Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1-kqzU8qAhhNZY7H0Ndru0AUv97E.roa
File:                     1-kqzU8qAhhNZY7H0Ndru0AUv97E.roa (raw, json)
Hash identifier:          MOz4DkQjI1MR3SyTcLV8IHQbmNNubdVqTfJ9r1l5kGA=
Subject key identifier:   FA:4A:B3:53:CA:80:86:13:59:63:B1:F4:35:DA:EE:D0:05:2F:F7:B1
Certificate issuer:       /CN=d411abc4c0468ab2891eaacadba0dc0377936fd5
Certificate serial:       0194266B857AE20FCCEACE2C3B8F344F19B0
Authority key identifier: D4:11:AB:C4:C0:46:8A:B2:89:1E:AA:CA:DB:A0:DC:03:77:93:6F:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1-kqzU8qAhhNZY7H0Ndru0AUv97E.roa
Signing time:             Thu 02 Jan 2025 09:49:28 +0000
ROA not before:           Thu 02 Jan 2025 09:49:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202534
IP address blocks:        62.228.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:85:7a:e2:0f:cc:ea:ce:2c:3b:8f:34:4f:19:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d411abc4c0468ab2891eaacadba0dc0377936fd5
        Validity
            Not Before: Jan  2 09:49:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fa4ab353ca8086135963b1f435daeed0052ff7b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:00:88:ef:67:11:76:b9:43:d0:53:a7:0c:28:
                    76:35:6a:76:de:92:69:bb:e6:44:84:8d:55:e4:7d:
                    77:d6:ca:83:f2:e0:de:fe:99:79:ee:e0:d1:47:a3:
                    fd:f4:40:3e:ad:c6:15:a4:26:fc:3a:f6:4b:03:b0:
                    29:cd:b1:f8:ef:b3:4f:85:1f:88:9f:db:c1:6b:f4:
                    cc:69:08:ba:af:f9:75:77:b9:93:e3:a8:df:4c:4b:
                    04:c4:7c:a4:09:fd:95:e3:d3:3a:78:e3:d2:23:ec:
                    ad:af:f4:83:20:d7:be:0c:38:75:76:bf:7d:39:59:
                    d5:ab:a2:e1:80:5b:72:23:a6:fe:01:a9:40:1b:76:
                    84:93:12:cc:c5:55:a0:86:0e:c9:b9:95:c5:00:fa:
                    94:9e:d8:08:fb:07:f4:38:c9:e3:08:c0:4f:09:46:
                    ea:41:ec:b4:ad:d8:31:86:d4:0c:33:8d:e1:cb:a4:
                    e1:e3:bc:8d:f2:40:4a:ca:6f:b8:75:32:57:3e:5f:
                    05:ca:bc:48:66:7d:71:dd:27:97:13:ec:47:82:56:
                    15:a7:03:5b:80:5e:82:3d:c9:29:4b:e6:20:5f:23:
                    a9:96:2f:75:bd:c1:3d:31:60:5a:e7:ef:91:38:2f:
                    d3:8c:46:bb:41:21:a8:dd:94:35:e5:2a:84:b6:bd:
                    7b:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:4A:B3:53:CA:80:86:13:59:63:B1:F4:35:DA:EE:D0:05:2F:F7:B1
            X509v3 Authority Key Identifier:
                keyid:D4:11:AB:C4:C0:46:8A:B2:89:1E:AA:CA:DB:A0:DC:03:77:93:6F:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1-kqzU8qAhhNZY7H0Ndru0AUv97E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.228.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:6f:a5:29:3f:0f:05:f6:01:b2:8a:5c:99:cd:b7:a0:df:01:
         3d:65:a0:23:a2:fd:a8:cb:44:ae:c8:c4:95:63:91:1e:bc:89:
         3a:61:cd:87:3b:5c:d6:48:6c:2b:e6:86:14:5d:10:e8:5b:d8:
         db:2d:01:55:1a:fa:91:2b:6d:d3:7a:a7:cc:20:e4:54:a7:39:
         ee:9a:c5:16:fa:56:74:b0:60:7a:cb:a5:b7:8e:8d:ba:c2:be:
         49:3c:ae:c6:40:04:e2:d0:c0:1d:a1:0e:54:d8:d8:d3:bc:55:
         15:5b:e5:9b:ea:13:58:60:ae:f4:7a:74:ad:84:9a:0e:19:9d:
         c7:18:96:cc:eb:08:fd:36:ce:ab:67:ce:51:44:a2:ad:de:07:
         af:15:69:6a:e5:39:d6:97:e4:95:8a:fb:cf:93:d2:8f:d5:8e:
         b9:a4:84:17:aa:1a:e2:c6:58:1b:45:08:df:66:c6:fe:7d:59:
         6f:99:b6:e3:d4:22:4d:e3:6d:ca:e6:f6:2a:42:31:54:31:1f:
         fc:fa:6d:74:c0:a2:30:bc:00:ca:7b:bf:18:ef:19:73:cd:0f:
         31:18:88:54:00:52:ab:72:0b:b4:f2:01:25:ae:9b:39:44:ed:
         94:9a:41:35:95:19:ee:f2:52:d0:2a:bc:10:04:22:4c:63:31:
         95:d7:9e:c7
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQma4V64g/M6s4sO480TxmwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0MTFhYmM0YzA0NjhhYjI4OTFlYWFjYWRiYTBkYzAzNzc5
MzZmZDUwHhcNMjUwMTAyMDk0OTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTRhYjM1M2NhODA4NjEzNTk2M2IxZjQzNWRhZWVkMDA1MmZmN2IxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsACI72cRdrlD0FOnDCh2NWp23pJp
u+ZEhI1V5H131sqD8uDe/pl57uDRR6P99EA+rcYVpCb8OvZLA7ApzbH477NPhR+I
n9vBa/TMaQi6r/l1d7mT46jfTEsExHykCf2V49M6eOPSI+ytr/SDINe+DDh1dr99
OVnVq6LhgFtyI6b+AalAG3aEkxLMxVWghg7JuZXFAPqUntgI+wf0OMnjCMBPCUbq
Qey0rdgxhtQMM43hy6Th47yN8kBKym+4dTJXPl8FyrxIZn1x3SeXE+xHglYVpwNb
gF6CPckpS+YgXyOpli91vcE9MWBa5++ROC/TjEa7QSGo3ZQ15SqEtr17ZwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPpKs1PKgIYTWWOx9DXa7tAFL/exMB8GA1UdIwQY
MBaAFNQRq8TARoqyiR6qytug3AN3k2/VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUJHcnhNQkdpcktKSHFySzI2RGNBM2VUYjlVLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My82MThlNTMtYWZjNC00MGRmLTg2MTIt
YjBmNGI5YzM3ZTQ5LzEvMS1rcXpVOHFBaGhOWlk3SDBOZHJ1MEFVdjk3RS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOTMvNjE4ZTUzLWFmYzQtNDBkZi04NjEyLWIwZjRiOWMzN2U0
OS8xLzFCR3J4TUJHaXJLSkhxcksyNkRjQTNlVGI5VS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAD7k7zAN
BgkqhkiG9w0BAQsFAAOCAQEAYW+lKT8PBfYBsopcmc23oN8BPWWgI6L9qMtErsjE
lWORHryJOmHNhztc1khsK+aGFF0Q6FvY2y0BVRr6kStt03qnzCDkVKc57prFFvpW
dLBgesult46NusK+STyuxkAE4tDAHaEOVNjY07xVFVvlm+oTWGCu9Hp0rYSaDhmd
xxiWzOsI/TbOq2fOUUSird4HrxVpauU51pfklYr7z5PSj9WOuaSEF6oa4sZYG0UI
32bG/n1Zb5m249QiTeNtyub2KkIxVDEf/PptdMCiMLwAynu/GO8Zc80PMRiIVABS
q3ILtPIBJa6bOUTtlJpBNZUZ7vJS0Cq8EAQiTGMxldeexw==
-----END CERTIFICATE-----