Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/EEKlI2T6FZUgLn4m9dFt2jmmjug.roa
File:                     EEKlI2T6FZUgLn4m9dFt2jmmjug.roa (raw, json)
Hash identifier:          NhLG/JHJb6nBfntTyOXn48rJIGdq84bLDpAP5xe+ZAE=
Subject key identifier:   10:42:A5:23:64:FA:15:95:20:2E:7E:26:F5:D1:6D:DA:39:A6:8E:E8
Certificate issuer:       /CN=9c542f5df3c1acb857fd50eeb016eed07385ff8c
Certificate serial:       019464B35E5C4B6DABAA590EE88D278B3F10
Authority key identifier: 9C:54:2F:5D:F3:C1:AC:B8:57:FD:50:EE:B0:16:EE:D0:73:85:FF:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/EEKlI2T6FZUgLn4m9dFt2jmmjug.roa
Signing time:             Tue 14 Jan 2025 12:04:24 +0000
ROA not before:           Tue 14 Jan 2025 12:04:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12302
IP address blocks:        62.3.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:64:b3:5e:5c:4b:6d:ab:aa:59:0e:e8:8d:27:8b:3f:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c542f5df3c1acb857fd50eeb016eed07385ff8c
        Validity
            Not Before: Jan 14 12:04:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1042a52364fa1595202e7e26f5d16dda39a68ee8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:82:0c:e2:e1:ac:f3:d8:be:92:3d:cc:87:85:
                    67:f3:ad:32:76:22:df:d1:4e:ee:e2:d7:df:5a:15:
                    b0:b1:25:c8:49:98:5b:00:81:07:06:e5:92:66:51:
                    f5:1f:14:e4:c4:d1:7c:20:28:d6:9e:9b:85:60:af:
                    e3:26:19:78:ac:c7:42:36:61:a0:7b:a3:ef:3e:31:
                    a3:1c:32:7f:95:88:0c:bc:2d:2c:a0:9d:0a:de:de:
                    82:e5:43:fb:eb:a8:c4:bb:98:03:58:a8:5b:9d:19:
                    13:90:02:63:62:9e:9a:0a:a4:2b:8d:1a:e6:86:6e:
                    7f:17:76:63:2b:1f:6e:d1:36:aa:b5:c8:05:f8:74:
                    2a:76:e8:a7:67:d6:4c:5b:98:52:c3:c9:ee:39:30:
                    ff:5f:20:2f:ea:c0:f0:06:c3:08:0d:ce:72:ae:61:
                    64:af:75:56:0a:67:9e:b3:53:52:4f:2a:5d:c9:c7:
                    89:f1:5e:34:08:cf:93:d6:d9:72:c2:9c:37:b4:2b:
                    d2:13:ea:b0:4f:f4:9f:df:65:26:63:10:91:e1:1b:
                    cb:c8:4e:af:26:71:a9:f4:4f:03:bb:df:50:06:12:
                    ab:fb:ba:c5:24:21:94:89:aa:c5:a7:c4:dd:cb:4f:
                    63:3c:9f:59:2c:35:d0:80:6b:63:ee:a5:19:55:d5:
                    02:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:42:A5:23:64:FA:15:95:20:2E:7E:26:F5:D1:6D:DA:39:A6:8E:E8
            X509v3 Authority Key Identifier:
                keyid:9C:54:2F:5D:F3:C1:AC:B8:57:FD:50:EE:B0:16:EE:D0:73:85:FF:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/EEKlI2T6FZUgLn4m9dFt2jmmjug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.3.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:ef:d5:89:18:23:72:48:55:6d:9d:73:be:72:cc:01:34:1a:
         28:1a:5c:93:2d:b0:9b:f4:2c:fa:d0:e8:d4:72:c0:82:a7:ca:
         0c:80:23:d1:af:b2:f9:2f:d9:88:18:aa:9b:4e:15:9c:22:7b:
         23:23:07:a3:00:e9:90:65:37:b3:d4:0a:1d:51:a7:cd:72:e3:
         6e:4e:15:bc:e3:62:58:d1:b7:ce:03:13:b9:d6:ad:f9:e7:7f:
         97:4f:a4:4d:9a:d5:5c:3f:6d:52:ff:22:1a:fe:de:6e:fa:2c:
         4d:58:5b:ba:7b:e0:86:86:d6:72:c5:33:e3:c0:30:be:bc:55:
         ae:fd:81:b6:90:17:b2:8b:d3:2f:98:25:49:58:46:e8:dc:51:
         a0:a2:03:8a:4d:37:35:b4:ce:3e:c4:22:61:3e:8c:fc:87:87:
         92:22:d1:e1:36:0b:ae:3e:32:57:ec:db:c1:d7:d3:22:63:14:
         d6:3f:fc:97:5d:bd:f8:4d:62:f2:24:1d:91:52:90:42:19:aa:
         9a:77:17:0b:41:01:2a:4a:5c:d8:12:14:e4:5a:75:a0:23:87:
         e1:c7:80:7c:a7:99:51:b7:ad:ac:6c:c4:30:18:d5:84:2a:fb:
         1f:cd:e9:62:35:23:bc:93:b8:b8:9a:69:41:47:94:1d:aa:02:
         35:0b:65:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRks15cS22rqlkO6I0niz8QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljNTQyZjVkZjNjMWFjYjg1N2ZkNTBlZWIwMTZlZWQwNzM4
NWZmOGMwHhcNMjUwMTE0MTIwNDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDQyYTUyMzY0ZmExNTk1MjAyZTdlMjZmNWQxNmRkYTM5YTY4ZWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAroIM4uGs89i+kj3Mh4Vn860ydiLf
0U7u4tffWhWwsSXISZhbAIEHBuWSZlH1HxTkxNF8ICjWnpuFYK/jJhl4rMdCNmGg
e6PvPjGjHDJ/lYgMvC0soJ0K3t6C5UP766jEu5gDWKhbnRkTkAJjYp6aCqQrjRrm
hm5/F3ZjKx9u0TaqtcgF+HQqduinZ9ZMW5hSw8nuOTD/XyAv6sDwBsMIDc5yrmFk
r3VWCmees1NSTypdyceJ8V40CM+T1tlywpw3tCvSE+qwT/Sf32UmYxCR4RvLyE6v
JnGp9E8Du99QBhKr+7rFJCGUiarFp8Tdy09jPJ9ZLDXQgGtj7qUZVdUCZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBBCpSNk+hWVIC5+JvXRbdo5po7oMB8GA1UdIwQY
MBaAFJxUL13zway4V/1Q7rAW7tBzhf+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkZRdlhmUEJyTGhYX1ZEdXNCYnUwSE9GXzR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9mYjc5MWItODAxMy00NThhLTlhMWUt
MjVkYmY0MzgwNGM1LzEvRUVLbEkyVDZGWlVnTG40bTlkRnQyam1tanVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9mYjc5MWItODAxMy00NThhLTlhMWUtMjVkYmY0MzgwNGM1
LzEvbkZRdlhmUEJyTGhYX1ZEdXNCYnUwSE9GXzR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPgMcMA0G
CSqGSIb3DQEBCwUAA4IBAQCg79WJGCNySFVtnXO+cswBNBooGlyTLbCb9Cz60OjU
csCCp8oMgCPRr7L5L9mIGKqbThWcInsjIwejAOmQZTez1AodUafNcuNuThW842JY
0bfOAxO51q3553+XT6RNmtVcP21S/yIa/t5u+ixNWFu6e+CGhtZyxTPjwDC+vFWu
/YG2kBeyi9MvmCVJWEbo3FGgogOKTTc1tM4+xCJhPoz8h4eSItHhNguuPjJX7NvB
19MiYxTWP/yXXb34TWLyJB2RUpBCGaqadxcLQQEqSlzYEhTkWnWgI4fhx4B8p5lR
t62sbMQwGNWEKvsfzeliNSO8k7i4mmlBR5QdqgI1C2X+
-----END CERTIFICATE-----