Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/4UstQ9JqIMaeuZcYq1bXCRHsDr8.roa
File:                     4UstQ9JqIMaeuZcYq1bXCRHsDr8.roa (raw, json)
Hash identifier:          lEYWMTirf1653Lsqhz7PFmbem/Vcs20DCQY65H231E0=
Subject key identifier:   E1:4B:2D:43:D2:6A:20:C6:9E:B9:97:18:AB:56:D7:09:11:EC:0E:BF
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       019425FD671716D37D32338E9F2FA9F93DE1
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/4UstQ9JqIMaeuZcYq1bXCRHsDr8.roa
Signing time:             Thu 02 Jan 2025 07:49:11 +0000
ROA not before:           Thu 02 Jan 2025 07:49:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211078
IP address blocks:        62.76.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 02:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:67:17:16:d3:7d:32:33:8e:9f:2f:a9:f9:3d:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  2 07:49:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e14b2d43d26a20c69eb99718ab56d70911ec0ebf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:e2:30:8f:c3:73:83:b2:6b:09:7b:1e:54:50:
                    da:7b:c6:53:cf:b7:63:71:24:89:5b:8f:3e:03:01:
                    8f:f1:57:9a:99:8c:33:b3:2b:ed:d1:48:ff:a2:18:
                    7e:60:80:66:3b:06:13:56:96:75:8b:fb:c2:49:6f:
                    ab:c7:d1:0a:22:5a:25:88:cd:d4:85:0d:34:22:1e:
                    38:38:34:fb:1f:19:2e:86:e6:09:1d:dc:85:b2:5f:
                    e4:e1:67:3a:8e:af:a4:0e:07:5a:79:57:40:c8:75:
                    bd:a8:78:c6:ca:4e:80:87:63:b4:2b:9b:c0:c8:5a:
                    34:67:5f:78:d1:fc:cd:8c:c7:d6:df:ab:b2:2f:d3:
                    76:3f:3c:b3:d3:f1:74:e7:63:0c:4c:c5:db:21:a7:
                    c9:c2:7a:2a:a1:15:58:45:3e:d0:56:5c:60:2b:62:
                    39:56:fe:52:54:ee:62:01:ac:a1:6c:0e:b9:34:69:
                    39:f4:75:53:b5:78:01:13:50:b9:1c:98:50:f6:33:
                    49:0b:4c:b0:ba:f1:ba:ca:c8:d6:0f:f9:1a:e0:01:
                    c0:79:83:fa:91:e4:cc:fd:60:58:e7:ad:85:e1:5d:
                    42:7b:5d:a9:12:db:26:33:3a:e0:fa:07:26:c2:29:
                    a4:ec:1f:3e:d4:58:bb:49:2e:b3:36:3d:2c:1b:84:
                    28:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:4B:2D:43:D2:6A:20:C6:9E:B9:97:18:AB:56:D7:09:11:EC:0E:BF
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/4UstQ9JqIMaeuZcYq1bXCRHsDr8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.76.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:b1:19:a1:f2:b0:40:5b:46:49:a5:89:09:3a:f6:d4:2e:18:
         03:7f:f6:2e:87:08:94:9a:73:df:88:46:be:4a:31:ea:a5:b3:
         50:a1:a0:7a:44:e7:4a:5c:08:8a:ff:be:6b:70:9a:20:13:04:
         db:e4:8e:2e:58:0b:bf:72:bd:cd:03:6a:c8:ef:53:d9:96:20:
         a9:c2:63:df:9f:f0:46:e4:23:3e:61:cd:11:b8:d1:62:5e:c5:
         2a:9d:1c:07:08:30:ed:bd:45:f4:aa:df:30:1e:ec:0a:d3:eb:
         0f:15:de:38:9d:84:dd:84:4d:c1:38:23:b9:d1:9c:79:0d:f5:
         af:58:8b:bb:87:5c:33:e7:e9:91:71:cd:a3:db:31:3b:ef:91:
         e3:36:d6:6b:b3:cf:83:05:ab:47:13:eb:06:e6:8f:31:6f:88:
         0a:d7:8a:5e:e0:5b:b8:2a:c4:b4:bf:af:c1:af:a0:c3:88:85:
         a7:c8:de:24:dd:cb:21:de:5d:73:af:a2:06:c0:58:9f:c5:d2:
         6c:4f:25:5f:a3:82:88:d0:41:58:71:c3:f2:34:24:02:99:e9:
         b0:b2:b0:a7:75:3c:fa:6f:73:92:fa:e2:2c:87:72:17:8d:0b:
         4d:dc:64:48:03:a1:a6:ea:05:a8:c3:00:5c:13:1a:8f:81:46:
         3d:b7:2a:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/WcXFtN9MjOOny+p+T3hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjUwMTAyMDc0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTRiMmQ0M2QyNmEyMGM2OWViOTk3MThhYjU2ZDcwOTExZWMwZWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzeIwj8Nzg7JrCXseVFDae8ZTz7dj
cSSJW48+AwGP8VeamYwzsyvt0Uj/ohh+YIBmOwYTVpZ1i/vCSW+rx9EKIloliM3U
hQ00Ih44ODT7HxkuhuYJHdyFsl/k4Wc6jq+kDgdaeVdAyHW9qHjGyk6Ah2O0K5vA
yFo0Z1940fzNjMfW36uyL9N2Pzyz0/F052MMTMXbIafJwnoqoRVYRT7QVlxgK2I5
Vv5SVO5iAayhbA65NGk59HVTtXgBE1C5HJhQ9jNJC0ywuvG6ysjWD/ka4AHAeYP6
keTM/WBY562F4V1Ce12pEtsmMzrg+gcmwimk7B8+1Fi7SS6zNj0sG4QoKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOFLLUPSaiDGnrmXGKtW1wkR7A6/MB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvNFVzdFE5SnFJTWFldVpjWXExYlhDUkhzRHI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPkwOMA0G
CSqGSIb3DQEBCwUAA4IBAQCHsRmh8rBAW0ZJpYkJOvbULhgDf/YuhwiUmnPfiEa+
SjHqpbNQoaB6ROdKXAiK/75rcJogEwTb5I4uWAu/cr3NA2rI71PZliCpwmPfn/BG
5CM+Yc0RuNFiXsUqnRwHCDDtvUX0qt8wHuwK0+sPFd44nYTdhE3BOCO50Zx5DfWv
WIu7h1wz5+mRcc2j2zE775HjNtZrs8+DBatHE+sG5o8xb4gK14pe4Fu4KsS0v6/B
r6DDiIWnyN4k3csh3l1zr6IGwFifxdJsTyVfo4KI0EFYccPyNCQCmemwsrCndTz6
b3OS+uIsh3IXjQtN3GRIA6Gm6gWowwBcExqPgUY9tyow
-----END CERTIFICATE-----