Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/616924-93b2-4dcb-aeeb-f3fd64331709/1/4pwc0R1N2wMoXFJi3dSz9WOuKVM.roa
File:                     4pwc0R1N2wMoXFJi3dSz9WOuKVM.roa (raw, json)
Hash identifier:          IJPThFCoovsDphAV9yYwYdOOLLfVfOTJNjoylRDGNto=
Subject key identifier:   E2:9C:1C:D1:1D:4D:DB:03:28:5C:52:62:DD:D4:B3:F5:63:AE:29:53
Certificate issuer:       /CN=5dd69d9f749630f0256cf0ceab58836b491a58f6
Certificate serial:       01944FD16A240FE3F38565EEFFF644DF911B
Authority key identifier: 5D:D6:9D:9F:74:96:30:F0:25:6C:F0:CE:AB:58:83:6B:49:1A:58:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xdadn3SWMPAlbPDOq1iDa0kaWPY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/616924-93b2-4dcb-aeeb-f3fd64331709/1/4pwc0R1N2wMoXFJi3dSz9WOuKVM.roa
Signing time:             Fri 10 Jan 2025 10:45:11 +0000
ROA not before:           Fri 10 Jan 2025 10:45:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60168
IP address blocks:        62.68.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/616924-93b2-4dcb-aeeb-f3fd64331709/1/Xdadn3SWMPAlbPDOq1iDa0kaWPY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/616924-93b2-4dcb-aeeb-f3fd64331709/1/Xdadn3SWMPAlbPDOq1iDa0kaWPY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xdadn3SWMPAlbPDOq1iDa0kaWPY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:4f:d1:6a:24:0f:e3:f3:85:65:ee:ff:f6:44:df:91:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dd69d9f749630f0256cf0ceab58836b491a58f6
        Validity
            Not Before: Jan 10 10:45:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e29c1cd11d4ddb03285c5262ddd4b3f563ae2953
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:58:53:65:a9:00:c2:97:8d:07:e8:76:b4:87:
                    28:2b:52:63:9a:07:c2:34:a1:56:7e:44:02:e4:df:
                    f9:57:84:d7:9a:49:0e:74:6d:41:da:a7:fa:55:38:
                    78:67:1e:10:c5:33:a7:a2:fc:88:7f:01:40:65:15:
                    a1:eb:c0:06:39:4d:7c:b5:a0:1f:9a:e1:a2:bc:44:
                    98:cd:1a:d9:d2:37:d3:d1:25:09:af:83:41:72:72:
                    e0:c8:35:5e:98:45:64:ff:85:c5:d7:65:ec:30:6f:
                    71:76:f0:57:c9:7f:5c:cf:e3:b7:b1:2b:e4:f7:ae:
                    0a:0f:f4:32:8c:e5:fa:ea:61:f3:56:d6:ba:5b:8c:
                    57:f7:6f:60:b2:7b:3f:f9:14:69:6c:99:9d:69:c5:
                    86:f9:96:d2:df:16:7d:74:55:5c:b0:12:3f:82:26:
                    66:35:76:29:dc:c2:ad:4c:ab:2a:35:2d:a5:3c:d8:
                    24:2f:b2:91:40:6c:bc:c4:e1:a6:bc:9d:3f:40:8b:
                    c2:d7:ae:69:49:1a:5f:82:95:6f:eb:cd:7b:3d:cb:
                    40:33:fd:36:a7:74:b8:67:83:8f:40:e0:54:fd:e2:
                    b1:a3:d6:89:8e:1a:bc:a6:e4:96:08:4e:58:cc:a8:
                    a5:d1:03:98:71:6e:df:f6:52:bf:e4:ae:f2:ce:2e:
                    4a:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:9C:1C:D1:1D:4D:DB:03:28:5C:52:62:DD:D4:B3:F5:63:AE:29:53
            X509v3 Authority Key Identifier:
