Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/18b52b-5011-4309-bfbf-6eaa1c89824a/1/v0rFapiuVgAPd3myx6BzGGJPu3Q.roa
File:                     v0rFapiuVgAPd3myx6BzGGJPu3Q.roa (raw, json)
Hash identifier:          xPkjdAicyKc46/gVu1t411DskLBNUbMsE7SCd3XdA1A=
Subject key identifier:   BF:4A:C5:6A:98:AE:56:00:0F:77:79:B2:C7:A0:73:18:62:4F:BB:74
Certificate issuer:       /CN=b236f2e42522e98d376be38a89e5dd51abbf7996
Certificate serial:       019426D9A8BFD1A38CCD02C36530B0967DBB
Authority key identifier: B2:36:F2:E4:25:22:E9:8D:37:6B:E3:8A:89:E5:DD:51:AB:BF:79:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sjby5CUi6Y03a-OKieXdUau_eZY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/18b52b-5011-4309-bfbf-6eaa1c89824a/1/v0rFapiuVgAPd3myx6BzGGJPu3Q.roa
Signing time:             Thu 02 Jan 2025 11:49:46 +0000
ROA not before:           Thu 02 Jan 2025 11:49:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     28717
IP address blocks:        62.122.160.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/18b52b-5011-4309-bfbf-6eaa1c89824a/1/sjby5CUi6Y03a-OKieXdUau_eZY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/18b52b-5011-4309-bfbf-6eaa1c89824a/1/sjby5CUi6Y03a-OKieXdUau_eZY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sjby5CUi6Y03a-OKieXdUau_eZY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 20:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:a8:bf:d1:a3:8c:cd:02:c3:65:30:b0:96:7d:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b236f2e42522e98d376be38a89e5dd51abbf7996
        Validity
            Not Before: Jan  2 11:49:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bf4ac56a98ae56000f7779b2c7a07318624fbb74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:bd:46:08:06:ad:74:e7:82:a9:d2:33:5b:db:
                    6f:25:d6:c8:f5:7d:e6:26:b6:d2:46:67:2b:3a:f2:
                    38:86:5b:99:ad:b3:9a:ce:da:de:2e:78:1e:03:22:
                    2c:61:fa:64:6e:eb:e2:c3:65:eb:42:f4:29:52:f5:
                    f3:fe:55:43:ec:10:f4:1d:5a:9c:e0:53:be:9b:08:
                    3f:d1:32:00:97:ff:7d:79:38:13:f3:7e:af:ec:12:
                    53:4d:71:99:35:32:6c:a3:0f:2f:b0:a4:62:82:c2:
                    92:24:6b:08:83:05:6b:01:5e:80:17:db:7f:0e:ac:
                    6a:83:9c:8b:bf:1e:a2:4b:93:c7:f6:77:0f:23:c2:
                    3f:34:dd:d5:97:41:00:86:21:73:5b:3e:a9:4a:f7:
                    64:c0:fd:05:13:44:1e:f0:dd:6f:07:e3:31:0e:66:
                    14:43:ee:8e:1d:ea:4e:a0:e3:eb:7c:e8:d7:c6:fd:
                    cb:38:13:55:ab:a4:ab:a0:11:00:52:57:b3:d9:68:
                    bb:fa:e9:23:b1:68:d6:08:08:c6:b0:07:c3:9b:28:
                    a8:57:df:f7:98:e7:6e:71:c3:7b:32:13:2f:dd:41:
                    51:30:68:9d:71:20:56:36:2e:7f:7a:49:96:4d:6b:
                    fd:83:28:0b:f2:f6:40:95:c9:97:7c:9a:d5:86:74:
                    cb:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:4A:C5:6A:98:AE:56:00:0F:77:79:B2:C7:A0:73:18:62:4F:BB:74
            X509v3 Authority Key Identifier:
