Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/9217f9-813d-47af-ad62-32208d544a84/1/t3Zx6p1wvn7jY8kHjzfJnnc7eNg.roa
File:                     t3Zx6p1wvn7jY8kHjzfJnnc7eNg.roa (raw, json)
Hash identifier:          OLIfG4z0xwuSo4+uWrBPz+WPutgwTrYoDXIoHunSp5A=
Subject key identifier:   B7:76:71:EA:9D:70:BE:7E:E3:63:C9:07:8F:37:C9:9E:77:3B:78:D8
Certificate issuer:       /CN=181e4d608152fc244afffba2dc72b851b19b2527
Certificate serial:       01942747EDFE5E402999085288DF79E15FB4
Authority key identifier: 18:1E:4D:60:81:52:FC:24:4A:FF:FB:A2:DC:72:B8:51:B1:9B:25:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GB5NYIFS_CRK__ui3HK4UbGbJSc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/9217f9-813d-47af-ad62-32208d544a84/1/t3Zx6p1wvn7jY8kHjzfJnnc7eNg.roa
Signing time:             Thu 02 Jan 2025 13:50:12 +0000
ROA not before:           Thu 02 Jan 2025 13:50:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31257
IP address blocks:        86.62.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/9217f9-813d-47af-ad62-32208d544a84/1/GB5NYIFS_CRK__ui3HK4UbGbJSc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/9217f9-813d-47af-ad62-32208d544a84/1/GB5NYIFS_CRK__ui3HK4UbGbJSc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GB5NYIFS_CRK__ui3HK4UbGbJSc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:ed:fe:5e:40:29:99:08:52:88:df:79:e1:5f:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=181e4d608152fc244afffba2dc72b851b19b2527
        Validity
            Not Before: Jan  2 13:50:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b77671ea9d70be7ee363c9078f37c99e773b78d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:59:77:5b:b5:22:cc:1f:b0:b9:bd:87:34:c4:
                    c1:07:28:b5:8e:e6:59:c7:18:ad:5c:f8:ed:65:9d:
                    d6:59:f2:c4:b3:3a:ec:ce:c2:3b:1e:58:70:49:0c:
                    36:89:61:49:46:d5:8e:f9:66:a9:d4:0b:ed:d1:7e:
                    90:75:43:96:f7:76:83:d4:1c:7f:4a:83:fa:69:d1:
                    52:6f:2d:33:39:97:12:9c:58:23:0d:9b:1f:55:b8:
                    9a:69:42:93:60:a2:9b:72:61:6d:37:02:a9:2c:35:
                    a1:5a:17:c8:84:5f:09:f2:65:ec:6f:2c:bf:d7:e0:
                    dd:17:17:d0:04:b6:11:82:04:ba:19:dd:f8:6e:bd:
                    90:59:d2:a3:24:49:43:6c:7b:26:be:b3:e4:df:33:
                    c8:fb:17:b2:04:94:22:11:a6:b7:8a:ff:b1:d6:5a:
                    52:98:0c:be:e3:cf:df:c2:0a:a9:eb:d6:fe:83:b9:
                    ce:46:d1:d2:1f:40:34:a1:72:b0:4b:7f:94:f0:70:
                    1f:8b:fe:fb:57:3c:71:3e:37:2f:83:19:96:ec:c8:
                    da:c9:db:87:c1:05:5e:fe:dc:ef:06:f1:d6:ad:08:
                    fc:3c:2a:2c:1f:67:c8:97:20:eb:b3:ee:5c:79:a4:
                    f9:c1:7e:35:2c:ef:6a:1c:23:fe:3e:4a:b2:89:83:
                    b7:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:76:71:EA:9D:70:BE:7E:E3:63:C9:07:8F:37:C9:9E:77:3B:78:D8
            X509v3 Authority Key Identifier:
                keyid:18:1E:4D:60:81:52:FC:24:4A:FF:FB:A2:DC:72:B8:51:B1:9B:25:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GB5NYIFS_CRK__ui3HK4UbGbJSc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/9217f9-813d-47af-ad62-32208d544a84/1/t3Zx6p1wvn7jY8kHjzfJnnc7eNg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/9217f9-813d-47af-ad62-32208d544a84/1/GB5NYIFS_CRK__ui3HK4UbGbJSc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.62.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:ab:78:1a:73:6f:03:c6:0b:64:d0:f3:27:a8:a7:0b:63:60:
         55:ca:9e:1e:5f:3b:18:78:b2:e6:b5:97:34:65:2c:6c:bc:3f:
         bb:a7:51:97:b5:51:c3:2a:be:86:04:57:76:5a:af:2a:cb:0c:
         ab:7a:7f:2f:1a:11:37:8c:4e:0e:30:34:71:ec:1d:b0:0c:47:
         59:97:92:4f:f8:41:dd:12:71:0d:e0:9d:ba:24:81:bb:af:ba:
         f2:58:59:93:da:e3:e5:cd:64:dc:c6:24:29:de:84:8b:c6:4f:
         d1:96:35:4f:46:6b:75:0b:4e:75:b6:6f:52:66:6d:cf:a5:cf:
         71:ea:58:84:3e:cf:4c:71:f1:99:64:95:e7:85:fb:d4:b3:e4:
         85:c3:95:15:71:62:63:2f:2a:90:fd:57:22:3d:f1:3e:5f:50:
         5a:d2:8c:84:ae:b1:23:3e:df:1c:e2:f3:96:b1:8a:7b:0a:0d:
         51:77:15:9b:8a:14:97:b4:8d:ec:f3:c3:22:f6:91:86:28:1f:
         1f:d7:e1:e4:42:15:77:3d:e2:18:aa:53:05:20:ad:2a:62:7a:
         98:7a:23:9f:0b:d4:34:19:9f:cf:30:d6:8a:b0:14:1f:55:79:
         c1:03:e9:31:e0:8f:97:c5:5b:d1:31:ce:3d:79:29:0e:84:91:
         86:a3:05:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR+3+XkApmQhSiN954V+0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MWU0ZDYwODE1MmZjMjQ0YWZmZmJhMmRjNzJiODUxYjE5
YjI1MjcwHhcNMjUwMTAyMTM1MDEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzc2NzFlYTlkNzBiZTdlZTM2M2M5MDc4ZjM3Yzk5ZTc3M2I3OGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ll3W7UizB+wub2HNMTBByi1juZZ
xxitXPjtZZ3WWfLEszrszsI7HlhwSQw2iWFJRtWO+Wap1Avt0X6QdUOW93aD1Bx/
SoP6adFSby0zOZcSnFgjDZsfVbiaaUKTYKKbcmFtNwKpLDWhWhfIhF8J8mXsbyy/
1+DdFxfQBLYRggS6Gd34br2QWdKjJElDbHsmvrPk3zPI+xeyBJQiEaa3iv+x1lpS
mAy+48/fwgqp69b+g7nORtHSH0A0oXKwS3+U8HAfi/77VzxxPjcvgxmW7MjayduH
wQVe/tzvBvHWrQj8PCosH2fIlyDrs+5ceaT5wX41LO9qHCP+PkqyiYO3oQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLd2ceqdcL5+42PJB483yZ53O3jYMB8GA1UdIwQY
MBaAFBgeTWCBUvwkSv/7otxyuFGxmyUnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0I1TllJRlNfQ1JLX191aTNISzRVYkdiSlNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85MjE3ZjktODEzZC00N2FmLWFkNjIt
MzIyMDhkNTQ0YTg0LzEvdDNaeDZwMXd2bjdqWThrSGp6ZkpubmM3ZU5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85MjE3ZjktODEzZC00N2FmLWFkNjItMzIyMDhkNTQ0YTg0
LzEvR0I1TllJRlNfQ1JLX191aTNISzRVYkdiSlNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVj4GMA0G
CSqGSIb3DQEBCwUAA4IBAQBbq3gac28Dxgtk0PMnqKcLY2BVyp4eXzsYeLLmtZc0
ZSxsvD+7p1GXtVHDKr6GBFd2Wq8qywyren8vGhE3jE4OMDRx7B2wDEdZl5JP+EHd
EnEN4J26JIG7r7ryWFmT2uPlzWTcxiQp3oSLxk/RljVPRmt1C051tm9SZm3Ppc9x
6liEPs9McfGZZJXnhfvUs+SFw5UVcWJjLyqQ/VciPfE+X1Ba0oyErrEjPt8c4vOW
sYp7Cg1RdxWbihSXtI3s88Mi9pGGKB8f1+HkQhV3PeIYqlMFIK0qYnqYeiOfC9Q0
GZ/PMNaKsBQfVXnBA+kx4I+XxVvRMc49eSkOhJGGowXr
-----END CERTIFICATE-----