Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/vaa9ieh0_g2-KFsweXS2ah7MH-0.roa
File:                     vaa9ieh0_g2-KFsweXS2ah7MH-0.roa (raw, json)
Hash identifier:          WpWtS70OFLoq/cDJkKS6rBsNcjAtsJlmw3l1M8ZvGIs=
Subject key identifier:   BD:A6:BD:89:E8:74:FE:0D:BE:28:5B:30:79:74:B6:6A:1E:CC:1F:ED
Certificate issuer:       /CN=d411abc4c0468ab2891eaacadba0dc0377936fd5
Certificate serial:       0194266B854B3B5EBB394E8CA2AC63A4574F
Authority key identifier: D4:11:AB:C4:C0:46:8A:B2:89:1E:AA:CA:DB:A0:DC:03:77:93:6F:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/vaa9ieh0_g2-KFsweXS2ah7MH-0.roa
Signing time:             Thu 02 Jan 2025 09:49:28 +0000
ROA not before:           Thu 02 Jan 2025 09:49:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202232
IP address blocks:        62.228.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:85:4b:3b:5e:bb:39:4e:8c:a2:ac:63:a4:57:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d411abc4c0468ab2891eaacadba0dc0377936fd5
        Validity
            Not Before: Jan  2 09:49:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bda6bd89e874fe0dbe285b307974b66a1ecc1fed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:3e:bf:0a:1b:44:5d:d9:35:ca:3a:c1:f7:fa:
                    81:ea:c0:f0:df:ae:96:7e:50:37:22:92:a8:b4:eb:
                    6d:05:5b:c1:0e:bf:9f:73:3d:e8:38:f1:9f:49:ac:
                    68:25:5d:c6:a0:b3:97:d9:a6:97:51:58:ff:b3:f3:
                    48:cb:62:c2:11:a0:cf:99:e4:4a:3c:c8:d4:6a:75:
                    84:d7:5d:a9:58:34:8b:66:d8:6f:b0:f8:a9:71:9d:
                    c4:53:52:0f:b3:24:6b:02:e3:0d:73:fc:dc:e1:64:
                    42:4f:28:c2:2b:1c:7a:c0:22:89:2c:f1:ed:13:91:
                    c3:16:5f:5a:90:61:53:49:1c:10:74:25:a8:02:0a:
                    25:7e:70:e6:29:b3:e5:a0:b6:51:b4:5a:30:7d:d9:
                    e4:05:c3:94:45:cc:da:e9:3f:3a:4e:ff:d9:7b:bb:
                    ee:8c:3f:77:39:8f:3c:b7:5c:ee:b7:4e:03:27:13:
                    6e:01:1b:6a:4f:7a:65:04:a9:5e:13:a4:b2:19:df:
                    2c:66:d2:6f:a7:49:50:fd:32:5f:8c:28:29:d8:7f:
                    c6:fa:0c:34:93:d3:d6:e0:fa:f7:32:78:66:1a:b6:
                    3d:4a:2a:61:14:ec:9f:3d:69:8e:7c:4a:e7:70:3d:
                    7e:54:8c:1c:59:c1:7a:8d:c5:f5:bf:a9:d9:22:16:
                    67:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:A6:BD:89:E8:74:FE:0D:BE:28:5B:30:79:74:B6:6A:1E:CC:1F:ED
            X509v3 Authority Key Identifier:
                keyid:D4:11:AB:C4:C0:46:8A:B2:89:1E:AA:CA:DB:A0:DC:03:77:93:6F:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/vaa9ieh0_g2-KFsweXS2ah7MH-0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.228.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:3f:09:7c:1d:f4:00:e6:67:8f:b6:d8:f4:ea:2c:b1:65:5f:
         0c:40:5a:55:c3:e3:57:83:7a:03:34:e7:e9:b9:d2:01:15:3c:
         23:39:6e:81:ba:00:e4:0c:fd:df:64:be:63:8a:3c:68:24:00:
         8f:04:0b:69:97:6e:56:61:27:44:e7:6c:3f:b0:90:0a:7c:ba:
         8b:ec:bf:27:0b:67:63:6a:fe:31:7f:fd:72:79:8e:b1:2f:0d:
         60:85:cf:38:56:41:92:94:c9:ac:78:12:c2:79:0d:04:b9:ad:
         92:63:c7:6c:66:ec:49:41:44:10:f4:e6:cf:6f:ff:2e:36:01:
         cc:6d:f2:27:33:a1:29:05:ee:97:31:77:a0:4a:c4:f1:fb:aa:
         f1:87:8e:80:09:ed:fc:27:18:dd:c7:c9:cf:ec:b1:9f:ec:ee:
         19:0a:af:86:a1:ef:ec:65:60:0b:66:0b:ad:0b:01:a1:d5:c6:
         6a:99:e0:31:3f:80:a3:b2:b1:17:da:67:c8:c1:04:2b:96:2e:
         75:b7:2c:80:02:5d:37:14:9e:95:20:2c:be:e4:df:1b:b6:c1:
         82:c3:1a:29:a3:43:c2:11:a1:a2:ba:f9:05:3b:7e:7b:5d:48:
         b2:63:45:b6:d8:fd:1b:af:2f:62:3a:72:15:cc:5b:0c:57:e9:
         3b:59:91:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma4VLO167OU6MoqxjpFdPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0MTFhYmM0YzA0NjhhYjI4OTFlYWFjYWRiYTBkYzAzNzc5
MzZmZDUwHhcNMjUwMTAyMDk0OTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGE2YmQ4OWU4NzRmZTBkYmUyODViMzA3OTc0YjY2YTFlY2MxZmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArD6/ChtEXdk1yjrB9/qB6sDw366W
flA3IpKotOttBVvBDr+fcz3oOPGfSaxoJV3GoLOX2aaXUVj/s/NIy2LCEaDPmeRK
PMjUanWE112pWDSLZthvsPipcZ3EU1IPsyRrAuMNc/zc4WRCTyjCKxx6wCKJLPHt
E5HDFl9akGFTSRwQdCWoAgolfnDmKbPloLZRtFowfdnkBcOURcza6T86Tv/Ze7vu
jD93OY88t1zut04DJxNuARtqT3plBKleE6SyGd8sZtJvp0lQ/TJfjCgp2H/G+gw0
k9PW4Pr3MnhmGrY9SiphFOyfPWmOfErncD1+VIwcWcF6jcX1v6nZIhZn5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL2mvYnodP4NvihbMHl0tmoezB/tMB8GA1UdIwQY
MBaAFNQRq8TARoqyiR6qytug3AN3k2/VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUJHcnhNQkdpcktKSHFySzI2RGNBM2VUYjlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My82MThlNTMtYWZjNC00MGRmLTg2MTIt
YjBmNGI5YzM3ZTQ5LzEvdmFhOWllaDBfZzItS0Zzd2VYUzJhaDdNSC0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My82MThlNTMtYWZjNC00MGRmLTg2MTItYjBmNGI5YzM3ZTQ5
LzEvMUJHcnhNQkdpcktKSHFySzI2RGNBM2VUYjlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPuT6MA0G
CSqGSIb3DQEBCwUAA4IBAQBoPwl8HfQA5mePttj06iyxZV8MQFpVw+NXg3oDNOfp
udIBFTwjOW6BugDkDP3fZL5jijxoJACPBAtpl25WYSdE52w/sJAKfLqL7L8nC2dj
av4xf/1yeY6xLw1ghc84VkGSlMmseBLCeQ0Eua2SY8dsZuxJQUQQ9ObPb/8uNgHM
bfInM6EpBe6XMXegSsTx+6rxh46ACe38Jxjdx8nP7LGf7O4ZCq+Goe/sZWALZgut
CwGh1cZqmeAxP4CjsrEX2mfIwQQrli51tyyAAl03FJ6VICy+5N8btsGCwxopo0PC
EaGiuvkFO357XUiyY0W22P0bry9iOnIVzFsMV+k7WZG9
-----END CERTIFICATE-----