Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/8c1544-7cf2-4871-a1df-0253d04fb8ff/1/_9QXHDXD2W0fy8-Ix1_61oUgOdw.roa
File:                     _9QXHDXD2W0fy8-Ix1_61oUgOdw.roa (raw, json)
Hash identifier:          PBxel1cKi46iaG0YRLkS2zvm3xWWCreZ2nu/52SigQM=
Subject key identifier:   FF:D4:17:1C:35:C3:D9:6D:1F:CB:CF:88:C7:5F:FA:D6:85:20:39:DC
Certificate issuer:       /CN=943e3f4856dac2a005c3a52347114dec453934b8
Certificate serial:       019423D6BC184462E49A4CD5DF37BFCAE816
Authority key identifier: 94:3E:3F:48:56:DA:C2:A0:05:C3:A5:23:47:11:4D:EC:45:39:34:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lD4_SFbawqAFw6UjRxFN7EU5NLg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/8c1544-7cf2-4871-a1df-0253d04fb8ff/1/_9QXHDXD2W0fy8-Ix1_61oUgOdw.roa
Signing time:             Wed 01 Jan 2025 21:47:42 +0000
ROA not before:           Wed 01 Jan 2025 21:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12684
IP address blocks:        62.202.160.0/20 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/8c1544-7cf2-4871-a1df-0253d04fb8ff/1/lD4_SFbawqAFw6UjRxFN7EU5NLg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/8c1544-7cf2-4871-a1df-0253d04fb8ff/1/lD4_SFbawqAFw6UjRxFN7EU5NLg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lD4_SFbawqAFw6UjRxFN7EU5NLg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 03:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:bc:18:44:62:e4:9a:4c:d5:df:37:bf:ca:e8:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=943e3f4856dac2a005c3a52347114dec453934b8
        Validity
            Not Before: Jan  1 21:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ffd4171c35c3d96d1fcbcf88c75ffad6852039dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:11:ff:78:a2:e5:19:d6:57:2d:12:76:c4:b2:
                    4c:03:a3:23:6b:8c:47:59:21:31:df:8c:6f:f2:9f:
                    81:41:ea:1d:9e:20:fa:3c:2c:37:37:54:b5:9a:d1:
                    54:fe:ad:d3:26:87:e8:0c:ee:97:2c:4e:dc:c0:60:
                    a9:a2:a0:1c:eb:fb:d5:96:21:6f:e0:63:02:45:2c:
                    ae:92:1c:d7:48:6e:37:99:fb:d8:aa:5b:64:65:b6:
                    49:fd:95:66:07:64:80:10:05:f5:f4:2c:3a:23:75:
                    05:ae:94:35:e8:ea:6b:50:b1:9a:bb:d4:f5:51:80:
                    e9:f3:3d:03:0b:06:de:79:e6:fb:e5:da:6d:17:83:
                    bd:eb:71:bc:51:a3:5b:4b:7b:93:be:0b:16:0c:56:
                    f3:30:ff:dc:93:ac:4b:3b:2c:4a:9d:27:a5:ae:a1:
                    16:d0:9b:15:0d:90:48:d7:cb:10:bc:6e:fa:ff:8e:
                    51:59:34:83:af:1d:8e:6a:65:1a:2e:e3:e3:40:c8:
                    a5:d2:65:29:01:49:4b:4f:ce:b6:0b:8d:c7:19:89:
                    37:8e:ff:86:9f:e1:2f:9a:85:c3:04:ab:09:c1:90:
                    98:df:3f:aa:e6:fe:40:df:9e:ad:39:e2:18:c9:64:
                    b4:a4:b0:88:84:24:a7:38:dc:a2:f0:8b:f7:8f:e8:
                    e2:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:D4:17:1C:35:C3:D9:6D:1F:CB:CF:88:C7:5F:FA:D6:85:20:39:DC
            X509v3 Authority Key Identifier:
