Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/PtTVzUOwY8mkRkDqqOGagTLCipk.roa
File:                     PtTVzUOwY8mkRkDqqOGagTLCipk.roa (raw, json)
Hash identifier:          Qc6uiKgKoY1QxyUyWxCB3toQGV7PGNgXSiXBkaJ/QpI=
Subject key identifier:   3E:D4:D5:CD:43:B0:63:C9:A4:46:40:EA:A8:E1:9A:81:32:C2:8A:99
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       019424B387B87C6A70ADF5A709602B9E56E1
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/PtTVzUOwY8mkRkDqqOGagTLCipk.roa
Signing time:             Thu 02 Jan 2025 01:48:52 +0000
ROA not before:           Thu 02 Jan 2025 01:48:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210392
IP address blocks:        62.60.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 01:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:87:b8:7c:6a:70:ad:f5:a7:09:60:2b:9e:56:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Jan  2 01:48:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3ed4d5cd43b063c9a44640eaa8e19a8132c28a99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:a9:60:ad:ae:ff:b6:c5:e8:1e:27:8f:4a:b7:
                    57:ff:37:80:bc:02:f4:8d:05:94:e7:ad:25:e5:26:
                    d2:f4:1b:2d:e9:9c:d9:6e:6c:20:5f:fd:4f:ff:bf:
                    75:c2:16:e3:02:cd:fd:55:c5:6f:42:a3:44:d3:b9:
                    5a:cf:e7:64:0a:03:15:0c:49:de:08:5e:bd:77:7c:
                    aa:e2:32:82:16:22:cf:9b:ac:e2:7d:44:c2:53:27:
                    0d:e3:56:6b:6e:07:6f:ae:c1:90:70:4d:12:ea:f2:
                    0a:2a:01:cb:88:92:58:c4:60:a0:90:ee:8c:c8:2d:
                    03:98:3e:4a:4a:c1:cd:4b:74:50:63:a6:02:25:31:
                    07:d2:b4:0b:6f:dd:73:dc:ba:42:cb:dc:25:29:6a:
                    80:57:e8:de:f6:11:d9:97:70:55:7c:26:79:62:14:
                    89:f1:f3:e1:ba:14:f2:fa:ad:0d:a4:dd:a0:2b:a5:
                    b7:e4:13:4f:c2:e5:29:ed:ad:87:fe:60:cd:62:70:
                    0e:bf:26:a5:df:1c:49:06:80:a0:98:65:16:40:cd:
                    18:1c:66:2d:1b:0a:3e:d8:e7:2b:00:9d:5c:5e:1a:
                    4d:c1:8c:0e:71:01:b9:69:ba:3b:e8:c7:d2:f9:8f:
                    84:9b:30:ae:85:9a:18:1d:91:23:88:5a:d5:31:c8:
                    21:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:D4:D5:CD:43:B0:63:C9:A4:46:40:EA:A8:E1:9A:81:32:C2:8A:99
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/PtTVzUOwY8mkRkDqqOGagTLCipk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:a6:5f:f6:62:1c:cb:31:30:00:13:82:ec:72:b3:b5:d5:4f:
         97:63:d0:ae:31:ce:6c:dc:7f:67:b6:63:48:2a:0f:8f:90:a5:
         a9:01:02:a2:e3:19:4a:4a:59:6c:e1:6b:09:68:2e:8c:46:8f:
         f5:7d:24:52:df:8e:b0:ff:79:68:0f:4c:80:02:2e:1f:94:28:
         e0:c3:f9:26:fb:88:d9:48:68:d0:dd:17:dd:0f:eb:ac:fc:f4:
         7d:28:b2:e9:a5:9c:81:81:ff:26:8d:62:52:1f:ef:66:d4:15:
         ad:2c:15:e4:dd:c4:51:1f:16:77:9d:e6:3d:f4:9b:32:3e:4b:
         b1:01:01:93:1d:a5:2f:e6:97:7a:fc:b7:cc:4c:2b:ad:86:21:
         f6:9b:cf:2c:29:85:46:f2:ac:f5:ed:92:8b:1e:66:bf:99:aa:
         13:6e:bc:04:67:03:5d:fe:54:b5:0c:b8:ca:fc:7e:16:f7:b5:
         e5:fe:93:03:89:2c:b9:f6:92:ac:01:b9:88:94:1f:6b:33:88:
         a1:86:93:89:30:b7:20:4d:0e:18:86:ae:be:4f:fa:58:b1:d9:
         3c:ff:3d:63:23:ee:90:57:ca:7b:15:f2:f3:ad:fc:27:7a:cf:
         c1:24:14:14:0b:86:04:31:12:53:d6:07:f6:4c:8b:d3:ee:24:
         82:52:07:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks4e4fGpwrfWnCWArnlbhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjUwMTAyMDE0ODUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWQ0ZDVjZDQzYjA2M2M5YTQ0NjQwZWFhOGUxOWE4MTMyYzI4YTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvalgra7/tsXoHiePSrdX/zeAvAL0
jQWU560l5SbS9Bst6ZzZbmwgX/1P/791whbjAs39VcVvQqNE07laz+dkCgMVDEne
CF69d3yq4jKCFiLPm6zifUTCUycN41ZrbgdvrsGQcE0S6vIKKgHLiJJYxGCgkO6M
yC0DmD5KSsHNS3RQY6YCJTEH0rQLb91z3LpCy9wlKWqAV+je9hHZl3BVfCZ5YhSJ
8fPhuhTy+q0NpN2gK6W35BNPwuUp7a2H/mDNYnAOvyal3xxJBoCgmGUWQM0YHGYt
Gwo+2OcrAJ1cXhpNwYwOcQG5abo76MfS+Y+EmzCuhZoYHZEjiFrVMcghJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD7U1c1DsGPJpEZA6qjhmoEywoqZMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvUHRUVnpVT3dZOG1rUmtEcXFPR2FnVExDaXBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPjyjMA0G
CSqGSIb3DQEBCwUAA4IBAQBepl/2YhzLMTAAE4LscrO11U+XY9CuMc5s3H9ntmNI
Kg+PkKWpAQKi4xlKSlls4WsJaC6MRo/1fSRS346w/3loD0yAAi4flCjgw/km+4jZ
SGjQ3RfdD+us/PR9KLLppZyBgf8mjWJSH+9m1BWtLBXk3cRRHxZ3neY99JsyPkux
AQGTHaUv5pd6/LfMTCuthiH2m88sKYVG8qz17ZKLHma/maoTbrwEZwNd/lS1DLjK
/H4W97Xl/pMDiSy59pKsAbmIlB9rM4ihhpOJMLcgTQ4Yhq6+T/pYsdk8/z1jI+6Q
V8p7FfLzrfwnes/BJBQUC4YEMRJT1gf2TIvT7iSCUgd9
-----END CERTIFICATE-----