Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/943d5d-560c-4314-af82-8b8a01bd7414/1/lZMuhPvtZ2azCXBKPog94p3v2Xw.roa
File:                     lZMuhPvtZ2azCXBKPog94p3v2Xw.roa (raw, json)
Hash identifier:          xEuRWjb3WfY9qNirTUGj3ZWp2yVhhUygTy4CswJMg3c=
Subject key identifier:   95:93:2E:84:FB:ED:67:66:B3:09:70:4A:3E:88:3D:E2:9D:EF:D9:7C
Certificate issuer:       /CN=1fc4927ab194ae1237fde2d3bef69038893f0dc5
Certificate serial:       01942067FEAA2338E1B05876D9D098331628
Authority key identifier: 1F:C4:92:7A:B1:94:AE:12:37:FD:E2:D3:BE:F6:90:38:89:3F:0D:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H8SSerGUrhI3_eLTvvaQOIk_DcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/943d5d-560c-4314-af82-8b8a01bd7414/1/lZMuhPvtZ2azCXBKPog94p3v2Xw.roa
Signing time:             Wed 01 Jan 2025 05:47:53 +0000
ROA not before:           Wed 01 Jan 2025 05:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30848
IP address blocks:        62.100.86.0/24 maxlen: 24
                          62.100.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/943d5d-560c-4314-af82-8b8a01bd7414/1/H8SSerGUrhI3_eLTvvaQOIk_DcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/943d5d-560c-4314-af82-8b8a01bd7414/1/H8SSerGUrhI3_eLTvvaQOIk_DcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H8SSerGUrhI3_eLTvvaQOIk_DcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:fe:aa:23:38:e1:b0:58:76:d9:d0:98:33:16:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1fc4927ab194ae1237fde2d3bef69038893f0dc5
        Validity
            Not Before: Jan  1 05:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=95932e84fbed6766b309704a3e883de29defd97c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:be:8b:ef:46:ac:9d:cd:c5:a4:3a:1c:16:d6:
                    63:aa:d6:d7:43:c6:f5:e4:9a:d7:cf:25:55:b5:cb:
                    14:b7:93:2e:20:13:96:35:32:4c:97:d8:35:04:1d:
                    85:df:85:3b:2d:df:71:85:1a:5f:47:dd:be:52:78:
                    e4:b2:fa:05:36:66:b6:be:8f:5e:5f:5f:a4:56:6a:
                    21:12:a9:11:c0:47:00:b3:3a:77:bc:fc:4e:db:2a:
                    a8:8a:38:02:4c:50:6e:99:83:4b:ed:ae:1f:89:d5:
                    4e:81:68:6c:e7:a4:be:c2:70:59:29:1c:4c:59:05:
                    48:50:8b:ce:fc:3a:27:63:2f:19:8c:4a:e5:0a:aa:
                    fa:f0:0c:97:04:b2:ee:bb:b6:65:ef:92:c4:fb:e8:
                    15:55:1e:f9:81:b8:aa:d1:b0:6e:92:93:f2:18:20:
                    bb:d0:3a:c6:5f:a7:9f:fa:7b:58:df:99:b6:ba:13:
                    e1:3d:0c:33:17:02:04:d7:d6:6b:d3:5a:6e:e5:45:
                    34:db:21:fd:38:79:45:26:1c:0c:ce:ba:7f:bc:b7:
                    55:81:d0:cc:0f:d8:d3:71:8a:0b:70:ec:b7:ce:fc:
                    ea:63:30:a5:13:80:d0:a0:18:60:87:8b:3a:b8:ac:
                    6e:98:ea:ff:a6:e7:b8:49:fe:79:0d:a1:5a:46:52:
                    3f:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:93:2E:84:FB:ED:67:66:B3:09:70:4A:3E:88:3D:E2:9D:EF:D9:7C
            X509v3 Authority Key Identifier:
