Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/2310b1-96a1-48e4-aa72-422aed3a7702/1/okDN2Vo62Yab7_J_IfxlPOwte3o.roa
File:                     okDN2Vo62Yab7_J_IfxlPOwte3o.roa (raw, json)
Hash identifier:          ZVhneNDrAmsrpM6pDt87HbPveddbBNLv2BXaomrxwUA=
Subject key identifier:   A2:40:CD:D9:5A:3A:D9:86:9B:EF:F2:7F:21:FC:65:3C:EC:2D:7B:7A
Certificate issuer:       /CN=64d4e8723450d0a710c32d90ffea18529104e538
Certificate serial:       019425FDC20F117FE722D277351A3D250E60
Authority key identifier: 64:D4:E8:72:34:50:D0:A7:10:C3:2D:90:FF:EA:18:52:91:04:E5:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZNTocjRQ0KcQwy2Q_-oYUpEE5Tg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/2310b1-96a1-48e4-aa72-422aed3a7702/1/okDN2Vo62Yab7_J_IfxlPOwte3o.roa
Signing time:             Thu 02 Jan 2025 07:49:34 +0000
ROA not before:           Thu 02 Jan 2025 07:49:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59729
IP address blocks:        176.103.62.0/23 maxlen: 23
                          2a13:f580:2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/2310b1-96a1-48e4-aa72-422aed3a7702/1/ZNTocjRQ0KcQwy2Q_-oYUpEE5Tg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/2310b1-96a1-48e4-aa72-422aed3a7702/1/ZNTocjRQ0KcQwy2Q_-oYUpEE5Tg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZNTocjRQ0KcQwy2Q_-oYUpEE5Tg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 14:19:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:c2:0f:11:7f:e7:22:d2:77:35:1a:3d:25:0e:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64d4e8723450d0a710c32d90ffea18529104e538
        Validity
            Not Before: Jan  2 07:49:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a240cdd95a3ad9869beff27f21fc653cec2d7b7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:28:14:26:4a:72:97:24:1a:df:16:aa:5e:99:
                    ed:62:c2:93:b4:f6:ef:9b:76:90:06:25:55:7c:d6:
                    59:2e:97:f6:30:9a:09:6a:fc:53:38:9c:d8:dd:55:
                    46:8e:db:ab:7c:8f:15:39:2c:d7:f7:1e:57:ad:54:
                    75:65:51:89:b9:e8:e3:75:25:30:cd:1a:2e:00:8f:
                    cc:51:12:fe:1e:ad:b4:5f:00:d0:54:ba:b2:5b:bb:
                    43:99:28:41:60:a8:81:08:c1:b8:3f:0f:e1:bb:97:
                    c0:02:9e:7c:08:c5:90:45:95:7b:67:6f:9c:a7:de:
                    bb:62:97:99:f1:43:da:90:7d:a1:a9:6e:f5:e1:11:
                    84:6b:5f:b0:04:13:e6:90:16:87:0a:f2:88:60:27:
                    4f:44:75:69:2d:fb:e9:5b:6b:48:c1:2e:6b:a7:6f:
                    da:95:25:47:b3:ff:e0:27:59:60:f5:2c:ea:ef:c1:
                    24:ff:f9:85:19:d6:75:af:c5:bb:9e:92:ba:95:6a:
                    b6:d0:d8:e1:a4:c6:09:a8:2f:18:df:8e:9b:4c:50:
                    ec:17:99:2f:d4:d5:00:a8:f6:74:b2:4a:41:dc:65:
                    55:f9:85:49:87:f4:c7:0c:8a:a7:8c:96:4f:2b:23:
                    cb:3f:77:25:be:81:5d:d7:50:27:70:b3:31:ac:09:
                    e1:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:40:CD:D9:5A:3A:D9:86:9B:EF:F2:7F:21:FC:65:3C:EC:2D:7B:7A
            X509v3 Authority Key Identifier:
