Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/d43c2c-74e9-47d4-bf62-80f7fd6ea9c9/1/hER6wRwe_hUZJ0u9RImVrBTy1as.roa
File:                     hER6wRwe_hUZJ0u9RImVrBTy1as.roa (raw, json)
Hash identifier:          iyJ20Ahzbr3qZY7vMtDGjDttWYIPJenArxH2H2QEoYE=
Subject key identifier:   84:44:7A:C1:1C:1E:FE:15:19:27:4B:BD:44:89:95:AC:14:F2:D5:AB
Certificate issuer:       /CN=0a41a5a2a18339629cc1303e6dec8bb605ddca65
Certificate serial:       0194274750FF4421237A06AB609818F1D5C2
Authority key identifier: 0A:41:A5:A2:A1:83:39:62:9C:C1:30:3E:6D:EC:8B:B6:05:DD:CA:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CkGloqGDOWKcwTA-beyLtgXdymU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/d43c2c-74e9-47d4-bf62-80f7fd6ea9c9/1/hER6wRwe_hUZJ0u9RImVrBTy1as.roa
Signing time:             Thu 02 Jan 2025 13:49:32 +0000
ROA not before:           Thu 02 Jan 2025 13:49:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62200
IP address blocks:        82.202.164.0/24 maxlen: 24
                          2a09:f907::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/d43c2c-74e9-47d4-bf62-80f7fd6ea9c9/1/CkGloqGDOWKcwTA-beyLtgXdymU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/d43c2c-74e9-47d4-bf62-80f7fd6ea9c9/1/CkGloqGDOWKcwTA-beyLtgXdymU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CkGloqGDOWKcwTA-beyLtgXdymU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 15:18:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:50:ff:44:21:23:7a:06:ab:60:98:18:f1:d5:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a41a5a2a18339629cc1303e6dec8bb605ddca65
        Validity
            Not Before: Jan  2 13:49:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=84447ac11c1efe1519274bbd448995ac14f2d5ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:ce:6a:73:da:e1:6a:cc:5f:04:51:b8:58:47:
                    5f:4b:08:f9:a0:fc:b3:6c:a8:4a:04:bc:1e:8a:f8:
                    5a:12:26:b5:9c:bb:dc:e0:4b:42:86:f0:14:43:62:
                    52:32:01:29:4d:b1:ab:ec:33:bb:a7:8a:7a:7c:f9:
                    06:84:9b:32:b8:84:86:d1:22:f3:f5:4f:ff:01:11:
                    1e:27:07:c9:eb:0d:0e:73:ce:ad:ef:8f:46:20:0a:
                    d1:30:96:d6:57:a9:17:ad:ad:19:4e:41:23:03:6e:
                    ac:d6:2d:75:e5:56:03:cd:fa:7e:85:a5:cd:c1:f2:
                    ca:e7:7b:39:44:7c:69:09:33:8d:49:73:57:1e:bf:
                    12:e6:10:6b:cf:7c:55:c6:f9:ea:24:f5:6e:9e:e6:
                    7d:56:f1:68:b5:21:9b:e8:20:4c:60:4e:23:56:cb:
                    7a:33:b2:e0:b6:ef:ee:5f:31:37:be:e8:21:e0:f7:
                    62:d0:51:88:10:8b:31:22:d5:db:ac:9a:4a:18:fe:
                    ca:71:61:0f:d1:b1:e2:7f:53:96:20:a2:d8:e5:d6:
                    8a:31:8e:b2:bf:96:b1:f4:d2:86:93:80:69:fb:70:
                    29:ee:a3:a0:b1:9d:1d:56:10:b4:56:ef:48:66:11:
                    23:18:a2:17:db:8d:f4:2f:b0:a9:2e:11:4a:03:1a:
                    5b:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:44:7A:C1:1C:1E:FE:15:19:27:4B:BD:44:89:95:AC:14:F2:D5:AB
            X509v3 Authority Key Identifier:
                keyid:0A:41:A5:A2:A1:83:39:62:9C:C1:30:3E:6D:EC:8B:B6:05:DD:CA:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CkGloqGDOWKcwTA-beyLtgXdymU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/d43c2c-74e9-47d4-bf62-80f7fd6ea9c9/1/hER6wRwe_hUZJ0u9RImVrBTy1as.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/d43c2c-74e9-47d4-bf62-80f7fd6ea9c9/1/CkGloqGDOWKcwTA-beyLtgXdymU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.202.164.0/24
                IPv6:
                  2a09:f907::/32

    Signature Algorithm: sha256WithRSAEncryption
         9c:87:2f:ab:8c:52:ca:40:2f:2d:fd:9a:e6:f1:dc:0d:bf:20:
         c2:cf:39:fd:4e:ab:d8:f6:e1:a2:09:26:f1:a5:9b:ea:30:53:
         b7:2e:8c:14:3b:a9:6f:45:aa:59:e9:99:c2:ba:fc:dc:42:1c:
         9e:93:ac:dd:e4:b0:68:05:e5:9b:78:3f:11:74:73:5f:c4:ab:
         67:0b:b7:fd:c4:35:e8:f7:84:f1:eb:6c:ff:70:22:47:c6:d5:
         a8:13:1a:e4:09:12:7e:04:18:ec:b8:33:63:a0:05:63:2d:88:
         10:1b:43:60:80:6d:b4:74:a4:01:be:7f:d2:54:65:fd:0e:4f:
         b4:39:e4:16:e3:7e:6f:02:e4:5f:d5:91:11:75:b1:b4:12:d0:
         1b:7a:59:18:73:64:ab:d3:05:8b:2e:ff:98:a2:bf:f6:a5:18:
         50:21:93:d5:22:5f:06:35:3a:95:89:4a:3f:9d:8d:59:c5:b1:
         08:d5:1b:3d:27:30:66:ea:3c:17:66:c6:b5:1c:6b:ed:54:88:
         92:30:52:1f:c7:5d:6f:72:77:1f:d5:4d:51:5e:aa:fb:87:b0:
         59:b9:25:d9:2f:b8:37:c8:a1:92:94:b9:fb:c2:ed:50:aa:71:
         8e:03:fa:4b:8b:3b:dc:c0:0d:2b:b4:13:cc:27:29:23:4d:25:
         cf:96:f9:2f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQnR1D/RCEjegarYJgY8dXCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhNDFhNWEyYTE4MzM5NjI5Y2MxMzAzZTZkZWM4YmI2MDVk
ZGNhNjUwHhcNMjUwMTAyMTM0OTMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDQ0N2FjMTFjMWVmZTE1MTkyNzRiYmQ0NDg5OTVhYzE0ZjJkNWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAss5qc9rhasxfBFG4WEdfSwj5oPyz
bKhKBLweivhaEia1nLvc4EtChvAUQ2JSMgEpTbGr7DO7p4p6fPkGhJsyuISG0SLz
9U//AREeJwfJ6w0Oc86t749GIArRMJbWV6kXra0ZTkEjA26s1i115VYDzfp+haXN
wfLK53s5RHxpCTONSXNXHr8S5hBrz3xVxvnqJPVunuZ9VvFotSGb6CBMYE4jVst6
M7Lgtu/uXzE3vugh4Pdi0FGIEIsxItXbrJpKGP7KcWEP0bHif1OWIKLY5daKMY6y
v5ax9NKGk4Bp+3Ap7qOgsZ0dVhC0Vu9IZhEjGKIX2430L7CpLhFKAxpb0QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIREesEcHv4VGSdLvUSJlawU8tWrMB8GA1UdIwQY
MBaAFApBpaKhgzlinMEwPm3si7YF3cplMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2tHbG9xR0RPV0tjd1RBLWJleUx0Z1hkeW1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS9kNDNjMmMtNzRlOS00N2Q0LWJmNjIt
ODBmN2ZkNmVhOWM5LzEvaEVSNndSd2VfaFVaSjB1OVJJbVZyQlR5MWFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS9kNDNjMmMtNzRlOS00N2Q0LWJmNjItODBmN2ZkNmVhOWM5
LzEvQ2tHbG9xR0RPV0tjd1RBLWJleUx0Z1hkeW1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAUsqkMA0E
AgACMAcDBQAqCfkHMA0GCSqGSIb3DQEBCwUAA4IBAQCchy+rjFLKQC8t/Zrm8dwN
vyDCzzn9TqvY9uGiCSbxpZvqMFO3LowUO6lvRapZ6ZnCuvzcQhyek6zd5LBoBeWb
eD8RdHNfxKtnC7f9xDXo94Tx62z/cCJHxtWoExrkCRJ+BBjsuDNjoAVjLYgQG0Ng
gG20dKQBvn/SVGX9Dk+0OeQW435vAuRf1ZERdbG0EtAbelkYc2Sr0wWLLv+Yor/2
pRhQIZPVIl8GNTqViUo/nY1ZxbEI1Rs9JzBm6jwXZsa1HGvtVIiSMFIfx11vcncf
1U1RXqr7h7BZuSXZL7g3yKGSlLn7wu1QqnGOA/pLizvcwA0rtBPMJykjTSXPlvkv
-----END CERTIFICATE-----