Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/YNHTj_9tkXWohC3gOtci87AG2Bk.roa
File:                     YNHTj_9tkXWohC3gOtci87AG2Bk.roa (raw, json)
Hash identifier:          hPbG4zl0vjvXNxKiAMn4B98elLLgXoPvOrT0Z1YpyaM=
Subject key identifier:   60:D1:D3:8F:FF:6D:91:75:A8:84:2D:E0:3A:D7:22:F3:B0:06:D8:19
Certificate issuer:       /CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
Certificate serial:       0194274769DE937CE4AE8412CBEF3DFBBF6F
Authority key identifier: 0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/YNHTj_9tkXWohC3gOtci87AG2Bk.roa
Signing time:             Thu 02 Jan 2025 13:49:39 +0000
ROA not before:           Thu 02 Jan 2025 13:49:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61317
IP address blocks:        87.254.11.0/24 maxlen: 24
                          87.254.16.0/24 maxlen: 24
                          87.254.17.0/24 maxlen: 24
                          217.25.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 11:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:69:de:93:7c:e4:ae:84:12:cb:ef:3d:fb:bf:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
        Validity
            Not Before: Jan  2 13:49:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=60d1d38fff6d9175a8842de03ad722f3b006d819
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:2f:50:f3:79:e2:2c:43:00:42:ce:0e:a5:d7:
                    4f:fb:62:fa:52:f4:22:2e:ad:a2:03:83:bd:c8:4a:
                    14:07:14:3a:c2:d7:d4:d3:1a:2c:46:ed:e6:d0:6a:
                    3f:6e:fc:06:77:e8:d2:70:fa:b2:67:03:02:96:c2:
                    7d:ea:56:56:bb:66:4b:42:ea:47:e3:39:7b:71:a4:
                    72:81:a2:e4:ea:9f:80:63:47:c1:ae:4d:69:40:42:
                    20:3c:05:87:b4:0a:c2:84:89:51:0d:28:46:df:c2:
                    15:22:88:64:50:8d:2c:d3:e7:e4:d9:d1:82:45:85:
                    24:a9:77:20:a2:66:72:ad:da:7c:f3:ce:c5:6d:a3:
                    d4:1a:95:f1:6b:36:5b:ab:0c:35:31:e9:d2:71:d9:
                    b1:3b:70:cf:97:d1:ff:9d:a6:e5:12:75:e6:34:98:
                    33:e3:28:f1:4d:2b:f3:51:a5:7d:4c:56:18:16:b2:
                    4c:da:26:60:7b:ea:fd:28:9f:2b:21:cc:66:79:dc:
                    b6:90:81:1c:9b:32:76:26:25:7d:eb:05:b0:0e:bc:
                    e9:19:43:b2:d5:d6:a1:32:2b:9a:5b:d2:97:78:02:
                    75:47:2d:14:40:ae:9a:21:18:98:d1:97:0a:c7:ce:
                    b4:1c:1e:5e:18:bd:5d:f0:91:ec:08:51:0c:12:2a:
                    fd:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:D1:D3:8F:FF:6D:91:75:A8:84:2D:E0:3A:D7:22:F3:B0:06:D8:19
            X509v3 Authority Key Identifier:
                keyid:0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/YNHTj_9tkXWohC3gOtci87AG2Bk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.254.11.0/24
                  87.254.16.0/23
                  217.25.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:c1:e2:f1:f9:5e:47:89:68:82:96:4d:7c:c4:01:51:5f:3c:
         6d:7a:7b:52:97:1d:69:2c:3c:c5:75:4c:99:d0:cd:3c:17:d3:
         bf:6e:ca:ed:97:c7:69:ab:4e:aa:d7:d1:f5:50:31:9b:ea:08:
         d5:f9:8c:0a:34:a5:00:d1:ae:ce:95:cd:11:c6:74:ca:89:36:
         f2:ec:3b:d4:20:8f:6a:c1:61:7d:fa:a3:d2:77:3e:85:d4:e9:
         0f:49:1b:3f:3c:ee:4b:a7:1a:ab:8e:9c:5f:6f:06:cc:76:c5:
         ae:93:47:bd:59:e2:76:96:ab:06:14:22:bc:23:57:99:1e:24:
         8e:5d:96:93:44:79:ac:06:b6:bd:02:19:5b:5b:9d:1c:d3:f7:
         97:c0:8a:2f:1c:80:df:ab:f0:bb:d6:4a:56:1f:06:c2:62:50:
         8f:d6:e7:71:21:d7:d6:b6:0c:e1:0f:a3:8f:46:71:10:a1:fc:
         0f:7e:b8:1e:ab:3f:37:98:6d:a6:5d:66:a6:88:ed:72:02:50:
         35:a7:b6:d3:bb:9b:3c:71:ce:55:cf:92:d9:d2:c0:29:f6:dc:
         31:2e:02:23:b2:39:13:81:e2:78:46:e2:02:34:50:e5:f6:86:
         cb:58:d9:f0:61:f7:40:f4:9c:74:22:56:59:97:e9:97:c8:35:
         80:10:7e:f5
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQnR2nek3zkroQSy+89+79vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZjgwY2JkZmUxODM1NGEzY2ZkYmEyZmUwNzlhYTJlYmM1
OGRjZDQwHhcNMjUwMTAyMTM0OTM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGQxZDM4ZmZmNmQ5MTc1YTg4NDJkZTAzYWQ3MjJmM2IwMDZkODE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyi9Q83niLEMAQs4OpddP+2L6UvQi
Lq2iA4O9yEoUBxQ6wtfU0xosRu3m0Go/bvwGd+jScPqyZwMClsJ96lZWu2ZLQupH
4zl7caRygaLk6p+AY0fBrk1pQEIgPAWHtArChIlRDShG38IVIohkUI0s0+fk2dGC
RYUkqXcgomZyrdp8887FbaPUGpXxazZbqww1MenScdmxO3DPl9H/nablEnXmNJgz
4yjxTSvzUaV9TFYYFrJM2iZge+r9KJ8rIcxmedy2kIEcmzJ2JiV96wWwDrzpGUOy
1dahMiuaW9KXeAJ1Ry0UQK6aIRiY0ZcKx860HB5eGL1d8JHsCFEMEir9vQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGDR04//bZF1qIQt4DrXIvOwBtgZMB8GA1UdIwQY
MBaAFA/4DL3+GDVKPP26L+B5qi68WNzUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYt
NmZjZGNkNWFiNjYwLzEvWU5IVGpfOXRrWFdvaEMzZ090Y2k4N0FHMkJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYtNmZjZGNkNWFiNjYw
LzEvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAV/4LAwQB
V/4QAwQA2RkBMA0GCSqGSIb3DQEBCwUAA4IBAQBQweLx+V5HiWiClk18xAFRXzxt
entSlx1pLDzFdUyZ0M08F9O/bsrtl8dpq06q19H1UDGb6gjV+YwKNKUA0a7Olc0R
xnTKiTby7DvUII9qwWF9+qPSdz6F1OkPSRs/PO5LpxqrjpxfbwbMdsWuk0e9WeJ2
lqsGFCK8I1eZHiSOXZaTRHmsBra9AhlbW50c0/eXwIovHIDfq/C71kpWHwbCYlCP
1udxIdfWtgzhD6OPRnEQofwPfrgeqz83mG2mXWamiO1yAlA1p7bTu5s8cc5Vz5LZ
0sAp9twxLgIjsjkTgeJ4RuICNFDl9obLWNnwYfdA9Jx0IlZZl+mXyDWAEH71
-----END CERTIFICATE-----