Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/pKJzHpKYsFNmV-pQARI9PPnQ15U.roa
File:                     pKJzHpKYsFNmV-pQARI9PPnQ15U.roa (raw, json)
Hash identifier:          yxnfHnJ8DZMjj/L2CYE9hx9Vl3UpbA4b5cr24ovpjLw=
Subject key identifier:   A4:A2:73:1E:92:98:B0:53:66:57:EA:50:01:12:3D:3C:F9:D0:D7:95
Certificate issuer:       /CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
Certificate serial:       0194258F491035BEEB13987DFEA19052274B
Authority key identifier: 4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/pKJzHpKYsFNmV-pQARI9PPnQ15U.roa
Signing time:             Thu 02 Jan 2025 05:48:54 +0000
ROA not before:           Thu 02 Jan 2025 05:48:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     18994
IP address blocks:        62.73.169.48/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:49:10:35:be:eb:13:98:7d:fe:a1:90:52:27:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
        Validity
            Not Before: Jan  2 05:48:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a4a2731e9298b0536657ea5001123d3cf9d0d795
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:8e:51:00:21:b8:09:0a:3d:6b:f8:32:74:00:
                    ae:fd:a2:a2:f3:61:ef:74:3a:8f:7c:3f:c6:f5:df:
                    30:7c:48:2c:20:5a:7b:1c:29:e8:35:62:f4:69:c4:
                    23:f0:27:2c:ef:f8:55:3e:f0:dd:c6:5d:b6:e5:8f:
                    76:23:df:44:01:80:95:82:c2:35:ca:80:1b:7b:20:
                    78:e2:94:df:78:39:b1:b9:f9:57:40:3f:9d:fa:7d:
                    af:3f:13:9d:2e:5a:6e:56:c2:a0:f7:d5:60:d0:02:
                    7d:c2:78:5f:40:79:06:e2:d3:52:81:4a:01:b7:38:
                    80:9a:13:40:dc:99:be:9a:63:a6:74:e9:85:1c:53:
                    76:9d:35:b2:f9:af:5c:bb:6b:84:76:a3:7c:52:ab:
                    1e:5d:9b:4a:30:66:fb:bd:17:4e:67:b8:10:8c:49:
                    a1:74:79:55:9b:67:fa:fc:d7:0f:66:53:a4:10:35:
                    70:67:36:d0:ff:07:c8:58:b5:09:50:d7:c2:0b:71:
                    a0:95:68:15:94:42:6d:5d:b9:45:03:ab:9f:29:f4:
                    11:d5:f8:6d:e4:5c:44:5b:b3:b8:ba:ef:35:1c:8b:
                    42:f1:7b:8e:79:8e:69:d8:a0:fa:b5:19:bb:fa:c9:
                    bf:43:d1:c5:b4:b9:3c:74:33:18:26:bd:9b:b3:ec:
                    51:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:A2:73:1E:92:98:B0:53:66:57:EA:50:01:12:3D:3C:F9:D0:D7:95
            X509v3 Authority Key Identifier:
                keyid:4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/pKJzHpKYsFNmV-pQARI9PPnQ15U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.73.169.48/29

    Signature Algorithm: sha256WithRSAEncryption
         77:5f:c2:28:52:16:96:d4:c8:5a:68:9a:11:6f:f6:2f:97:6c:
         9a:c9:cd:28:0b:8e:73:14:84:a1:7c:80:51:dc:90:32:ee:be:
         c5:5a:20:8d:15:c1:13:1a:6f:bf:db:7b:3a:89:2d:26:ea:6f:
         a2:01:de:49:c0:49:f8:72:98:46:db:f6:42:eb:c2:fe:33:41:
         c5:ed:e8:10:7a:62:bc:65:47:cd:23:63:5a:82:83:77:5b:98:
         19:b8:86:53:6a:cd:e9:64:a8:83:d6:14:3e:21:fa:5c:4b:17:
         da:68:c1:fc:17:5e:09:d3:80:a8:25:8d:f8:49:a5:ef:6e:a1:
         67:fb:6b:1f:91:aa:85:7b:df:44:97:6d:7e:94:72:8d:53:e3:
         74:c0:0e:3e:b9:11:18:70:f0:fc:5b:4c:f0:33:36:3c:cc:9b:
         8b:24:77:46:90:95:f5:94:74:0d:8e:fd:6d:f0:08:38:9a:57:
         ac:d3:65:1c:4d:72:96:d8:72:96:9e:e9:b2:86:0a:aa:03:79:
         ae:ac:43:b1:76:64:f8:9c:4d:07:8d:54:74:34:e6:3f:9d:c5:
         1c:d9:c1:02:fb:6d:35:44:98:e3:c5:4b:24:73:86:1a:f3:c4:
         dd:17:fe:80:a4:a3:19:2a:da:4c:3d:1e:9d:bb:12:fb:e2:64:
         30:7f:2c:c0
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQlj0kQNb7rE5h9/qGQUidLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkNWEyOTIxZmJlYjhhNDQ4ZTdhZTFlYzVhMTFiOGFiODk4
ZDIyZmQwHhcNMjUwMTAyMDU0ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGEyNzMxZTkyOThiMDUzNjY1N2VhNTAwMTEyM2QzY2Y5ZDBkNzk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7I5RACG4CQo9a/gydACu/aKi82Hv
dDqPfD/G9d8wfEgsIFp7HCnoNWL0acQj8Ccs7/hVPvDdxl225Y92I99EAYCVgsI1
yoAbeyB44pTfeDmxuflXQD+d+n2vPxOdLlpuVsKg99Vg0AJ9wnhfQHkG4tNSgUoB
tziAmhNA3Jm+mmOmdOmFHFN2nTWy+a9cu2uEdqN8UqseXZtKMGb7vRdOZ7gQjEmh
dHlVm2f6/NcPZlOkEDVwZzbQ/wfIWLUJUNfCC3GglWgVlEJtXblFA6ufKfQR1fht
5FxEW7O4uu81HItC8XuOeY5p2KD6tRm7+sm/Q9HFtLk8dDMYJr2bs+xRHwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKSicx6SmLBTZlfqUAESPTz50NeVMB8GA1UdIwQY
MBaAFE1aKSH764pEjnrh7FoRuKuJjSL9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUt
NzgwYTI1Y2QwZGQ5LzEvcEtKekhwS1lzRk5tVi1wUUFSSTlQUG5RMTVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUtNzgwYTI1Y2QwZGQ5
LzEvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUDPkmpMDAN
BgkqhkiG9w0BAQsFAAOCAQEAd1/CKFIWltTIWmiaEW/2L5dsmsnNKAuOcxSEoXyA
UdyQMu6+xVogjRXBExpvv9t7OoktJupvogHeScBJ+HKYRtv2QuvC/jNBxe3oEHpi
vGVHzSNjWoKDd1uYGbiGU2rN6WSog9YUPiH6XEsX2mjB/BdeCdOAqCWN+Eml726h
Z/trH5GqhXvfRJdtfpRyjVPjdMAOPrkRGHDw/FtM8DM2PMybiyR3RpCV9ZR0DY79
bfAIOJpXrNNlHE1ylthylp7psoYKqgN5rqxDsXZk+JxNB41UdDTmP53FHNnBAvtt
NUSY48VLJHOGGvPE3Rf+gKSjGSraTD0enbsS++JkMH8swA==
-----END CERTIFICATE-----