Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/FxOjapXf2pPl_LSwlm8d32sW4Pk.roa
File:                     FxOjapXf2pPl_LSwlm8d32sW4Pk.roa (raw, json)
Hash identifier:          71ZJ5RBd2fDKrd44o5LBEopDO47GkZffr1JMfoqD+ZY=
Subject key identifier:   17:13:A3:6A:95:DF:DA:93:E5:FC:B4:B0:96:6F:1D:DF:6B:16:E0:F9
Certificate issuer:       /CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Certificate serial:       019504E9C009A91602BF15B98326BD56BE83
Authority key identifier: 6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/FxOjapXf2pPl_LSwlm8d32sW4Pk.roa
Signing time:             Fri 14 Feb 2025 14:43:02 +0000
ROA not before:           Fri 14 Feb 2025 14:43:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     4637
IP address blocks:        62.171.240.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:04:e9:c0:09:a9:16:02:bf:15:b9:83:26:bd:56:be:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
        Validity
            Not Before: Feb 14 14:43:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1713a36a95dfda93e5fcb4b0966f1ddf6b16e0f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:74:31:16:98:70:67:33:16:7f:8c:59:de:fb:
                    d8:19:72:25:8f:33:a1:04:17:b9:28:af:2b:be:96:
                    0e:ec:d1:c6:ea:ae:10:1a:74:b5:44:73:d4:22:53:
                    98:7b:04:20:2c:fb:af:31:67:fe:22:ba:33:76:1c:
                    06:93:37:df:4c:3d:27:4e:41:89:d3:a6:b1:ef:bc:
                    d4:1d:0a:db:e6:11:cd:22:94:07:58:98:8a:52:03:
                    5c:0a:9a:86:a7:a7:f5:48:73:48:d1:5a:0d:61:4e:
                    aa:42:20:7e:64:18:19:76:b3:33:1f:33:0d:27:7b:
                    1a:35:98:3e:b4:9b:8b:5b:70:19:62:bf:2f:51:f0:
                    13:17:03:e6:04:3c:3e:54:5b:73:96:1f:bb:8e:c9:
                    68:cd:c9:3e:13:3f:a7:7f:40:1a:b3:25:7a:c6:e7:
                    35:23:1b:68:68:63:12:bd:88:f8:59:e5:92:75:61:
                    2c:c3:11:d3:a2:57:f0:3f:64:f6:35:85:c2:33:15:
                    ef:b8:b5:32:76:fe:86:df:15:a1:4e:87:f7:f5:49:
                    2e:7d:28:ac:88:b5:7b:71:d5:5d:46:fd:54:22:82:
                    b3:62:55:f3:6c:91:73:71:79:0a:9c:d0:b8:ab:ce:
                    c5:c8:f8:42:9f:a7:64:a7:7c:c4:b7:72:91:1e:15:
                    fc:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:13:A3:6A:95:DF:DA:93:E5:FC:B4:B0:96:6F:1D:DF:6B:16:E0:F9
            X509v3 Authority Key Identifier:
                keyid:6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/FxOjapXf2pPl_LSwlm8d32sW4Pk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.171.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         67:6b:5e:67:ca:ba:84:f3:87:29:68:23:b6:b1:57:a3:d3:94:
         79:8a:99:fb:3f:46:9c:65:9f:f7:ad:5b:5b:de:7c:df:34:a0:
         e9:67:bc:b4:37:74:b0:b8:4d:ef:93:13:08:41:dd:75:c0:64:
         58:b7:e2:31:a1:04:8d:b6:dd:5a:76:25:98:4f:3f:7d:53:0e:
         b8:49:fa:62:5a:d7:f7:2f:d6:5b:56:37:61:ea:9e:1d:3e:25:
         3a:1c:d5:85:75:a2:75:68:62:28:3f:c0:e8:75:88:59:d9:5b:
         fc:de:4d:ac:6d:57:95:7b:23:a3:60:d8:af:69:6b:0a:09:93:
         20:82:43:bd:c6:9c:2e:ee:ca:d9:8d:8b:4b:2b:99:f0:44:e8:
         2a:63:94:8b:16:b1:10:e6:c1:ed:c8:38:44:0b:65:55:70:44:
         64:e5:f9:88:30:37:59:ba:97:92:14:be:fc:aa:57:d3:0d:62:
         47:42:00:1b:cc:85:f8:c7:f4:b7:fb:2c:fb:22:54:7d:e2:af:
         62:f0:0c:33:c8:95:f0:c2:1b:10:af:0b:d4:58:7d:a2:4c:72:
         22:e1:33:62:da:26:a0:a0:57:ca:f6:87:a6:4e:ef:80:1f:a6:
         ab:89:1c:d0:47:ba:17:4a:94:89:ef:63:86:cf:7b:3e:5f:14:
         a7:d9:a5:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUE6cAJqRYCvxW5gya9Vr6DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTgzNmRkZTliOWRhZWYzNWE4YTdmNzRkNjMyNmY2YjQy
ZGE3NGQwHhcNMjUwMjE0MTQ0MzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzEzYTM2YTk1ZGZkYTkzZTVmY2I0YjA5NjZmMWRkZjZiMTZlMGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2HQxFphwZzMWf4xZ3vvYGXIljzOh
BBe5KK8rvpYO7NHG6q4QGnS1RHPUIlOYewQgLPuvMWf+IrozdhwGkzffTD0nTkGJ
06ax77zUHQrb5hHNIpQHWJiKUgNcCpqGp6f1SHNI0VoNYU6qQiB+ZBgZdrMzHzMN
J3saNZg+tJuLW3AZYr8vUfATFwPmBDw+VFtzlh+7jslozck+Ez+nf0AasyV6xuc1
IxtoaGMSvYj4WeWSdWEswxHTolfwP2T2NYXCMxXvuLUydv6G3xWhTof39UkufSis
iLV7cdVdRv1UIoKzYlXzbJFzcXkKnNC4q87FyPhCn6dkp3zEt3KRHhX88wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBcTo2qV39qT5fy0sJZvHd9rFuD5MB8GA1UdIwQY
MBaAFGpYNt3pudrvNain901jJva0LadNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUt
YzE5OTQyNzM3ZTZkLzEvRnhPamFwWGYycFBsX0xTd2xtOGQzMnNXNFBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUtYzE5OTQyNzM3ZTZk
LzEvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCPqvwMA0G
CSqGSIb3DQEBCwUAA4IBAQBna15nyrqE84cpaCO2sVej05R5ipn7P0acZZ/3rVtb
3nzfNKDpZ7y0N3SwuE3vkxMIQd11wGRYt+IxoQSNtt1adiWYTz99Uw64SfpiWtf3
L9ZbVjdh6p4dPiU6HNWFdaJ1aGIoP8DodYhZ2Vv83k2sbVeVeyOjYNivaWsKCZMg
gkO9xpwu7srZjYtLK5nwROgqY5SLFrEQ5sHtyDhEC2VVcERk5fmIMDdZupeSFL78
qlfTDWJHQgAbzIX4x/S3+yz7IlR94q9i8AwzyJXwwhsQrwvUWH2iTHIi4TNi2iag
oFfK9oemTu+AH6ariRzQR7oXSpSJ72OGz3s+XxSn2aWY
-----END CERTIFICATE-----