Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/6155d5-31ba-4239-a753-f287b7b6d7b2/1/PCsNRmePbsa0e_oFwYPynvY9VHo.roa
File:                     PCsNRmePbsa0e_oFwYPynvY9VHo.roa (raw, json)
Hash identifier:          RquScR+SoymapgsuHQnGU+jgf18EzJeo/wdLZPwz40M=
Subject key identifier:   3C:2B:0D:46:67:8F:6E:C6:B4:7B:FA:05:C1:83:F2:9E:F6:3D:54:7A
Certificate issuer:       /CN=654abc8e45de231fb829bca22bb2f0b31e1f7af5
Certificate serial:       0194258F6E10D2571D097C45CE28D78CBDCC
Authority key identifier: 65:4A:BC:8E:45:DE:23:1F:B8:29:BC:A2:2B:B2:F0:B3:1E:1F:7A:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZUq8jkXeIx-4KbyiK7Lwsx4fevU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/6155d5-31ba-4239-a753-f287b7b6d7b2/1/PCsNRmePbsa0e_oFwYPynvY9VHo.roa
Signing time:             Thu 02 Jan 2025 05:49:04 +0000
ROA not before:           Thu 02 Jan 2025 05:49:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56874
IP address blocks:        185.62.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/6155d5-31ba-4239-a753-f287b7b6d7b2/1/ZUq8jkXeIx-4KbyiK7Lwsx4fevU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/6155d5-31ba-4239-a753-f287b7b6d7b2/1/ZUq8jkXeIx-4KbyiK7Lwsx4fevU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZUq8jkXeIx-4KbyiK7Lwsx4fevU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:6e:10:d2:57:1d:09:7c:45:ce:28:d7:8c:bd:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=654abc8e45de231fb829bca22bb2f0b31e1f7af5
        Validity
            Not Before: Jan  2 05:49:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3c2b0d46678f6ec6b47bfa05c183f29ef63d547a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:73:ae:7f:d2:27:e9:5c:e0:c1:e8:97:a0:60:
                    21:e8:3a:30:34:ac:62:b1:dd:08:ac:f4:b3:e2:57:
                    9f:d6:43:ab:73:58:0f:88:fd:da:cc:2f:69:36:73:
                    42:cf:5d:65:8b:9a:a9:12:df:29:d9:10:bd:9f:b0:
                    8e:59:f2:24:a7:cd:6c:68:52:56:b6:97:82:86:98:
                    e9:4c:91:86:74:79:ec:63:7e:4c:82:82:d4:d9:ea:
                    97:da:03:cb:ee:9f:37:4e:8e:e9:fe:2a:8e:27:18:
                    91:05:5b:32:9d:e7:23:4e:49:9e:9e:c3:0d:7c:16:
                    dc:55:10:52:d1:d1:d2:7e:68:d6:45:2c:10:df:7a:
                    e3:ed:5f:07:6f:26:8c:49:46:7b:45:58:0b:be:20:
                    94:1e:c2:10:3f:13:ae:a7:a3:0f:a8:27:08:4a:2b:
                    b1:72:55:0c:19:18:95:d0:c8:66:73:5d:7a:1d:5d:
                    d5:ce:c7:7a:d7:5a:23:00:6e:57:eb:5a:e2:e1:1e:
                    d7:58:b1:80:d2:0e:81:d1:31:cf:e7:a5:68:50:41:
                    0b:44:d5:63:b9:c3:6f:78:62:ba:c1:b6:ad:12:d2:
                    e2:a4:f7:0c:e7:82:83:e4:32:61:f9:6d:37:5b:01:
                    f7:3b:0f:17:c5:18:27:70:42:6e:6d:d1:ff:5c:f3:
                    9e:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:2B:0D:46:67:8F:6E:C6:B4:7B:FA:05:C1:83:F2:9E:F6:3D:54:7A
            X509v3 Authority Key Identifier:
                keyid:65:4A:BC:8E:45:DE:23:1F:B8:29:BC:A2:2B:B2:F0:B3:1E:1F:7A:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZUq8jkXeIx-4KbyiK7Lwsx4fevU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/6155d5-31ba-4239-a753-f287b7b6d7b2/1/PCsNRmePbsa0e_oFwYPynvY9VHo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/6155d5-31ba-4239-a753-f287b7b6d7b2/1/ZUq8jkXeIx-4KbyiK7Lwsx4fevU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.62.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:43:7a:24:24:28:04:e6:44:4d:a6:b1:ef:bc:27:d4:fd:9d:
         8a:b9:18:ea:1c:1c:6e:44:a8:c1:ef:0b:b9:c2:df:4c:65:76:
         c4:c3:61:aa:d3:67:53:e3:67:cb:80:b9:de:a2:28:e1:41:ad:
         25:f8:6f:34:03:64:20:76:c8:67:75:12:15:f5:c5:7f:c6:30:
         e5:24:f3:04:cd:d4:ae:35:9a:31:fc:f4:68:d3:d9:ba:db:04:
         c8:99:16:bd:56:08:7a:a0:5f:48:4c:d8:11:5e:c3:c4:13:93:
         10:93:14:68:6e:1b:86:f9:7b:22:38:d3:ab:d9:a1:a2:11:b1:
         eb:5d:aa:e9:d4:05:32:59:52:ac:78:d3:a7:39:41:97:73:9d:
         bf:e1:7a:39:fd:f4:07:88:e8:10:94:7d:69:da:e9:24:c3:04:
         ba:6c:ce:ce:87:02:74:d1:f3:a6:01:af:5e:a6:d8:af:dc:28:
         dc:e5:43:f9:a0:bf:8a:e9:26:7c:3f:d5:bf:86:58:13:07:65:
         e6:04:ba:5e:09:3a:06:cf:75:50:3c:37:64:ae:65:4f:37:ec:
         c0:0d:26:6b:a4:ba:95:7b:a6:74:0d:31:c6:7b:9f:7c:2f:c3:
         54:d1:2a:0c:4b:0e:ae:cf:80:4e:f4:c0:b2:eb:5e:9f:bb:2c:
         b0:53:84:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj24Q0lcdCXxFzijXjL3MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1NGFiYzhlNDVkZTIzMWZiODI5YmNhMjJiYjJmMGIzMWUx
ZjdhZjUwHhcNMjUwMTAyMDU0OTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzJiMGQ0NjY3OGY2ZWM2YjQ3YmZhMDVjMTgzZjI5ZWY2M2Q1NDdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxHOuf9In6VzgweiXoGAh6DowNKxi
sd0IrPSz4lef1kOrc1gPiP3azC9pNnNCz11li5qpEt8p2RC9n7COWfIkp81saFJW
tpeChpjpTJGGdHnsY35MgoLU2eqX2gPL7p83To7p/iqOJxiRBVsynecjTkmensMN
fBbcVRBS0dHSfmjWRSwQ33rj7V8HbyaMSUZ7RVgLviCUHsIQPxOup6MPqCcISiux
clUMGRiV0Mhmc116HV3Vzsd611ojAG5X61ri4R7XWLGA0g6B0THP56VoUEELRNVj
ucNveGK6wbatEtLipPcM54KD5DJh+W03WwH3Ow8XxRgncEJubdH/XPOeyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDwrDUZnj27GtHv6BcGD8p72PVR6MB8GA1UdIwQY
MBaAFGVKvI5F3iMfuCm8oiuy8LMeH3r1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlVxOGprWGVJeC00S2J5aUs3THdzeDRmZXZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS82MTU1ZDUtMzFiYS00MjM5LWE3NTMt
ZjI4N2I3YjZkN2IyLzEvUENzTlJtZVBic2EwZV9vRndZUHludlk5VkhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS82MTU1ZDUtMzFiYS00MjM5LWE3NTMtZjI4N2I3YjZkN2Iy
LzEvWlVxOGprWGVJeC00S2J5aUs3THdzeDRmZXZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuT7lMA0G
CSqGSIb3DQEBCwUAA4IBAQAmQ3okJCgE5kRNprHvvCfU/Z2KuRjqHBxuRKjB7wu5
wt9MZXbEw2Gq02dT42fLgLneoijhQa0l+G80A2QgdshndRIV9cV/xjDlJPMEzdSu
NZox/PRo09m62wTImRa9Vgh6oF9ITNgRXsPEE5MQkxRobhuG+XsiONOr2aGiEbHr
Xarp1AUyWVKseNOnOUGXc52/4Xo5/fQHiOgQlH1p2ukkwwS6bM7OhwJ00fOmAa9e
ptiv3Cjc5UP5oL+K6SZ8P9W/hlgTB2XmBLpeCToGz3VQPDdkrmVPN+zADSZrpLqV
e6Z0DTHGe598L8NU0SoMSw6uz4BO9MCy616fuyywU4Sb
-----END CERTIFICATE-----