Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/Ay-SweIqjTD5x-W0BgOFlXFvGto.roa
File:                     Ay-SweIqjTD5x-W0BgOFlXFvGto.roa (raw, json)
Hash identifier:          ENRR9lHZ+JRK+4SQ3UrX8bD9aFZzV05sOeoNCH2LeFY=
Subject key identifier:   03:2F:92:C1:E2:2A:8D:30:F9:C7:E5:B4:06:03:85:95:71:6F:1A:DA
Certificate issuer:       /CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
Certificate serial:       01941FFA43129CE1F17B6197CF92BBA8597C
Authority key identifier: 1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/Ay-SweIqjTD5x-W0BgOFlXFvGto.roa
Signing time:             Wed 01 Jan 2025 03:48:02 +0000
ROA not before:           Wed 01 Jan 2025 03:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8520
IP address blocks:        62.93.212.0/23 maxlen: 23
                          62.93.246.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 14:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:43:12:9c:e1:f1:7b:61:97:cf:92:bb:a8:59:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
        Validity
            Not Before: Jan  1 03:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=032f92c1e22a8d30f9c7e5b406038595716f1ada
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:2e:ff:9a:fd:b6:3b:7d:07:7e:c1:02:8a:1e:
                    00:30:02:d4:a2:1c:38:61:41:0e:59:f1:d4:08:45:
                    f7:6e:1b:33:2e:7a:89:17:49:7c:00:52:db:ed:bc:
                    f8:ae:cb:73:2e:06:bc:81:db:32:5e:23:da:22:90:
                    e0:0c:5d:d6:81:8b:c2:fe:26:0a:e7:5f:df:b2:98:
                    46:b7:f4:5f:bc:8e:7d:71:82:e4:35:fb:45:f5:7b:
                    23:1b:eb:20:68:56:a5:8e:fe:cf:86:15:9c:b4:df:
                    98:d9:8b:d0:0d:a7:e3:50:36:e9:76:c4:0f:d5:60:
                    43:6c:f8:b2:50:d7:c6:f5:0f:b4:91:2a:b1:2f:c8:
                    35:8d:30:0d:1c:cd:8d:2d:97:3d:d0:22:0a:6c:48:
                    1a:56:98:f3:73:8d:32:de:f3:55:5a:47:f9:a9:c2:
                    86:47:26:79:68:b8:cd:13:f7:1c:f5:6f:56:ba:d8:
                    97:5a:59:f5:e5:66:1b:c7:d2:f6:8a:30:95:e6:c5:
                    5b:39:6d:f0:47:47:69:7e:17:14:f1:55:ab:ec:d3:
                    26:23:e7:4f:36:f3:a8:e8:4f:a5:a7:1a:33:e7:47:
                    3c:16:40:63:cf:e2:4e:b2:02:82:0b:58:8c:91:95:
                    a0:40:7f:7b:38:dd:76:59:cb:05:21:02:d0:48:35:
                    e9:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:2F:92:C1:E2:2A:8D:30:F9:C7:E5:B4:06:03:85:95:71:6F:1A:DA
            X509v3 Authority Key Identifier:
                keyid:1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/Ay-SweIqjTD5x-W0BgOFlXFvGto.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.93.212.0/23
                  62.93.246.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2c:38:a7:fe:09:4a:7d:70:1a:52:2a:4c:9e:b8:9f:13:ff:47:
         d3:1a:e4:e8:cd:32:40:a0:8a:f5:03:c8:32:28:d2:de:16:f4:
         9e:f9:12:85:b9:38:ae:63:93:ea:19:2d:e3:12:12:a7:d1:00:
         4a:d8:cb:f4:dd:77:ca:bf:0d:3b:4b:2c:95:67:97:b8:59:a1:
         37:d1:a3:8c:35:c4:71:f1:cd:0c:b5:f1:da:b5:32:3b:0e:72:
         06:7b:e6:d3:c0:ec:4d:ba:7e:4b:67:4b:8c:6a:4b:2d:48:45:
         2f:57:c9:e7:da:df:b9:df:62:77:b8:09:75:83:fd:97:46:72:
         0b:d6:fd:a0:75:a0:2e:b7:0d:7c:80:a4:a3:84:f7:c4:5a:9a:
         c4:c9:f8:0e:08:15:2a:04:97:ac:de:63:78:7a:f1:11:29:b9:
         50:d8:d8:01:3c:be:29:cc:7e:2f:b7:c6:4c:14:ae:70:fe:89:
         14:3e:f6:7c:8d:a6:f4:b9:ce:f6:30:2e:32:7c:28:9d:8c:bf:
         86:f9:ac:79:48:c0:63:e0:ab:99:97:14:e3:09:62:72:7f:8f:
         aa:69:11:15:1d:14:19:42:19:9c:da:8e:49:4f:b4:c0:02:7a:
         8e:0d:0a:06:81:4c:70:31:12:67:fd:ef:d8:73:11:4a:92:a1:
         8f:d9:80:51
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQf+kMSnOHxe2GXz5K7qFl8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmZTkwZmRlOTc4NGE5MWQ5M2E3YTJhZjU5ZDRkMDQzZjEx
NzFmYmEwHhcNMjUwMTAxMDM0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzJmOTJjMWUyMmE4ZDMwZjljN2U1YjQwNjAzODU5NTcxNmYxYWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxi7/mv22O30HfsECih4AMALUohw4
YUEOWfHUCEX3bhszLnqJF0l8AFLb7bz4rstzLga8gdsyXiPaIpDgDF3WgYvC/iYK
51/fsphGt/RfvI59cYLkNftF9XsjG+sgaFaljv7PhhWctN+Y2YvQDafjUDbpdsQP
1WBDbPiyUNfG9Q+0kSqxL8g1jTANHM2NLZc90CIKbEgaVpjzc40y3vNVWkf5qcKG
RyZ5aLjNE/cc9W9WutiXWln15WYbx9L2ijCV5sVbOW3wR0dpfhcU8VWr7NMmI+dP
NvOo6E+lpxoz50c8FkBjz+JOsgKCC1iMkZWgQH97ON12WcsFIQLQSDXpBQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAMvksHiKo0w+cfltAYDhZVxbxraMB8GA1UdIwQY
MBaAFB/pD96XhKkdk6eir1nU0EPxFx+6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQt
MjM3NzJlN2Y5MmUzLzEvQXktU3dlSXFqVEQ1eC1XMEJnT0ZsWEZ2R3RvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQtMjM3NzJlN2Y5MmUz
LzEvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBPl3UAwQB
Pl32MA0GCSqGSIb3DQEBCwUAA4IBAQAsOKf+CUp9cBpSKkyeuJ8T/0fTGuTozTJA
oIr1A8gyKNLeFvSe+RKFuTiuY5PqGS3jEhKn0QBK2Mv03XfKvw07SyyVZ5e4WaE3
0aOMNcRx8c0MtfHatTI7DnIGe+bTwOxNun5LZ0uMakstSEUvV8nn2t+532J3uAl1
g/2XRnIL1v2gdaAutw18gKSjhPfEWprEyfgOCBUqBJes3mN4evERKblQ2NgBPL4p
zH4vt8ZMFK5w/okUPvZ8jab0uc72MC4yfCidjL+G+ax5SMBj4KuZlxTjCWJyf4+q
aREVHRQZQhmc2o5JT7TAAnqODQoGgUxwMRJn/e/YcxFKkqGP2YBR
-----END CERTIFICATE-----