Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/70ee21-d93f-4a71-8474-5bcc8458aa2c/1/IwNnMumHuRi32I7ksfRxTLj5SGU.roa
File:                     IwNnMumHuRi32I7ksfRxTLj5SGU.roa (raw, json)
Hash identifier:          CRwLwpZrZ0WbgGxRhGmhgHh8+Fm0a0d8zmfWAizQF84=
Subject key identifier:   23:03:67:32:E9:87:B9:18:B7:D8:8E:E4:B1:F4:71:4C:B8:F9:48:65
Certificate issuer:       /CN=62117a1e6f699c322b6b983494f42c2209127553
Certificate serial:       019425FCC0B6C025100D32C0FC68F3FA1445
Authority key identifier: 62:11:7A:1E:6F:69:9C:32:2B:6B:98:34:94:F4:2C:22:09:12:75:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YhF6Hm9pnDIra5g0lPQsIgkSdVM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/70ee21-d93f-4a71-8474-5bcc8458aa2c/1/IwNnMumHuRi32I7ksfRxTLj5SGU.roa
Signing time:             Thu 02 Jan 2025 07:48:28 +0000
ROA not before:           Thu 02 Jan 2025 07:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203754
IP address blocks:        185.124.204.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/70ee21-d93f-4a71-8474-5bcc8458aa2c/1/YhF6Hm9pnDIra5g0lPQsIgkSdVM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/70ee21-d93f-4a71-8474-5bcc8458aa2c/1/YhF6Hm9pnDIra5g0lPQsIgkSdVM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YhF6Hm9pnDIra5g0lPQsIgkSdVM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:c0:b6:c0:25:10:0d:32:c0:fc:68:f3:fa:14:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62117a1e6f699c322b6b983494f42c2209127553
        Validity
            Not Before: Jan  2 07:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=23036732e987b918b7d88ee4b1f4714cb8f94865
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:43:9d:51:0d:8c:de:3c:15:d0:2c:cf:98:a4:
                    2d:09:b8:97:07:34:0e:50:08:ca:29:4f:4e:cb:42:
                    50:b4:03:be:5b:b4:80:85:2e:ee:c6:3a:5f:b4:c1:
                    89:57:57:21:00:0c:4e:83:14:09:9a:95:3b:f6:81:
                    e6:a1:3b:ce:5b:2a:a1:d6:1e:26:83:51:e9:7a:63:
                    4b:7c:62:d5:f0:21:bf:5b:44:b7:8c:15:ab:3b:77:
                    55:01:17:18:fc:45:58:d5:f6:a3:09:5a:0a:4b:56:
                    9b:88:9b:bc:1c:d7:54:6d:4e:8f:a5:49:d4:a7:3c:
                    fc:d6:b4:3c:6b:8e:4b:46:4c:f2:30:c9:48:7d:96:
                    96:f4:32:16:99:74:e2:28:c6:0f:57:59:39:e6:97:
                    60:02:9b:27:61:95:d8:50:21:71:4e:20:52:a9:3f:
                    88:85:b5:3e:1f:9e:1d:0d:55:b9:82:81:75:a3:c1:
                    27:a0:08:0a:75:a6:7a:19:3d:61:c2:b3:8d:5f:66:
                    82:17:5c:5c:c3:86:09:2d:87:d0:63:76:52:78:51:
                    9a:d7:a3:ce:71:a2:24:f4:d2:a5:a4:14:08:ac:0c:
                    1c:ae:50:be:e7:33:34:c4:3d:a6:1b:1f:4f:30:96:
                    ad:57:82:ab:a6:c9:e9:d9:df:04:59:ab:d7:94:f5:
                    df:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:03:67:32:E9:87:B9:18:B7:D8:8E:E4:B1:F4:71:4C:B8:F9:48:65
            X509v3 Authority Key Identifier:
