Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/b205f2-8d3c-457c-a63c-5f10ee5fd100/1/gQ1Mk4Ko4bazOy7pZDxAv9B_6qk.roa
File:                     gQ1Mk4Ko4bazOy7pZDxAv9B_6qk.roa (raw, json)
Hash identifier:          FoB5dUGf24mZ9gRXtihHS6AK0Gj+K7gCvGHMZywvDao=
Subject key identifier:   81:0D:4C:93:82:A8:E1:B6:B3:3B:2E:E9:64:3C:40:BF:D0:7F:EA:A9
Certificate issuer:       /CN=62677ee08f4bb219804b673347c3a0b6a332d722
Certificate serial:       0194228D4A7F88181C51D70B2FEE1AA6E927
Authority key identifier: 62:67:7E:E0:8F:4B:B2:19:80:4B:67:33:47:C3:A0:B6:A3:32:D7:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ymd-4I9LshmAS2czR8OgtqMy1yI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/b205f2-8d3c-457c-a63c-5f10ee5fd100/1/gQ1Mk4Ko4bazOy7pZDxAv9B_6qk.roa
Signing time:             Wed 01 Jan 2025 15:47:52 +0000
ROA not before:           Wed 01 Jan 2025 15:47:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16354
IP address blocks:        134.19.136.0/21 maxlen: 21
                          171.22.96.0/22 maxlen: 22
                          185.30.120.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/b205f2-8d3c-457c-a63c-5f10ee5fd100/1/Ymd-4I9LshmAS2czR8OgtqMy1yI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/b205f2-8d3c-457c-a63c-5f10ee5fd100/1/Ymd-4I9LshmAS2czR8OgtqMy1yI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ymd-4I9LshmAS2czR8OgtqMy1yI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 20:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:4a:7f:88:18:1c:51:d7:0b:2f:ee:1a:a6:e9:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62677ee08f4bb219804b673347c3a0b6a332d722
        Validity
            Not Before: Jan  1 15:47:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=810d4c9382a8e1b6b33b2ee9643c40bfd07feaa9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:b6:66:35:6d:89:79:fb:31:de:a0:7b:bb:1e:
                    6a:3f:0a:55:dd:d3:9f:23:8b:2a:36:42:2f:8b:55:
                    47:cc:da:14:d5:45:c5:82:28:03:81:93:b1:d4:5c:
                    87:75:88:cc:72:9c:18:07:0c:0e:86:f1:95:08:1e:
                    0e:e9:c4:61:e4:f1:3c:e0:3c:ca:e2:1a:74:12:14:
                    e0:cb:82:27:be:aa:90:28:ea:76:7c:b0:29:97:6e:
                    5f:8f:0b:cf:9e:b5:bd:b0:24:31:90:cf:ab:7d:9a:
                    85:ad:fe:54:d4:b3:9b:17:36:fa:90:8e:0a:a9:c0:
                    d7:7b:3b:ab:44:50:ae:e0:5f:5c:04:b4:bd:ee:85:
                    14:0a:8e:6a:63:cf:57:46:e6:b2:98:71:bb:6e:dc:
                    ba:63:56:04:43:b9:d0:5a:f2:e7:28:46:75:1e:db:
                    b1:26:7e:90:d1:35:01:ef:b3:e0:e9:c3:58:8b:a7:
                    d3:b8:b0:09:46:6a:4b:bc:9b:79:43:a6:53:89:6a:
                    97:47:13:74:89:79:d4:cc:ce:d6:18:83:a9:ec:1c:
                    3f:0b:e2:d6:1f:21:82:eb:57:02:79:33:9b:ed:4b:
                    67:42:1c:24:56:68:77:5e:8a:f6:cd:a5:c0:c8:42:
                    ba:91:3d:87:d1:78:63:f9:da:fb:ad:ad:04:97:3a:
                    3c:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:0D:4C:93:82:A8:E1:B6:B3:3B:2E:E9:64:3C:40:BF:D0:7F:EA:A9
            X509v3 Authority Key Identifier:
