Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/1YkuTSmaNeM99AT_szUK5oLsJV0.roa
File:                     1YkuTSmaNeM99AT_szUK5oLsJV0.roa (raw, json)
Hash identifier:          6qUnLKrysaF5PnvpHmoDTCMWTFxOhfgj1mqiBjOTe24=
Subject key identifier:   D5:89:2E:4D:29:9A:35:E3:3D:F4:04:FF:B3:35:0A:E6:82:EC:25:5D
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       019638EC93C2C931253EDA1D43DE0067ACF2
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/1YkuTSmaNeM99AT_szUK5oLsJV0.roa
Signing time:             Tue 15 Apr 2025 10:09:10 +0000
ROA not before:           Tue 15 Apr 2025 10:09:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199961
IP address blocks:        194.28.227.0/24 maxlen: 24
                          2a09:6280:c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 30 Apr 2025 07:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:38:ec:93:c2:c9:31:25:3e:da:1d:43:de:00:67:ac:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Apr 15 10:09:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d5892e4d299a35e33df404ffb3350ae682ec255d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:53:13:f8:d7:f9:c0:f2:3f:1e:72:b0:02:1e:
                    c6:cd:7c:f8:e5:52:23:26:86:4f:54:05:19:e1:e9:
                    b2:3a:6d:f2:7f:87:6d:9d:4b:ab:5a:7e:d3:a9:e7:
                    2b:43:af:9c:51:c6:1e:a6:24:bd:e8:a8:49:52:af:
                    a9:ff:2d:70:cd:ef:e9:21:be:4c:fc:50:2c:43:5e:
                    1a:73:91:a2:f9:0d:5d:f5:bc:3c:95:a5:ee:82:bc:
                    9a:7c:af:22:1a:29:43:5c:89:fc:e4:42:0c:0e:43:
                    f8:22:88:a6:8d:ba:4c:45:5f:d3:7c:f2:b5:b9:91:
                    71:b7:77:7a:97:68:6c:c2:02:c3:65:1e:82:fb:c7:
                    d3:2a:be:84:b5:ee:90:86:30:50:9d:d5:23:bd:73:
                    db:ab:7b:a2:34:b0:1f:8b:09:93:ad:6f:a0:be:5e:
                    be:f5:37:1a:35:10:30:dc:9f:84:b0:4f:4f:75:05:
                    16:a9:c5:2b:39:6b:bd:9c:d0:fc:d7:9b:bc:76:c8:
                    2f:ee:4a:62:a0:c9:b8:2b:db:00:d9:96:26:c8:cd:
                    41:cd:dc:a4:12:87:14:1e:d8:77:3b:8e:36:ac:ab:
                    97:a8:46:30:11:b2:0d:6a:38:76:07:39:c2:20:37:
                    d9:3d:ea:8c:8d:5d:ce:95:22:52:57:86:11:c3:b3:
                    3f:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:89:2E:4D:29:9A:35:E3:3D:F4:04:FF:B3:35:0A:E6:82:EC:25:5D
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/1YkuTSmaNeM99AT_szUK5oLsJV0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.28.227.0/24
                IPv6:
                  2a09:6280:c::/48

    Signature Algorithm: sha256WithRSAEncryption
         20:62:06:e3:ed:e6:f1:08:57:2c:29:bd:30:10:19:b5:93:cf:
         7b:4e:68:8a:4b:be:84:25:30:ba:1f:21:7e:9b:7e:7a:6a:af:
         b7:98:51:c8:a3:a0:f6:b6:c1:f9:b2:1a:81:17:43:b2:ff:6a:
         b9:53:74:24:01:bb:cf:d7:85:df:c3:db:7a:b4:da:45:d3:b2:
         70:20:da:f4:f2:94:d4:79:ff:83:3f:74:6e:7d:9c:98:04:74:
         10:d6:77:96:81:64:7c:ca:45:ca:c0:d0:e1:4c:e1:07:89:a1:
         b6:57:dc:ba:fc:48:d6:0e:4d:72:a4:68:95:15:b8:86:1b:01:
         94:64:98:13:10:67:e4:58:21:f9:cf:72:90:9b:14:35:36:11:
         a6:46:fd:63:44:80:f7:ee:7e:52:a3:34:07:2f:0e:e3:86:7f:
         8b:1f:7a:67:c1:93:29:b8:62:c9:98:86:38:df:7e:86:69:af:
         04:b7:56:e8:11:31:f7:62:4e:d7:69:35:17:f3:be:2f:ac:52:
         a3:f5:af:9f:ba:04:19:01:d5:7a:12:6d:cc:a0:ea:bc:97:0e:
         ed:c9:fd:b7:3f:13:a8:9e:33:91:aa:6f:75:09:6d:e3:b6:39:
         60:67:37:d0:58:01:4f:39:d6:7c:a6:bf:3e:04:44:b2:ba:53:
         97:30:f6:6a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZY47JPCyTElPtodQ94AZ6zyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjUwNDE1MTAwOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTg5MmU0ZDI5OWEzNWUzM2RmNDA0ZmZiMzM1MGFlNjgyZWMyNTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA21MT+Nf5wPI/HnKwAh7GzXz45VIj
JoZPVAUZ4emyOm3yf4dtnUurWn7TqecrQ6+cUcYepiS96KhJUq+p/y1wze/pIb5M
/FAsQ14ac5Gi+Q1d9bw8laXugryafK8iGilDXIn85EIMDkP4IoimjbpMRV/TfPK1
uZFxt3d6l2hswgLDZR6C+8fTKr6Ete6QhjBQndUjvXPbq3uiNLAfiwmTrW+gvl6+
9TcaNRAw3J+EsE9PdQUWqcUrOWu9nND815u8dsgv7kpioMm4K9sA2ZYmyM1Bzdyk
EocUHth3O442rKuXqEYwEbINajh2BznCIDfZPeqMjV3OlSJSV4YRw7M/MQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNWJLk0pmjXjPfQE/7M1CuaC7CVdMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvMVlrdVRTbWFOZU05OUFUX3N6VUs1b0xzSlYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwhzjMA8E
AgACMAkDBwAqCWKAAAwwDQYJKoZIhvcNAQELBQADggEBACBiBuPt5vEIVywpvTAQ
GbWTz3tOaIpLvoQlMLofIX6bfnpqr7eYUcijoPa2wfmyGoEXQ7L/arlTdCQBu8/X
hd/D23q02kXTsnAg2vTylNR5/4M/dG59nJgEdBDWd5aBZHzKRcrA0OFM4QeJobZX
3Lr8SNYOTXKkaJUVuIYbAZRkmBMQZ+RYIfnPcpCbFDU2EaZG/WNEgPfuflKjNAcv
DuOGf4sfemfBkym4YsmYhjjffoZprwS3VugRMfdiTtdpNRfzvi+sUqP1r5+6BBkB
1XoSbcyg6ryXDu3J/bc/E6ieM5Gqb3UJbeO2OWBnN9BYAU851nymvz4ERLK6U5cw
9mo=
-----END CERTIFICATE-----