Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/8e0f63-ef7a-4662-b046-04e1eb2a9328/1/e4TuQp4c2N02mdWdlxAx2GM5rFg.roa
File:                     e4TuQp4c2N02mdWdlxAx2GM5rFg.roa (raw, json)
Hash identifier:          TkgW2WEclpl44YPmskP1q4vEinXMPrmbVI0ndJ9d/ec=
Subject key identifier:   7B:84:EE:42:9E:1C:D8:DD:36:99:D5:9D:97:10:31:D8:63:39:AC:58
Certificate issuer:       /CN=aa3aed91f29b2cc7d3e05f240d99137581d9b5b3
Certificate serial:       01955BD4FD0A6CD287A596CBA5535B10BC26
Authority key identifier: AA:3A:ED:91:F2:9B:2C:C7:D3:E0:5F:24:0D:99:13:75:81:D9:B5:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qjrtkfKbLMfT4F8kDZkTdYHZtbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/8e0f63-ef7a-4662-b046-04e1eb2a9328/1/e4TuQp4c2N02mdWdlxAx2GM5rFg.roa
Signing time:             Mon 03 Mar 2025 11:47:19 +0000
ROA not before:           Mon 03 Mar 2025 11:47:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        62.216.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/8e0f63-ef7a-4662-b046-04e1eb2a9328/1/qjrtkfKbLMfT4F8kDZkTdYHZtbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/8e0f63-ef7a-4662-b046-04e1eb2a9328/1/qjrtkfKbLMfT4F8kDZkTdYHZtbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qjrtkfKbLMfT4F8kDZkTdYHZtbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 14:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:5b:d4:fd:0a:6c:d2:87:a5:96:cb:a5:53:5b:10:bc:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa3aed91f29b2cc7d3e05f240d99137581d9b5b3
        Validity
            Not Before: Mar  3 11:47:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7b84ee429e1cd8dd3699d59d971031d86339ac58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:e9:19:44:e4:f7:d9:b9:0c:3a:cc:1d:25:9f:
                    1f:3b:b1:65:d5:05:df:fb:5c:bf:c8:e8:43:3b:70:
                    0c:53:b1:ea:2e:27:c7:96:d3:7a:da:7a:82:98:51:
                    a8:84:ce:67:c9:ca:75:99:e7:dc:2b:a5:55:ef:9a:
                    8f:2f:66:9f:88:66:57:0e:ae:23:83:99:17:af:28:
                    fd:eb:af:99:e7:58:5f:37:83:2a:ee:87:c6:35:66:
                    a8:a6:62:77:29:c6:55:8f:4b:20:39:95:ad:63:91:
                    53:3a:7c:4a:92:60:23:d5:df:bd:fb:a1:49:5d:5c:
                    76:26:a1:0e:85:31:34:6b:3f:b3:92:33:10:10:c5:
                    3e:f9:2f:c7:6d:b0:43:5a:f0:6f:f4:a8:8e:db:31:
                    21:76:a9:0c:c6:ba:a1:0e:58:f9:a6:50:30:9f:db:
                    00:f1:b7:82:c9:66:06:9b:56:9b:ff:ac:97:17:87:
                    82:5d:0e:d7:b9:c7:59:c6:3e:69:6e:a2:c5:9c:ce:
                    f8:1e:8e:41:ee:64:d7:32:e2:07:39:fd:15:76:01:
                    8e:81:09:82:ee:30:b0:29:bd:b8:3e:cd:33:b4:4c:
                    ca:f5:c3:ee:c5:86:3f:5b:0e:aa:46:d2:b0:5a:02:
                    63:6b:1a:7c:b4:97:26:5a:c6:63:15:a4:99:a9:b1:
                    eb:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:84:EE:42:9E:1C:D8:DD:36:99:D5:9D:97:10:31:D8:63:39:AC:58
            X509v3 Authority Key Identifier:
