Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1-OU8ynWh7hqVFrdBOkMtgcV_cyM.roa
File:                     1-OU8ynWh7hqVFrdBOkMtgcV_cyM.roa (raw, json)
Hash identifier:          2Z6R77gXPR8CMiL2pJA+cy/i8yv0OcauEoqVSugVcdA=
Subject key identifier:   F8:E5:3C:CA:75:A1:EE:1A:95:16:B7:41:3A:43:2D:81:C5:7F:73:23
Certificate issuer:       /CN=d411abc4c0468ab2891eaacadba0dc0377936fd5
Certificate serial:       0194266B80F2C41D733FF746B3F0E4C54FA4
Authority key identifier: D4:11:AB:C4:C0:46:8A:B2:89:1E:AA:CA:DB:A0:DC:03:77:93:6F:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1-OU8ynWh7hqVFrdBOkMtgcV_cyM.roa
Signing time:             Thu 02 Jan 2025 09:49:27 +0000
ROA not before:           Thu 02 Jan 2025 09:49:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31198
IP address blocks:        62.228.242.0/24 maxlen: 24
                          62.228.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:80:f2:c4:1d:73:3f:f7:46:b3:f0:e4:c5:4f:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d411abc4c0468ab2891eaacadba0dc0377936fd5
        Validity
            Not Before: Jan  2 09:49:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f8e53cca75a1ee1a9516b7413a432d81c57f7323
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:ab:c0:28:4a:16:79:b6:e9:33:d2:da:72:dc:
                    41:bc:b1:78:e6:82:09:16:a0:61:e7:bb:24:c0:fa:
                    3a:8f:de:c8:16:7c:16:9c:bc:ba:a8:d6:7f:83:de:
                    ac:7c:f7:a4:30:2b:7d:cd:76:bb:04:3b:de:cf:94:
                    78:99:d9:65:8d:ac:a7:ad:8f:7c:75:fa:97:86:eb:
                    b2:d6:ed:ad:b0:15:45:fa:dd:80:d9:d0:31:78:64:
                    88:22:10:c2:53:e1:f3:d7:9e:fd:61:5e:1f:ab:8f:
                    02:75:4e:d8:6b:48:3c:85:0c:b5:12:74:86:71:53:
                    ec:60:5a:53:82:5e:35:40:9a:b0:84:10:df:17:15:
                    37:2f:1a:25:4e:2c:fd:be:d3:14:cb:49:13:2c:54:
                    83:c0:de:02:ac:2e:b3:e6:14:56:8e:17:5b:08:47:
                    8c:17:f4:f6:3a:7b:dd:93:95:e3:a2:2c:3b:2b:f6:
                    b2:5d:d9:39:b2:ee:ca:ee:1d:7c:e2:a7:1b:9d:0e:
                    05:20:81:94:dc:5e:25:26:38:61:fc:87:c7:22:18:
                    e1:02:03:e7:21:27:4a:2c:96:57:c8:0c:41:bf:86:
                    1d:60:41:99:c4:29:f4:08:c0:3f:d4:75:e7:66:23:
                    6f:20:ea:30:0c:a8:08:fb:1f:f0:05:f1:18:81:ec:
                    8d:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:E5:3C:CA:75:A1:EE:1A:95:16:B7:41:3A:43:2D:81:C5:7F:73:23
            X509v3 Authority Key Identifier:
                keyid:D4:11:AB:C4:C0:46:8A:B2:89:1E:AA:CA:DB:A0:DC:03:77:93:6F:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1-OU8ynWh7hqVFrdBOkMtgcV_cyM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.228.242.0/24
