Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/PX1j4imQFBN7657jyc7Zu1gTrXU.roa
File:                     PX1j4imQFBN7657jyc7Zu1gTrXU.roa (raw, json)
Hash identifier:          8zsptqmRSRBJaOtfsTJAsFAwYhvmDOrkIMgQNuU7OfE=
Subject key identifier:   3D:7D:63:E2:29:90:14:13:7B:EB:9E:E3:C9:CE:D9:BB:58:13:AD:75
Certificate issuer:       /CN=62a15cc88659f578cc159c52b3a7e9ec5819fb20
Certificate serial:       019589BB52A3BBE7A4F085AE36CFEE51468F
Authority key identifier: 62:A1:5C:C8:86:59:F5:78:CC:15:9C:52:B3:A7:E9:EC:58:19:FB:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/PX1j4imQFBN7657jyc7Zu1gTrXU.roa
Signing time:             Wed 12 Mar 2025 09:41:49 +0000
ROA not before:           Wed 12 Mar 2025 09:41:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210993
IP address blocks:        141.105.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 00:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:89:bb:52:a3:bb:e7:a4:f0:85:ae:36:cf:ee:51:46:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62a15cc88659f578cc159c52b3a7e9ec5819fb20
        Validity
            Not Before: Mar 12 09:41:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3d7d63e2299014137beb9ee3c9ced9bb5813ad75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:0d:33:a9:50:c3:1a:0d:4b:d4:b1:6a:15:b5:
                    52:88:fa:e8:a2:85:10:f4:58:2b:fb:a2:16:62:d4:
                    d4:11:7b:ae:99:56:d1:6d:1d:0e:8e:2c:ae:96:d5:
                    30:08:58:1b:1f:38:6d:a4:54:4d:2a:61:84:45:da:
                    17:cd:8c:b6:cb:09:1f:3b:30:c9:a9:8c:09:d2:7a:
                    74:fc:c2:45:69:6c:57:6e:77:30:52:7d:f1:8c:af:
                    09:d1:c4:ce:a9:6f:05:69:a6:f9:1a:63:99:1d:c6:
                    4d:3d:30:23:a6:7e:af:de:43:9f:3d:b5:ec:c7:c9:
                    db:5d:cb:92:41:75:ba:27:a0:59:d5:f7:b2:38:d0:
                    e9:cd:c8:d1:57:2f:cb:d9:0e:64:06:ba:7e:b5:82:
                    19:1d:ec:8f:79:2a:5e:d8:0b:6b:d0:b1:6d:11:0f:
                    c8:95:89:ba:af:16:cc:d7:a0:ed:12:ba:ab:e3:2e:
                    d7:09:7d:3b:ea:b3:58:13:03:8c:c6:fe:fe:ba:0d:
                    e8:db:79:a8:28:b2:dc:f0:6a:09:76:07:b9:94:3e:
                    46:33:38:eb:20:20:f4:a4:fb:c1:21:0a:bd:2c:ce:
                    29:63:8d:64:9e:b8:0b:12:ca:b9:27:5e:6a:99:a3:
                    f7:5e:6f:72:20:21:2c:c5:b8:ba:8e:03:64:42:5f:
                    e4:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:7D:63:E2:29:90:14:13:7B:EB:9E:E3:C9:CE:D9:BB:58:13:AD:75
            X509v3 Authority Key Identifier:
