Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/9217f9-813d-47af-ad62-32208d544a84/1/QYv8HyZwcR2EgwyDNXO4DNm4alY.roa
File:                     QYv8HyZwcR2EgwyDNXO4DNm4alY.roa (raw, json)
Hash identifier:          4y8aidT7cf46oC9Rb8MtLIG+06WpyEeua6nqGV7vmw0=
Subject key identifier:   41:8B:FC:1F:26:70:71:1D:84:83:0C:83:35:73:B8:0C:D9:B8:6A:56
Certificate issuer:       /CN=181e4d608152fc244afffba2dc72b851b19b2527
Certificate serial:       01942747EF680DFD5CEF931B7FF62C678ADB
Authority key identifier: 18:1E:4D:60:81:52:FC:24:4A:FF:FB:A2:DC:72:B8:51:B1:9B:25:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GB5NYIFS_CRK__ui3HK4UbGbJSc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/9217f9-813d-47af-ad62-32208d544a84/1/QYv8HyZwcR2EgwyDNXO4DNm4alY.roa
Signing time:             Thu 02 Jan 2025 13:50:13 +0000
ROA not before:           Thu 02 Jan 2025 13:50:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209867
IP address blocks:        86.62.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/9217f9-813d-47af-ad62-32208d544a84/1/GB5NYIFS_CRK__ui3HK4UbGbJSc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/9217f9-813d-47af-ad62-32208d544a84/1/GB5NYIFS_CRK__ui3HK4UbGbJSc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GB5NYIFS_CRK__ui3HK4UbGbJSc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Apr 2025 04:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:ef:68:0d:fd:5c:ef:93:1b:7f:f6:2c:67:8a:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=181e4d608152fc244afffba2dc72b851b19b2527
        Validity
            Not Before: Jan  2 13:50:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=418bfc1f2670711d84830c833573b80cd9b86a56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:ae:89:a8:26:8b:19:4e:ee:a8:09:d7:ee:65:
                    fe:18:b5:54:cc:5e:ae:55:46:c0:15:88:09:b5:33:
                    d5:82:ad:c5:e7:3d:79:3f:04:8c:60:9d:47:4e:13:
                    97:2b:19:3a:b7:af:f8:33:dc:14:fc:7b:c9:80:1c:
                    3c:33:53:bb:23:2b:f2:23:49:fb:f7:aa:55:56:49:
                    20:95:b5:20:f6:fb:11:27:04:32:5e:e0:c0:d3:b7:
                    01:53:9a:98:69:80:fb:20:9d:53:b7:36:20:75:76:
                    66:16:48:b9:d7:3d:97:b2:74:11:05:6b:21:36:3a:
                    bf:e3:8b:01:03:09:d1:81:d3:66:a0:1e:9e:1d:e5:
                    bd:48:c5:c8:d6:1b:3b:b6:fb:7f:ba:73:73:5f:f9:
                    4a:a1:96:5f:c3:66:4d:3b:93:59:99:f8:c3:7f:0f:
                    5d:74:ab:c1:af:29:0a:ec:32:d8:b6:73:ee:ca:08:
                    84:17:9c:8a:8b:17:86:c3:d0:17:db:aa:f7:55:97:
                    22:76:1d:6c:d4:88:a3:80:3c:0d:55:a9:a7:95:fd:
                    0c:d8:11:f5:0c:7c:ab:89:34:39:39:c9:f3:ff:54:
                    16:fb:2d:99:21:de:47:d3:b5:c1:1d:b0:54:01:a2:
                    34:f5:0c:8e:11:33:13:76:db:66:6f:8d:39:be:4a:
                    5f:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:8B:FC:1F:26:70:71:1D:84:83:0C:83:35:73:B8:0C:D9:B8:6A:56
            X509v3 Authority Key Identifier:
