Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/9217f9-813d-47af-ad62-32208d544a84/1/3SDO9hGSLXcvKio5nucfHtpBZqo.roa
File:                     3SDO9hGSLXcvKio5nucfHtpBZqo.roa (raw, json)
Hash identifier:          UySF852N3LzIIXg+WlqkSuDwnOKj/L9pAk/WjttqTkE=
Subject key identifier:   DD:20:CE:F6:11:92:2D:77:2F:2A:2A:39:9E:E7:1F:1E:DA:41:66:AA
Certificate issuer:       /CN=181e4d608152fc244afffba2dc72b851b19b2527
Certificate serial:       01942747EEC3E663CDAEAE53F7AA46F6375A
Authority key identifier: 18:1E:4D:60:81:52:FC:24:4A:FF:FB:A2:DC:72:B8:51:B1:9B:25:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GB5NYIFS_CRK__ui3HK4UbGbJSc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/9217f9-813d-47af-ad62-32208d544a84/1/3SDO9hGSLXcvKio5nucfHtpBZqo.roa
Signing time:             Thu 02 Jan 2025 13:50:13 +0000
ROA not before:           Thu 02 Jan 2025 13:50:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50427
IP address blocks:        86.62.4.0/23 maxlen: 23
                          86.62.4.0/24 maxlen: 24
                          86.62.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/9217f9-813d-47af-ad62-32208d544a84/1/GB5NYIFS_CRK__ui3HK4UbGbJSc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/9217f9-813d-47af-ad62-32208d544a84/1/GB5NYIFS_CRK__ui3HK4UbGbJSc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GB5NYIFS_CRK__ui3HK4UbGbJSc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:ee:c3:e6:63:cd:ae:ae:53:f7:aa:46:f6:37:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=181e4d608152fc244afffba2dc72b851b19b2527
        Validity
            Not Before: Jan  2 13:50:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dd20cef611922d772f2a2a399ee71f1eda4166aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:a7:a3:36:b4:2f:ff:3f:8d:59:75:c1:c3:f1:
                    fb:32:06:c5:9b:63:45:5f:44:63:30:f9:92:0a:8c:
                    5a:78:5d:0d:87:68:f1:8c:80:a0:3c:1d:96:b3:27:
                    8f:98:55:cd:82:72:f7:42:2d:ff:cb:e1:be:55:89:
                    70:39:69:5b:8c:18:6a:71:9f:c6:71:c8:1a:33:1c:
                    01:83:a2:6b:ba:08:6f:c8:57:89:d0:b6:81:70:63:
                    f4:21:5f:49:25:87:b5:1a:66:64:f6:91:20:5a:cf:
                    52:6b:24:01:30:de:98:75:72:55:9f:a7:0f:30:6d:
                    22:3b:32:dd:df:fd:ab:63:77:c0:fe:78:c0:2b:34:
                    ea:13:e0:58:e4:09:50:56:0d:db:25:52:c9:23:f1:
                    4a:6d:dd:0f:22:94:f2:f0:11:ae:27:3f:d8:ee:fc:
                    91:b0:96:95:19:d3:50:d4:70:95:24:0f:43:0c:5a:
                    b9:59:de:68:e3:8d:c7:6f:b2:ef:9c:1f:5a:9e:02:
                    02:03:fc:14:63:2b:4a:f3:b1:15:57:f1:dd:2c:12:
                    31:b1:f4:af:87:bf:67:c5:27:b7:58:b9:d4:7e:ec:
                    cc:8b:8d:e0:38:65:41:d5:3b:c2:23:69:a1:fc:89:
                    1f:b8:fa:46:31:59:c2:52:54:7e:88:03:35:7d:65:
                    ca:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:20:CE:F6:11:92:2D:77:2F:2A:2A:39:9E:E7:1F:1E:DA:41:66:AA
            X509v3 Authority Key Identifier:
                keyid:18:1E:4D:60:81:52:FC:24:4A:FF:FB:A2:DC:72:B8:51:B1:9B:25:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GB5NYIFS_CRK__ui3HK4UbGbJSc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/9217f9-813d-47af-ad62-32208d544a84/1/3SDO9hGSLXcvKio5nucfHtpBZqo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/9217f9-813d-47af-ad62-32208d544a84/1/GB5NYIFS_CRK__ui3HK4UbGbJSc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.62.4.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4e:39:74:d6:1c:59:e1:3c:2f:2a:33:22:ce:4d:40:6c:68:13:
         fc:2f:d3:c0:96:ad:40:d3:21:98:bb:aa:ea:b2:0a:99:51:54:
         07:87:1c:dc:47:cb:7d:4b:f3:d1:64:32:47:21:9a:44:4e:7f:
         fe:36:d1:3e:2d:02:5b:12:fc:87:c0:0a:6e:5d:90:c8:22:47:
         a7:79:00:d3:86:86:54:81:d2:3f:6d:22:cb:b8:0b:08:3b:2c:
         e8:d9:da:f0:10:ea:4f:cf:53:c6:e0:aa:4c:72:8d:18:84:ad:
         ae:50:95:f0:2a:6b:fd:e2:1f:e3:81:6a:5d:7e:8f:48:7b:5a:
         a4:6b:3f:08:b1:08:59:2d:69:a5:81:33:3d:61:79:42:e6:b1:
         30:7b:d0:42:c6:6f:39:ad:a1:bd:7e:d9:84:e0:08:7e:af:15:
         c2:a7:a8:d2:5b:52:30:a1:21:27:0f:64:aa:b1:69:94:c8:69:
         39:ce:0e:f3:67:39:ee:f4:69:c5:81:a4:53:9a:15:5c:5f:f6:
         cd:77:6d:cd:f5:c4:11:36:b2:e4:a6:7f:a8:d7:09:e4:b6:f3:
         b2:1e:05:1c:21:84:21:37:3b:8d:fb:2a:1a:ad:49:0b:57:ba:
         c0:7a:18:62:1f:07:1b:e2:07:f4:bd:45:b2:a3:db:8c:0b:b0:
         c7:a7:34:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR+7D5mPNrq5T96pG9jdaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MWU0ZDYwODE1MmZjMjQ0YWZmZmJhMmRjNzJiODUxYjE5
YjI1MjcwHhcNMjUwMTAyMTM1MDEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDIwY2VmNjExOTIyZDc3MmYyYTJhMzk5ZWU3MWYxZWRhNDE2NmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvKejNrQv/z+NWXXBw/H7MgbFm2NF
X0RjMPmSCoxaeF0Nh2jxjICgPB2WsyePmFXNgnL3Qi3/y+G+VYlwOWlbjBhqcZ/G
ccgaMxwBg6JrughvyFeJ0LaBcGP0IV9JJYe1GmZk9pEgWs9SayQBMN6YdXJVn6cP
MG0iOzLd3/2rY3fA/njAKzTqE+BY5AlQVg3bJVLJI/FKbd0PIpTy8BGuJz/Y7vyR
sJaVGdNQ1HCVJA9DDFq5Wd5o443Hb7LvnB9angICA/wUYytK87EVV/HdLBIxsfSv
h79nxSe3WLnUfuzMi43gOGVB1TvCI2mh/IkfuPpGMVnCUlR+iAM1fWXK8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN0gzvYRki13LyoqOZ7nHx7aQWaqMB8GA1UdIwQY
MBaAFBgeTWCBUvwkSv/7otxyuFGxmyUnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0I1TllJRlNfQ1JLX191aTNISzRVYkdiSlNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85MjE3ZjktODEzZC00N2FmLWFkNjIt
MzIyMDhkNTQ0YTg0LzEvM1NETzloR1NMWGN2S2lvNW51Y2ZIdHBCWnFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85MjE3ZjktODEzZC00N2FmLWFkNjItMzIyMDhkNTQ0YTg0
LzEvR0I1TllJRlNfQ1JLX191aTNISzRVYkdiSlNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVj4EMA0G
CSqGSIb3DQEBCwUAA4IBAQBOOXTWHFnhPC8qMyLOTUBsaBP8L9PAlq1A0yGYu6rq
sgqZUVQHhxzcR8t9S/PRZDJHIZpETn/+NtE+LQJbEvyHwApuXZDIIkeneQDThoZU
gdI/bSLLuAsIOyzo2drwEOpPz1PG4KpMco0YhK2uUJXwKmv94h/jgWpdfo9Ie1qk
az8IsQhZLWmlgTM9YXlC5rEwe9BCxm85raG9ftmE4Ah+rxXCp6jSW1IwoSEnD2Sq
sWmUyGk5zg7zZznu9GnFgaRTmhVcX/bNd23N9cQRNrLkpn+o1wnktvOyHgUcIYQh
NzuN+yoarUkLV7rAehhiHwcb4gf0vUWyo9uMC7DHpzTa
-----END CERTIFICATE-----