                keyid:5D:D6:9D:9F:74:96:30:F0:25:6C:F0:CE:AB:58:83:6B:49:1A:58:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xdadn3SWMPAlbPDOq1iDa0kaWPY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/616924-93b2-4dcb-aeeb-f3fd64331709/1/4pwc0R1N2wMoXFJi3dSz9WOuKVM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/616924-93b2-4dcb-aeeb-f3fd64331709/1/Xdadn3SWMPAlbPDOq1iDa0kaWPY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.68.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:95:d8:c2:38:4e:98:e2:a3:a1:f0:7f:2f:78:c2:3d:59:cb:
         ba:bb:c7:f9:66:d6:3b:1b:b8:cf:9e:37:ee:72:6a:e6:72:d2:
         7d:9f:2a:a4:f9:3f:cf:38:2a:3b:56:d1:84:55:e9:90:f6:83:
         78:77:43:31:83:f1:11:5a:2d:f2:2d:81:4e:71:ad:64:ef:4c:
         bc:15:09:b3:b4:64:0c:67:cd:95:ed:6d:4f:56:c2:3e:69:2a:
         16:0d:e6:9d:45:60:95:f8:f6:bb:72:6e:c8:bb:9c:4f:44:c3:
         ae:d8:27:5a:7f:39:87:c1:d0:ed:18:51:f7:07:62:8d:34:bd:
         fd:13:66:af:69:9a:2b:02:87:9e:85:1f:dd:6f:df:26:4d:09:
         16:eb:cb:95:93:0c:2c:2c:6a:bf:cf:07:d0:68:4c:97:c3:6b:
         e9:36:fe:70:07:7d:92:1f:7b:c2:5e:18:5a:c5:b7:62:60:9c:
         9f:38:25:91:9b:37:c9:07:32:cb:e4:3c:8f:6e:27:34:3a:cc:
         25:87:79:b5:79:c2:fc:a6:1d:a4:3b:c8:f8:7d:66:83:45:13:
         8c:26:d4:fb:5e:9c:bb:42:76:50:c7:ae:de:a2:da:1d:f5:b8:
         2d:bf:dc:70:b1:40:6d:79:11:d0:ef:83:25:7a:60:ed:5f:73:
         2e:da:db:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRP0WokD+PzhWXu//ZE35EbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZDY5ZDlmNzQ5NjMwZjAyNTZjZjBjZWFiNTg4MzZiNDkx
YTU4ZjYwHhcNMjUwMTEwMTA0NTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjljMWNkMTFkNGRkYjAzMjg1YzUyNjJkZGQ0YjNmNTYzYWUyOTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1hTZakAwpeNB+h2tIcoK1JjmgfC
NKFWfkQC5N/5V4TXmkkOdG1B2qf6VTh4Zx4QxTOnovyIfwFAZRWh68AGOU18taAf
muGivESYzRrZ0jfT0SUJr4NBcnLgyDVemEVk/4XF12XsMG9xdvBXyX9cz+O3sSvk
964KD/QyjOX66mHzVta6W4xX929gsns/+RRpbJmdacWG+ZbS3xZ9dFVcsBI/giZm
NXYp3MKtTKsqNS2lPNgkL7KRQGy8xOGmvJ0/QIvC165pSRpfgpVv6817PctAM/02
p3S4Z4OPQOBU/eKxo9aJjhq8puSWCE5YzKil0QOYcW7f9lK/5K7yzi5KHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOKcHNEdTdsDKFxSYt3Us/VjrilTMB8GA1UdIwQY
MBaAFF3WnZ90ljDwJWzwzqtYg2tJGlj2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGRhZG4zU1dNUEFsYlBET3ExaURhMGthV1BZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC82MTY5MjQtOTNiMi00ZGNiLWFlZWIt
ZjNmZDY0MzMxNzA5LzEvNHB3YzBSMU4yd01vWEZKaTNkU3o5V091S1ZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC82MTY5MjQtOTNiMi00ZGNiLWFlZWItZjNmZDY0MzMxNzA5
LzEvWGRhZG4zU1dNUEFsYlBET3ExaURhMGthV1BZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPkRaMA0G
CSqGSIb3DQEBCwUAA4IBAQADldjCOE6Y4qOh8H8veMI9Wcu6u8f5ZtY7G7jPnjfu
cmrmctJ9nyqk+T/POCo7VtGEVemQ9oN4d0Mxg/ERWi3yLYFOca1k70y8FQmztGQM
Z82V7W1PVsI+aSoWDeadRWCV+Pa7cm7Iu5xPRMOu2CdafzmHwdDtGFH3B2KNNL39
E2avaZorAoeehR/db98mTQkW68uVkwwsLGq/zwfQaEyXw2vpNv5wB32SH3vCXhha
xbdiYJyfOCWRmzfJBzLL5DyPbic0Oswlh3m1ecL8ph2kO8j4fWaDRROMJtT7Xpy7
QnZQx67eotod9bgtv9xwsUBteRHQ74MlemDtX3Mu2tsH
-----END CERTIFICATE-----