Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/Xplom3nYOHGxQQTuZEZCEr66_Rk.roa
File:                     Xplom3nYOHGxQQTuZEZCEr66_Rk.roa (raw, json)
Hash identifier:          NwgZUVMlsLrLr2h+U/8kat3nDsEvXOmfPISS6ilc3LE=
Subject key identifier:   5E:99:68:9B:79:D8:38:71:B1:41:04:EE:64:46:42:12:BE:BA:FD:19
Certificate issuer:       /CN=d411abc4c0468ab2891eaacadba0dc0377936fd5
Certificate serial:       0194266B85200CE7610B2B75435E6D78D12E
Authority key identifier: D4:11:AB:C4:C0:46:8A:B2:89:1E:AA:CA:DB:A0:DC:03:77:93:6F:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/Xplom3nYOHGxQQTuZEZCEr66_Rk.roa
Signing time:             Thu 02 Jan 2025 09:49:28 +0000
ROA not before:           Thu 02 Jan 2025 09:49:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202117
IP address blocks:        62.228.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:85:20:0c:e7:61:0b:2b:75:43:5e:6d:78:d1:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d411abc4c0468ab2891eaacadba0dc0377936fd5
        Validity
            Not Before: Jan  2 09:49:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5e99689b79d83871b14104ee64464212bebafd19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fe:fd:0b:84:4f:c1:6d:92:7c:a6:23:e4:6b:37:
                    d9:00:76:34:9b:c9:c4:4b:1b:7b:bf:95:7a:7b:7f:
                    36:9b:e3:e8:da:44:e3:07:d5:db:39:55:f6:b4:9f:
                    06:38:dc:af:86:6c:f2:f1:eb:34:44:0b:e0:48:79:
                    7c:00:ac:73:47:ca:35:32:2d:37:0e:8e:2c:4f:1f:
                    b5:30:b3:e1:84:00:77:d3:71:dd:70:88:58:41:bb:
                    c3:c5:05:51:21:64:d7:9a:ee:49:4f:e2:03:cf:f4:
                    5c:e1:1e:68:d2:03:f7:62:c9:47:d2:f0:d6:cb:b3:
                    e9:70:28:33:39:1a:86:43:b8:5b:08:02:aa:0f:b3:
                    2d:69:4d:a6:9a:98:21:9e:3c:5f:ef:1d:8b:9d:b3:
                    18:4f:61:0d:4e:e9:de:7a:ef:b2:ef:8f:53:3b:1a:
                    2e:28:83:b1:26:f5:10:3b:c1:3f:9d:04:e1:1a:ac:
                    fb:18:20:d3:c0:5f:0c:b9:e1:da:53:cf:1e:bf:ff:
                    8c:13:6f:66:0b:7f:a1:9e:34:71:4c:5f:8b:51:81:
                    c7:3f:bb:a5:4b:2b:90:36:38:fc:03:d5:69:fc:a8:
                    d9:51:ca:41:8e:36:38:c2:e6:e8:5e:0a:85:0b:1b:
                    96:6b:5a:a2:12:04:92:2b:47:7c:c7:04:21:21:71:
                    a6:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:99:68:9B:79:D8:38:71:B1:41:04:EE:64:46:42:12:BE:BA:FD:19
            X509v3 Authority Key Identifier:
                keyid:D4:11:AB:C4:C0:46:8A:B2:89:1E:AA:CA:DB:A0:DC:03:77:93:6F:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/Xplom3nYOHGxQQTuZEZCEr66_Rk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.228.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:4d:67:89:cd:2c:30:f8:8b:0d:52:b2:64:97:2e:ee:ec:18:
         27:bf:58:b9:1d:6a:45:83:8c:57:ff:d7:92:f5:95:3f:ac:f4:
         cc:98:49:b8:90:16:0f:41:1d:00:4f:b4:85:1c:de:8d:6f:da:
         23:c6:bd:0b:c2:be:14:47:71:30:ca:08:44:ca:87:8f:ba:35:
         60:04:41:55:c6:e5:f1:fe:84:a1:e3:9b:d2:3e:5b:05:55:3a:
         96:60:3c:31:57:44:d0:a0:44:2d:b0:7c:14:a4:31:50:71:9d:
         ce:02:19:16:2f:5b:6d:2b:bf:0c:cb:48:83:3f:05:8b:fd:6c:
         40:0f:36:18:b4:39:36:d2:0f:4d:17:32:ef:52:3a:8a:b8:c5:
         4a:cf:a0:01:19:c0:8c:fc:13:12:24:af:db:ed:6d:42:f5:94:
         e6:30:c9:e5:b0:4b:53:75:6c:a3:94:3b:0b:e7:2c:20:aa:cb:
         26:1d:bb:d6:2f:1b:a1:b9:ef:04:80:af:fd:21:43:f7:fe:85:
         38:22:df:32:0f:aa:f6:85:c4:43:24:ca:7e:ad:ec:9f:75:d6:
         0e:7e:b4:d4:f0:b8:d4:d8:c0:ba:22:fd:1d:b0:14:37:69:74:
         83:20:8e:d3:53:06:6b:fb:88:06:6e:07:65:05:a5:2a:69:0a:
         a3:2f:fa:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma4UgDOdhCyt1Q15teNEuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0MTFhYmM0YzA0NjhhYjI4OTFlYWFjYWRiYTBkYzAzNzc5
MzZmZDUwHhcNMjUwMTAyMDk0OTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTk5Njg5Yjc5ZDgzODcxYjE0MTA0ZWU2NDQ2NDIxMmJlYmFmZDE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/v0LhE/BbZJ8piPkazfZAHY0m8nE
Sxt7v5V6e382m+Po2kTjB9XbOVX2tJ8GONyvhmzy8es0RAvgSHl8AKxzR8o1Mi03
Do4sTx+1MLPhhAB303HdcIhYQbvDxQVRIWTXmu5JT+IDz/Rc4R5o0gP3YslH0vDW
y7PpcCgzORqGQ7hbCAKqD7MtaU2mmpghnjxf7x2LnbMYT2ENTuneeu+y749TOxou
KIOxJvUQO8E/nQThGqz7GCDTwF8MueHaU88ev/+ME29mC3+hnjRxTF+LUYHHP7ul
SyuQNjj8A9Vp/KjZUcpBjjY4wuboXgqFCxuWa1qiEgSSK0d8xwQhIXGmiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF6ZaJt52DhxsUEE7mRGQhK+uv0ZMB8GA1UdIwQY
MBaAFNQRq8TARoqyiR6qytug3AN3k2/VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUJHcnhNQkdpcktKSHFySzI2RGNBM2VUYjlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My82MThlNTMtYWZjNC00MGRmLTg2MTIt
YjBmNGI5YzM3ZTQ5LzEvWHBsb20zbllPSEd4UVFUdVpFWkNFcjY2X1JrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My82MThlNTMtYWZjNC00MGRmLTg2MTItYjBmNGI5YzM3ZTQ5
LzEvMUJHcnhNQkdpcktKSHFySzI2RGNBM2VUYjlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPuT5MA0G
CSqGSIb3DQEBCwUAA4IBAQBQTWeJzSww+IsNUrJkly7u7Bgnv1i5HWpFg4xX/9eS
9ZU/rPTMmEm4kBYPQR0AT7SFHN6Nb9ojxr0Lwr4UR3EwyghEyoePujVgBEFVxuXx
/oSh45vSPlsFVTqWYDwxV0TQoEQtsHwUpDFQcZ3OAhkWL1ttK78My0iDPwWL/WxA
DzYYtDk20g9NFzLvUjqKuMVKz6ABGcCM/BMSJK/b7W1C9ZTmMMnlsEtTdWyjlDsL
5ywgqssmHbvWLxuhue8EgK/9IUP3/oU4It8yD6r2hcRDJMp+reyfddYOfrTU8LjU
2MC6Iv0dsBQ3aXSDII7TUwZr+4gGbgdlBaUqaQqjL/rD
-----END CERTIFICATE-----