Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/869f62-7a2e-4175-9202-b2a2b8b847b9/1/y00kCOm4x0sTFaBDOqD5L5fES6Y.roa
File:                     y00kCOm4x0sTFaBDOqD5L5fES6Y.roa (raw, json)
Hash identifier:          G4M+BrvsrjKhmQGsYy0izNdpM9hsyiGzIDC7Si8ke98=
Subject key identifier:   CB:4D:24:08:E9:B8:C7:4B:13:15:A0:43:3A:A0:F9:2F:97:C4:4B:A6
Certificate issuer:       /CN=907a5c4ea453b46c81cb136d92b9309b146c3e45
Certificate serial:       0194236A0D4B2750E2AC48E8CBA8E2ED2D8C
Authority key identifier: 90:7A:5C:4E:A4:53:B4:6C:81:CB:13:6D:92:B9:30:9B:14:6C:3E:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kHpcTqRTtGyByxNtkrkwmxRsPkU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/869f62-7a2e-4175-9202-b2a2b8b847b9/1/y00kCOm4x0sTFaBDOqD5L5fES6Y.roa
Signing time:             Wed 01 Jan 2025 19:49:00 +0000
ROA not before:           Wed 01 Jan 2025 19:49:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210521
IP address blocks:        62.204.46.0/24 maxlen: 24
                          2a12:a200::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/869f62-7a2e-4175-9202-b2a2b8b847b9/1/kHpcTqRTtGyByxNtkrkwmxRsPkU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/869f62-7a2e-4175-9202-b2a2b8b847b9/1/kHpcTqRTtGyByxNtkrkwmxRsPkU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kHpcTqRTtGyByxNtkrkwmxRsPkU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:0d:4b:27:50:e2:ac:48:e8:cb:a8:e2:ed:2d:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=907a5c4ea453b46c81cb136d92b9309b146c3e45
        Validity
            Not Before: Jan  1 19:49:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cb4d2408e9b8c74b1315a0433aa0f92f97c44ba6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:6f:5b:03:d6:8d:f8:bb:74:d9:ff:57:32:9e:
                    72:c4:88:d5:50:52:a3:f6:f8:af:42:08:86:68:36:
                    f2:6c:85:69:18:1e:38:e3:64:b6:af:ee:56:bf:da:
                    6f:9a:1a:90:39:34:2b:84:26:8b:f4:4a:65:8b:2f:
                    a3:0c:47:f3:e8:31:11:c3:e8:ff:31:90:91:83:2d:
                    ab:3b:fd:c2:55:bc:e2:96:34:2d:f4:db:f5:af:f2:
                    41:2c:a2:a8:91:a1:4c:f4:1f:fd:d7:e4:81:59:ec:
                    9a:5f:96:8f:14:16:df:63:4a:48:2d:af:3a:06:4c:
                    d7:b9:50:5f:bb:5e:2a:f5:ee:fc:8f:c0:0a:2e:97:
                    3c:06:5f:2a:5c:ce:64:41:6d:19:e5:2a:ae:9e:4d:
                    a9:70:09:43:95:79:e2:72:f4:c0:14:65:67:56:bf:
                    97:b3:16:db:aa:38:53:44:cb:d3:2a:b8:d2:1e:bc:
                    6a:e3:a4:a4:cc:26:0f:af:5d:ab:f6:51:3b:b1:fa:
                    50:ed:91:3b:c3:bf:72:35:b0:02:15:51:22:52:58:
                    8c:36:55:e8:48:9f:89:7d:87:21:61:7b:9a:63:07:
                    d4:18:cb:8c:ed:b3:ef:1c:b9:8a:b1:d2:90:c6:b9:
                    cb:14:1b:af:68:85:59:89:f4:8c:cc:d9:0d:3f:85:
                    92:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:4D:24:08:E9:B8:C7:4B:13:15:A0:43:3A:A0:F9:2F:97:C4:4B:A6
            X509v3 Authority Key Identifier:
