Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/51a655-2735-49ef-80df-b316db5938ff/1/HZpeO8_57nt_M9qIXInad5VBRmg.roa
File:                     HZpeO8_57nt_M9qIXInad5VBRmg.roa (raw, json)
Hash identifier:          nBZAN/bftccBXWEqjcSEhglUjfU5BncjTL3GeIrsER0=
Subject key identifier:   1D:9A:5E:3B:CF:F9:EE:7B:7F:33:DA:88:5C:89:DA:77:95:41:46:68
Certificate issuer:       /CN=68d24addcc3d5b77a099a907122252a47c8f6310
Certificate serial:       019423D6E0C658888DDAD3A8296682FFB922
Authority key identifier: 68:D2:4A:DD:CC:3D:5B:77:A0:99:A9:07:12:22:52:A4:7C:8F:63:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aNJK3cw9W3egmakHEiJSpHyPYxA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/51a655-2735-49ef-80df-b316db5938ff/1/HZpeO8_57nt_M9qIXInad5VBRmg.roa
Signing time:             Wed 01 Jan 2025 21:47:52 +0000
ROA not before:           Wed 01 Jan 2025 21:47:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1902
IP address blocks:        62.152.128.0/20 maxlen: 20
                          62.152.141.0/24 maxlen: 24
                          62.152.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/51a655-2735-49ef-80df-b316db5938ff/1/aNJK3cw9W3egmakHEiJSpHyPYxA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/51a655-2735-49ef-80df-b316db5938ff/1/aNJK3cw9W3egmakHEiJSpHyPYxA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aNJK3cw9W3egmakHEiJSpHyPYxA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 14:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:e0:c6:58:88:8d:da:d3:a8:29:66:82:ff:b9:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68d24addcc3d5b77a099a907122252a47c8f6310
        Validity
            Not Before: Jan  1 21:47:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1d9a5e3bcff9ee7b7f33da885c89da7795414668
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:39:0f:6f:84:41:b3:a8:80:bd:41:f4:82:64:
                    2a:1f:92:1c:63:5f:e5:db:ec:5c:0c:92:b0:3a:03:
                    49:24:ba:53:c6:c6:da:77:05:4d:ca:6e:74:05:e4:
                    88:1d:0a:43:02:16:33:90:63:f9:71:34:cc:9d:f4:
                    92:44:a9:1b:12:44:63:0e:4a:18:dd:ef:ec:5d:e0:
                    79:35:f3:ad:41:0a:5b:d4:88:f5:6c:75:0b:48:30:
                    6b:e1:fa:48:ac:af:be:df:9d:74:da:5c:f2:ff:9f:
                    64:ca:35:bf:6a:aa:5a:2a:97:dd:6f:45:77:b2:06:
                    5e:97:f8:53:d2:b4:7f:0a:7c:f6:40:9d:b7:6a:a5:
                    ac:f3:45:11:b5:be:c9:b6:35:cb:ef:fe:04:ce:01:
                    1b:ae:a5:04:b8:63:cd:87:8b:86:41:b8:8a:2b:3c:
                    dd:0e:99:67:22:d3:a7:f5:44:f1:11:13:2e:aa:d2:
                    b8:2f:68:69:72:d4:32:1c:ba:b4:c4:6c:dc:c8:28:
                    5c:93:81:e4:5f:05:ab:49:2c:17:a5:b3:d7:be:c3:
                    e6:4a:01:05:d1:b7:af:d3:10:03:18:d2:23:87:71:
                    71:df:09:f8:71:a3:96:35:0e:07:e7:0a:6a:32:75:
                    3a:35:0b:d1:84:a5:8c:e6:8a:d3:44:75:4f:cc:e6:
                    b0:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:9A:5E:3B:CF:F9:EE:7B:7F:33:DA:88:5C:89:DA:77:95:41:46:68
            X509v3 Authority Key Identifier:
                keyid:68:D2:4A:DD:CC:3D:5B:77:A0:99:A9:07:12:22:52:A4:7C:8F:63:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aNJK3cw9W3egmakHEiJSpHyPYxA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/51a655-2735-49ef-80df-b316db5938ff/1/HZpeO8_57nt_M9qIXInad5VBRmg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/51a655-2735-49ef-80df-b316db5938ff/1/aNJK3cw9W3egmakHEiJSpHyPYxA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.152.128.0/20

    Signature Algorithm: sha256WithRSAEncryption
         15:23:ef:12:4a:a7:dd:86:ee:b6:66:5b:34:9b:f3:76:38:70:
         4e:00:30:d8:2c:74:21:d6:5c:02:35:6b:05:95:8d:cd:ed:23:
         28:19:18:2c:2e:b9:42:b9:6d:57:df:f1:dd:5e:66:38:46:d8:
         ba:a3:39:c1:cd:c2:e1:f2:19:15:21:ab:fd:d0:66:67:10:71:
         9d:cb:fc:e1:f5:92:92:4e:e7:9a:f1:d2:02:96:40:de:42:f7:
         ea:60:be:41:99:a6:05:96:13:f9:70:17:29:f9:15:4d:5c:d9:
         40:2f:e0:78:1f:38:32:74:20:81:5e:8d:c1:fe:c0:45:da:2d:
         71:fa:ed:7c:4f:17:a9:b1:41:41:3f:83:98:50:5f:f4:90:76:
         a0:0e:f1:44:63:64:74:ca:c0:8c:47:c8:83:76:49:17:0a:a4:
         70:a5:87:23:fb:bd:2a:96:af:6f:54:49:39:91:b2:1d:c2:3c:
         ac:9c:56:c2:ee:90:03:aa:f8:0b:0c:09:51:0c:34:55:55:e7:
         76:85:42:92:6f:fa:be:c2:bd:c6:47:36:d0:03:cc:eb:6b:d7:
         e8:a3:4b:05:33:82:9d:8b:46:34:c0:86:0d:a3:f3:cf:fd:8e:
         ba:5c:01:d5:04:a9:36:a9:58:21:b0:88:38:31:1b:1f:c4:d5:
         8c:7c:9a:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1uDGWIiN2tOoKWaC/7kiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4ZDI0YWRkY2MzZDViNzdhMDk5YTkwNzEyMjI1MmE0N2M4
ZjYzMTAwHhcNMjUwMTAxMjE0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDlhNWUzYmNmZjllZTdiN2YzM2RhODg1Yzg5ZGE3Nzk1NDE0NjY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlDkPb4RBs6iAvUH0gmQqH5IcY1/l
2+xcDJKwOgNJJLpTxsbadwVNym50BeSIHQpDAhYzkGP5cTTMnfSSRKkbEkRjDkoY
3e/sXeB5NfOtQQpb1Ij1bHULSDBr4fpIrK++35102lzy/59kyjW/aqpaKpfdb0V3
sgZel/hT0rR/Cnz2QJ23aqWs80URtb7JtjXL7/4EzgEbrqUEuGPNh4uGQbiKKzzd
DplnItOn9UTxERMuqtK4L2hpctQyHLq0xGzcyChck4HkXwWrSSwXpbPXvsPmSgEF
0bev0xADGNIjh3Fx3wn4caOWNQ4H5wpqMnU6NQvRhKWM5orTRHVPzOaw8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB2aXjvP+e57fzPaiFyJ2neVQUZoMB8GA1UdIwQY
MBaAFGjSSt3MPVt3oJmpBxIiUqR8j2MQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU5KSzNjdzlXM2VnbWFrSEVpSlNwSHlQWXhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi81MWE2NTUtMjczNS00OWVmLTgwZGYt
YjMxNmRiNTkzOGZmLzEvSFpwZU84XzU3bnRfTTlxSVhJbmFkNVZCUm1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi81MWE2NTUtMjczNS00OWVmLTgwZGYtYjMxNmRiNTkzOGZm
LzEvYU5KSzNjdzlXM2VnbWFrSEVpSlNwSHlQWXhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEPpiAMA0G
CSqGSIb3DQEBCwUAA4IBAQAVI+8SSqfdhu62Zls0m/N2OHBOADDYLHQh1lwCNWsF
lY3N7SMoGRgsLrlCuW1X3/HdXmY4Rti6oznBzcLh8hkVIav90GZnEHGdy/zh9ZKS
Tuea8dIClkDeQvfqYL5BmaYFlhP5cBcp+RVNXNlAL+B4HzgydCCBXo3B/sBF2i1x
+u18TxepsUFBP4OYUF/0kHagDvFEY2R0ysCMR8iDdkkXCqRwpYcj+70qlq9vVEk5
kbIdwjysnFbC7pADqvgLDAlRDDRVVed2hUKSb/q+wr3GRzbQA8zra9foo0sFM4Kd
i0Y0wIYNo/PP/Y66XAHVBKk2qVghsIg4MRsfxNWMfJoU
-----END CERTIFICATE-----