Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/k6kKIVAv-jwyDzCK8KCndkKezm4.roa
File:                     k6kKIVAv-jwyDzCK8KCndkKezm4.roa (raw, json)
Hash identifier:          9OfjcrTpYlDZtVI65z19fiMSAQ7JmOuVXABpqc0KiR0=
Subject key identifier:   93:A9:0A:21:50:2F:FA:3C:32:0F:30:8A:F0:A0:A7:76:42:9E:CE:6E
Certificate issuer:       /CN=002647c801fb58fcfaac135bb48f5e61fea7e566
Certificate serial:       0194258F13E7D911784A12D6BE1F3916D91E
Authority key identifier: 00:26:47:C8:01:FB:58:FC:FA:AC:13:5B:B4:8F:5E:61:FE:A7:E5:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/k6kKIVAv-jwyDzCK8KCndkKezm4.roa
Signing time:             Thu 02 Jan 2025 05:48:41 +0000
ROA not before:           Thu 02 Jan 2025 05:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214706
IP address blocks:        62.108.35.0/24 maxlen: 24
                          62.108.37.0/24 maxlen: 24
                          62.108.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ACZHyAH7WPz6rBNbtI9eYf6n5WY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ACZHyAH7WPz6rBNbtI9eYf6n5WY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 01:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:13:e7:d9:11:78:4a:12:d6:be:1f:39:16:d9:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=002647c801fb58fcfaac135bb48f5e61fea7e566
        Validity
            Not Before: Jan  2 05:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=93a90a21502ffa3c320f308af0a0a776429ece6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:fd:26:71:3f:e0:6c:0b:6c:e0:2d:d1:ee:fa:
                    44:1c:36:05:16:ad:52:1b:ad:58:83:9b:31:5b:e9:
                    10:5a:48:c2:09:3d:0c:a3:5b:20:87:b3:c2:bc:28:
                    61:66:7e:b1:af:38:55:59:89:c5:cc:8a:f2:eb:a2:
                    eb:e8:cf:96:4b:cc:0a:5b:34:8e:f0:92:eb:3a:cd:
                    48:f6:c8:e8:67:4a:95:08:7a:d3:3b:0c:f8:3a:78:
                    bd:6a:bb:96:b8:59:c7:4f:35:8c:f0:bb:ff:e9:65:
                    79:47:2a:47:5b:68:5b:b9:7a:89:a3:10:04:61:f5:
                    d9:b3:11:88:5c:0f:db:5b:26:3b:7c:99:68:f8:9b:
                    3b:da:71:1c:65:3c:2b:63:53:35:39:b6:67:26:d6:
                    a4:27:3d:52:3b:ad:b0:fe:9b:b0:a8:75:a3:54:2d:
                    54:aa:35:55:e7:c3:06:74:10:38:12:9c:fc:71:45:
                    8b:91:22:aa:25:27:2a:62:72:c6:f9:20:8f:96:a2:
                    27:82:70:71:6a:0e:25:f6:db:f6:af:a3:b5:00:36:
                    84:c7:aa:3d:c5:7a:18:9d:66:53:34:b1:48:2f:10:
                    74:20:45:5e:ff:a3:ef:fa:8b:f3:76:8b:a6:2b:42:
                    c3:59:8f:1a:2b:20:71:9b:1c:ca:56:c9:5a:4f:24:
                    28:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:A9:0A:21:50:2F:FA:3C:32:0F:30:8A:F0:A0:A7:76:42:9E:CE:6E
            X509v3 Authority Key Identifier:
                keyid:00:26:47:C8:01:FB:58:FC:FA:AC:13:5B:B4:8F:5E:61:FE:A7:E5:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/k6kKIVAv-jwyDzCK8KCndkKezm4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ACZHyAH7WPz6rBNbtI9eYf6n5WY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.108.35.0/24
                  62.108.37.0/24
                  62.108.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:bb:37:2d:30:42:ef:22:52:99:95:4e:fa:a3:54:0d:65:bd:
         6d:39:6e:6a:3b:4a:91:d9:23:1b:ea:f4:10:0d:03:70:0e:d3:
         6d:98:b9:0f:8a:9c:a7:90:f2:e4:aa:ca:1e:31:8c:08:57:e4:
         cd:0c:c9:00:78:8e:ac:1e:7a:31:5a:71:58:de:75:f2:f4:15:
         98:cc:d0:7d:59:f9:22:42:12:1c:f5:bc:69:bd:82:3e:3f:f6:
         45:43:1e:1c:c5:91:0c:f5:e2:8a:dd:42:c3:24:23:31:68:63:
         c3:83:e9:7a:5e:51:5e:e1:f8:9a:12:38:25:f6:10:93:08:d7:
         df:4f:a1:1f:f3:4b:61:17:93:9f:5b:34:f9:0f:0e:1f:95:e7:
         7d:f4:a5:42:d8:43:83:f1:2e:7f:7f:5e:b4:10:3f:15:11:e1:
         73:e1:1e:87:0b:d2:85:da:28:75:95:5c:c0:3b:49:db:e1:dc:
         b4:69:1d:31:f2:5a:80:fe:ed:00:df:83:27:a2:a9:05:a0:95:
         82:4a:1e:28:26:32:35:63:81:ed:86:4a:a9:28:94:d8:2b:f1:
         5c:8d:19:c6:c7:77:f5:3c:22:55:5a:0f:ee:e1:4c:b8:06:10:
         b6:e8:0e:a4:12:13:9a:8e:b4:42:91:10:6d:eb:fd:8b:1d:d3:
         d3:f3:14:2f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQljxPn2RF4ShLWvh85FtkeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwMjY0N2M4MDFmYjU4ZmNmYWFjMTM1YmI0OGY1ZTYxZmVh
N2U1NjYwHhcNMjUwMTAyMDU0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2E5MGEyMTUwMmZmYTNjMzIwZjMwOGFmMGEwYTc3NjQyOWVjZTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqv0mcT/gbAts4C3R7vpEHDYFFq1S
G61Yg5sxW+kQWkjCCT0Mo1sgh7PCvChhZn6xrzhVWYnFzIry66Lr6M+WS8wKWzSO
8JLrOs1I9sjoZ0qVCHrTOwz4Oni9aruWuFnHTzWM8Lv/6WV5RypHW2hbuXqJoxAE
YfXZsxGIXA/bWyY7fJlo+Js72nEcZTwrY1M1ObZnJtakJz1SO62w/puwqHWjVC1U
qjVV58MGdBA4Epz8cUWLkSKqJScqYnLG+SCPlqIngnBxag4l9tv2r6O1ADaEx6o9
xXoYnWZTNLFILxB0IEVe/6Pv+ovzdoumK0LDWY8aKyBxmxzKVslaTyQoewIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJOpCiFQL/o8Mg8wivCgp3ZCns5uMB8GA1UdIwQY
MBaAFAAmR8gB+1j8+qwTW7SPXmH+p+VmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUNaSHlBSDdXUHo2ckJOYnRJOWVZZjZuNVdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9jZmMwNmYtODJiZS00OWZiLWJjODIt
OTRlZmJmNWNlY2Q0LzEvazZrS0lWQXYtand5RHpDSzhLQ25ka0tlem00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9jZmMwNmYtODJiZS00OWZiLWJjODItOTRlZmJmNWNlY2Q0
LzEvQUNaSHlBSDdXUHo2ckJOYnRJOWVZZjZuNVdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAPmwjAwQA
PmwlAwQAPmwoMA0GCSqGSIb3DQEBCwUAA4IBAQA/uzctMELvIlKZlU76o1QNZb1t
OW5qO0qR2SMb6vQQDQNwDtNtmLkPipynkPLkqsoeMYwIV+TNDMkAeI6sHnoxWnFY
3nXy9BWYzNB9WfkiQhIc9bxpvYI+P/ZFQx4cxZEM9eKK3ULDJCMxaGPDg+l6XlFe
4fiaEjgl9hCTCNffT6Ef80thF5OfWzT5Dw4fled99KVC2EOD8S5/f160ED8VEeFz
4R6HC9KF2ih1lVzAO0nb4dy0aR0x8lqA/u0A34MnoqkFoJWCSh4oJjI1Y4Hthkqp
KJTYK/FcjRnGx3f1PCJVWg/u4Uy4BhC26A6kEhOajrRCkRBt6/2LHdPT8xQv
-----END CERTIFICATE-----