Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/WXta4d3Q1fpkaXuDcabRadaMBzY.roa
File:                     WXta4d3Q1fpkaXuDcabRadaMBzY.roa (raw, json)
Hash identifier:          QBJ3i07thiNdUkywMaXY4bhMM6LoR/yctcg4/03JHGE=
Subject key identifier:   59:7B:5A:E1:DD:D0:D5:FA:64:69:7B:83:71:A6:D1:69:D6:8C:07:36
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       019420D5A095831D73D4930622FB308F4DF4
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/WXta4d3Q1fpkaXuDcabRadaMBzY.roa
Signing time:             Wed 01 Jan 2025 07:47:38 +0000
ROA not before:           Wed 01 Jan 2025 07:47:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8908
IP address blocks:        62.160.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 07:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:a0:95:83:1d:73:d4:93:06:22:fb:30:8f:4d:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jan  1 07:47:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=597b5ae1ddd0d5fa64697b8371a6d169d68c0736
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:62:b7:c3:d5:45:cf:f4:82:80:05:65:62:5f:
                    99:84:e0:b7:74:22:90:a3:56:be:d3:24:1c:a5:02:
                    59:52:4f:4c:12:55:a7:1f:71:44:d0:57:b0:15:c0:
                    e9:6a:db:23:98:85:0f:d5:67:2d:14:56:56:75:e7:
                    7e:a7:28:24:15:54:b6:6a:ad:27:56:81:4f:72:ea:
                    af:76:c6:bf:77:a2:28:0e:2d:b6:2a:c2:15:84:1d:
                    ea:4b:67:06:e1:3d:89:b2:29:37:9c:a1:bb:21:0a:
                    bd:aa:c2:58:ef:db:6c:99:96:97:e7:71:1b:a2:36:
                    7c:56:73:9c:b3:22:a3:c7:64:e0:a4:bd:9e:05:55:
                    e9:8e:e4:31:ba:19:54:e1:7c:c8:59:ac:51:b9:a0:
                    bf:75:f5:61:c8:5b:91:0b:45:11:64:e7:ff:f9:8a:
                    75:06:40:ff:9d:b1:54:13:78:7f:3d:5d:d1:52:46:
                    ee:24:7b:09:0e:5f:80:d1:88:67:40:2b:50:73:4b:
                    c9:e1:9f:86:9d:37:04:76:93:4a:56:92:4a:70:de:
                    dd:0f:ed:a8:6f:fa:f7:35:fa:bc:2e:c7:18:54:82:
                    7e:8d:90:22:c7:10:70:1d:f7:5f:1b:18:31:2c:72:
                    b4:10:1e:a8:13:c4:68:a5:20:db:90:48:b9:be:0f:
                    0e:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:7B:5A:E1:DD:D0:D5:FA:64:69:7B:83:71:A6:D1:69:D6:8C:07:36
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/WXta4d3Q1fpkaXuDcabRadaMBzY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.160.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:11:38:8f:71:f4:13:d0:14:c8:71:ad:7f:28:cf:a9:90:49:
         df:8d:dc:e6:15:e2:47:49:ff:6c:76:4a:97:26:91:25:9d:16:
         ac:fe:19:df:22:2c:e0:04:18:6b:ce:33:a2:5d:0e:27:96:4d:
         e6:09:59:8b:3a:6f:0f:17:49:95:84:d4:4a:63:bd:8f:62:a5:
         f4:db:89:b0:d9:12:28:29:de:c9:70:a9:6e:32:2d:7b:55:46:
         5c:fb:aa:88:02:58:9f:28:9a:e7:5a:04:53:f4:72:b5:f3:2e:
         20:a1:8e:68:e8:bc:79:71:55:23:4a:f1:d4:2f:2c:4c:ba:85:
         a0:71:38:ac:11:c0:87:4c:45:ac:a5:4e:91:b8:79:33:ed:3f:
         37:c7:4a:f2:77:5a:a4:55:87:63:92:b8:5d:78:ac:fa:16:f4:
         0e:03:83:9b:03:8f:31:39:fc:1b:1e:39:fd:2f:a9:4e:02:be:
         d8:65:b8:d7:6f:10:54:c4:7c:08:67:47:5e:29:b5:12:4d:aa:
         29:bf:12:ad:f8:23:68:2c:b3:30:35:79:5c:43:9b:63:5e:dc:
         4d:d5:49:ac:be:7b:d8:fe:d3:30:73:9b:ce:b6:64:0c:42:57:
         6a:c0:22:30:bb:56:c7:83:e3:4f:c1:0d:c6:3a:3a:f0:54:d5:
         0d:4b:26:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1aCVgx1z1JMGIvswj030MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjUwMTAxMDc0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTdiNWFlMWRkZDBkNWZhNjQ2OTdiODM3MWE2ZDE2OWQ2OGMwNzM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhGK3w9VFz/SCgAVlYl+ZhOC3dCKQ
o1a+0yQcpQJZUk9MElWnH3FE0FewFcDpatsjmIUP1WctFFZWded+pygkFVS2aq0n
VoFPcuqvdsa/d6IoDi22KsIVhB3qS2cG4T2Jsik3nKG7IQq9qsJY79tsmZaX53Eb
ojZ8VnOcsyKjx2TgpL2eBVXpjuQxuhlU4XzIWaxRuaC/dfVhyFuRC0URZOf/+Yp1
BkD/nbFUE3h/PV3RUkbuJHsJDl+A0YhnQCtQc0vJ4Z+GnTcEdpNKVpJKcN7dD+2o
b/r3Nfq8LscYVIJ+jZAixxBwHfdfGxgxLHK0EB6oE8RopSDbkEi5vg8OMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFl7WuHd0NX6ZGl7g3Gm0WnWjAc2MB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvV1h0YTRkM1ExZnBrYVh1RGNhYlJhZGFNQnpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPqAbMA0G
CSqGSIb3DQEBCwUAA4IBAQB1ETiPcfQT0BTIca1/KM+pkEnfjdzmFeJHSf9sdkqX
JpElnRas/hnfIizgBBhrzjOiXQ4nlk3mCVmLOm8PF0mVhNRKY72PYqX024mw2RIo
Kd7JcKluMi17VUZc+6qIAlifKJrnWgRT9HK18y4goY5o6Lx5cVUjSvHULyxMuoWg
cTisEcCHTEWspU6RuHkz7T83x0ryd1qkVYdjkrhdeKz6FvQOA4ObA48xOfwbHjn9
L6lOAr7YZbjXbxBUxHwIZ0deKbUSTaopvxKt+CNoLLMwNXlcQ5tjXtxN1UmsvnvY
/tMwc5vOtmQMQldqwCIwu1bHg+NPwQ3GOjrwVNUNSybR
-----END CERTIFICATE-----