                keyid:62:A1:5C:C8:86:59:F5:78:CC:15:9C:52:B3:A7:E9:EC:58:19:FB:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/PX1j4imQFBN7657jyc7Zu1gTrXU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.105.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:88:d6:ba:2a:e8:57:4a:be:a0:c2:16:d6:b5:db:3d:01:40:
         85:b0:6e:6a:71:0b:ee:37:84:bf:c9:d3:8b:08:14:6c:a5:e9:
         ab:83:fa:0b:c2:db:d6:dd:f1:3a:41:f7:a0:cd:8c:02:15:93:
         51:9a:bb:97:03:b0:c8:a7:03:1b:9b:14:d7:c8:6b:fa:ae:78:
         6f:40:72:ee:76:5f:cb:62:eb:24:f0:f4:1c:34:4d:92:0d:c7:
         03:b5:c3:e3:93:b4:d5:5d:02:53:b1:88:cf:4a:b5:70:80:d9:
         0e:52:02:71:71:76:f3:df:9a:2b:f2:6b:0c:bd:ce:03:9f:65:
         d9:b3:6e:72:61:7e:36:0f:a5:e9:75:6a:ad:b9:92:32:e4:4f:
         2c:c4:6e:07:ce:bd:b0:92:ac:7f:5b:3b:0b:67:10:80:ed:14:
         47:dc:c6:49:9d:38:ba:01:a3:15:5c:a5:02:14:70:8d:41:b6:
         d2:a7:22:3d:a7:3a:db:9f:ea:22:b9:10:ea:89:4c:78:a2:4f:
         42:78:0d:57:a6:a8:62:72:11:68:a2:54:cd:71:52:cc:f3:67:
         f6:8f:1b:d3:d8:0d:7e:14:81:08:ee:ba:e0:d6:92:5b:02:86:
         55:74:cc:47:3f:37:91:fb:75:24:ea:82:0e:39:84:fd:69:87:
         8b:a5:ac:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWJu1Kju+ek8IWuNs/uUUaPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyYTE1Y2M4ODY1OWY1NzhjYzE1OWM1MmIzYTdlOWVjNTgx
OWZiMjAwHhcNMjUwMzEyMDk0MTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDdkNjNlMjI5OTAxNDEzN2JlYjllZTNjOWNlZDliYjU4MTNhZDc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1w0zqVDDGg1L1LFqFbVSiProooUQ
9Fgr+6IWYtTUEXuumVbRbR0OjiyultUwCFgbHzhtpFRNKmGERdoXzYy2ywkfOzDJ
qYwJ0np0/MJFaWxXbncwUn3xjK8J0cTOqW8Faab5GmOZHcZNPTAjpn6v3kOfPbXs
x8nbXcuSQXW6J6BZ1feyONDpzcjRVy/L2Q5kBrp+tYIZHeyPeSpe2Atr0LFtEQ/I
lYm6rxbM16DtErqr4y7XCX076rNYEwOMxv7+ug3o23moKLLc8GoJdge5lD5GMzjr
ICD0pPvBIQq9LM4pY41knrgLEsq5J15qmaP3Xm9yICEsxbi6jgNkQl/kowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD19Y+IpkBQTe+ue48nO2btYE611MB8GA1UdIwQY
MBaAFGKhXMiGWfV4zBWcUrOn6exYGfsgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXFGY3lJWlo5WGpNRlp4U3M2ZnA3RmdaLXlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi8yMTE3YmMtMWY5ZS00NTkwLWE1NTAt
NDI2OWI1NmJmN2Q0LzEvUFgxajRpbVFGQk43NjU3anljN1p1MWdUclhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi8yMTE3YmMtMWY5ZS00NTkwLWE1NTAtNDI2OWI1NmJmN2Q0
LzEvWXFGY3lJWlo5WGpNRlp4U3M2ZnA3RmdaLXlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjWmPMA0G
CSqGSIb3DQEBCwUAA4IBAQABiNa6KuhXSr6gwhbWtds9AUCFsG5qcQvuN4S/ydOL
CBRspemrg/oLwtvW3fE6QfegzYwCFZNRmruXA7DIpwMbmxTXyGv6rnhvQHLudl/L
Yusk8PQcNE2SDccDtcPjk7TVXQJTsYjPSrVwgNkOUgJxcXbz35or8msMvc4Dn2XZ
s25yYX42D6XpdWqtuZIy5E8sxG4Hzr2wkqx/WzsLZxCA7RRH3MZJnTi6AaMVXKUC
FHCNQbbSpyI9pzrbn+oiuRDqiUx4ok9CeA1XpqhichFoolTNcVLM82f2jxvT2A1+
FIEI7rrg1pJbAoZVdMxHPzeR+3Uk6oIOOYT9aYeLpawS
-----END CERTIFICATE-----