                keyid:62:67:7E:E0:8F:4B:B2:19:80:4B:67:33:47:C3:A0:B6:A3:32:D7:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ymd-4I9LshmAS2czR8OgtqMy1yI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b205f2-8d3c-457c-a63c-5f10ee5fd100/1/gQ1Mk4Ko4bazOy7pZDxAv9B_6qk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b205f2-8d3c-457c-a63c-5f10ee5fd100/1/Ymd-4I9LshmAS2czR8OgtqMy1yI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.19.136.0/21
                  171.22.96.0/22
                  185.30.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a2:ec:1b:cf:06:fe:0c:2e:d4:06:d6:87:a2:04:3f:ba:3e:e5:
         59:15:d7:c2:06:ef:7f:2f:41:6e:9a:62:ee:c7:4e:99:0a:b1:
         f7:82:2e:eb:e6:7a:4e:98:56:3d:9e:ae:6f:4c:87:28:83:f0:
         6c:3b:bd:3c:d0:12:c5:76:56:70:fd:96:40:35:25:60:a0:92:
         83:e2:90:95:d2:91:58:b0:b5:97:df:e5:fd:d7:e8:e8:c5:c0:
         73:18:af:8c:f0:18:73:fd:a4:e6:54:93:c3:65:7f:93:a4:bc:
         dd:ab:be:06:96:49:75:26:d0:26:2b:cb:2f:3f:a6:0f:54:29:
         6d:ad:ec:b8:49:db:73:99:f6:57:7d:53:9d:7a:55:50:18:a6:
         30:74:5d:ff:28:57:09:3b:13:1d:6a:62:1b:9c:37:82:48:af:
         fb:76:c7:35:1e:dd:1e:6f:bd:6c:11:e9:76:a7:b1:29:97:8f:
         c8:a6:b1:b5:ab:c5:f1:4c:d9:cf:39:df:5e:c1:ee:cb:bc:3a:
         fc:c3:26:cd:7a:2d:c9:4c:26:c9:43:ac:e3:c9:61:4a:b0:fa:
         42:58:5a:05:5a:c2:46:c7:94:56:03:4f:31:c9:fe:cd:d3:cf:
         9d:b2:d6:7c:6b:97:b8:ae:f3:b3:ec:d4:08:aa:e4:8b:d3:bc:
         00:c2:87:df
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQijUp/iBgcUdcLL+4apuknMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNjc3ZWUwOGY0YmIyMTk4MDRiNjczMzQ3YzNhMGI2YTMz
MmQ3MjIwHhcNMjUwMTAxMTU0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTBkNGM5MzgyYThlMWI2YjMzYjJlZTk2NDNjNDBiZmQwN2ZlYWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1LZmNW2Jefsx3qB7ux5qPwpV3dOf
I4sqNkIvi1VHzNoU1UXFgigDgZOx1FyHdYjMcpwYBwwOhvGVCB4O6cRh5PE84DzK
4hp0EhTgy4InvqqQKOp2fLApl25fjwvPnrW9sCQxkM+rfZqFrf5U1LObFzb6kI4K
qcDXezurRFCu4F9cBLS97oUUCo5qY89XRuaymHG7bty6Y1YEQ7nQWvLnKEZ1Htux
Jn6Q0TUB77Pg6cNYi6fTuLAJRmpLvJt5Q6ZTiWqXRxN0iXnUzM7WGIOp7Bw/C+LW
HyGC61cCeTOb7UtnQhwkVmh3Xor2zaXAyEK6kT2H0Xhj+dr7ra0Elzo8IwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIENTJOCqOG2szsu6WQ8QL/Qf+qpMB8GA1UdIwQY
MBaAFGJnfuCPS7IZgEtnM0fDoLajMtciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW1kLTRJOUxzaG1BUzJjelI4T2d0cU15MXlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9iMjA1ZjItOGQzYy00NTdjLWE2M2Mt
NWYxMGVlNWZkMTAwLzEvZ1ExTWs0S280YmF6T3k3cFpEeEF2OUJfNnFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9iMjA1ZjItOGQzYy00NTdjLWE2M2MtNWYxMGVlNWZkMTAw
LzEvWW1kLTRJOUxzaG1BUzJjelI4T2d0cU15MXlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDhhOIAwQC
qxZgAwQCuR54MA0GCSqGSIb3DQEBCwUAA4IBAQCi7BvPBv4MLtQG1oeiBD+6PuVZ
FdfCBu9/L0FummLux06ZCrH3gi7r5npOmFY9nq5vTIcog/BsO7080BLFdlZw/ZZA
NSVgoJKD4pCV0pFYsLWX3+X91+joxcBzGK+M8Bhz/aTmVJPDZX+TpLzdq74Glkl1
JtAmK8svP6YPVCltrey4SdtzmfZXfVOdelVQGKYwdF3/KFcJOxMdamIbnDeCSK/7
dsc1Ht0eb71sEel2p7Epl4/IprG1q8XxTNnPOd9ewe7LvDr8wybNei3JTCbJQ6zj
yWFKsPpCWFoFWsJGx5RWA08xyf7N08+dstZ8a5e4rvOz7NQIquSL07wAwoff
-----END CERTIFICATE-----