Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/ynxoqLNGRfbAQl1csrIqvWu2om8.roa
File:                     ynxoqLNGRfbAQl1csrIqvWu2om8.roa (raw, json)
Hash identifier:          02FpxfF5rw0ZP5XHvGYcpaVTPQJddG9K1OzX9QimBYM=
Subject key identifier:   CA:7C:68:A8:B3:46:45:F6:C0:42:5D:5C:B2:B2:2A:BD:6B:B6:A2:6F
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       01968316C8E31F98260CAFD7ADB1BEAACCA3
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/ynxoqLNGRfbAQl1csrIqvWu2om8.roa
Signing time:             Tue 29 Apr 2025 19:47:10 +0000
ROA not before:           Tue 29 Apr 2025 19:47:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     397423
IP address blocks:        86.104.160.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:83:16:c8:e3:1f:98:26:0c:af:d7:ad:b1:be:aa:cc:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Apr 29 19:47:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ca7c68a8b34645f6c0425d5cb2b22abd6bb6a26f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:e3:c6:3a:4c:8e:a2:e1:29:0b:be:59:49:23:
                    0d:2f:c0:c1:4e:20:95:ea:4a:c6:63:8c:cd:e0:0a:
                    82:bd:c0:5c:65:b0:2c:e1:c2:10:16:28:4f:1e:d0:
                    51:13:2d:a2:82:ff:0c:d2:fc:84:fd:7b:0e:9d:57:
                    2c:2c:e2:41:7e:96:6a:12:3f:cb:c7:5d:e9:08:9c:
                    56:65:15:29:d0:f1:3d:dc:dd:74:6c:77:0b:e0:69:
                    2e:51:d2:e4:9a:ed:98:2c:86:2b:7b:b0:90:f8:cb:
                    56:b4:06:72:59:d9:09:e0:e3:4e:05:87:2e:f9:22:
                    e8:1b:83:74:b7:8c:5b:36:62:1f:07:0e:0e:fb:4e:
                    4e:6f:ce:9c:7f:3a:31:a3:ed:61:9e:a0:88:4c:e7:
                    45:32:a2:4e:c0:4d:cb:83:49:f3:41:3c:7b:b4:b1:
                    cd:28:e9:c9:b7:20:db:79:50:c1:b3:84:a0:6a:ee:
                    dc:cb:31:62:bb:35:96:c7:90:9a:44:54:e1:55:9a:
                    6a:8e:00:08:96:17:b9:9f:41:73:69:14:6a:51:ba:
                    d8:c9:08:0b:f2:c9:7c:45:62:66:bb:2f:8d:bb:2d:
                    58:8d:dd:45:bf:85:fa:d8:e2:38:e4:68:68:1a:62:
                    c6:48:bb:b0:92:51:4a:21:09:27:6b:b7:ae:ba:af:
                    06:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:7C:68:A8:B3:46:45:F6:C0:42:5D:5C:B2:B2:2A:BD:6B:B6:A2:6F
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/ynxoqLNGRfbAQl1csrIqvWu2om8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.104.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2e:3c:ae:ff:a8:bd:84:a9:e4:61:af:e8:6d:cd:f3:08:61:0e:
         61:a5:95:cd:a1:23:81:ce:60:25:14:a1:50:d2:24:01:2e:cd:
         c8:2c:e2:dd:39:7c:46:8b:1a:c2:0d:bd:57:a5:c0:27:7b:5a:
         9f:34:5d:65:f6:55:a2:f6:9c:c0:9f:be:c2:77:95:48:a2:8c:
         fb:04:63:6d:0b:b0:18:40:d1:54:b6:d6:8c:c4:b4:f1:6e:25:
         3f:ed:f2:84:2c:57:63:1c:49:18:58:f0:c1:58:0c:90:9a:07:
         ae:51:5f:0e:6c:f0:c4:89:fa:48:c4:d5:4f:f0:1b:a3:fd:23:
         c6:df:cd:47:f5:54:3a:07:33:16:a6:72:0c:95:96:06:f2:3c:
         ad:fa:91:ed:d6:bf:d8:ee:bc:1b:b3:18:0a:7b:44:19:9f:a2:
         a3:92:64:9c:68:2f:25:7b:ea:77:55:3e:7c:d8:da:02:c6:01:
         43:6f:a9:15:db:34:d7:75:68:0f:b3:0d:d7:19:66:ca:8d:19:
         b5:2c:d2:df:d8:d5:6a:50:02:88:89:ff:e4:c5:b5:b3:2f:0e:
         e7:0d:b5:89:33:0f:ad:5a:fb:20:f4:77:dc:b1:12:51:da:ea:
         65:a2:35:84:20:ff:b0:78:7a:e0:04:cb:4c:e8:d9:06:d5:22:
         da:f3:d5:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaDFsjjH5gmDK/XrbG+qsyjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjUwNDI5MTk0NzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTdjNjhhOGIzNDY0NWY2YzA0MjVkNWNiMmIyMmFiZDZiYjZhMjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ePGOkyOouEpC75ZSSMNL8DBTiCV
6krGY4zN4AqCvcBcZbAs4cIQFihPHtBREy2igv8M0vyE/XsOnVcsLOJBfpZqEj/L
x13pCJxWZRUp0PE93N10bHcL4GkuUdLkmu2YLIYre7CQ+MtWtAZyWdkJ4ONOBYcu
+SLoG4N0t4xbNmIfBw4O+05Ob86cfzoxo+1hnqCITOdFMqJOwE3Lg0nzQTx7tLHN
KOnJtyDbeVDBs4Sgau7cyzFiuzWWx5CaRFThVZpqjgAIlhe5n0FzaRRqUbrYyQgL
8sl8RWJmuy+Nuy1Yjd1Fv4X62OI45GhoGmLGSLuwklFKIQkna7euuq8G6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMp8aKizRkX2wEJdXLKyKr1rtqJvMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEveW54b3FMTkdSZmJBUWwxY3NySXF2V3Uyb204LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVmigMA0G
CSqGSIb3DQEBCwUAA4IBAQAuPK7/qL2EqeRhr+htzfMIYQ5hpZXNoSOBzmAlFKFQ
0iQBLs3ILOLdOXxGixrCDb1XpcAne1qfNF1l9lWi9pzAn77Cd5VIooz7BGNtC7AY
QNFUttaMxLTxbiU/7fKELFdjHEkYWPDBWAyQmgeuUV8ObPDEifpIxNVP8Buj/SPG
381H9VQ6BzMWpnIMlZYG8jyt+pHt1r/Y7rwbsxgKe0QZn6KjkmScaC8le+p3VT58
2NoCxgFDb6kV2zTXdWgPsw3XGWbKjRm1LNLf2NVqUAKIif/kxbWzLw7nDbWJMw+t
Wvsg9HfcsRJR2uplojWEIP+weHrgBMtM6NkG1SLa89Wb
-----END CERTIFICATE-----