Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/2daf04-4f76-4333-abf0-238e0b7ae284/1/_y5CZTQPUqUUQngHW900Y82Ke5c.roa
File:                     _y5CZTQPUqUUQngHW900Y82Ke5c.roa (raw, json)
Hash identifier:          NWkl1e7xKV8FX9A552bXtm6FLbLssbeZQgoWd/8O4Xs=
Subject key identifier:   FF:2E:42:65:34:0F:52:A5:14:42:78:07:5B:DD:34:63:CD:8A:7B:97
Certificate issuer:       /CN=d82e130f6b6bdf6d39280e375df344e6e0a34b3c
Certificate serial:       01941F8C3D712E9702522270634C40EFF2B6
Authority key identifier: D8:2E:13:0F:6B:6B:DF:6D:39:28:0E:37:5D:F3:44:E6:E0:A3:4B:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2C4TD2tr3205KA43XfNE5uCjSzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/2daf04-4f76-4333-abf0-238e0b7ae284/1/_y5CZTQPUqUUQngHW900Y82Ke5c.roa
Signing time:             Wed 01 Jan 2025 01:47:51 +0000
ROA not before:           Wed 01 Jan 2025 01:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50180
IP address blocks:        195.189.166.0/23 maxlen: 23
                          2001:67c:2ff0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/2daf04-4f76-4333-abf0-238e0b7ae284/1/2C4TD2tr3205KA43XfNE5uCjSzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/2daf04-4f76-4333-abf0-238e0b7ae284/1/2C4TD2tr3205KA43XfNE5uCjSzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2C4TD2tr3205KA43XfNE5uCjSzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 14 May 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:3d:71:2e:97:02:52:22:70:63:4c:40:ef:f2:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d82e130f6b6bdf6d39280e375df344e6e0a34b3c
        Validity
            Not Before: Jan  1 01:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ff2e4265340f52a5144278075bdd3463cd8a7b97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:b9:e8:d9:ed:61:56:31:2c:8a:30:0e:e8:c1:
                    84:5a:7e:0f:28:b6:ef:48:ff:0f:25:db:e3:7e:3c:
                    b4:4f:3e:0f:2c:21:c5:0f:29:32:3d:35:61:13:c8:
                    02:32:08:ad:af:9f:48:d4:c8:72:bc:4e:62:c6:83:
                    6d:f4:f4:a4:a1:1c:ee:2b:32:f4:2c:dd:57:5a:4a:
                    28:0b:0d:2d:8b:a2:28:d4:09:44:50:a5:7b:8f:95:
                    70:85:64:2e:45:41:2c:38:91:b4:e8:91:f9:40:72:
                    fb:a0:70:2e:e8:76:fa:d7:d5:79:58:a2:1d:36:7c:
                    4e:1b:5c:8a:73:35:44:ff:aa:7a:80:c9:56:21:6d:
                    d3:71:0c:33:8a:a1:17:4b:17:ce:c2:f0:e5:cd:9c:
                    52:9d:9d:76:42:16:0c:02:42:c3:c6:92:57:8f:e6:
                    36:59:5d:3f:83:ff:c0:a9:dc:de:be:48:61:e2:6c:
                    bf:cd:d9:4b:33:76:39:3c:6b:97:a8:ef:f4:a4:26:
                    d4:e8:81:fd:80:92:12:dd:58:6e:83:f4:87:0f:9f:
                    a2:12:5a:4c:49:fe:d8:7c:24:4a:1d:d9:1d:56:18:
                    54:f9:0b:66:3d:cc:2f:19:10:a9:45:5f:af:bf:5a:
                    df:17:41:16:94:a2:1a:00:76:8c:09:ef:72:b2:16:
                    3b:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:2E:42:65:34:0F:52:A5:14:42:78:07:5B:DD:34:63:CD:8A:7B:97
            X509v3 Authority Key Identifier:
