Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/zeHkodOSM4PpNF-T8cKNsYd36jA.roa
File:                     zeHkodOSM4PpNF-T8cKNsYd36jA.roa (raw, json)
Hash identifier:          rKk25l72K9AU6v1SG1iHJTk7NBGypKCBGqKX+tmg7So=
Subject key identifier:   CD:E1:E4:A1:D3:92:33:83:E9:34:5F:93:F1:C2:8D:B1:87:77:EA:30
Certificate issuer:       /CN=d411abc4c0468ab2891eaacadba0dc0377936fd5
Certificate serial:       0194266B8099036F984FB40184D815184474
Authority key identifier: D4:11:AB:C4:C0:46:8A:B2:89:1E:AA:CA:DB:A0:DC:03:77:93:6F:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/zeHkodOSM4PpNF-T8cKNsYd36jA.roa
Signing time:             Thu 02 Jan 2025 09:49:27 +0000
ROA not before:           Thu 02 Jan 2025 09:49:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24655
IP address blocks:        62.228.230.0/24 maxlen: 24
                          62.228.233.0/24 maxlen: 24
                          81.4.190.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 03:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:80:99:03:6f:98:4f:b4:01:84:d8:15:18:44:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d411abc4c0468ab2891eaacadba0dc0377936fd5
        Validity
            Not Before: Jan  2 09:49:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cde1e4a1d3923383e9345f93f1c28db18777ea30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:5e:ef:f9:7e:03:37:a0:0a:ac:c2:55:ca:7c:
                    d5:cb:e7:a0:ad:d0:3f:de:e9:e9:85:85:2c:ac:74:
                    ff:d6:0f:46:b6:fc:d8:07:a6:85:3e:cb:27:18:70:
                    7c:e8:25:6f:75:e8:32:3b:54:0e:d7:06:0e:b5:0b:
                    b0:90:4b:bd:65:bd:8d:1f:80:40:10:e8:82:66:e2:
                    e4:3b:81:a9:07:8b:cf:89:d2:b0:81:c7:42:a2:df:
                    d1:65:7a:d6:1f:76:70:f9:23:e7:f2:2e:0f:08:7e:
                    32:4a:d3:20:5d:53:82:a1:7b:a9:82:3a:7f:9a:f1:
                    4c:21:b3:56:25:84:95:e3:d0:2a:6e:9d:31:7d:c1:
                    17:ba:38:eb:78:4b:f7:79:91:70:cf:78:74:f7:27:
                    e5:4b:ba:8b:c2:ed:6f:90:ae:81:a4:64:ae:f8:ac:
                    3e:c2:da:a2:19:a9:16:f7:fb:d6:4d:4a:0e:0f:4a:
                    ca:24:d6:2e:5c:3a:a6:4f:90:ec:a8:ad:6d:43:87:
                    d7:5f:6e:1f:b2:54:16:dc:1e:13:7d:3b:a7:f3:a9:
                    ff:63:e8:4b:a7:02:f4:7d:53:78:03:f4:3a:0f:07:
                    59:be:14:29:e6:25:6b:d8:a6:04:74:45:e8:e1:97:
                    93:e4:c2:57:ff:0b:0c:b3:ce:3a:42:35:3a:31:2d:
                    2c:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:E1:E4:A1:D3:92:33:83:E9:34:5F:93:F1:C2:8D:B1:87:77:EA:30
            X509v3 Authority Key Identifier:
                keyid:D4:11:AB:C4:C0:46:8A:B2:89:1E:AA:CA:DB:A0:DC:03:77:93:6F:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/zeHkodOSM4PpNF-T8cKNsYd36jA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.228.230.0/24