                keyid:64:D4:E8:72:34:50:D0:A7:10:C3:2D:90:FF:EA:18:52:91:04:E5:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZNTocjRQ0KcQwy2Q_-oYUpEE5Tg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/2310b1-96a1-48e4-aa72-422aed3a7702/1/okDN2Vo62Yab7_J_IfxlPOwte3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/2310b1-96a1-48e4-aa72-422aed3a7702/1/ZNTocjRQ0KcQwy2Q_-oYUpEE5Tg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.103.62.0/23
                IPv6:
                  2a13:f580:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         2b:32:b7:85:dd:fd:ce:89:19:7a:3e:ff:73:0f:a2:51:24:c0:
         fe:ef:76:6e:e1:c1:11:2f:de:c3:ae:3b:bb:2d:4c:ee:8a:17:
         a9:e8:46:3b:69:92:b9:d5:9e:20:79:76:28:0b:f3:e6:c5:fa:
         5d:00:e0:9d:5f:c4:10:73:09:6d:11:0c:b0:ab:13:c1:41:23:
         9e:52:37:45:d2:4a:8b:4e:89:f0:a7:c8:73:d0:f7:9d:5b:f4:
         06:75:df:43:08:ab:82:fb:49:62:01:1e:a2:4f:03:0e:68:8e:
         3a:f8:11:b5:a3:e9:56:82:34:ec:00:1b:4f:51:c7:68:38:80:
         ea:60:d2:3c:1b:df:97:2d:55:29:fc:4a:5b:af:30:10:e4:45:
         b9:21:9b:db:11:a0:8d:f8:15:fb:61:66:46:ec:cb:50:18:75:
         4e:17:c8:57:53:3f:eb:db:29:70:fd:74:e6:e7:d4:62:3c:45:
         dd:98:cc:3f:07:ea:f3:d1:b6:5c:83:7e:da:a2:9e:78:dc:43:
         76:4d:92:63:b3:e6:67:c0:37:bb:9a:13:a7:93:6f:5d:9d:1f:
         04:ab:62:c0:7f:b7:47:67:b5:3a:2e:d1:ed:c7:b2:12:c9:58:
         91:86:aa:d6:80:8c:cb:6b:65:a4:2b:02:ea:f7:1a:9d:7e:51:
         3c:5a:34:85
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQl/cIPEX/nItJ3NRo9JQ5gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0ZDRlODcyMzQ1MGQwYTcxMGMzMmQ5MGZmZWExODUyOTEw
NGU1MzgwHhcNMjUwMTAyMDc0OTM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjQwY2RkOTVhM2FkOTg2OWJlZmYyN2YyMWZjNjUzY2VjMmQ3YjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmigUJkpylyQa3xaqXpntYsKTtPbv
m3aQBiVVfNZZLpf2MJoJavxTOJzY3VVGjturfI8VOSzX9x5XrVR1ZVGJuejjdSUw
zRouAI/MURL+Hq20XwDQVLqyW7tDmShBYKiBCMG4Pw/hu5fAAp58CMWQRZV7Z2+c
p967YpeZ8UPakH2hqW714RGEa1+wBBPmkBaHCvKIYCdPRHVpLfvpW2tIwS5rp2/a
lSVHs//gJ1lg9Szq78Ek//mFGdZ1r8W7npK6lWq20NjhpMYJqC8Y346bTFDsF5kv
1NUAqPZ0skpB3GVV+YVJh/THDIqnjJZPKyPLP3clvoFd11AncLMxrAnhRQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKJAzdlaOtmGm+/yfyH8ZTzsLXt6MB8GA1UdIwQY
MBaAFGTU6HI0UNCnEMMtkP/qGFKRBOU4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWk5Ub2NqUlEwS2NRd3kyUV8tb1lVcEVFNVRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC8yMzEwYjEtOTZhMS00OGU0LWFhNzIt
NDIyYWVkM2E3NzAyLzEvb2tETjJWbzYyWWFiN19KX0lmeGxQT3d0ZTNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC8yMzEwYjEtOTZhMS00OGU0LWFhNzItNDIyYWVkM2E3NzAy
LzEvWk5Ub2NqUlEwS2NRd3kyUV8tb1lVcEVFNVRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBsGc+MA8E
AgACMAkDBwAqE/WAAAIwDQYJKoZIhvcNAQELBQADggEBACsyt4Xd/c6JGXo+/3MP
olEkwP7vdm7hwREv3sOuO7stTO6KF6noRjtpkrnVniB5digL8+bF+l0A4J1fxBBz
CW0RDLCrE8FBI55SN0XSSotOifCnyHPQ951b9AZ130MIq4L7SWIBHqJPAw5ojjr4
EbWj6VaCNOwAG09Rx2g4gOpg0jwb35ctVSn8SluvMBDkRbkhm9sRoI34FfthZkbs
y1AYdU4XyFdTP+vbKXD9dObn1GI8Rd2YzD8H6vPRtlyDftqinnjcQ3ZNkmOz5mfA
N7uaE6eTb12dHwSrYsB/t0dntTou0e3HshLJWJGGqtaAjMtrZaQrAur3Gp1+UTxa
NIU=
-----END CERTIFICATE-----