Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/G35q9Z2lY9lOlfDoaB-f7dy-t1k.roa
File:                     G35q9Z2lY9lOlfDoaB-f7dy-t1k.roa (raw, json)
Hash identifier:          rvuWbhI2XPWBqSashyuxPe1zWTfRREMGtr7cToSjfCg=
Subject key identifier:   1B:7E:6A:F5:9D:A5:63:D9:4E:95:F0:E8:68:1F:9F:ED:DC:BE:B7:59
Certificate issuer:       /CN=d411abc4c0468ab2891eaacadba0dc0377936fd5
Certificate serial:       0194266B88EA940BF4D181D2083516184E47
Authority key identifier: D4:11:AB:C4:C0:46:8A:B2:89:1E:AA:CA:DB:A0:DC:03:77:93:6F:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/G35q9Z2lY9lOlfDoaB-f7dy-t1k.roa
Signing time:             Thu 02 Jan 2025 09:49:28 +0000
ROA not before:           Thu 02 Jan 2025 09:49:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207971
IP address blocks:        62.228.246.0/24 maxlen: 24
                          62.228.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:88:ea:94:0b:f4:d1:81:d2:08:35:16:18:4e:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d411abc4c0468ab2891eaacadba0dc0377936fd5
        Validity
            Not Before: Jan  2 09:49:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1b7e6af59da563d94e95f0e8681f9feddcbeb759
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:3f:36:80:03:f3:b8:ee:9a:77:a2:db:f1:d4:
                    9d:6c:88:49:95:30:c8:98:fd:17:90:c3:e3:4d:c4:
                    e5:a6:f8:ee:cd:c0:90:5f:3d:0d:fa:24:5a:2d:f9:
                    22:ee:e1:92:8e:80:f1:1e:3e:a1:d3:dc:78:2f:b3:
                    c6:bb:7f:24:3a:02:f8:7d:62:e7:1d:40:82:f1:07:
                    b9:fe:7b:13:b5:bd:5b:cc:07:c2:a7:f2:fc:0a:42:
                    d0:d9:76:be:80:c6:d0:cf:d7:b3:d5:32:ee:74:3d:
                    7b:4c:cd:36:97:dd:fe:f0:e6:7b:16:05:87:11:59:
                    70:db:8d:79:56:c3:d8:d3:55:e8:fb:91:a6:f8:fe:
                    a9:28:99:4e:d2:eb:bb:84:9b:7d:66:a3:3f:f2:aa:
                    5e:9d:56:6c:7b:3e:e0:c9:ee:44:7d:55:c9:98:8f:
                    3a:8e:d0:5e:43:a1:20:38:dc:7e:37:69:64:31:98:
                    d9:b6:d9:90:a3:42:77:d7:4b:62:c0:f1:51:63:95:
                    5c:1e:ab:85:1c:96:7c:e9:23:8f:24:a7:59:46:64:
                    f7:bd:be:70:42:e6:3d:c8:62:90:67:d8:a2:6a:67:
                    c6:88:7c:97:f8:90:ad:cb:dd:e7:a3:98:69:d6:0a:
                    d0:f3:dc:2f:31:c2:57:ba:cd:9e:a6:73:28:25:b0:
                    e7:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:7E:6A:F5:9D:A5:63:D9:4E:95:F0:E8:68:1F:9F:ED:DC:BE:B7:59
            X509v3 Authority Key Identifier:
                keyid:D4:11:AB:C4:C0:46:8A:B2:89:1E:AA:CA:DB:A0:DC:03:77:93:6F:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/G35q9Z2lY9lOlfDoaB-f7dy-t1k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.228.246.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6b:0d:27:44:01:b6:11:d5:7b:9d:c2:40:ed:15:a3:a5:54:78:
         85:25:68:97:9b:21:c4:75:3b:19:a4:71:32:e8:4c:74:9f:8e:
         08:31:15:ba:44:e3:f9:a4:4c:0b:e4:92:90:29:c1:3d:b2:93:
         c6:db:2a:28:12:93:fd:b4:43:ad:30:cd:8f:d5:4d:98:6e:45:
         c0:ab:ad:08:3c:f5:cb:0d:cf:eb:f5:de:cf:09:00:74:0f:08:
         7d:4f:f7:95:c4:a8:66:d5:3f:db:b5:a2:b4:ad:96:1f:66:4d:
         4b:2e:c7:a3:78:f8:cc:52:34:f9:bc:53:bd:8a:81:51:cd:2f:
         9b:37:d4:27:56:01:49:e6:85:f8:f3:07:5c:90:b4:5f:4d:58:
         07:11:2e:a4:f6:2f:59:f4:9a:41:53:0c:9b:bf:75:b9:5a:dd:
         67:f6:dc:25:5d:b7:08:5a:17:19:82:83:ad:31:ce:87:f0:ee:
         b7:46:94:83:d2:cb:df:81:d4:0e:d9:0a:25:60:f9:87:e4:74:
         5f:00:bc:d5:bb:9c:0c:eb:3f:88:55:39:6d:20:a0:f8:24:21:
         9f:6a:94:42:45:15:41:f3:f4:df:3f:19:55:b3:8c:9a:d6:19:
         48:d4:33:f6:4c:55:8f:a8:46:9a:05:90:bf:52:f8:7c:14:f4:
         1a:47:1a:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma4jqlAv00YHSCDUWGE5HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0MTFhYmM0YzA0NjhhYjI4OTFlYWFjYWRiYTBkYzAzNzc5
MzZmZDUwHhcNMjUwMTAyMDk0OTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjdlNmFmNTlkYTU2M2Q5NGU5NWYwZTg2ODFmOWZlZGRjYmViNzU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmj82gAPzuO6ad6Lb8dSdbIhJlTDI
mP0XkMPjTcTlpvjuzcCQXz0N+iRaLfki7uGSjoDxHj6h09x4L7PGu38kOgL4fWLn
HUCC8Qe5/nsTtb1bzAfCp/L8CkLQ2Xa+gMbQz9ez1TLudD17TM02l93+8OZ7FgWH
EVlw2415VsPY01Xo+5Gm+P6pKJlO0uu7hJt9ZqM/8qpenVZsez7gye5EfVXJmI86
jtBeQ6EgONx+N2lkMZjZttmQo0J310tiwPFRY5VcHquFHJZ86SOPJKdZRmT3vb5w
QuY9yGKQZ9iiamfGiHyX+JCty93no5hp1grQ89wvMcJXus2epnMoJbDnOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBt+avWdpWPZTpXw6Ggfn+3cvrdZMB8GA1UdIwQY
MBaAFNQRq8TARoqyiR6qytug3AN3k2/VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUJHcnhNQkdpcktKSHFySzI2RGNBM2VUYjlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My82MThlNTMtYWZjNC00MGRmLTg2MTIt
YjBmNGI5YzM3ZTQ5LzEvRzM1cTlaMmxZOWxPbGZEb2FCLWY3ZHktdDFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My82MThlNTMtYWZjNC00MGRmLTg2MTItYjBmNGI5YzM3ZTQ5
LzEvMUJHcnhNQkdpcktKSHFySzI2RGNBM2VUYjlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBPuT2MA0G
CSqGSIb3DQEBCwUAA4IBAQBrDSdEAbYR1XudwkDtFaOlVHiFJWiXmyHEdTsZpHEy
6Ex0n44IMRW6ROP5pEwL5JKQKcE9spPG2yooEpP9tEOtMM2P1U2YbkXAq60IPPXL
Dc/r9d7PCQB0Dwh9T/eVxKhm1T/btaK0rZYfZk1LLsejePjMUjT5vFO9ioFRzS+b
N9QnVgFJ5oX48wdckLRfTVgHES6k9i9Z9JpBUwybv3W5Wt1n9twlXbcIWhcZgoOt
Mc6H8O63RpSD0svfgdQO2QolYPmH5HRfALzVu5wM6z+IVTltIKD4JCGfapRCRRVB
8/TfPxlVs4ya1hlI1DP2TFWPqEaaBZC/Uvh8FPQaRxrV
-----END CERTIFICATE-----