                  62.228.233.0/24
                  81.4.190.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7b:f5:0e:04:63:7c:4f:2d:b6:2a:bb:36:d3:0f:3f:76:da:82:
         cf:ac:39:98:01:11:2d:f7:e3:7e:88:cd:c3:44:55:d6:eb:ca:
         94:17:ee:5d:7e:72:68:29:84:bc:db:7a:b0:41:ed:9f:14:57:
         5a:f3:58:ef:b1:b7:74:51:db:e7:e7:29:fb:5e:30:ab:25:5f:
         52:c6:d3:82:a6:e1:6c:50:04:47:48:db:51:89:41:9c:e7:dd:
         ee:80:29:fe:23:4d:6c:40:4a:cf:a9:d9:fa:17:fe:2e:92:55:
         5c:53:a5:c9:e5:83:27:23:0f:ca:95:a1:33:38:09:ac:f1:45:
         51:59:b7:ac:2d:fc:15:e8:67:d1:ca:2f:9a:1b:ad:ce:7f:96:
         c5:2f:69:bb:38:aa:ad:65:2f:dc:64:8b:8e:a1:03:e3:67:51:
         e4:e9:60:0b:27:ef:58:7e:63:e0:08:15:38:e2:00:dc:fe:8e:
         c6:0e:a9:72:fb:60:b4:e4:ef:3d:5f:1a:ed:f8:79:16:8b:1e:
         6a:dd:57:57:0b:1d:07:a8:74:19:ec:5e:8d:52:3c:2a:99:be:
         fe:be:a7:04:65:0f:17:c1:a6:ec:ba:4e:6c:f8:e7:ff:b4:8d:
         fa:72:36:41:e4:e6:0c:ad:2c:68:a5:5c:97:6d:f7:69:3d:63:
         34:92:ac:9b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQma4CZA2+YT7QBhNgVGER0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0MTFhYmM0YzA0NjhhYjI4OTFlYWFjYWRiYTBkYzAzNzc5
MzZmZDUwHhcNMjUwMTAyMDk0OTI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGUxZTRhMWQzOTIzMzgzZTkzNDVmOTNmMWMyOGRiMTg3NzdlYTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv17v+X4DN6AKrMJVynzVy+egrdA/
3unphYUsrHT/1g9GtvzYB6aFPssnGHB86CVvdegyO1QO1wYOtQuwkEu9Zb2NH4BA
EOiCZuLkO4GpB4vPidKwgcdCot/RZXrWH3Zw+SPn8i4PCH4yStMgXVOCoXupgjp/
mvFMIbNWJYSV49Aqbp0xfcEXujjreEv3eZFwz3h09yflS7qLwu1vkK6BpGSu+Kw+
wtqiGakW9/vWTUoOD0rKJNYuXDqmT5DsqK1tQ4fXX24fslQW3B4TfTun86n/Y+hL
pwL0fVN4A/Q6DwdZvhQp5iVr2KYEdEXo4ZeT5MJX/wsMs846QjU6MS0sXQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFM3h5KHTkjOD6TRfk/HCjbGHd+owMB8GA1UdIwQY
MBaAFNQRq8TARoqyiR6qytug3AN3k2/VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUJHcnhNQkdpcktKSHFySzI2RGNBM2VUYjlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My82MThlNTMtYWZjNC00MGRmLTg2MTIt
YjBmNGI5YzM3ZTQ5LzEvemVIa29kT1NNNFBwTkYtVDhjS05zWWQzNmpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My82MThlNTMtYWZjNC00MGRmLTg2MTItYjBmNGI5YzM3ZTQ5
LzEvMUJHcnhNQkdpcktKSHFySzI2RGNBM2VUYjlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAPuTmAwQA
PuTpAwQBUQS+MA0GCSqGSIb3DQEBCwUAA4IBAQB79Q4EY3xPLbYquzbTDz922oLP
rDmYAREt9+N+iM3DRFXW68qUF+5dfnJoKYS823qwQe2fFFda81jvsbd0Udvn5yn7
XjCrJV9SxtOCpuFsUARHSNtRiUGc593ugCn+I01sQErPqdn6F/4uklVcU6XJ5YMn
Iw/KlaEzOAms8UVRWbesLfwV6GfRyi+aG63Of5bFL2m7OKqtZS/cZIuOoQPjZ1Hk
6WALJ+9YfmPgCBU44gDc/o7GDqly+2C05O89Xxrt+HkWix5q3VdXCx0HqHQZ7F6N
Ujwqmb7+vqcEZQ8Xwabsuk5s+Of/tI36cjZB5OYMrSxopVyXbfdpPWM0kqyb
-----END CERTIFICATE-----