Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/IjN0z6o4Hh1zKgeKfEv903njBYw.roa
File:                     IjN0z6o4Hh1zKgeKfEv903njBYw.roa (raw, json)
Hash identifier:          /xwNDbRn9zF9j2h4NPclH3V6ydcf7U7D3FiI38kT+Oo=
Subject key identifier:   22:33:74:CF:AA:38:1E:1D:73:2A:07:8A:7C:4B:FD:D3:79:E3:05:8C
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       019424B37C0887BFE776FD05CDB1B8DF837C
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/IjN0z6o4Hh1zKgeKfEv903njBYw.roa
Signing time:             Thu 02 Jan 2025 01:48:49 +0000
ROA not before:           Thu 02 Jan 2025 01:48:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     40124
IP address blocks:        62.60.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 23:34:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:7c:08:87:bf:e7:76:fd:05:cd:b1:b8:df:83:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Jan  2 01:48:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=223374cfaa381e1d732a078a7c4bfdd379e3058c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:d2:28:2a:82:20:96:3f:6d:a2:04:af:1a:01:
                    50:b3:96:f6:bd:59:e3:93:c4:9c:7b:7d:ba:4c:6f:
                    32:20:f5:7a:4e:68:24:31:af:89:4b:7e:3b:0a:1f:
                    1d:ff:77:53:e6:75:f9:95:60:54:41:5c:94:0a:3d:
                    5a:1a:c0:df:88:c1:48:2a:a7:5e:74:1b:92:f0:1c:
                    4d:48:91:f6:6a:eb:54:b5:3c:b1:f0:ee:b7:d5:16:
                    cd:33:64:9c:18:d5:21:5c:5d:ef:76:d3:95:56:61:
                    74:9e:ba:33:0e:57:93:fb:f9:a8:44:56:77:de:d3:
                    62:dc:20:be:cd:5a:0a:f2:32:7c:47:67:3c:f3:32:
                    64:74:bd:20:ff:52:63:c6:2a:76:8b:9b:ab:84:70:
                    35:0f:1f:a7:59:7d:76:6f:da:38:0a:0e:c9:93:98:
                    0a:71:22:ef:53:db:31:ad:53:cd:fb:99:42:fd:d1:
                    0e:6c:b8:fe:ab:37:be:33:e5:f8:6d:9e:0a:f9:71:
                    9d:e1:d2:ca:43:c4:6e:38:b3:f3:15:0f:3a:37:4a:
                    16:da:72:d8:f3:ba:91:ef:56:13:c8:b2:8d:12:b8:
                    0c:b3:fb:5d:2a:81:d4:16:37:d0:da:3f:2c:e4:75:
                    91:ed:c8:05:f7:34:66:e6:a4:fe:31:ee:90:a4:64:
                    bb:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:33:74:CF:AA:38:1E:1D:73:2A:07:8A:7C:4B:FD:D3:79:E3:05:8C
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/IjN0z6o4Hh1zKgeKfEv903njBYw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:a4:f3:92:b5:0b:1f:41:39:5a:0d:8d:b7:bc:5d:39:69:c1:
         63:de:34:e5:f8:c1:22:56:aa:55:68:25:ff:03:a0:c0:07:a8:
         14:a6:f6:5e:44:ab:34:fa:97:f4:0a:02:37:67:56:2d:7a:5b:
         a1:41:87:36:ce:54:99:87:a1:2f:9e:1c:70:7f:1f:74:22:df:
         9e:51:c2:39:22:1b:34:87:aa:e0:5c:85:4d:25:99:38:a1:ec:
         df:c5:53:6a:34:79:3e:ad:24:a3:e8:0a:dd:ba:eb:62:37:1f:
         69:c5:b5:ea:b8:0c:cd:08:e2:33:ab:30:a2:c3:21:af:be:99:
         b1:84:99:84:24:1e:4f:9e:32:1d:8b:f5:be:2b:cc:82:dc:a3:
         d3:ff:38:72:09:1a:91:03:4f:3b:73:90:c7:18:57:0c:6d:76:
         b3:b9:9b:bd:59:63:60:08:26:87:e5:d4:3f:6b:52:6d:07:22:
         26:6d:80:81:31:49:c0:22:d2:10:c9:31:03:83:48:89:fa:e0:
         a3:22:d1:3d:0c:4a:34:09:16:3a:e2:a7:ec:2d:57:6e:9b:90:
         84:dd:00:90:77:e0:ae:b8:b7:6a:d7:9d:bd:d7:7b:41:58:2a:
         85:f7:11:f4:b6:d2:e3:8d:b8:fc:56:a2:e2:7d:6b:9c:9d:ab:
         4e:ea:6b:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks3wIh7/ndv0FzbG434N8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjUwMTAyMDE0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjMzNzRjZmFhMzgxZTFkNzMyYTA3OGE3YzRiZmRkMzc5ZTMwNThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtNIoKoIglj9togSvGgFQs5b2vVnj
k8Sce326TG8yIPV6TmgkMa+JS347Ch8d/3dT5nX5lWBUQVyUCj1aGsDfiMFIKqde
dBuS8BxNSJH2autUtTyx8O631RbNM2ScGNUhXF3vdtOVVmF0nrozDleT+/moRFZ3
3tNi3CC+zVoK8jJ8R2c88zJkdL0g/1Jjxip2i5urhHA1Dx+nWX12b9o4Cg7Jk5gK
cSLvU9sxrVPN+5lC/dEObLj+qze+M+X4bZ4K+XGd4dLKQ8RuOLPzFQ86N0oW2nLY
87qR71YTyLKNErgMs/tdKoHUFjfQ2j8s5HWR7cgF9zRm5qT+Me6QpGS7GwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCIzdM+qOB4dcyoHinxL/dN54wWMMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvSWpOMHo2bzRIaDF6S2dlS2ZFdjkwM25qQll3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPjzlMA0G
CSqGSIb3DQEBCwUAA4IBAQCApPOStQsfQTlaDY23vF05acFj3jTl+MEiVqpVaCX/
A6DAB6gUpvZeRKs0+pf0CgI3Z1YteluhQYc2zlSZh6Evnhxwfx90It+eUcI5Ihs0
h6rgXIVNJZk4oezfxVNqNHk+rSSj6ArduutiNx9pxbXquAzNCOIzqzCiwyGvvpmx
hJmEJB5PnjIdi/W+K8yC3KPT/zhyCRqRA087c5DHGFcMbXazuZu9WWNgCCaH5dQ/
a1JtByImbYCBMUnAItIQyTEDg0iJ+uCjItE9DEo0CRY64qfsLVdum5CE3QCQd+Cu
uLdq152913tBWCqF9xH0ttLjjbj8VqLifWucnatO6mty
-----END CERTIFICATE-----