                keyid:AA:3A:ED:91:F2:9B:2C:C7:D3:E0:5F:24:0D:99:13:75:81:D9:B5:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qjrtkfKbLMfT4F8kDZkTdYHZtbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/8e0f63-ef7a-4662-b046-04e1eb2a9328/1/e4TuQp4c2N02mdWdlxAx2GM5rFg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/8e0f63-ef7a-4662-b046-04e1eb2a9328/1/qjrtkfKbLMfT4F8kDZkTdYHZtbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.216.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:e5:89:e0:8f:66:02:c8:39:79:b3:21:81:c5:c9:61:1b:f8:
         0a:54:78:25:98:0b:cb:ca:03:6d:e4:2a:58:b2:29:ac:b0:53:
         a9:bb:84:46:01:51:1a:a1:85:8a:4d:ee:14:92:d0:b1:d4:30:
         74:f3:36:a1:85:ac:49:91:b7:10:e0:5d:64:cd:1d:bf:de:5f:
         83:52:66:2b:29:4d:d5:da:37:68:6a:9b:52:d5:69:eb:d8:10:
         9c:7c:52:55:4c:9c:34:15:55:95:03:e5:f5:9c:de:f7:d9:38:
         67:65:7b:a9:5e:2e:ba:1a:b4:e1:b9:52:3d:55:72:27:5b:ed:
         99:e2:13:4c:26:4c:23:d7:d2:75:9d:3d:e3:ca:d1:1c:a9:cb:
         fd:ad:76:a5:11:0e:e8:e7:f4:b9:58:fe:3d:5b:24:77:cf:a1:
         b0:40:d4:76:6d:b1:2c:9b:55:ab:5f:fa:2b:a5:63:e7:e4:30:
         ad:4b:2c:52:81:ba:92:7a:8f:5f:e7:d1:87:03:00:7a:62:87:
         a0:3e:7b:2d:7d:fa:52:43:88:29:f9:34:a8:50:ed:60:13:43:
         20:5e:a1:94:74:a5:fe:a3:24:80:dc:05:c9:14:ac:9e:7a:62:
         a4:a8:55:40:d7:da:15:31:bd:b3:4f:1a:4f:02:71:d1:ed:07:
         bf:c5:47:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVb1P0KbNKHpZbLpVNbELwmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhM2FlZDkxZjI5YjJjYzdkM2UwNWYyNDBkOTkxMzc1ODFk
OWI1YjMwHhcNMjUwMzAzMTE0NzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Yjg0ZWU0MjllMWNkOGRkMzY5OWQ1OWQ5NzEwMzFkODYzMzlhYzU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+kZROT32bkMOswdJZ8fO7Fl1QXf
+1y/yOhDO3AMU7HqLifHltN62nqCmFGohM5nycp1mefcK6VV75qPL2afiGZXDq4j
g5kXryj966+Z51hfN4Mq7ofGNWaopmJ3KcZVj0sgOZWtY5FTOnxKkmAj1d+9+6FJ
XVx2JqEOhTE0az+zkjMQEMU++S/HbbBDWvBv9KiO2zEhdqkMxrqhDlj5plAwn9sA
8beCyWYGm1ab/6yXF4eCXQ7XucdZxj5pbqLFnM74Ho5B7mTXMuIHOf0VdgGOgQmC
7jCwKb24Ps0ztEzK9cPuxYY/Ww6qRtKwWgJjaxp8tJcmWsZjFaSZqbHrXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHuE7kKeHNjdNpnVnZcQMdhjOaxYMB8GA1UdIwQY
MBaAFKo67ZHymyzH0+BfJA2ZE3WB2bWzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWpydGtmS2JMTWZUNEY4a0Raa1RkWUhadGJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My84ZTBmNjMtZWY3YS00NjYyLWIwNDYt
MDRlMWViMmE5MzI4LzEvZTRUdVFwNGMyTjAybWRXZGx4QXgyR001ckZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My84ZTBmNjMtZWY3YS00NjYyLWIwNDYtMDRlMWViMmE5MzI4
LzEvcWpydGtmS2JMTWZUNEY4a0Raa1RkWUhadGJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPtifMA0G
CSqGSIb3DQEBCwUAA4IBAQAz5Yngj2YCyDl5syGBxclhG/gKVHglmAvLygNt5CpY
simssFOpu4RGAVEaoYWKTe4UktCx1DB08zahhaxJkbcQ4F1kzR2/3l+DUmYrKU3V
2jdoaptS1Wnr2BCcfFJVTJw0FVWVA+X1nN732ThnZXupXi66GrThuVI9VXInW+2Z
4hNMJkwj19J1nT3jytEcqcv9rXalEQ7o5/S5WP49WyR3z6GwQNR2bbEsm1WrX/or
pWPn5DCtSyxSgbqSeo9f59GHAwB6YoegPnstffpSQ4gp+TSoUO1gE0MgXqGUdKX+
oySA3AXJFKyeemKkqFVA19oVMb2zTxpPAnHR7Qe/xUd6
-----END CERTIFICATE-----