Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/593482-d762-4409-b850-20c44a81f977/1/1s70h6r87L-IulVsz6h8zyFXb_Q.roa
File:                     1s70h6r87L-IulVsz6h8zyFXb_Q.roa (raw, json)
Hash identifier:          5H/5j8LaoLq/mqGaGFCi4+VAwjIOpu8grnJTKJtYod4=
Subject key identifier:   D6:CE:F4:87:AA:FC:EC:BF:88:BA:55:6C:CF:A8:7C:CF:21:57:6F:F4
Certificate issuer:       /CN=fba0ed92ec94321dcb219d37f38d907e183244bd
Certificate serial:       019423D7F15D2887CDD158020443BD7C2B3C
Authority key identifier: FB:A0:ED:92:EC:94:32:1D:CB:21:9D:37:F3:8D:90:7E:18:32:44:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-6DtkuyUMh3LIZ03842QfhgyRL0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/593482-d762-4409-b850-20c44a81f977/1/1s70h6r87L-IulVsz6h8zyFXb_Q.roa
Signing time:             Wed 01 Jan 2025 21:49:02 +0000
ROA not before:           Wed 01 Jan 2025 21:49:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     26114
IP address blocks:        62.115.244.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/593482-d762-4409-b850-20c44a81f977/1/1-6DtkuyUMh3LIZ03842QfhgyRL0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/593482-d762-4409-b850-20c44a81f977/1/1-6DtkuyUMh3LIZ03842QfhgyRL0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-6DtkuyUMh3LIZ03842QfhgyRL0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:f1:5d:28:87:cd:d1:58:02:04:43:bd:7c:2b:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fba0ed92ec94321dcb219d37f38d907e183244bd
        Validity
            Not Before: Jan  1 21:49:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d6cef487aafcecbf88ba556ccfa87ccf21576ff4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:24:91:ff:4b:96:bc:5b:61:91:83:68:72:3b:
                    80:c4:d6:73:ab:08:75:4f:72:4b:ef:90:c1:8a:09:
                    62:21:7d:65:bf:85:97:5c:28:80:ce:5f:e2:51:b7:
                    4c:89:24:75:fe:3b:86:7f:7d:4c:38:d1:9a:1b:7f:
                    3a:e9:7e:e9:72:92:f9:02:b5:ca:bc:34:d0:d5:02:
                    43:17:8e:f0:05:c2:8b:f8:34:c1:13:d3:6a:08:73:
                    52:4f:14:d1:a8:17:22:d2:ee:2f:f6:88:06:df:f2:
                    2a:1d:5b:01:a0:c2:9b:9b:d2:a5:67:f3:d7:3f:8e:
                    c2:78:88:2f:e3:1d:c4:34:52:8d:4d:df:6a:b9:ac:
                    24:d4:ac:d7:ab:57:46:55:66:43:5c:0c:73:ce:51:
                    27:9b:c7:7b:52:03:f7:4a:1c:ac:15:e2:23:92:4d:
                    0b:fc:b2:4d:9f:f7:f9:29:9a:46:dd:6f:9f:e6:d4:
                    de:d0:46:6d:30:51:29:4a:5b:ab:88:45:bf:c3:d4:
                    b2:30:9b:8a:50:38:16:49:ab:04:67:db:86:6a:9d:
                    d0:f4:40:6f:23:a6:e2:98:0a:14:90:16:a9:7c:ef:
                    04:ba:bb:07:5f:0a:7c:f3:47:d5:72:ac:4a:9c:5b:
                    35:f4:5b:ab:0a:35:dc:45:9e:6c:0e:da:cc:88:f9:
                    70:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:CE:F4:87:AA:FC:EC:BF:88:BA:55:6C:CF:A8:7C:CF:21:57:6F:F4
            X509v3 Authority Key Identifier:
                keyid:FB:A0:ED:92:EC:94:32:1D:CB:21:9D:37:F3:8D:90:7E:18:32:44:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-6DtkuyUMh3LIZ03842QfhgyRL0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/593482-d762-4409-b850-20c44a81f977/1/1s70h6r87L-IulVsz6h8zyFXb_Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/593482-d762-4409-b850-20c44a81f977/1/1-6DtkuyUMh3LIZ03842QfhgyRL0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.115.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:82:db:9d:b4:c8:12:54:fd:a0:c6:8b:93:30:e5:8e:ab:da:
         93:2b:90:e9:b9:8f:aa:18:9c:e2:57:02:97:4b:9c:fa:77:b2:
         b0:ae:07:75:31:4a:7a:b3:85:9d:dd:3c:b8:69:4a:0f:47:0b:
         9b:71:ae:88:e9:67:bd:b1:43:bb:0c:1a:65:5b:3d:05:21:de:
         59:93:b1:29:7c:e4:41:f4:a6:e3:cb:7e:3d:18:c3:d2:d7:52:
         53:55:b2:b5:49:2a:b9:a4:42:9a:31:d9:c1:cb:0f:f6:8a:16:
         06:1a:e4:95:70:88:6a:a1:47:47:ba:ce:e4:d0:55:78:b7:76:
         d0:9e:99:31:b8:ac:1e:73:75:75:60:31:39:7b:d7:06:e5:74:
         84:da:82:46:3f:3e:0d:72:43:cb:4e:c3:dc:e1:90:c7:2f:1d:
         99:3e:b6:d4:73:11:7d:1f:2f:4f:dd:19:18:6e:75:26:dc:6f:
         c5:83:9b:80:47:a3:22:1e:a0:20:4a:44:0f:04:8f:fd:46:db:
         bc:2d:86:9c:b0:47:4b:71:f2:b2:c7:ee:4b:1f:b6:2e:1f:ba:
         25:d3:8a:9d:a6:01:9c:03:ec:3a:bb:b1:79:cd:cb:fe:34:f3:
         e7:59:0b:7d:48:55:05:53:ba:06:9f:ef:be:06:ba:94:f8:2e:
         ef:e2:81:ad
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQj1/FdKIfN0VgCBEO9fCs8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiYTBlZDkyZWM5NDMyMWRjYjIxOWQzN2YzOGQ5MDdlMTgz
MjQ0YmQwHhcNMjUwMTAxMjE0OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmNlZjQ4N2FhZmNlY2JmODhiYTU1NmNjZmE4N2NjZjIxNTc2ZmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2iSR/0uWvFthkYNocjuAxNZzqwh1
T3JL75DBigliIX1lv4WXXCiAzl/iUbdMiSR1/juGf31MONGaG3866X7pcpL5ArXK
vDTQ1QJDF47wBcKL+DTBE9NqCHNSTxTRqBci0u4v9ogG3/IqHVsBoMKbm9KlZ/PX
P47CeIgv4x3ENFKNTd9quawk1KzXq1dGVWZDXAxzzlEnm8d7UgP3ShysFeIjkk0L
/LJNn/f5KZpG3W+f5tTe0EZtMFEpSluriEW/w9SyMJuKUDgWSasEZ9uGap3Q9EBv
I6bimAoUkBapfO8EursHXwp880fVcqxKnFs19FurCjXcRZ5sDtrMiPlwbwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFNbO9Ieq/Oy/iLpVbM+ofM8hV2/0MB8GA1UdIwQY
MBaAFPug7ZLslDIdyyGdN/ONkH4YMkS9MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS02RHRrdXlVTWgzTElaMDM4NDJRZmhneVJMMC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTQvNTkzNDgyLWQ3NjItNDQwOS1iODUw
LTIwYzQ0YTgxZjk3Ny8xLzFzNzBoNnI4N0wtSXVsVnN6Nmg4enlGWGJfUS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNTQvNTkzNDgyLWQ3NjItNDQwOS1iODUwLTIwYzQ0YTgxZjk3
Ny8xLzEtNkR0a3V5VU1oM0xJWjAzODQyUWZoZ3lSTDAuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAA+c/Qw
DQYJKoZIhvcNAQELBQADggEBAKCC2520yBJU/aDGi5Mw5Y6r2pMrkOm5j6oYnOJX
ApdLnPp3srCuB3UxSnqzhZ3dPLhpSg9HC5txrojpZ72xQ7sMGmVbPQUh3lmTsSl8
5EH0puPLfj0Yw9LXUlNVsrVJKrmkQpox2cHLD/aKFgYa5JVwiGqhR0e6zuTQVXi3
dtCemTG4rB5zdXVgMTl71wbldITagkY/Pg1yQ8tOw9zhkMcvHZk+ttRzEX0fL0/d
GRhudSbcb8WDm4BHoyIeoCBKRA8Ej/1G27wthpywR0tx8rLH7ksfti4fuiXTip2m
AZwD7Dq7sXnNy/408+dZC31IVQVTugaf774GupT4Lu/iga0=
-----END CERTIFICATE-----