Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/dYiyMxBIxfsl6RVPznRWAdlaoqE.roa
File:                     dYiyMxBIxfsl6RVPznRWAdlaoqE.roa (raw, json)
Hash identifier:          eLJsFKH9UdrJpV5I8lq1iv0Quc7VQlKQcS4onl0LwUw=
Subject key identifier:   75:88:B2:33:10:48:C5:FB:25:E9:15:4F:CE:74:56:01:D9:5A:A2:A1
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       0195194B56C64B8D1B206A18467AD74750A8
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/dYiyMxBIxfsl6RVPznRWAdlaoqE.roa
Signing time:             Tue 18 Feb 2025 13:42:02 +0000
ROA not before:           Tue 18 Feb 2025 13:42:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     40676
IP address blocks:        62.169.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 14:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:19:4b:56:c6:4b:8d:1b:20:6a:18:46:7a:d7:47:50:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Feb 18 13:42:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7588b2331048c5fb25e9154fce745601d95aa2a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:19:ca:62:85:22:a9:1b:7b:76:a1:7d:bf:71:
                    d7:48:a0:49:ab:c9:d4:06:86:8e:1d:d0:c8:2c:39:
                    7e:29:03:f0:29:2b:4b:47:3e:9b:1b:ff:4d:02:55:
                    26:5b:cb:eb:ea:c1:3f:10:29:d6:b2:7b:99:40:c5:
                    ef:13:ab:dd:53:ba:14:3b:d6:45:47:d3:3a:5d:e2:
                    8a:ce:ff:6f:8a:5c:ec:22:fc:51:dd:27:49:d8:8d:
                    70:f9:b5:95:d4:fc:ac:8c:21:36:5c:64:02:7c:19:
                    73:16:d1:d9:00:0a:8e:f6:94:59:5f:4e:53:82:17:
                    45:99:8e:11:68:78:b4:b8:d7:4e:b4:fc:9e:4c:56:
                    9f:dc:4f:c5:9c:95:f9:5c:f8:ea:4d:4e:f3:df:3f:
                    00:88:76:08:58:44:63:c9:8d:a5:06:96:e6:c9:9a:
                    0e:41:e5:af:71:1a:52:06:a1:3b:91:ec:06:53:a2:
                    9d:68:76:7e:40:91:95:ff:7c:1d:54:ef:54:7f:9e:
                    16:42:8e:76:54:0f:e1:23:49:4c:98:a5:21:d5:c4:
                    ac:6e:a1:e0:73:b9:7b:69:be:11:d1:8d:a8:ad:11:
                    d5:ed:b5:ef:d6:24:f7:90:da:74:64:ca:90:73:b1:
                    f0:50:85:41:52:ca:3e:f5:31:4b:6e:d2:29:d0:97:
                    42:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:88:B2:33:10:48:C5:FB:25:E9:15:4F:CE:74:56:01:D9:5A:A2:A1
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/dYiyMxBIxfsl6RVPznRWAdlaoqE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.169.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:22:2c:6b:5a:b5:ae:70:6e:18:e5:48:81:00:e8:d2:09:3e:
         a2:d0:c5:b7:e1:7d:1e:32:06:29:80:b9:24:9d:7d:17:5e:03:
         5d:c0:23:8c:f0:01:21:cb:8e:e1:1b:cb:6f:03:72:f0:cb:60:
         cd:78:eb:15:3c:3e:f9:bc:9d:ee:0b:41:21:dd:5f:59:ca:80:
         96:de:59:ea:8a:42:1d:b5:c4:58:97:5e:4d:c8:39:5a:3c:dc:
         c6:ab:fa:ad:a5:6e:a2:3e:0c:1f:43:26:da:97:71:8b:33:3b:
         b3:21:60:d7:1e:31:1b:df:57:82:ff:45:ad:36:db:8e:b3:c5:
         fb:ae:92:07:de:6f:fd:fc:d1:60:d0:26:17:c0:bc:72:ec:04:
         9b:cd:53:99:30:96:ae:74:b0:34:00:1c:0c:f1:17:50:85:00:
         9c:4f:cc:ed:23:57:df:b5:ac:c4:47:f9:64:9b:b7:7d:ce:58:
         2e:b3:9a:36:88:d3:22:96:37:e3:7c:db:da:22:de:2d:82:5c:
         af:3f:78:06:89:6c:e2:53:88:58:01:d8:17:9a:c0:4d:2f:7c:
         82:17:5f:8a:a4:3b:05:fd:58:2c:c5:35:ec:85:ea:a4:fd:b0:
         b8:da:bf:23:fb:9c:c1:6e:fb:72:a6:c2:08:f6:4e:96:3b:15:
         07:5e:ac:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUZS1bGS40bIGoYRnrXR1CoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjUwMjE4MTM0MjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTg4YjIzMzEwNDhjNWZiMjVlOTE1NGZjZTc0NTYwMWQ5NWFhMmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArxnKYoUiqRt7dqF9v3HXSKBJq8nU
BoaOHdDILDl+KQPwKStLRz6bG/9NAlUmW8vr6sE/ECnWsnuZQMXvE6vdU7oUO9ZF
R9M6XeKKzv9vilzsIvxR3SdJ2I1w+bWV1PysjCE2XGQCfBlzFtHZAAqO9pRZX05T
ghdFmY4RaHi0uNdOtPyeTFaf3E/FnJX5XPjqTU7z3z8AiHYIWERjyY2lBpbmyZoO
QeWvcRpSBqE7kewGU6KdaHZ+QJGV/3wdVO9Uf54WQo52VA/hI0lMmKUh1cSsbqHg
c7l7ab4R0Y2orRHV7bXv1iT3kNp0ZMqQc7HwUIVBUso+9TFLbtIp0JdClQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHWIsjMQSMX7JekVT850VgHZWqKhMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvZFlpeU14Qkl4ZnNsNlJWUHpuUldBZGxhb3FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPqmCMA0G
CSqGSIb3DQEBCwUAA4IBAQCAIixrWrWucG4Y5UiBAOjSCT6i0MW34X0eMgYpgLkk
nX0XXgNdwCOM8AEhy47hG8tvA3Lwy2DNeOsVPD75vJ3uC0Eh3V9ZyoCW3lnqikId
tcRYl15NyDlaPNzGq/qtpW6iPgwfQybal3GLMzuzIWDXHjEb31eC/0WtNtuOs8X7
rpIH3m/9/NFg0CYXwLxy7ASbzVOZMJaudLA0ABwM8RdQhQCcT8ztI1fftazER/lk
m7d9zlgus5o2iNMiljfjfNvaIt4tglyvP3gGiWziU4hYAdgXmsBNL3yCF1+KpDsF
/VgsxTXsheqk/bC42r8j+5zBbvtypsII9k6WOxUHXqw6
-----END CERTIFICATE-----