Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/hvyCjD-sr1w6tm5UxwSderd8UxE.roa
File:                     hvyCjD-sr1w6tm5UxwSderd8UxE.roa (raw, json)
Hash identifier:          yEejB8VN7eRKYdvOBcuTAVJxtwqqoPVaxdtPUz/eqYQ=
Subject key identifier:   86:FC:82:8C:3F:AC:AF:5C:3A:B6:6E:54:C7:04:9D:7A:B7:7C:53:11
Certificate issuer:       /CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
Certificate serial:       019426D98BF805CC6B20037795398EDD5973
Authority key identifier: 12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/hvyCjD-sr1w6tm5UxwSderd8UxE.roa
Signing time:             Thu 02 Jan 2025 11:49:38 +0000
ROA not before:           Thu 02 Jan 2025 11:49:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44620
IP address blocks:        62.169.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:8b:f8:05:cc:6b:20:03:77:95:39:8e:dd:59:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
        Validity
            Not Before: Jan  2 11:49:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=86fc828c3facaf5c3ab66e54c7049d7ab77c5311
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:9d:b9:d5:44:bd:4d:e4:dd:57:9a:3e:cd:39:
                    c0:94:36:d0:c2:be:40:ac:ec:b1:a3:c0:2b:0f:8f:
                    06:4a:ea:68:08:80:26:0c:c5:bb:c1:57:7a:82:c0:
                    8c:ec:37:31:88:0e:b4:07:2b:50:bc:22:aa:76:b5:
                    23:9b:24:92:29:5a:95:56:f9:17:94:af:58:80:04:
                    07:8e:35:03:18:a0:11:5d:2b:93:69:d0:28:aa:25:
                    79:22:ad:c5:2e:82:d5:f7:7b:e2:a1:6e:4a:78:c8:
                    d6:29:0f:c6:86:2f:c2:b7:16:ed:83:87:66:70:ef:
                    b7:01:3e:a3:05:d6:b4:3a:19:f6:e6:34:ab:f5:5a:
                    0b:4e:07:74:97:2d:fe:81:ca:65:d8:ad:4a:c5:39:
                    c5:5d:cb:0e:b3:7d:29:47:28:30:57:47:56:03:b7:
                    77:02:be:49:26:53:c5:1b:2c:4b:33:88:2d:8f:da:
                    62:28:47:3d:61:fe:b5:fb:89:fb:b6:0e:0a:2a:75:
                    59:ce:bc:3f:cc:d7:2a:fb:e6:41:15:bc:86:43:30:
                    6b:80:a8:64:fb:5d:62:1c:be:fc:e2:06:e9:62:bb:
                    1d:6d:c0:8a:cf:e1:f3:c9:06:f7:12:65:fd:a3:cd:
                    e8:04:f6:f2:c7:1f:01:59:64:36:fe:79:0b:9e:64:
                    e8:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:FC:82:8C:3F:AC:AF:5C:3A:B6:6E:54:C7:04:9D:7A:B7:7C:53:11
            X509v3 Authority Key Identifier:
                keyid:12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/hvyCjD-sr1w6tm5UxwSderd8UxE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.169.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:3c:24:f0:c5:3f:20:d8:0c:d6:0b:1b:10:b4:9f:89:9f:1f:
         f4:2f:85:5c:df:dd:c4:f6:5c:8a:56:d5:0b:93:d7:c2:66:76:
         bb:1b:c4:73:1d:f6:fb:08:ba:f7:51:44:63:81:82:33:db:a0:
         25:c7:20:0f:df:35:80:c5:ff:c9:c7:68:b9:a6:8b:e2:35:46:
         b5:9c:9c:1b:38:51:08:0a:52:97:6b:69:1e:08:00:86:d4:bb:
         0a:3f:3a:1d:90:dc:83:5d:9d:7b:52:f2:c9:a5:3f:cf:55:56:
         f8:0a:c2:8c:74:c7:d0:ba:7c:4c:c2:f7:36:ed:0e:32:46:f7:
         00:68:30:a6:72:06:8f:de:69:1b:34:d1:4c:a0:2f:8c:7e:31:
         57:a5:de:0b:a4:72:71:82:cd:ad:78:87:73:b9:41:b1:bd:6c:
         0a:ed:d0:b8:c2:39:b2:06:44:6f:59:24:72:f1:6f:9d:aa:7c:
         a2:75:8e:a0:54:cb:e8:58:48:02:9a:35:d7:82:89:9e:fd:24:
         7f:28:b2:bb:f5:46:ca:70:58:70:b1:40:c2:6e:90:a5:ef:58:
         80:36:5a:a7:bb:1a:45:0c:26:66:69:ee:43:e2:b0:81:0a:d7:
         18:10:aa:d8:8c:52:60:86:ad:25:71:69:19:25:78:41:de:5d:
         86:c2:6b:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2Yv4BcxrIAN3lTmO3VlzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyYmUyOWM5NTY4OTRjNDljNmQ0YmUwZWQ5ODg4MmI5MGQx
YmM3N2YwHhcNMjUwMTAyMTE0OTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmZjODI4YzNmYWNhZjVjM2FiNjZlNTRjNzA0OWQ3YWI3N2M1MzExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzp251US9TeTdV5o+zTnAlDbQwr5A
rOyxo8ArD48GSupoCIAmDMW7wVd6gsCM7DcxiA60BytQvCKqdrUjmySSKVqVVvkX
lK9YgAQHjjUDGKARXSuTadAoqiV5Iq3FLoLV93vioW5KeMjWKQ/Ghi/Ctxbtg4dm
cO+3AT6jBda0Ohn25jSr9VoLTgd0ly3+gcpl2K1KxTnFXcsOs30pRygwV0dWA7d3
Ar5JJlPFGyxLM4gtj9piKEc9Yf61+4n7tg4KKnVZzrw/zNcq++ZBFbyGQzBrgKhk
+11iHL784gbpYrsdbcCKz+HzyQb3EmX9o83oBPbyxx8BWWQ2/nkLnmTo0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIb8gow/rK9cOrZuVMcEnXq3fFMRMB8GA1UdIwQY
MBaAFBK+KclWiUxJxtS+DtmIgrkNG8d/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjIt
YWE2ZWQ0ZGFmYjNiLzEvaHZ5Q2pELXNyMXc2dG01VXh3U2RlcmQ4VXhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjItYWE2ZWQ0ZGFmYjNi
LzEvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPqmZMA0G
CSqGSIb3DQEBCwUAA4IBAQCTPCTwxT8g2AzWCxsQtJ+Jnx/0L4Vc393E9lyKVtUL
k9fCZna7G8RzHfb7CLr3UURjgYIz26AlxyAP3zWAxf/Jx2i5poviNUa1nJwbOFEI
ClKXa2keCACG1LsKPzodkNyDXZ17UvLJpT/PVVb4CsKMdMfQunxMwvc27Q4yRvcA
aDCmcgaP3mkbNNFMoC+MfjFXpd4LpHJxgs2teIdzuUGxvWwK7dC4wjmyBkRvWSRy
8W+dqnyidY6gVMvoWEgCmjXXgome/SR/KLK79UbKcFhwsUDCbpCl71iANlqnuxpF
DCZmae5D4rCBCtcYEKrYjFJghq0lcWkZJXhB3l2GwmsA
-----END CERTIFICATE-----