                  62.228.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:aa:e2:6d:86:74:1c:d6:e0:2d:24:a5:3d:98:cf:d2:dd:a1:
         e4:bc:bf:b5:02:b8:81:fa:fc:07:1b:a8:9b:72:cd:e1:85:73:
         81:63:97:66:41:14:27:fd:f0:81:b2:92:53:0d:4f:f0:5c:87:
         f2:25:9e:e7:c8:26:0a:e8:58:6b:6a:42:9d:1b:da:c5:82:42:
         27:29:18:34:fd:11:f7:a1:b6:c6:45:97:a2:3c:23:57:dc:ac:
         ad:73:d6:09:57:5e:16:b2:2b:f9:e9:9c:20:08:b9:12:35:a3:
         98:d6:6a:03:40:8f:72:e7:11:d1:70:28:b3:09:2d:31:0b:79:
         c1:d0:62:b0:43:bf:13:74:d0:40:d3:ec:12:3b:b3:43:1a:ef:
         1e:46:d6:2d:60:2a:98:ec:24:ff:3f:26:67:db:d5:0a:4b:5d:
         4b:a5:98:41:10:23:2f:61:9a:60:9c:bf:f1:f3:7c:32:62:d4:
         73:cc:8d:35:a6:71:69:13:19:64:3a:d5:39:b5:95:26:59:74:
         90:b6:f8:c4:f0:7e:68:75:15:01:6c:c0:5f:c1:09:01:de:ec:
         eb:33:c0:75:e0:93:3d:e6:fd:d3:f3:2d:5f:44:43:b5:13:ce:
         e0:ab:6a:be:9d:e5:18:97:43:b3:37:b8:91:3e:d1:65:d8:d2:
         75:6f:77:7e
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZQma4DyxB1zP/dGs/DkxU+kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0MTFhYmM0YzA0NjhhYjI4OTFlYWFjYWRiYTBkYzAzNzc5
MzZmZDUwHhcNMjUwMTAyMDk0OTI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGU1M2NjYTc1YTFlZTFhOTUxNmI3NDEzYTQzMmQ4MWM1N2Y3MzIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAravAKEoWebbpM9LactxBvLF45oIJ
FqBh57skwPo6j97IFnwWnLy6qNZ/g96sfPekMCt9zXa7BDvez5R4mdlljaynrY98
dfqXhuuy1u2tsBVF+t2A2dAxeGSIIhDCU+Hz1579YV4fq48CdU7Ya0g8hQy1EnSG
cVPsYFpTgl41QJqwhBDfFxU3LxolTiz9vtMUy0kTLFSDwN4CrC6z5hRWjhdbCEeM
F/T2Onvdk5Xjoiw7K/ayXdk5su7K7h184qcbnQ4FIIGU3F4lJjhh/IfHIhjhAgPn
ISdKLJZXyAxBv4YdYEGZxCn0CMA/1HXnZiNvIOowDKgI+x/wBfEYgeyN7wIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPjlPMp1oe4alRa3QTpDLYHFf3MjMB8GA1UdIwQY
MBaAFNQRq8TARoqyiR6qytug3AN3k2/VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUJHcnhNQkdpcktKSHFySzI2RGNBM2VUYjlVLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My82MThlNTMtYWZjNC00MGRmLTg2MTIt
YjBmNGI5YzM3ZTQ5LzEvMS1PVTh5bldoN2hxVkZyZEJPa010Z2NWX2N5TS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOTMvNjE4ZTUzLWFmYzQtNDBkZi04NjEyLWIwZjRiOWMzN2U0
OS8xLzFCR3J4TUJHaXJLSkhxcksyNkRjQTNlVGI5VS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAD7k8gME
AD7k/DANBgkqhkiG9w0BAQsFAAOCAQEAi6ribYZ0HNbgLSSlPZjP0t2h5Ly/tQK4
gfr8Bxuom3LN4YVzgWOXZkEUJ/3wgbKSUw1P8FyH8iWe58gmCuhYa2pCnRvaxYJC
JykYNP0R96G2xkWXojwjV9ysrXPWCVdeFrIr+emcIAi5EjWjmNZqA0CPcucR0XAo
swktMQt5wdBisEO/E3TQQNPsEjuzQxrvHkbWLWAqmOwk/z8mZ9vVCktdS6WYQRAj
L2GaYJy/8fN8MmLUc8yNNaZxaRMZZDrVObWVJll0kLb4xPB+aHUVAWzAX8EJAd7s
6zPAdeCTPeb90/MtX0RDtRPO4Ktqvp3lGJdDsze4kT7RZdjSdW93fg==
-----END CERTIFICATE-----