                keyid:18:1E:4D:60:81:52:FC:24:4A:FF:FB:A2:DC:72:B8:51:B1:9B:25:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GB5NYIFS_CRK__ui3HK4UbGbJSc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/9217f9-813d-47af-ad62-32208d544a84/1/QYv8HyZwcR2EgwyDNXO4DNm4alY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/9217f9-813d-47af-ad62-32208d544a84/1/GB5NYIFS_CRK__ui3HK4UbGbJSc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.62.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:15:80:53:5c:8c:88:dd:82:35:b2:13:7e:12:05:75:7e:c1:
         4e:d2:38:75:bd:0e:c7:f1:c9:ea:27:c7:57:2d:c9:89:7d:19:
         a6:3d:c0:dd:a3:25:a7:ef:e9:e2:1a:51:ce:2a:16:fa:e9:77:
         15:fa:3b:b8:7e:94:db:14:c4:fe:05:7e:f2:29:10:9a:37:d4:
         ee:fd:ef:60:77:ff:20:d4:98:e9:c0:83:c7:80:06:b7:47:eb:
         53:d9:45:28:cf:72:7b:3d:38:c3:a6:e4:59:71:89:c4:6a:ce:
         ae:b3:7d:d6:f4:0e:88:ca:e2:40:ac:f1:d0:cf:e1:aa:60:1a:
         e1:6c:4c:21:cd:07:97:40:55:16:b3:16:21:3d:5c:53:08:2d:
         3b:9d:9d:a3:56:88:37:e9:8f:40:62:67:74:1f:37:97:aa:6d:
         0c:8c:9d:e9:ce:0b:94:1e:8e:9a:39:31:0e:c3:45:12:f7:18:
         13:3d:6d:77:ab:05:ae:2f:78:f1:fa:03:06:80:27:73:2e:ba:
         c2:f5:1a:a6:b3:d1:2d:2e:55:f4:0f:b6:4b:e8:11:ce:05:9a:
         d9:23:f6:4f:23:7e:bc:ed:71:ed:d9:e2:3b:1b:09:94:49:ad:
         5f:4b:6f:88:82:ce:d5:41:10:a5:57:ae:8f:7b:72:2f:6c:bd:
         f9:b4:75:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR+9oDf1c75Mbf/YsZ4rbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MWU0ZDYwODE1MmZjMjQ0YWZmZmJhMmRjNzJiODUxYjE5
YjI1MjcwHhcNMjUwMTAyMTM1MDEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MThiZmMxZjI2NzA3MTFkODQ4MzBjODMzNTczYjgwY2Q5Yjg2YTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuq6JqCaLGU7uqAnX7mX+GLVUzF6u
VUbAFYgJtTPVgq3F5z15PwSMYJ1HThOXKxk6t6/4M9wU/HvJgBw8M1O7IyvyI0n7
96pVVkkglbUg9vsRJwQyXuDA07cBU5qYaYD7IJ1TtzYgdXZmFki51z2XsnQRBWsh
Njq/44sBAwnRgdNmoB6eHeW9SMXI1hs7tvt/unNzX/lKoZZfw2ZNO5NZmfjDfw9d
dKvBrykK7DLYtnPuygiEF5yKixeGw9AX26r3VZcidh1s1IijgDwNVamnlf0M2BH1
DHyriTQ5Ocnz/1QW+y2ZId5H07XBHbBUAaI09QyOETMTdttmb405vkpf6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEGL/B8mcHEdhIMMgzVzuAzZuGpWMB8GA1UdIwQY
MBaAFBgeTWCBUvwkSv/7otxyuFGxmyUnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0I1TllJRlNfQ1JLX191aTNISzRVYkdiSlNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85MjE3ZjktODEzZC00N2FmLWFkNjIt
MzIyMDhkNTQ0YTg0LzEvUVl2OEh5WndjUjJFZ3d5RE5YTzRETm00YWxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85MjE3ZjktODEzZC00N2FmLWFkNjItMzIyMDhkNTQ0YTg0
LzEvR0I1TllJRlNfQ1JLX191aTNISzRVYkdiSlNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVj4HMA0G
CSqGSIb3DQEBCwUAA4IBAQAPFYBTXIyI3YI1shN+EgV1fsFO0jh1vQ7H8cnqJ8dX
LcmJfRmmPcDdoyWn7+niGlHOKhb66XcV+ju4fpTbFMT+BX7yKRCaN9Tu/e9gd/8g
1JjpwIPHgAa3R+tT2UUoz3J7PTjDpuRZcYnEas6us33W9A6IyuJArPHQz+GqYBrh
bEwhzQeXQFUWsxYhPVxTCC07nZ2jVog36Y9AYmd0HzeXqm0MjJ3pzguUHo6aOTEO
w0US9xgTPW13qwWuL3jx+gMGgCdzLrrC9Rqms9EtLlX0D7ZL6BHOBZrZI/ZPI368
7XHt2eI7GwmUSa1fS2+Igs7VQRClV66Pe3IvbL35tHXv
-----END CERTIFICATE-----