A88A404E9D2E5FCB6F0CED39D3
Authority key identifier: 63:49:5A:4C:EC:BE:AF:B3:EA:DF:6E:D0:34:9B:B0:B9:6D:A4:64:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y0laTOy-r7Pq327QNJuwuW2kZO4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/1fde18-2873-4fe0-869c-3820f7ee2cb8/1/yLm-AHf2Wu1baGR2558SeGJ9vpc.roa
Signing time:             Wed 01 Jan 2025 09:48:20 +0000
ROA not before:           Wed 01 Jan 2025 09:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8586
IP address blocks:        178.16.238.0/24 maxlen: 24
                          178.16.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/1fde18-2873-4fe0-869c-3820f7ee2cb8/1/Y0laTOy-r7Pq327QNJuwuW2kZO4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/1fde18-2873-4fe0-869c-3820f7ee2cb8/1/Y0laTOy-r7Pq327QNJuwuW2kZO4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y0laTOy-r7Pq327QNJuwuW2kZO4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 09:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:21:a8:8a:40:4e:9d:2e:5f:cb:6f:0c:ed:39:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63495a4cecbeafb3eadf6ed0349bb0b96da464ee
        Validity
            Not Before: Jan  1 09:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c8b9be0077f65aed5b686476e79f1278627dbe97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:2f:8b:02:72:30:18:e6:91:5c:e9:dc:f4:bb:
                    f3:eb:d0:8e:62:bf:32:8e:20:8e:97:92:3f:97:b8:
                    43:84:8c:de:a6:5b:a2:20:e8:f9:eb:4b:9c:ce:bf:
                    00:27:06:67:99:c1:f6:08:9c:29:8a:83:8b:82:ef:
                    b9:6a:18:a7:17:54:b4:f1:54:06:22:ba:f0:bf:29:
                    a4:b8:f7:d7:fd:48:df:c5:2d:83:55:84:d8:0b:eb:
                    75:48:f0:e3:84:26:29:df:b4:9b:06:f2:00:5c:e2:
                    f5:49:71:50:64:f8:61:03:05:51:07:17:7c:f0:5e:
                    d5:f6:25:eb:40:3b:af:f0:6b:5d:e3:ce:8a:98:7d:
                    89:0d:ca:12:79:00:6c:f2:26:76:6b:8f:95:f4:d4:
                    fe:db:ee:0f:09:ee:95:07:c4:80:75:7c:0c:32:ac:
                    3f:a9:44:89:d6:ef:67:5b:5d:fa:f2:b8:bc:14:2e:
                    9a:28:e2:06:f7:7c:39:18:99:28:01:60:73:9a:81:
                    2d:2d:2f:fe:4e:6d:56:07:41:a8:03:a5:61:e7:4c:
                    4e:4c:4e:68:a0:25:ea:c7:24:6e:03:36:f1:16:22:
                    65:ac:85:c7:59:fe:91:0a:4c:ca:e7:1f:db:c5:88:
                    d1:3c:b5:b5:19:6d:fe:85:52:6c:02:c0:23:1e:8b:
                    0b:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:B9:BE:00:77:F6:5A:ED:5B:68:64:76:E7:9F:12:78:62:7D:BE:97
            X509v3 Authority Key Identifier:
                keyid:63:49:5A:4C:EC:BE:AF:B3:EA:DF:6E:D0:34:9B:B0:B9:6D:A4:64:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y0laTOy-r7Pq327QNJuwuW2kZO4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/1fde18-2873-4fe0-869c-3820f7ee2cb8/1/yLm-AHf2Wu1baGR2558SeGJ9vpc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/1fde18-2873-4fe0-869c-3820f7ee2cb8/1/Y0laTOy-r7Pq327QNJuwuW2kZO4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.16.238.0/23

