Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/d09fb9-f3fa-45b8-a5cd-77b489249fa4/1/yIGIxees9MuARoWN6t0oVINh_4A.roa
File:                     yIGIxees9MuARoWN6t0oVINh_4A.roa (raw, json)
Hash identifier:          geAsTIsbC4XBTKHwgmaJ0ZNmwh/Z8F8NnaAnGD8ONe8=
Subject key identifier:   C8:81:88:C5:E7:AC:F4:CB:80:46:85:8D:EA:DD:28:54:83:61:FF:80
Certificate issuer:       /CN=aaa972ac3cc10f716ca4985045a5f0824b60ca1f
Certificate serial:       019648FEF4CA05FD904A056CAAAF1353D55C
Authority key identifier: AA:A9:72:AC:3C:C1:0F:71:6C:A4:98:50:45:A5:F0:82:4B:60:CA:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qqlyrDzBD3FspJhQRaXwgktgyh8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/d09fb9-f3fa-45b8-a5cd-77b489249fa4/1/yIGIxees9MuARoWN6t0oVINh_4A.roa
Signing time:             Fri 18 Apr 2025 13:03:10 +0000
ROA not before:           Fri 18 Apr 2025 13:03:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47131
IP address blocks:        62.182.232.0/21 maxlen: 21
                          62.182.235.0/24 maxlen: 24
                          62.182.236.0/24 maxlen: 24
                          62.182.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/d09fb9-f3fa-45b8-a5cd-77b489249fa4/1/qqlyrDzBD3FspJhQRaXwgktgyh8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/d09fb9-f3fa-45b8-a5cd-77b489249fa4/1/qqlyrDzBD3FspJhQRaXwgktgyh8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qqlyrDzBD3FspJhQRaXwgktgyh8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:48:fe:f4:ca:05:fd:90:4a:05:6c:aa:af:13:53:d5:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aaa972ac3cc10f716ca4985045a5f0824b60ca1f
        Validity
            Not Before: Apr 18 13:03:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c88188c5e7acf4cb8046858deadd28548361ff80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:de:af:e2:be:be:a4:26:62:fe:05:a4:25:76:
                    e0:4d:36:80:00:fd:60:27:1e:b9:0c:cc:29:c9:c6:
                    31:94:89:a2:05:0f:7c:bb:41:04:46:6b:2f:d7:e3:
                    6b:d5:d0:cd:a6:a6:ae:bd:74:e2:fe:0a:d3:ec:c8:
                    d0:45:fb:8e:dd:ea:c0:7e:df:5d:70:55:6e:34:38:
                    38:18:b3:09:7f:92:41:8e:0a:db:ce:75:06:1d:51:
                    d4:a3:7b:a0:8a:9b:23:9d:de:22:d5:be:90:ad:49:
                    9d:8d:56:8c:ba:3b:62:6e:ac:78:ad:0f:ad:32:91:
                    da:b5:86:52:83:80:5f:97:48:8c:ba:57:f1:c7:88:
                    9c:74:88:f1:87:dc:d1:b9:af:ee:84:89:8a:63:1f:
                    01:4d:20:e8:70:ad:d5:67:18:22:ae:ce:86:61:e9:
                    01:76:a4:c8:67:0c:39:13:f3:4d:fd:eb:56:aa:65:
                    27:e0:57:33:02:c6:86:59:50:65:2e:28:92:eb:d4:
                    fd:25:ae:15:48:c3:9c:bf:12:5e:6f:fb:9f:a1:e1:
                    b6:48:fe:1f:a6:10:ae:5a:7c:e7:19:94:fc:76:20:
                    ce:a1:a3:9d:48:60:d2:72:7f:ef:ea:64:c2:1e:55:
                    32:ff:73:ba:9a:94:2e:f8:c1:26:64:3b:20:cc:01:
                    d7:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:81:88:C5:E7:AC:F4:CB:80:46:85:8D:EA:DD:28:54:83:61:FF:80
            X509v3 Authority Key Identifier:
                keyid:AA:A9:72:AC:3C:C1:0F:71:6C:A4:98:50:45:A5:F0:82:4B:60:CA:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qqlyrDzBD3FspJhQRaXwgktgyh8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/d09fb9-f3fa-45b8-a5cd-77b489249fa4/1/yIGIxees9MuARoWN6t0oVINh_4A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/d09fb9-f3fa-45b8-a5cd-77b489249fa4/1/qqlyrDzBD3FspJhQRaXwgktgyh8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.182.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         62:2c:4a:c3:8a:8a:df:7e:9b:82:88:40:58:3c:dc:57:e2:d4:
         56:30:11:66:30:f3:ed:68:0c:55:99:ce:10:b9:03:43:c2:e6:
         be:a6:dc:05:28:d7:ba:8b:50:af:e5:80:94:cd:73:42:c5:3b:
         4f:89:1a:b2:0f:c7:15:d7:2c:e6:45:06:84:99:8a:a2:ee:49:
         38:d1:1a:8c:71:10:28:b1:44:4a:01:6a:87:42:8b:89:d7:05:
         ec:2d:e9:20:d6:3d:11:88:db:ff:77:74:38:5e:68:2f:07:b1:
         03:df:be:ac:d5:f9:ef:ea:a5:57:03:3d:08:82:7f:ce:fa:e9:
         2d:61:17:e8:9a:fa:ad:98:b4:4b:7f:53:ef:ac:22:ef:06:59:
         b7:98:75:f0:26:44:b1:13:7d:af:6c:fa:36:09:6f:94:ba:f1:
         9d:d1:49:d9:96:80:dc:e5:0c:91:9b:35:41:4a:c1:df:d8:85:
         e0:2b:21:62:8e:eb:25:7b:c6:77:21:66:80:65:bb:ea:ae:34:
         71:d8:be:3b:1b:68:3b:b1:25:8b:45:22:8d:e0:01:c2:33:80:
         b3:32:28:6c:18:aa:60:ce:cd:6a:59:8a:30:32:fb:41:5f:73:
         19:da:33:9d:8e:74:c1:ee:b5:67:57:3f:e4:06:4e:5c:fd:cf:
         8a:c5:bd:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZI/vTKBf2QSgVsqq8TU9VcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhYTk3MmFjM2NjMTBmNzE2Y2E0OTg1MDQ1YTVmMDgyNGI2
MGNhMWYwHhcNMjUwNDE4MTMwMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODgxODhjNWU3YWNmNGNiODA0Njg1OGRlYWRkMjg1NDgzNjFmZjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlN6v4r6+pCZi/gWkJXbgTTaAAP1g
Jx65DMwpycYxlImiBQ98u0EERmsv1+Nr1dDNpqauvXTi/grT7MjQRfuO3erAft9d
cFVuNDg4GLMJf5JBjgrbznUGHVHUo3ugipsjnd4i1b6QrUmdjVaMujtibqx4rQ+t
MpHatYZSg4Bfl0iMulfxx4icdIjxh9zRua/uhImKYx8BTSDocK3VZxgirs6GYekB
dqTIZww5E/NN/etWqmUn4FczAsaGWVBlLiiS69T9Ja4VSMOcvxJeb/ufoeG2SP4f
phCuWnznGZT8diDOoaOdSGDScn/v6mTCHlUy/3O6mpQu+MEmZDsgzAHXQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMiBiMXnrPTLgEaFjerdKFSDYf+AMB8GA1UdIwQY
MBaAFKqpcqw8wQ9xbKSYUEWl8IJLYMofMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXFseXJEekJEM0ZzcEpoUVJhWHdna3RneWg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9kMDlmYjktZjNmYS00NWI4LWE1Y2Qt
NzdiNDg5MjQ5ZmE0LzEveUlHSXhlZXM5TXVBUm9XTjZ0MG9WSU5oXzRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9kMDlmYjktZjNmYS00NWI4LWE1Y2QtNzdiNDg5MjQ5ZmE0
LzEvcXFseXJEekJEM0ZzcEpoUVJhWHdna3RneWg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDPrboMA0G
CSqGSIb3DQEBCwUAA4IBAQBiLErDiorffpuCiEBYPNxX4tRWMBFmMPPtaAxVmc4Q
uQNDwua+ptwFKNe6i1Cv5YCUzXNCxTtPiRqyD8cV1yzmRQaEmYqi7kk40RqMcRAo
sURKAWqHQouJ1wXsLekg1j0RiNv/d3Q4XmgvB7ED376s1fnv6qVXAz0Ign/O+ukt
YRfomvqtmLRLf1PvrCLvBlm3mHXwJkSxE32vbPo2CW+UuvGd0UnZloDc5QyRmzVB
SsHf2IXgKyFijusle8Z3IWaAZbvqrjRx2L47G2g7sSWLRSKN4AHCM4CzMihsGKpg
zs1qWYowMvtBX3MZ2jOdjnTB7rVnVz/kBk5c/c+Kxb0D
-----END CERTIFICATE-----