Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/cRs9np0-Hb2Pp7Gy4xvjqlSG_08.roa
File:                     cRs9np0-Hb2Pp7Gy4xvjqlSG_08.roa (raw, json)
Hash identifier:          8YhJCGrKf2Y8cr/A27+l5ullMea9kiCVBRr6JpUlM+4=
Subject key identifier:   71:1B:3D:9E:9D:3E:1D:BD:8F:A7:B1:B2:E3:1B:E3:AA:54:86:FF:4F
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       0194E9E7473CE939B5E9392053E8C8F2C440
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/cRs9np0-Hb2Pp7Gy4xvjqlSG_08.roa
Signing time:             Sun 09 Feb 2025 08:50:35 +0000
ROA not before:           Sun 09 Feb 2025 08:50:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213474
IP address blocks:        170.62.176.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 14:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:e9:e7:47:3c:e9:39:b5:e9:39:20:53:e8:c8:f2:c4:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Feb  9 08:50:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=711b3d9e9d3e1dbd8fa7b1b2e31be3aa5486ff4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:fa:b9:a4:45:2f:ad:26:9f:2f:c3:a6:d4:e8:
                    49:07:5b:76:4a:82:02:57:fa:8d:7d:b8:5a:97:c8:
                    4b:31:3c:ba:65:9f:3e:bf:02:b2:67:3a:77:b3:06:
                    22:3f:c7:4b:91:f9:d9:85:2b:85:ce:5f:8a:a0:60:
                    6a:85:94:c8:d6:6e:f8:1f:36:63:30:8f:9b:bd:f5:
                    f3:d4:aa:0f:34:25:df:d8:8b:e7:66:72:38:6a:b8:
                    28:d3:dc:5e:6e:72:ef:34:95:e1:5e:5f:5e:01:1b:
                    6e:41:98:8c:61:6b:b7:0d:df:11:c0:e2:ef:6c:18:
                    f7:d3:94:18:26:fb:16:f4:17:08:2d:1b:aa:4d:94:
                    1d:26:89:68:22:3e:93:f1:0c:01:d7:4e:43:c6:64:
                    ab:ff:56:11:81:0e:07:2b:f9:fc:f0:83:78:a3:8c:
                    70:fb:29:cb:99:cc:9d:49:90:21:24:8e:b5:b8:61:
                    1c:9f:f8:7e:04:21:4e:54:a1:34:c7:a3:ab:28:06:
                    e5:81:bb:e3:a9:67:38:76:47:f2:24:96:29:d2:17:
                    c2:20:c8:22:b1:84:88:b6:06:e1:76:f6:0b:6a:a2:
                    b7:82:59:c8:c3:b4:3a:00:4a:5a:93:fc:63:4b:d2:
                    71:83:30:8d:89:23:86:8d:e5:af:75:2f:2d:4f:db:
                    73:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:1B:3D:9E:9D:3E:1D:BD:8F:A7:B1:B2:E3:1B:E3:AA:54:86:FF:4F
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/cRs9np0-Hb2Pp7Gy4xvjqlSG_08.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.62.176.0/21

    Signature Algorithm: sha256WithRSAEncryption
         38:66:b8:ec:85:08:c7:6b:33:a6:8d:5a:36:03:61:a3:87:32:
         39:44:29:d3:2b:30:92:1d:ad:3e:e3:8a:8a:ac:76:a3:e6:aa:
         62:d5:d9:7d:3f:b1:c1:3a:ef:a4:53:fe:1a:6a:0b:db:c1:69:
         20:f0:2b:e7:92:1f:5d:2a:10:04:96:59:2a:cd:56:65:a4:6c:
         87:53:2f:ac:da:92:a3:4a:61:0b:8a:c2:56:5c:22:18:03:99:
         4d:e4:da:50:3a:01:24:ad:32:ef:db:e5:21:a8:60:d4:44:86:
         84:86:ea:62:68:ee:5d:60:f1:9e:2e:e3:5a:68:15:51:53:a1:
         f6:65:bb:c3:09:6c:b6:bd:81:e9:20:d3:dd:67:70:b9:f4:3f:
         96:6a:1d:eb:8f:15:d8:03:73:09:ec:22:ac:75:eb:42:d8:77:
         3e:9d:2a:68:78:de:39:62:19:60:c8:f6:9f:58:fd:0b:bc:08:
         7c:12:e9:8d:af:89:96:df:22:c9:3b:f0:31:4a:a1:e7:71:76:
         63:32:21:1d:a8:07:96:32:3d:6c:65:15:bb:10:80:d1:84:b5:
         d6:16:7c:3a:f6:7e:c3:53:7a:76:b7:3c:03:1c:e7:cf:9a:be:
         7f:0b:df:2a:c1:1c:32:12:60:35:5c:4b:0c:4f:50:20:9c:4e:
         e9:7e:1c:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZTp50c86Tm16TkgU+jI8sRAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjUwMjA5MDg1MDM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTFiM2Q5ZTlkM2UxZGJkOGZhN2IxYjJlMzFiZTNhYTU0ODZmZjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/q5pEUvrSafL8Om1OhJB1t2SoIC
V/qNfbhal8hLMTy6ZZ8+vwKyZzp3swYiP8dLkfnZhSuFzl+KoGBqhZTI1m74HzZj
MI+bvfXz1KoPNCXf2IvnZnI4argo09xebnLvNJXhXl9eARtuQZiMYWu3Dd8RwOLv
bBj305QYJvsW9BcILRuqTZQdJoloIj6T8QwB105DxmSr/1YRgQ4HK/n88IN4o4xw
+ynLmcydSZAhJI61uGEcn/h+BCFOVKE0x6OrKAblgbvjqWc4dkfyJJYp0hfCIMgi
sYSItgbhdvYLaqK3glnIw7Q6AEpak/xjS9JxgzCNiSOGjeWvdS8tT9tzRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHEbPZ6dPh29j6exsuMb46pUhv9PMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvY1JzOW5wMC1IYjJQcDdHeTR4dmpxbFNHXzA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDqj6wMA0G
CSqGSIb3DQEBCwUAA4IBAQA4ZrjshQjHazOmjVo2A2GjhzI5RCnTKzCSHa0+44qK
rHaj5qpi1dl9P7HBOu+kU/4aagvbwWkg8Cvnkh9dKhAEllkqzVZlpGyHUy+s2pKj
SmELisJWXCIYA5lN5NpQOgEkrTLv2+UhqGDURIaEhupiaO5dYPGeLuNaaBVRU6H2
ZbvDCWy2vYHpINPdZ3C59D+Wah3rjxXYA3MJ7CKsdetC2Hc+nSpoeN45YhlgyPaf
WP0LvAh8EumNr4mW3yLJO/AxSqHncXZjMiEdqAeWMj1sZRW7EIDRhLXWFnw69n7D
U3p2tzwDHOfPmr5/C98qwRwyEmA1XEsMT1AgnE7pfhwc
-----END CERTIFICATE-----