Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/3433fe-6408-468d-81e4-f03eb8740c3e/1/sazfzVz6q9bIns0N5tJ_KIxOhyU.roa
File:                     sazfzVz6q9bIns0N5tJ_KIxOhyU.roa (raw, json)
Hash identifier:          7Dx7RnLHW4HsXUHgAbio+tOs+19yMbUTjmWX8tX1e1E=
Subject key identifier:   B1:AC:DF:CD:5C:FA:AB:D6:C8:9E:CD:0D:E6:D2:7F:28:8C:4E:87:25
Certificate issuer:       /CN=9c031a8b6a28940c7936ba6e782b94a0962bfb27
Certificate serial:       01942143C78220AFF4777886344E2656976F
Authority key identifier: 9C:03:1A:8B:6A:28:94:0C:79:36:BA:6E:78:2B:94:A0:96:2B:FB:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nAMai2oolAx5NrpueCuUoJYr-yc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/3433fe-6408-468d-81e4-f03eb8740c3e/1/sazfzVz6q9bIns0N5tJ_KIxOhyU.roa
Signing time:             Wed 01 Jan 2025 09:47:57 +0000
ROA not before:           Wed 01 Jan 2025 09:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210075
IP address blocks:        185.62.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/3433fe-6408-468d-81e4-f03eb8740c3e/1/nAMai2oolAx5NrpueCuUoJYr-yc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/3433fe-6408-468d-81e4-f03eb8740c3e/1/nAMai2oolAx5NrpueCuUoJYr-yc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nAMai2oolAx5NrpueCuUoJYr-yc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:c7:82:20:af:f4:77:78:86:34:4e:26:56:97:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c031a8b6a28940c7936ba6e782b94a0962bfb27
        Validity
            Not Before: Jan  1 09:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b1acdfcd5cfaabd6c89ecd0de6d27f288c4e8725
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:dc:75:6c:ee:90:e1:54:f9:c3:c8:ea:f9:12:
                    3f:f6:d1:a9:4f:2d:b2:e9:9c:7c:a6:f3:fa:c9:6b:
                    de:94:06:17:4e:27:50:64:01:f8:76:78:35:4a:54:
                    57:aa:c0:55:e4:3b:76:51:59:cf:a8:bb:c0:af:24:
                    3a:91:9a:19:29:b4:f6:80:ca:72:a9:f7:bf:a8:2c:
                    41:ca:88:35:ad:53:5a:d7:87:19:66:32:8e:99:24:
                    c8:44:c9:fc:63:4e:15:fd:49:1c:a0:f1:60:68:ac:
                    d8:61:e7:33:9f:88:5b:cb:16:e8:50:f6:13:79:46:
                    b9:ef:0d:d3:47:62:1d:de:76:64:2b:89:bc:7e:6c:
                    08:d6:4f:f9:fb:f8:e4:9c:10:0e:15:f4:e2:e3:c0:
                    23:71:5b:0e:be:ac:5f:69:ab:31:53:9b:9a:4a:f7:
                    a2:10:99:b4:f8:9b:24:a6:48:de:ed:02:6c:60:36:
                    83:0e:cf:b5:7e:3c:9f:e1:a0:a6:d0:4d:79:04:16:
                    54:b0:d3:d5:33:76:e1:66:7c:20:37:87:71:99:b6:
                    5f:5d:87:0b:e1:c0:36:2a:e0:1c:dd:92:2e:b8:7b:
                    e8:ba:53:ba:42:f5:3e:d4:6a:ff:10:2f:08:b3:1d:
                    49:40:de:0e:2b:a3:fd:7e:02:81:10:46:73:e1:e4:
                    c7:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:AC:DF:CD:5C:FA:AB:D6:C8:9E:CD:0D:E6:D2:7F:28:8C:4E:87:25
            X509v3 Authority Key Identifier:
                keyid:9C:03:1A:8B:6A:28:94:0C:79:36:BA:6E:78:2B:94:A0:96:2B:FB:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nAMai2oolAx5NrpueCuUoJYr-yc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/3433fe-6408-468d-81e4-f03eb8740c3e/1/sazfzVz6q9bIns0N5tJ_KIxOhyU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/3433fe-6408-468d-81e4-f03eb8740c3e/1/nAMai2oolAx5NrpueCuUoJYr-yc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.62.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:2a:68:57:f5:36:cd:45:f9:3c:76:c4:da:aa:e3:a7:b2:88:
         ba:51:06:50:0e:4d:16:7a:3a:bd:30:e7:38:2f:d0:5b:c4:91:
         6a:53:57:c1:85:e3:14:01:14:16:19:3f:93:9c:9f:d4:24:6e:
         be:4f:95:21:ca:0e:6d:dd:e2:1e:6c:47:d3:0a:b5:c5:7e:dd:
         1f:b0:ad:57:a3:50:46:53:e8:04:18:2b:89:24:78:94:e6:6b:
         ef:66:1e:d0:c5:dc:65:b1:ad:e7:31:70:91:5f:89:54:b1:cb:
         3e:0b:cd:56:d3:6e:8f:c1:fd:11:46:87:b1:99:48:09:c8:98:
         45:c8:af:5f:20:c5:fd:e3:30:bf:61:1d:fc:60:7d:87:3d:39:
         cf:95:df:7e:4d:ec:78:68:0e:55:bf:a2:4f:35:83:ef:74:1d:
         a4:a0:d9:b4:ee:0f:84:d9:7e:09:bb:8f:0d:07:ad:f9:68:5d:
         aa:77:0e:a4:10:f9:97:3d:05:1c:40:8c:2e:cc:68:b8:ee:3a:
         72:4c:81:25:b9:8b:c7:60:40:1c:03:31:1a:98:b6:aa:c4:eb:
         d6:00:62:52:68:49:b5:2c:39:a1:0e:c3:c2:aa:e2:a5:c7:c2:
         a0:f4:55:bf:06:f8:6a:45:a0:7f:02:4c:72:48:8e:15:80:2f:
         a6:f3:8c:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ8eCIK/0d3iGNE4mVpdvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljMDMxYThiNmEyODk0MGM3OTM2YmE2ZTc4MmI5NGEwOTYy
YmZiMjcwHhcNMjUwMTAxMDk0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWFjZGZjZDVjZmFhYmQ2Yzg5ZWNkMGRlNmQyN2YyODhjNGU4NzI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA29x1bO6Q4VT5w8jq+RI/9tGpTy2y
6Zx8pvP6yWvelAYXTidQZAH4dng1SlRXqsBV5Dt2UVnPqLvAryQ6kZoZKbT2gMpy
qfe/qCxByog1rVNa14cZZjKOmSTIRMn8Y04V/UkcoPFgaKzYYeczn4hbyxboUPYT
eUa57w3TR2Id3nZkK4m8fmwI1k/5+/jknBAOFfTi48AjcVsOvqxfaasxU5uaSvei
EJm0+Jskpkje7QJsYDaDDs+1fjyf4aCm0E15BBZUsNPVM3bhZnwgN4dxmbZfXYcL
4cA2KuAc3ZIuuHvoulO6QvU+1Gr/EC8Isx1JQN4OK6P9fgKBEEZz4eTHgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLGs381c+qvWyJ7NDebSfyiMToclMB8GA1UdIwQY
MBaAFJwDGotqKJQMeTa6bngrlKCWK/snMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkFNYWkyb29sQXg1TnJwdWVDdVVvSllyLXljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy8zNDMzZmUtNjQwOC00NjhkLTgxZTQt
ZjAzZWI4NzQwYzNlLzEvc2F6ZnpWejZxOWJJbnMwTjV0Sl9LSXhPaHlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy8zNDMzZmUtNjQwOC00NjhkLTgxZTQtZjAzZWI4NzQwYzNl
LzEvbkFNYWkyb29sQXg1TnJwdWVDdVVvSllyLXljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuT4DMA0G
CSqGSIb3DQEBCwUAA4IBAQCjKmhX9TbNRfk8dsTaquOnsoi6UQZQDk0Wejq9MOc4
L9BbxJFqU1fBheMUARQWGT+TnJ/UJG6+T5Uhyg5t3eIebEfTCrXFft0fsK1Xo1BG
U+gEGCuJJHiU5mvvZh7Qxdxlsa3nMXCRX4lUscs+C81W026Pwf0RRoexmUgJyJhF
yK9fIMX94zC/YR38YH2HPTnPld9+Tex4aA5Vv6JPNYPvdB2koNm07g+E2X4Ju48N
B635aF2qdw6kEPmXPQUcQIwuzGi47jpyTIEluYvHYEAcAzEamLaqxOvWAGJSaEm1
LDmhDsPCquKlx8Kg9FW/BvhqRaB/AkxySI4VgC+m84zu
-----END CERTIFICATE-----