Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/LYMZh-8zmmJQALRoTJSiAy1xVXQ.roa
File:                     LYMZh-8zmmJQALRoTJSiAy1xVXQ.roa (raw, json)
Hash identifier:          G06Sl16Ng8eeY3gv7tMq+fX/m50tj1xA9Uh5PHKbHb8=
Subject key identifier:   2D:83:19:87:EF:33:9A:62:50:00:B4:68:4C:94:A2:03:2D:71:55:74
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       01942369C14D13DAFF3EAE76EBEC15E862AE
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/LYMZh-8zmmJQALRoTJSiAy1xVXQ.roa
Signing time:             Wed 01 Jan 2025 19:48:40 +0000
ROA not before:           Wed 01 Jan 2025 19:48:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2914
IP address blocks:        170.62.112.0/22 maxlen: 24
                          170.62.116.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:c1:4d:13:da:ff:3e:ae:76:eb:ec:15:e8:62:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Jan  1 19:48:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2d831987ef339a625000b4684c94a2032d715574
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:a0:ce:41:61:01:75:9b:f3:b3:16:9b:ce:a6:
                    aa:04:95:1c:63:7c:89:7e:24:d6:38:36:84:00:39:
                    c2:78:92:f3:6d:f0:8b:58:ef:06:30:d3:89:13:7a:
                    7f:87:a1:15:c5:0d:ff:7f:13:c9:a6:e2:52:4e:02:
                    fd:7b:ea:75:10:94:e2:d8:8b:e8:ab:b7:67:a9:c2:
                    d5:e7:aa:38:f0:02:bc:66:b0:2a:58:af:12:3e:8d:
                    27:6b:97:36:b4:69:dc:62:b8:08:22:20:e7:07:9c:
                    ff:6d:ef:9a:a6:5e:36:12:dc:2f:58:da:fb:38:8f:
                    71:8e:4d:7f:04:e7:12:70:fd:a3:3b:b0:5f:c1:05:
                    22:b5:16:e7:2e:c1:24:b2:35:27:30:87:a9:f9:cd:
                    c4:4d:78:60:35:47:01:23:ac:2b:7a:fb:92:04:cd:
                    f6:50:dc:34:8c:b3:79:50:84:83:7d:46:93:97:ff:
                    21:81:bc:32:08:6b:28:1d:c3:fc:de:41:44:e3:e6:
                    b0:4d:d2:ad:8e:35:c7:5b:2b:40:1b:f4:90:0d:c9:
                    e3:1e:a9:15:82:25:91:48:88:f1:2e:e0:5b:b6:a8:
                    fe:23:d7:57:5c:7e:6d:55:7f:2f:7c:fc:7b:de:15:
                    f0:d1:5f:dc:36:84:d3:cb:e9:04:00:00:d1:76:b1:
                    a3:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:83:19:87:EF:33:9A:62:50:00:B4:68:4C:94:A2:03:2D:71:55:74
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/LYMZh-8zmmJQALRoTJSiAy1xVXQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.62.112.0/21

    Signature Algorithm: sha256WithRSAEncryption
         02:3e:15:05:db:4f:56:fc:0c:46:5a:3d:a1:e2:07:7e:40:ce:
         de:08:70:5b:02:bc:09:ef:dc:21:89:70:fd:b5:91:c5:c4:b5:
         7f:a3:20:8b:1d:0e:8f:09:e2:d3:e6:3e:a3:53:32:9a:29:1d:
         e1:84:74:d7:8b:ed:9e:1b:19:fb:64:ba:29:7c:ef:69:af:c4:
         af:b4:03:10:13:da:cb:d6:37:0f:5d:f9:ec:0f:a7:35:cc:d7:
         09:f3:20:0c:81:42:39:0c:39:ee:90:6b:8e:37:13:5d:c6:29:
         d9:42:a6:15:67:1c:2a:83:f0:7a:51:b4:4e:7b:16:83:2d:17:
         f3:de:fd:34:83:cd:cc:db:ac:77:d8:da:7e:2e:3c:03:f7:8d:
         11:4f:fa:12:87:51:37:a6:4e:66:22:aa:e4:48:b7:b0:6b:ee:
         7b:f9:f5:8e:e8:1e:41:10:8e:36:ce:ed:9f:51:55:71:f1:aa:
         ec:3e:11:ee:3f:d3:29:12:33:13:87:f9:78:56:2e:a2:38:54:
         ce:32:28:5e:07:d4:06:5e:dd:18:42:14:11:fd:98:70:cb:53:
         bc:6e:56:b9:4e:e0:dd:15:3c:b8:96:a3:0d:ce:f9:96:2b:1a:
         3b:5b:42:e2:19:23:9e:29:72:33:ad:a4:a8:f0:d9:eb:40:8f:
         fa:11:93:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjacFNE9r/Pq526+wV6GKuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjUwMTAxMTk0ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDgzMTk4N2VmMzM5YTYyNTAwMGI0Njg0Yzk0YTIwMzJkNzE1NTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtKDOQWEBdZvzsxabzqaqBJUcY3yJ
fiTWODaEADnCeJLzbfCLWO8GMNOJE3p/h6EVxQ3/fxPJpuJSTgL9e+p1EJTi2Ivo
q7dnqcLV56o48AK8ZrAqWK8SPo0na5c2tGncYrgIIiDnB5z/be+apl42EtwvWNr7
OI9xjk1/BOcScP2jO7BfwQUitRbnLsEksjUnMIep+c3ETXhgNUcBI6wrevuSBM32
UNw0jLN5UISDfUaTl/8hgbwyCGsoHcP83kFE4+awTdKtjjXHWytAG/SQDcnjHqkV
giWRSIjxLuBbtqj+I9dXXH5tVX8vfPx73hXw0V/cNoTTy+kEAADRdrGjEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC2DGYfvM5piUAC0aEyUogMtcVV0MB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvTFlNWmgtOHptbUpRQUxSb1RKU2lBeTF4VlhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDqj5wMA0G
CSqGSIb3DQEBCwUAA4IBAQACPhUF209W/AxGWj2h4gd+QM7eCHBbArwJ79whiXD9
tZHFxLV/oyCLHQ6PCeLT5j6jUzKaKR3hhHTXi+2eGxn7ZLopfO9pr8SvtAMQE9rL
1jcPXfnsD6c1zNcJ8yAMgUI5DDnukGuONxNdxinZQqYVZxwqg/B6UbROexaDLRfz
3v00g83M26x32Np+LjwD940RT/oSh1E3pk5mIqrkSLewa+57+fWO6B5BEI42zu2f
UVVx8arsPhHuP9MpEjMTh/l4Vi6iOFTOMiheB9QGXt0YQhQR/Zhwy1O8bla5TuDd
FTy4lqMNzvmWKxo7W0LiGSOeKXIzraSo8NnrQI/6EZP6
-----END CERTIFICATE-----