    Signature Algorithm: sha256WithRSAEncryption
         df:dc:fc:f1:7e:79:87:0c:0c:e6:c2:4e:ed:ad:51:2c:c4:5b:
         62:72:c6:a6:24:75:9c:3f:e9:b1:1e:54:82:b7:61:2c:9a:5d:
         af:71:e3:90:72:60:db:af:03:32:aa:0b:88:1c:26:53:c8:97:
         57:9b:4e:a8:de:f9:e4:d0:42:ba:9e:c2:d7:1c:36:29:35:79:
         62:da:91:12:89:b8:96:50:6a:81:b5:bc:eb:06:c4:cf:50:f8:
         7e:2c:20:41:03:37:f4:f5:b2:05:9a:55:e4:4b:6a:79:40:39:
         bd:7c:46:4a:31:87:ee:4d:92:8a:7d:cd:f2:20:16:69:62:50:
         d7:8f:8c:a8:2b:76:29:27:9c:24:63:ab:5a:23:16:7d:f8:ad:
         8d:44:ae:a7:bb:39:0a:25:23:04:4a:41:bf:af:90:83:b9:03:
         cb:1e:66:e1:dd:9c:ba:7c:4f:25:a6:0c:f4:44:48:7f:c4:3b:
         f7:2e:01:92:ed:8f:ae:59:d8:25:dd:73:d5:f9:dc:59:49:47:
         e3:f9:74:8e:f5:69:5f:2a:02:c8:40:ef:96:f1:37:3f:1e:ef:
         c5:f1:70:a1:ae:b9:fe:c6:af:74:6e:1f:70:43:f9:a9:59:56:
         9c:27:7e:ab:26:37:a1:68:f4:51:35:87:66:74:64:0a:7d:b8:
         41:cc:4b:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRCGoikBOnS5fy28M7TnTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNDk1YTRjZWNiZWFmYjNlYWRmNmVkMDM0OWJiMGI5NmRh
NDY0ZWUwHhcNMjUwMTAxMDk0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGI5YmUwMDc3ZjY1YWVkNWI2ODY0NzZlNzlmMTI3ODYyN2RiZTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoS+LAnIwGOaRXOnc9Lvz69COYr8y
jiCOl5I/l7hDhIzepluiIOj560uczr8AJwZnmcH2CJwpioOLgu+5ahinF1S08VQG
IrrwvymkuPfX/UjfxS2DVYTYC+t1SPDjhCYp37SbBvIAXOL1SXFQZPhhAwVRBxd8
8F7V9iXrQDuv8Gtd486KmH2JDcoSeQBs8iZ2a4+V9NT+2+4PCe6VB8SAdXwMMqw/
qUSJ1u9nW1368ri8FC6aKOIG93w5GJkoAWBzmoEtLS/+Tm1WB0GoA6Vh50xOTE5o
oCXqxyRuAzbxFiJlrIXHWf6RCkzK5x/bxYjRPLW1GW3+hVJsAsAjHosLfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMi5vgB39lrtW2hkduefEnhifb6XMB8GA1UdIwQY
MBaAFGNJWkzsvq+z6t9u0DSbsLltpGTuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTBsYVRPeS1yN1BxMzI3UU5KdXd1VzJrWk80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC8xZmRlMTgtMjg3My00ZmUwLTg2OWMt
MzgyMGY3ZWUyY2I4LzEveUxtLUFIZjJXdTFiYUdSMjU1OFNlR0o5dnBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC8xZmRlMTgtMjg3My00ZmUwLTg2OWMtMzgyMGY3ZWUyY2I4
LzEvWTBsYVRPeS1yN1BxMzI3UU5KdXd1VzJrWk80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBshDuMA0G
CSqGSIb3DQEBCwUAA4IBAQDf3PzxfnmHDAzmwk7trVEsxFticsamJHWcP+mxHlSC
t2Esml2vceOQcmDbrwMyqguIHCZTyJdXm06o3vnk0EK6nsLXHDYpNXli2pESibiW
UGqBtbzrBsTPUPh+LCBBAzf09bIFmlXkS2p5QDm9fEZKMYfuTZKKfc3yIBZpYlDX
j4yoK3YpJ5wkY6taIxZ9+K2NRK6nuzkKJSMESkG/r5CDuQPLHmbh3Zy6fE8lpgz0
REh/xDv3LgGS7Y+uWdgl3XPV+dxZSUfj+XSO9WlfKgLIQO+W8Tc/Hu/F8XChrrn+
xq90bh9wQ/mpWVacJ36rJjehaPRRNYdmdGQKfbhBzEsT
-----END CERTIFICATE-----