Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/9yMcvRznuoAbn4JxNxCj1bZNKXQ.roa
File:                     9yMcvRznuoAbn4JxNxCj1bZNKXQ.roa (raw, json)
Hash identifier:          GFx7BMc5F417eQeOjL8eTlruWh0XG3Xtwv3pPD5H5cY=
Subject key identifier:   F7:23:1C:BD:1C:E7:BA:80:1B:9F:82:71:37:10:A3:D5:B6:4D:29:74
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       019424B381BACFF84D88A833CE3EAFDD56F6
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/9yMcvRznuoAbn4JxNxCj1bZNKXQ.roa
Signing time:             Thu 02 Jan 2025 01:48:51 +0000
ROA not before:           Thu 02 Jan 2025 01:48:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61391
IP address blocks:        62.60.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 23:34:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:81:ba:cf:f8:4d:88:a8:33:ce:3e:af:dd:56:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Jan  2 01:48:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f7231cbd1ce7ba801b9f82713710a3d5b64d2974
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:fe:fb:c7:52:c5:e4:80:9d:be:94:45:d4:1e:
                    2a:10:91:ed:0a:ca:f9:87:0d:4c:e3:83:91:b2:25:
                    02:81:ee:ea:04:cd:eb:01:60:db:b4:ac:97:d2:d8:
                    4a:1d:62:67:d8:b0:ba:03:fe:93:46:b2:6d:17:d4:
                    67:d2:67:44:74:22:77:d8:02:48:e8:ac:be:c5:a5:
                    8f:d7:6f:91:b3:0f:a3:06:aa:5a:28:ed:9d:ee:15:
                    31:ba:62:43:6a:54:2b:2e:f1:bd:60:7f:21:6d:6e:
                    fc:bb:a6:36:82:76:aa:1d:ba:35:36:e5:39:9a:af:
                    58:67:02:da:76:8b:4c:e9:19:62:41:7c:94:a7:c0:
                    80:26:18:9c:7a:0b:83:73:5d:c8:e6:03:b2:fc:f4:
                    b3:4e:6d:55:61:6f:fb:5c:7b:5a:53:1b:aa:c2:3a:
                    51:c1:85:fe:6b:ce:c6:4e:19:d7:aa:54:ae:fe:6c:
                    9c:62:de:3e:09:75:48:b0:18:aa:c6:e2:12:f1:24:
                    bf:ff:d1:2f:cd:8c:19:f2:48:0f:0f:03:ba:c4:9c:
                    af:9c:d3:99:84:28:c2:06:96:31:a6:f6:ef:58:13:
                    2f:b0:07:bb:4f:bf:eb:2e:a7:a0:d4:0b:99:99:3a:
                    75:26:a8:61:c6:09:67:c6:ac:cd:b3:5e:a1:ce:06:
                    d1:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:23:1C:BD:1C:E7:BA:80:1B:9F:82:71:37:10:A3:D5:B6:4D:29:74
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/9yMcvRznuoAbn4JxNxCj1bZNKXQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c3:ab:58:b9:25:20:46:2d:5c:b8:10:11:09:58:3d:dd:62:22:
         e3:45:e0:62:82:18:99:eb:1f:03:36:ad:0e:b2:f1:61:80:a7:
         a5:a5:96:ab:7c:98:cc:a6:79:9e:2b:ea:cb:81:ef:d9:5f:07:
         35:d8:eb:c0:cb:40:13:24:4b:36:61:65:c8:be:9a:85:d3:88:
         d1:8f:8e:9b:0b:b9:78:12:ed:46:f0:50:8c:cb:f2:5d:fa:c1:
         8c:d0:b8:89:bc:b7:10:d7:b4:40:fd:d4:75:97:77:9c:3a:4c:
         29:51:01:49:21:5c:ab:b8:dc:46:d5:43:ba:bf:69:80:4b:e5:
         5f:b4:ae:02:1a:b7:04:71:15:4a:71:84:fe:db:61:37:95:d9:
         12:00:97:bd:06:6c:6f:32:7a:97:b2:78:ce:f0:42:d1:c6:27:
         7b:ce:33:46:da:aa:0b:9e:0c:68:7d:c3:41:e5:56:12:51:19:
         52:8e:4a:a5:c4:da:91:13:5f:3e:22:08:73:ba:f6:a9:c0:6b:
         f4:ad:d4:0f:62:06:54:82:af:90:5b:7e:97:96:47:d3:44:8b:
         81:fb:7e:4f:0b:28:37:e7:d0:26:f4:a2:31:38:5a:b6:9c:59:
         a8:fe:4e:6b:7b:5f:1f:1a:fe:1f:e4:d7:f5:58:df:74:c0:55:
         7c:7b:8f:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks4G6z/hNiKgzzj6v3Vb2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjUwMTAyMDE0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzIzMWNiZDFjZTdiYTgwMWI5ZjgyNzEzNzEwYTNkNWI2NGQyOTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw/77x1LF5ICdvpRF1B4qEJHtCsr5
hw1M44ORsiUCge7qBM3rAWDbtKyX0thKHWJn2LC6A/6TRrJtF9Rn0mdEdCJ32AJI
6Ky+xaWP12+Rsw+jBqpaKO2d7hUxumJDalQrLvG9YH8hbW78u6Y2gnaqHbo1NuU5
mq9YZwLadotM6RliQXyUp8CAJhiceguDc13I5gOy/PSzTm1VYW/7XHtaUxuqwjpR
wYX+a87GThnXqlSu/mycYt4+CXVIsBiqxuIS8SS//9EvzYwZ8kgPDwO6xJyvnNOZ
hCjCBpYxpvbvWBMvsAe7T7/rLqeg1AuZmTp1JqhhxglnxqzNs16hzgbR1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPcjHL0c57qAG5+CcTcQo9W2TSl0MB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvOXlNY3ZSem51b0FibjRKeE54Q2oxYlpOS1hRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPjzFMA0G
CSqGSIb3DQEBCwUAA4IBAQDDq1i5JSBGLVy4EBEJWD3dYiLjReBighiZ6x8DNq0O
svFhgKelpZarfJjMpnmeK+rLge/ZXwc12OvAy0ATJEs2YWXIvpqF04jRj46bC7l4
Eu1G8FCMy/Jd+sGM0LiJvLcQ17RA/dR1l3ecOkwpUQFJIVyruNxG1UO6v2mAS+Vf
tK4CGrcEcRVKcYT+22E3ldkSAJe9BmxvMnqXsnjO8ELRxid7zjNG2qoLngxofcNB
5VYSURlSjkqlxNqRE18+IghzuvapwGv0rdQPYgZUgq+QW36XlkfTRIuB+35PCyg3
59Am9KIxOFq2nFmo/k5re18fGv4f5Nf1WN90wFV8e4/X
-----END CERTIFICATE-----