                keyid:1F:C4:92:7A:B1:94:AE:12:37:FD:E2:D3:BE:F6:90:38:89:3F:0D:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H8SSerGUrhI3_eLTvvaQOIk_DcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/943d5d-560c-4314-af82-8b8a01bd7414/1/lZMuhPvtZ2azCXBKPog94p3v2Xw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/943d5d-560c-4314-af82-8b8a01bd7414/1/H8SSerGUrhI3_eLTvvaQOIk_DcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.100.86.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a1:a9:57:24:b9:85:3d:19:48:ae:8f:79:76:79:23:b7:e4:45:
         e4:e6:6e:57:a5:9e:07:9f:ed:3e:00:ee:ac:9d:ae:84:c6:b5:
         07:94:8f:2f:59:14:0f:7d:73:08:0a:48:91:97:de:d2:5c:6b:
         27:fb:fc:7d:21:ee:56:74:c4:cd:75:92:17:95:23:91:77:db:
         a1:c1:6d:0c:cb:58:bf:b4:8f:4b:66:23:ee:2d:33:fc:ea:0a:
         4c:7d:94:93:79:7b:53:81:93:29:f2:ee:ad:ab:27:d9:1b:97:
         26:f5:ba:b2:26:50:fb:26:1e:bc:a7:19:1b:34:17:b3:7a:9a:
         ef:ee:17:33:91:a3:da:c3:2f:8d:a2:15:13:0a:67:ef:cd:af:
         07:44:a4:3e:d7:45:ce:e1:8f:49:3a:69:32:51:42:99:c4:2e:
         86:d1:cb:ef:c2:85:83:25:ba:d2:5f:bd:59:cf:19:af:8f:d4:
         86:65:35:80:0c:a1:6d:af:16:21:d4:8c:ea:c3:d4:be:ea:11:
         ef:df:dd:46:73:45:10:ca:2e:82:79:1b:0a:2f:7a:57:78:15:
         79:cf:2a:93:32:a8:b0:f1:8f:ac:4e:7f:10:4a:de:d5:ab:e2:
         41:8a:02:8b:3e:57:87:02:bd:31:8f:e5:a2:34:36:f0:1e:18:
         2c:73:1f:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ/6qIzjhsFh22dCYMxYoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmYzQ5MjdhYjE5NGFlMTIzN2ZkZTJkM2JlZjY5MDM4ODkz
ZjBkYzUwHhcNMjUwMTAxMDU0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTkzMmU4NGZiZWQ2NzY2YjMwOTcwNGEzZTg4M2RlMjlkZWZkOTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqr6L70asnc3FpDocFtZjqtbXQ8b1
5JrXzyVVtcsUt5MuIBOWNTJMl9g1BB2F34U7Ld9xhRpfR92+UnjksvoFNma2vo9e
X1+kVmohEqkRwEcAszp3vPxO2yqoijgCTFBumYNL7a4fidVOgWhs56S+wnBZKRxM
WQVIUIvO/DonYy8ZjErlCqr68AyXBLLuu7Zl75LE++gVVR75gbiq0bBukpPyGCC7
0DrGX6ef+ntY35m2uhPhPQwzFwIE19Zr01pu5UU02yH9OHlFJhwMzrp/vLdVgdDM
D9jTcYoLcOy3zvzqYzClE4DQoBhgh4s6uKxumOr/pue4Sf55DaFaRlI/xwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJWTLoT77WdmswlwSj6IPeKd79l8MB8GA1UdIwQY
MBaAFB/EknqxlK4SN/3i0772kDiJPw3FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDhTU2VyR1VyaEkzX2VMVHZ2YVFPSWtfRGNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS85NDNkNWQtNTYwYy00MzE0LWFmODIt
OGI4YTAxYmQ3NDE0LzEvbFpNdWhQdnRaMmF6Q1hCS1BvZzk0cDN2Mlh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS85NDNkNWQtNTYwYy00MzE0LWFmODItOGI4YTAxYmQ3NDE0
LzEvSDhTU2VyR1VyaEkzX2VMVHZ2YVFPSWtfRGNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBPmRWMA0G
CSqGSIb3DQEBCwUAA4IBAQChqVckuYU9GUiuj3l2eSO35EXk5m5XpZ4Hn+0+AO6s
na6ExrUHlI8vWRQPfXMICkiRl97SXGsn+/x9Ie5WdMTNdZIXlSORd9uhwW0My1i/
tI9LZiPuLTP86gpMfZSTeXtTgZMp8u6tqyfZG5cm9bqyJlD7Jh68pxkbNBezeprv
7hczkaPawy+NohUTCmfvza8HRKQ+10XO4Y9JOmkyUUKZxC6G0cvvwoWDJbrSX71Z
zxmvj9SGZTWADKFtrxYh1Izqw9S+6hHv391Gc0UQyi6CeRsKL3pXeBV5zyqTMqiw
8Y+sTn8QSt7Vq+JBigKLPleHAr0xj+WiNDbwHhgscx9x
-----END CERTIFICATE-----