                keyid:62:11:7A:1E:6F:69:9C:32:2B:6B:98:34:94:F4:2C:22:09:12:75:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YhF6Hm9pnDIra5g0lPQsIgkSdVM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/70ee21-d93f-4a71-8474-5bcc8458aa2c/1/IwNnMumHuRi32I7ksfRxTLj5SGU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/70ee21-d93f-4a71-8474-5bcc8458aa2c/1/YhF6Hm9pnDIra5g0lPQsIgkSdVM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.124.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ae:f7:d2:92:9b:b4:b8:b0:62:89:fb:be:dd:e0:5d:98:94:4e:
         1d:e8:25:f9:44:fe:a4:51:cd:71:1f:a6:d7:69:2b:62:0c:9c:
         06:cd:e3:37:6f:bd:68:90:4d:fa:17:d1:28:2c:b1:9c:b3:df:
         2f:9e:96:19:85:2c:85:35:71:d0:ce:0a:d9:c6:95:c4:7d:3c:
         8c:df:08:e5:52:5d:fd:9f:3e:d7:7b:c7:2c:69:a5:59:23:3c:
         1c:93:87:63:b5:ad:68:f1:02:42:8a:03:bc:2d:0d:ff:88:a9:
         a1:be:ae:5e:2e:b4:e3:28:10:c4:fd:db:38:95:df:bd:94:d4:
         83:dd:d7:b0:24:ea:e8:d0:06:b0:e7:52:a3:3e:07:26:32:99:
         22:59:20:ca:61:e6:6a:4c:0a:b3:93:a7:20:b9:ed:1c:ff:cf:
         ca:42:57:3f:3d:9c:c5:4a:4b:00:a2:a8:45:da:87:7d:0c:8e:
         a3:7b:7b:15:40:52:d0:53:42:38:e7:68:fe:c6:ef:69:76:f7:
         5c:c1:1b:ed:f9:c6:3b:e7:ce:07:5d:05:85:f8:5f:3d:4d:29:
         1f:55:04:d4:c3:e1:53:96:88:49:d7:30:c0:b7:a7:c0:f6:2b:
         75:56:a1:cd:c4:e8:8e:02:ce:a2:85:dd:b4:9b:7e:2d:1b:2e:
         4d:d9:7a:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/MC2wCUQDTLA/Gjz+hRFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMTE3YTFlNmY2OTljMzIyYjZiOTgzNDk0ZjQyYzIyMDkx
Mjc1NTMwHhcNMjUwMTAyMDc0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzAzNjczMmU5ODdiOTE4YjdkODhlZTRiMWY0NzE0Y2I4Zjk0ODY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5kOdUQ2M3jwV0CzPmKQtCbiXBzQO
UAjKKU9Oy0JQtAO+W7SAhS7uxjpftMGJV1chAAxOgxQJmpU79oHmoTvOWyqh1h4m
g1HpemNLfGLV8CG/W0S3jBWrO3dVARcY/EVY1fajCVoKS1abiJu8HNdUbU6PpUnU
pzz81rQ8a45LRkzyMMlIfZaW9DIWmXTiKMYPV1k55pdgApsnYZXYUCFxTiBSqT+I
hbU+H54dDVW5goF1o8EnoAgKdaZ6GT1hwrONX2aCF1xcw4YJLYfQY3ZSeFGa16PO
caIk9NKlpBQIrAwcrlC+5zM0xD2mGx9PMJatV4Krpsnp2d8EWavXlPXfPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCMDZzLph7kYt9iO5LH0cUy4+UhlMB8GA1UdIwQY
MBaAFGIReh5vaZwyK2uYNJT0LCIJEnVTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWhGNkhtOXBuRElyYTVnMGxQUXNJZ2tTZFZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS83MGVlMjEtZDkzZi00YTcxLTg0NzQt
NWJjYzg0NThhYTJjLzEvSXdObk11bUh1UmkzMkk3a3NmUnhUTGo1U0dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS83MGVlMjEtZDkzZi00YTcxLTg0NzQtNWJjYzg0NThhYTJj
LzEvWWhGNkhtOXBuRElyYTVnMGxQUXNJZ2tTZFZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXzMMA0G
CSqGSIb3DQEBCwUAA4IBAQCu99KSm7S4sGKJ+77d4F2YlE4d6CX5RP6kUc1xH6bX
aStiDJwGzeM3b71okE36F9EoLLGcs98vnpYZhSyFNXHQzgrZxpXEfTyM3wjlUl39
nz7Xe8csaaVZIzwck4djta1o8QJCigO8LQ3/iKmhvq5eLrTjKBDE/ds4ld+9lNSD
3dewJOro0Aaw51KjPgcmMpkiWSDKYeZqTAqzk6cgue0c/8/KQlc/PZzFSksAoqhF
2od9DI6je3sVQFLQU0I452j+xu9pdvdcwRvt+cY7584HXQWF+F89TSkfVQTUw+FT
lohJ1zDAt6fA9it1VqHNxOiOAs6ihd20m34tGy5N2XqM
-----END CERTIFICATE-----