                keyid:94:3E:3F:48:56:DA:C2:A0:05:C3:A5:23:47:11:4D:EC:45:39:34:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lD4_SFbawqAFw6UjRxFN7EU5NLg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/8c1544-7cf2-4871-a1df-0253d04fb8ff/1/_9QXHDXD2W0fy8-Ix1_61oUgOdw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/8c1544-7cf2-4871-a1df-0253d04fb8ff/1/lD4_SFbawqAFw6UjRxFN7EU5NLg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.202.160.0/20

    Signature Algorithm: sha256WithRSAEncryption
         63:ef:4e:62:31:a3:f4:48:4e:ad:73:c0:b1:3a:db:0b:dc:08:
         55:b6:b3:65:d1:f1:c7:fe:d9:35:cc:eb:92:07:d5:20:60:79:
         d4:20:32:df:c7:b6:6d:d4:e7:51:42:40:3c:0b:53:d8:a4:fc:
         57:f8:0c:2e:bd:d4:50:2b:59:1a:38:e6:cf:b5:1b:89:4d:bd:
         d9:56:77:2d:08:df:4c:66:2b:99:f7:74:cb:ad:13:ef:5f:66:
         0c:17:dc:3e:56:22:94:d7:39:c2:8a:12:a3:1f:48:f0:d2:6f:
         cf:24:26:df:a7:6c:ea:9e:fa:3a:39:c6:8c:c5:bd:30:c4:6c:
         1f:38:55:25:01:a4:26:e8:85:c4:af:f4:5a:45:04:23:b5:f5:
         35:19:92:13:5f:04:aa:1b:9f:7e:ef:a2:31:d2:f5:3c:8f:77:
         50:03:a2:55:96:12:59:65:c7:d8:4c:b6:ef:e7:bd:71:16:09:
         27:1c:43:b9:f0:77:a6:c8:9e:38:3f:a6:5f:97:2e:11:87:8c:
         2e:95:22:cf:52:6d:22:0d:24:07:bd:c8:1b:67:a5:1a:a5:1b:
         95:44:3d:43:5e:c0:07:01:2f:22:76:56:35:c5:b1:ec:12:4a:
         3d:77:2b:08:96:39:50:52:89:48:3f:e7:6d:d2:17:95:3c:53:
         17:a8:e1:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1rwYRGLkmkzV3ze/yugWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0M2UzZjQ4NTZkYWMyYTAwNWMzYTUyMzQ3MTE0ZGVjNDUz
OTM0YjgwHhcNMjUwMTAxMjE0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmQ0MTcxYzM1YzNkOTZkMWZjYmNmODhjNzVmZmFkNjg1MjAzOWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAthH/eKLlGdZXLRJ2xLJMA6Mja4xH
WSEx34xv8p+BQeodniD6PCw3N1S1mtFU/q3TJofoDO6XLE7cwGCpoqAc6/vVliFv
4GMCRSyukhzXSG43mfvYqltkZbZJ/ZVmB2SAEAX19Cw6I3UFrpQ16OprULGau9T1
UYDp8z0DCwbeeeb75dptF4O963G8UaNbS3uTvgsWDFbzMP/ck6xLOyxKnSelrqEW
0JsVDZBI18sQvG76/45RWTSDrx2OamUaLuPjQMil0mUpAUlLT862C43HGYk3jv+G
n+EvmoXDBKsJwZCY3z+q5v5A356tOeIYyWS0pLCIhCSnONyi8Iv3j+jipQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP/UFxw1w9ltH8vPiMdf+taFIDncMB8GA1UdIwQY
MBaAFJQ+P0hW2sKgBcOlI0cRTexFOTS4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEQ0X1NGYmF3cUFGdzZValJ4Rk43RVU1TkxnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy84YzE1NDQtN2NmMi00ODcxLWExZGYt
MDI1M2QwNGZiOGZmLzEvXzlRWEhEWEQyVzBmeTgtSXgxXzYxb1VnT2R3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy84YzE1NDQtN2NmMi00ODcxLWExZGYtMDI1M2QwNGZiOGZm
LzEvbEQ0X1NGYmF3cUFGdzZValJ4Rk43RVU1TkxnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEPsqgMA0G
CSqGSIb3DQEBCwUAA4IBAQBj705iMaP0SE6tc8CxOtsL3AhVtrNl0fHH/tk1zOuS
B9UgYHnUIDLfx7Zt1OdRQkA8C1PYpPxX+AwuvdRQK1kaOObPtRuJTb3ZVnctCN9M
ZiuZ93TLrRPvX2YMF9w+ViKU1znCihKjH0jw0m/PJCbfp2zqnvo6OcaMxb0wxGwf
OFUlAaQm6IXEr/RaRQQjtfU1GZITXwSqG59+76Ix0vU8j3dQA6JVlhJZZcfYTLbv
571xFgknHEO58HemyJ44P6Zfly4Rh4wulSLPUm0iDSQHvcgbZ6UapRuVRD1DXsAH
AS8idlY1xbHsEko9dysIljlQUolIP+dt0heVPFMXqOFV
-----END CERTIFICATE-----