                keyid:D8:2E:13:0F:6B:6B:DF:6D:39:28:0E:37:5D:F3:44:E6:E0:A3:4B:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2C4TD2tr3205KA43XfNE5uCjSzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/2daf04-4f76-4333-abf0-238e0b7ae284/1/_y5CZTQPUqUUQngHW900Y82Ke5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/2daf04-4f76-4333-abf0-238e0b7ae284/1/2C4TD2tr3205KA43XfNE5uCjSzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.189.166.0/23
                IPv6:
                  2001:67c:2ff0::/48

    Signature Algorithm: sha256WithRSAEncryption
         11:f6:75:89:20:9f:38:cb:55:d8:d9:79:32:7e:93:80:ac:a5:
         26:3f:b2:50:3d:22:d3:9f:c4:7d:b7:b7:9f:21:b0:4f:91:d5:
         43:d4:70:55:c0:d0:51:8a:6c:60:6b:e4:09:a1:18:3a:fa:6b:
         11:66:28:ac:76:90:de:1f:ca:99:f9:3e:17:f4:31:41:59:63:
         04:d6:9e:2b:9f:aa:9f:5a:9e:27:19:28:8d:36:a7:32:aa:59:
         d0:6a:a1:d4:c6:ee:31:33:e4:2e:ec:31:7b:d8:6f:f8:2c:b2:
         a0:e2:5a:59:98:29:73:29:d3:27:91:35:7d:af:4f:1e:8f:c9:
         b4:6e:4c:6d:96:c4:c7:9f:d2:f2:a9:9d:41:df:ee:79:00:e3:
         cc:5b:93:4c:ca:1c:cf:46:1d:e5:45:44:e6:a9:45:31:e6:94:
         3d:cc:1f:e9:cc:1b:af:9f:ee:ae:f3:f2:89:5d:d1:09:a2:47:
         31:4b:cf:35:4b:92:e1:cc:41:d9:1c:9f:03:b0:75:b9:cb:97:
         5e:7a:92:d3:f0:b7:57:af:ec:c7:c5:8e:6e:a5:4e:3b:66:2c:
         85:3e:6b:fd:4b:35:6c:23:b9:e0:84:cb:39:1c:88:94:e1:ef:
         2c:79:ac:3f:2f:c2:f1:79:55:0e:42:40:a0:f5:da:4e:1f:44:
         0f:9a:37:ca
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQfjD1xLpcCUiJwY0xA7/K2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4MmUxMzBmNmI2YmRmNmQzOTI4MGUzNzVkZjM0NGU2ZTBh
MzRiM2MwHhcNMjUwMTAxMDE0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjJlNDI2NTM0MGY1MmE1MTQ0Mjc4MDc1YmRkMzQ2M2NkOGE3Yjk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3rno2e1hVjEsijAO6MGEWn4PKLbv
SP8PJdvjfjy0Tz4PLCHFDykyPTVhE8gCMgitr59I1MhyvE5ixoNt9PSkoRzuKzL0
LN1XWkooCw0ti6Io1AlEUKV7j5VwhWQuRUEsOJG06JH5QHL7oHAu6Hb619V5WKId
NnxOG1yKczVE/6p6gMlWIW3TcQwziqEXSxfOwvDlzZxSnZ12QhYMAkLDxpJXj+Y2
WV0/g//Aqdzevkhh4my/zdlLM3Y5PGuXqO/0pCbU6IH9gJIS3Vhug/SHD5+iElpM
Sf7YfCRKHdkdVhhU+QtmPcwvGRCpRV+vv1rfF0EWlKIaAHaMCe9yshY7cwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFP8uQmU0D1KlFEJ4B1vdNGPNinuXMB8GA1UdIwQY
MBaAFNguEw9ra99tOSgON13zRObgo0s8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkM0VEQydHIzMjA1S0E0M1hmTkU1dUNqU3p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8yZGFmMDQtNGY3Ni00MzMzLWFiZjAt
MjM4ZTBiN2FlMjg0LzEvX3k1Q1pUUVBVcVVVUW5nSFc5MDBZODJLZTVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8yZGFmMDQtNGY3Ni00MzMzLWFiZjAtMjM4ZTBiN2FlMjg0
LzEvMkM0VEQydHIzMjA1S0E0M1hmTkU1dUNqU3p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBw72mMA8E
AgACMAkDBwAgAQZ8L/AwDQYJKoZIhvcNAQELBQADggEBABH2dYkgnzjLVdjZeTJ+
k4CspSY/slA9ItOfxH23t58hsE+R1UPUcFXA0FGKbGBr5AmhGDr6axFmKKx2kN4f
ypn5Phf0MUFZYwTWniufqp9anicZKI02pzKqWdBqodTG7jEz5C7sMXvYb/gssqDi
WlmYKXMp0yeRNX2vTx6PybRuTG2WxMef0vKpnUHf7nkA48xbk0zKHM9GHeVFROap
RTHmlD3MH+nMG6+f7q7z8old0QmiRzFLzzVLkuHMQdkcnwOwdbnLl156ktPwt1ev
7MfFjm6lTjtmLIU+a/1LNWwjueCEyzkciJTh7yx5rD8vwvF5VQ5CQKD12k4fRA+a
N8o=
-----END CERTIFICATE-----