                keyid:90:7A:5C:4E:A4:53:B4:6C:81:CB:13:6D:92:B9:30:9B:14:6C:3E:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kHpcTqRTtGyByxNtkrkwmxRsPkU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/869f62-7a2e-4175-9202-b2a2b8b847b9/1/y00kCOm4x0sTFaBDOqD5L5fES6Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/869f62-7a2e-4175-9202-b2a2b8b847b9/1/kHpcTqRTtGyByxNtkrkwmxRsPkU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.204.46.0/24
                IPv6:
                  2a12:a200::/29

    Signature Algorithm: sha256WithRSAEncryption
         80:d9:9e:ab:1a:12:71:a3:c7:b2:3f:27:e0:d7:4c:18:c7:46:
         55:bf:a1:27:04:fe:3f:8b:e9:f1:ea:f4:d6:b6:b8:eb:13:14:
         f6:b6:5f:a3:44:f3:f7:7f:03:d9:6f:42:9c:94:95:fb:26:4d:
         8b:88:c0:37:f4:6e:53:61:37:25:34:c0:57:0a:7b:23:b0:96:
         70:5f:ce:4f:8c:4e:bc:78:68:3c:0d:d9:67:4d:0f:1d:82:ab:
         c0:1d:66:b4:2f:80:7c:3f:71:26:0c:4a:f6:a0:80:2e:de:76:
         34:d7:94:68:87:4a:d2:29:2c:11:c0:42:a0:6f:e2:37:c9:a0:
         8b:e0:3e:af:b9:9b:c4:c0:0a:5b:cc:31:bd:2d:c0:9c:e0:e6:
         e8:58:32:63:2c:48:17:5b:52:4c:06:a4:8b:4b:b1:e6:47:84:
         5e:e2:b5:a3:2d:52:df:53:75:8e:84:04:36:cd:4b:a3:05:3f:
         4d:4b:79:2d:3a:87:8e:ce:c9:7d:5e:70:67:28:8e:ff:4c:1b:
         40:b5:fe:44:b8:d5:0e:f6:d5:ee:2f:03:ce:ac:ae:ab:3c:a5:
         26:c7:f7:cc:3f:79:ac:78:e3:ec:8f:49:08:00:22:f5:c6:d5:
         1c:4e:41:f9:91:91:17:47:62:c2:ff:c3:49:2a:cb:17:d4:f5:
         c5:d8:50:51
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQjag1LJ1DirEjoy6ji7S2MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwN2E1YzRlYTQ1M2I0NmM4MWNiMTM2ZDkyYjkzMDliMTQ2
YzNlNDUwHhcNMjUwMTAxMTk0OTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjRkMjQwOGU5YjhjNzRiMTMxNWEwNDMzYWEwZjkyZjk3YzQ0YmE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmm9bA9aN+Lt02f9XMp5yxIjVUFKj
9vivQgiGaDbybIVpGB4442S2r+5Wv9pvmhqQOTQrhCaL9Epliy+jDEfz6DERw+j/
MZCRgy2rO/3CVbziljQt9Nv1r/JBLKKokaFM9B/91+SBWeyaX5aPFBbfY0pILa86
BkzXuVBfu14q9e78j8AKLpc8Bl8qXM5kQW0Z5Squnk2pcAlDlXnicvTAFGVnVr+X
sxbbqjhTRMvTKrjSHrxq46SkzCYPr12r9lE7sfpQ7ZE7w79yNbACFVEiUliMNlXo
SJ+JfYchYXuaYwfUGMuM7bPvHLmKsdKQxrnLFBuvaIVZifSMzNkNP4WS1QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMtNJAjpuMdLExWgQzqg+S+XxEumMB8GA1UdIwQY
MBaAFJB6XE6kU7RsgcsTbZK5MJsUbD5FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0hwY1RxUlR0R3lCeXhOdGtya3dteFJzUGtVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS84NjlmNjItN2EyZS00MTc1LTkyMDIt
YjJhMmI4Yjg0N2I5LzEveTAwa0NPbTR4MHNURmFCRE9xRDVMNWZFUzZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS84NjlmNjItN2EyZS00MTc1LTkyMDItYjJhMmI4Yjg0N2I5
LzEva0hwY1RxUlR0R3lCeXhOdGtya3dteFJzUGtVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAPswuMA0E
AgACMAcDBQMqEqIAMA0GCSqGSIb3DQEBCwUAA4IBAQCA2Z6rGhJxo8eyPyfg10wY
x0ZVv6EnBP4/i+nx6vTWtrjrExT2tl+jRPP3fwPZb0KclJX7Jk2LiMA39G5TYTcl
NMBXCnsjsJZwX85PjE68eGg8DdlnTQ8dgqvAHWa0L4B8P3EmDEr2oIAu3nY015Ro
h0rSKSwRwEKgb+I3yaCL4D6vuZvEwApbzDG9LcCc4OboWDJjLEgXW1JMBqSLS7Hm
R4Re4rWjLVLfU3WOhAQ2zUujBT9NS3ktOoeOzsl9XnBnKI7/TBtAtf5EuNUO9tXu
LwPOrK6rPKUmx/fMP3mseOPsj0kIACL1xtUcTkH5kZEXR2LC/8NJKssX1PXF2FBR
-----END CERTIFICATE-----