Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/JDhzUY8WggyEjl77dFyKfNTuttI.roa
File:                     JDhzUY8WggyEjl77dFyKfNTuttI.roa (raw, json)
Hash identifier:          2S4K0CW+p18ThxzBHKCsi6J4U1ECSCVbd5SXljt7NEI=
Subject key identifier:   24:38:73:51:8F:16:82:0C:84:8E:5E:FB:74:5C:8A:7C:D4:EE:B6:D2
Certificate issuer:       /CN=60fcd55b9130858d8ea583c0987dad00f614db39
Certificate serial:       0196DAB7F2A9A94D7563CAF888634602FBD5
Authority key identifier: 60:FC:D5:5B:91:30:85:8D:8E:A5:83:C0:98:7D:AD:00:F6:14:DB:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YPzVW5EwhY2OpYPAmH2tAPYU2zk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/JDhzUY8WggyEjl77dFyKfNTuttI.roa
Signing time:             Fri 16 May 2025 20:10:10 +0000
ROA not before:           Fri 16 May 2025 20:10:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213020
IP address blocks:        62.3.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/YPzVW5EwhY2OpYPAmH2tAPYU2zk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/YPzVW5EwhY2OpYPAmH2tAPYU2zk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YPzVW5EwhY2OpYPAmH2tAPYU2zk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Jun 2025 03:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:da:b7:f2:a9:a9:4d:75:63:ca:f8:88:63:46:02:fb:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60fcd55b9130858d8ea583c0987dad00f614db39
        Validity
            Not Before: May 16 20:10:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=243873518f16820c848e5efb745c8a7cd4eeb6d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:2c:19:8c:de:94:d1:4a:18:80:36:e0:9a:81:
                    a7:8c:67:7f:d7:84:24:bc:4b:fd:a6:9f:75:2a:a7:
                    c2:30:bd:d5:81:91:73:b2:7b:69:2c:f7:16:f1:9f:
                    1b:de:9b:bc:23:20:34:0b:8d:9f:30:90:f9:bc:b8:
                    33:29:15:a5:e4:40:07:12:8a:f8:1d:98:04:68:d9:
                    01:f9:63:ea:03:f8:74:05:a2:9b:45:9d:56:e5:9f:
                    11:0e:5d:7c:d0:ec:20:d0:69:fe:f8:b3:fc:d2:54:
                    5b:39:f5:9f:4e:3f:eb:99:b4:28:a3:e0:a2:08:fd:
                    4d:68:24:a8:e0:5b:e0:e7:73:8e:49:9a:8d:dc:f3:
                    83:8e:ab:00:c9:a5:90:35:fe:a8:cd:52:8b:f0:a3:
                    c2:c0:0f:7e:05:b2:70:48:a1:1b:3b:d2:78:00:63:
                    02:9b:f5:b2:21:03:65:43:73:3d:e7:f1:a6:fd:11:
                    c0:fc:af:ca:53:6e:a5:c1:7b:27:b5:49:f6:54:48:
                    5f:30:e5:6d:54:9c:8e:84:5d:18:8f:5f:44:93:5f:
                    13:cb:1e:b6:5f:ef:40:16:40:84:e3:ef:66:dc:7c:
                    ae:be:9d:54:de:0e:f6:a1:00:04:44:90:df:79:fd:
                    ab:bf:1d:fe:9f:75:4e:51:e3:9b:d5:38:9e:cd:73:
                    fb:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:38:73:51:8F:16:82:0C:84:8E:5E:FB:74:5C:8A:7C:D4:EE:B6:D2
            X509v3 Authority Key Identifier:
                keyid:60:FC:D5:5B:91:30:85:8D:8E:A5:83:C0:98:7D:AD:00:F6:14:DB:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YPzVW5EwhY2OpYPAmH2tAPYU2zk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/JDhzUY8WggyEjl77dFyKfNTuttI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/YPzVW5EwhY2OpYPAmH2tAPYU2zk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.3.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:d7:cc:63:4e:3f:6f:4e:a0:ca:c2:ca:ec:13:0c:15:d1:b3:
         d4:4f:eb:71:0f:87:51:b9:9c:f9:f6:85:42:77:37:f3:83:67:
         b1:17:cc:d5:a2:c4:07:82:c3:11:84:a3:dc:a3:9b:0f:19:3a:
         0c:e9:22:ae:6f:02:54:82:1d:d2:53:cf:30:2b:1e:6f:d6:9c:
         e2:12:3f:51:36:b3:a6:e0:4c:3e:0d:94:12:bd:49:67:33:25:
         63:14:14:a8:cd:ca:dd:36:9e:01:60:0f:fa:be:10:23:d9:2c:
         08:3f:a0:ae:5f:76:5b:2e:83:9b:45:cf:49:33:49:21:0c:3a:
         05:ae:a5:bf:79:6a:be:c8:d5:10:b1:20:eb:8e:13:63:b8:00:
         d1:23:ba:5e:61:75:de:7b:9a:7b:5d:b4:5f:dc:83:98:71:6a:
         05:cd:3f:6d:61:84:05:76:e9:85:1d:b4:1e:9f:fb:a3:50:a7:
         72:43:98:0d:9c:53:2c:47:fb:e6:c8:b1:8f:4e:8d:ec:4f:08:
         b3:05:62:4f:3a:55:27:f8:c5:00:21:4b:f6:0f:70:ef:1b:1e:
         b7:a8:30:bd:8b:a4:a2:69:49:7d:f7:6c:6b:bb:af:25:37:d6:
         82:ea:f6:f4:55:d0:71:d8:a6:d2:9c:a1:af:17:02:1e:8a:48:
         4c:11:a9:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbat/KpqU11Y8r4iGNGAvvVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwZmNkNTViOTEzMDg1OGQ4ZWE1ODNjMDk4N2RhZDAwZjYx
NGRiMzkwHhcNMjUwNTE2MjAxMDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDM4NzM1MThmMTY4MjBjODQ4ZTVlZmI3NDVjOGE3Y2Q0ZWViNmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsCwZjN6U0UoYgDbgmoGnjGd/14Qk
vEv9pp91KqfCML3VgZFzsntpLPcW8Z8b3pu8IyA0C42fMJD5vLgzKRWl5EAHEor4
HZgEaNkB+WPqA/h0BaKbRZ1W5Z8RDl180Owg0Gn++LP80lRbOfWfTj/rmbQoo+Ci
CP1NaCSo4Fvg53OOSZqN3PODjqsAyaWQNf6ozVKL8KPCwA9+BbJwSKEbO9J4AGMC
m/WyIQNlQ3M95/Gm/RHA/K/KU26lwXsntUn2VEhfMOVtVJyOhF0Yj19Ek18Tyx62
X+9AFkCE4+9m3Hyuvp1U3g72oQAERJDfef2rvx3+n3VOUeOb1TiezXP7nQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCQ4c1GPFoIMhI5e+3RcinzU7rbSMB8GA1UdIwQY
MBaAFGD81VuRMIWNjqWDwJh9rQD2FNs5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVB6Vlc1RXdoWTJPcFlQQW1IMnRBUFlVMnprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC84MjIzM2QtZWMwNy00MmZiLTg3OTkt
ZWQzMGI5YmIxMmQ1LzEvSkRoelVZOFdnZ3lFamw3N2RGeUtmTlR1dHRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC84MjIzM2QtZWMwNy00MmZiLTg3OTktZWQzMGI5YmIxMmQ1
LzEvWVB6Vlc1RXdoWTJPcFlQQW1IMnRBUFlVMnprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPgMjMA0G
CSqGSIb3DQEBCwUAA4IBAQBj18xjTj9vTqDKwsrsEwwV0bPUT+txD4dRuZz59oVC
dzfzg2exF8zVosQHgsMRhKPco5sPGToM6SKubwJUgh3SU88wKx5v1pziEj9RNrOm
4Ew+DZQSvUlnMyVjFBSozcrdNp4BYA/6vhAj2SwIP6CuX3ZbLoObRc9JM0khDDoF
rqW/eWq+yNUQsSDrjhNjuADRI7peYXXee5p7XbRf3IOYcWoFzT9tYYQFdumFHbQe
n/ujUKdyQ5gNnFMsR/vmyLGPTo3sTwizBWJPOlUn+MUAIUv2D3DvGx63qDC9i6Si
aUl992xru68lN9aC6vb0VdBx2KbSnKGvFwIeikhMEanl
-----END CERTIFICATE-----