                keyid:B2:36:F2:E4:25:22:E9:8D:37:6B:E3:8A:89:E5:DD:51:AB:BF:79:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sjby5CUi6Y03a-OKieXdUau_eZY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/18b52b-5011-4309-bfbf-6eaa1c89824a/1/v0rFapiuVgAPd3myx6BzGGJPu3Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/18b52b-5011-4309-bfbf-6eaa1c89824a/1/sjby5CUi6Y03a-OKieXdUau_eZY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.122.160.0/21

    Signature Algorithm: sha256WithRSAEncryption
         4d:67:1d:9a:34:9b:cd:fc:ae:db:d5:75:89:e2:5d:e1:62:20:
         47:39:28:90:29:e3:1a:5e:03:8a:16:da:58:02:e5:20:2f:79:
         e9:2e:db:b4:66:43:62:61:9a:ca:77:a0:fe:88:cc:c0:84:c5:
         9d:db:83:c3:a1:35:6d:eb:9e:87:79:fa:43:00:39:91:d2:ae:
         38:94:59:29:6b:48:4d:b8:9c:50:ee:47:b2:55:1a:db:13:3c:
         3e:c7:a5:45:44:ec:6f:f6:b6:52:35:58:df:bf:26:5a:c0:bd:
         3c:a6:69:00:48:b6:d7:d1:e2:19:50:0b:90:e1:79:f4:3a:35:
         53:c2:c0:c0:09:e4:23:ee:ca:bb:76:84:b1:f0:ab:15:a5:85:
         fa:00:5c:ed:31:d3:c4:4b:25:83:df:ca:63:b4:e5:9f:9c:b8:
         f9:b4:b0:e6:75:49:18:d2:12:1d:bd:a2:55:cf:d9:04:b5:27:
         4d:8b:40:df:b5:6e:f5:e2:6e:f4:d4:19:80:b1:72:8c:ff:19:
         4b:94:d8:bf:d9:a2:40:cc:da:0c:8b:26:08:d9:8b:f6:b1:7d:
         8c:54:ae:01:0c:dd:ef:80:3e:a8:23:85:d8:58:08:05:2a:5d:
         9a:9f:d4:62:89:a8:a2:e0:73:60:9f:71:8b:83:9d:9d:8b:50:
         1a:15:5c:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2ai/0aOMzQLDZTCwln27MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyMzZmMmU0MjUyMmU5OGQzNzZiZTM4YTg5ZTVkZDUxYWJi
Zjc5OTYwHhcNMjUwMTAyMTE0OTQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjRhYzU2YTk4YWU1NjAwMGY3Nzc5YjJjN2EwNzMxODYyNGZiYjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv71GCAatdOeCqdIzW9tvJdbI9X3m
JrbSRmcrOvI4hluZrbOaztreLngeAyIsYfpkbuviw2XrQvQpUvXz/lVD7BD0HVqc
4FO+mwg/0TIAl/99eTgT836v7BJTTXGZNTJsow8vsKRigsKSJGsIgwVrAV6AF9t/
Dqxqg5yLvx6iS5PH9ncPI8I/NN3Vl0EAhiFzWz6pSvdkwP0FE0Qe8N1vB+MxDmYU
Q+6OHepOoOPrfOjXxv3LOBNVq6SroBEAUlez2Wi7+ukjsWjWCAjGsAfDmyioV9/3
mOduccN7MhMv3UFRMGidcSBWNi5/ekmWTWv9gygL8vZAlcmXfJrVhnTLgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL9KxWqYrlYAD3d5ssegcxhiT7t0MB8GA1UdIwQY
MBaAFLI28uQlIumNN2vjionl3VGrv3mWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2pieTVDVWk2WTAzYS1PS2llWGRVYXVfZVpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy8xOGI1MmItNTAxMS00MzA5LWJmYmYt
NmVhYTFjODk4MjRhLzEvdjByRmFwaXVWZ0FQZDNteXg2QnpHR0pQdTNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy8xOGI1MmItNTAxMS00MzA5LWJmYmYtNmVhYTFjODk4MjRh
LzEvc2pieTVDVWk2WTAzYS1PS2llWGRVYXVfZVpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDPnqgMA0G
CSqGSIb3DQEBCwUAA4IBAQBNZx2aNJvN/K7b1XWJ4l3hYiBHOSiQKeMaXgOKFtpY
AuUgL3npLtu0ZkNiYZrKd6D+iMzAhMWd24PDoTVt656HefpDADmR0q44lFkpa0hN
uJxQ7keyVRrbEzw+x6VFROxv9rZSNVjfvyZawL08pmkASLbX0eIZUAuQ4Xn0OjVT
wsDACeQj7sq7doSx8KsVpYX6AFztMdPESyWD38pjtOWfnLj5tLDmdUkY0hIdvaJV
z9kEtSdNi0DftW714m701BmAsXKM/xlLlNi/2aJAzNoMiyYI2Yv2sX2MVK4BDN3v
gD6oI4XYWAgFKl2an9Riiaii4HNgn3GLg52di1AaFVwL
-----END CERTIFICATE-----