Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/202a79-5bfe-4a48-a7f9-414196ac646e/1/to-C9o8M7rUM05HxGikjjRHVAbw.roa
File:                     to-C9o8M7rUM05HxGikjjRHVAbw.roa (raw, json)
Hash identifier:          JaaGI9qnzexOYc7maJGwDizpvZfHfNfRXKpM/h4aHAo=
Subject key identifier:   B6:8F:82:F6:8F:0C:EE:B5:0C:D3:91:F1:1A:29:23:8D:11:D5:01:BC
Certificate issuer:       /CN=742b1b5c075c3d3bdfa3525d476b1b2867c2a2ca
Certificate serial:       019422FC0344BB2B6E8FE4D46A250B25B5C9
Authority key identifier: 74:2B:1B:5C:07:5C:3D:3B:DF:A3:52:5D:47:6B:1B:28:67:C2:A2:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dCsbXAdcPTvfo1JdR2sbKGfCoso.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/202a79-5bfe-4a48-a7f9-414196ac646e/1/to-C9o8M7rUM05HxGikjjRHVAbw.roa
Signing time:             Wed 01 Jan 2025 17:48:48 +0000
ROA not before:           Wed 01 Jan 2025 17:48:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60558
IP address blocks:        185.62.36.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/202a79-5bfe-4a48-a7f9-414196ac646e/1/dCsbXAdcPTvfo1JdR2sbKGfCoso.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/202a79-5bfe-4a48-a7f9-414196ac646e/1/dCsbXAdcPTvfo1JdR2sbKGfCoso.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dCsbXAdcPTvfo1JdR2sbKGfCoso.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 05:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:03:44:bb:2b:6e:8f:e4:d4:6a:25:0b:25:b5:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=742b1b5c075c3d3bdfa3525d476b1b2867c2a2ca
        Validity
            Not Before: Jan  1 17:48:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b68f82f68f0ceeb50cd391f11a29238d11d501bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:84:e8:54:77:8e:d6:2a:77:97:e7:19:0b:40:
                    3a:20:2c:7c:bd:61:d1:43:77:b3:d0:8d:dc:bb:4c:
                    f0:90:02:e0:62:7d:e2:eb:8c:61:0f:42:83:7a:4f:
                    60:7b:86:14:40:17:48:6b:20:8e:c4:af:e8:33:5b:
                    cd:aa:82:54:09:6c:f0:bb:26:5d:f0:32:ba:a3:0c:
                    5c:b8:e0:59:68:46:7d:70:61:93:c7:6f:36:64:fb:
                    78:20:88:41:ce:03:96:0e:b7:23:a4:f5:82:79:1c:
                    12:0f:90:40:86:c0:ef:af:86:21:df:fe:ef:4f:c7:
                    12:be:a1:76:b8:ce:cf:f1:93:78:0c:46:32:76:ce:
                    f9:83:86:14:5b:16:35:17:20:24:76:33:63:6f:66:
                    de:e5:b7:c7:d0:8a:34:a6:5f:56:67:7d:bf:9f:33:
                    b2:41:18:2b:2b:16:22:6c:76:51:81:0a:aa:91:82:
                    f0:da:67:ae:01:b4:cf:f5:dc:4f:2e:2e:23:2d:49:
                    c2:84:01:82:41:f6:8e:a2:6a:1a:71:ff:da:fc:e2:
                    82:0f:08:ca:65:f9:9f:ec:6b:f3:58:1e:36:0c:b9:
                    67:47:cf:56:91:87:df:02:b7:d4:4f:c4:cd:92:e2:
                    ed:cb:ce:f1:b7:86:d8:3e:92:f7:c0:e6:52:0c:9a:
                    5d:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:8F:82:F6:8F:0C:EE:B5:0C:D3:91:F1:1A:29:23:8D:11:D5:01:BC
            X509v3 Authority Key Identifier:
                keyid:74:2B:1B:5C:07:5C:3D:3B:DF:A3:52:5D:47:6B:1B:28:67:C2:A2:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dCsbXAdcPTvfo1JdR2sbKGfCoso.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/202a79-5bfe-4a48-a7f9-414196ac646e/1/to-C9o8M7rUM05HxGikjjRHVAbw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/202a79-5bfe-4a48-a7f9-414196ac646e/1/dCsbXAdcPTvfo1JdR2sbKGfCoso.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.62.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         43:cf:8f:21:f4:e1:81:ba:49:55:19:29:20:f6:a0:42:a2:2d:
         34:7f:d8:bf:37:9e:2e:87:90:ba:cc:b5:bd:35:ae:81:9d:79:
         dd:d4:89:3b:e5:54:90:ab:af:ad:a7:e9:d5:4c:85:db:fb:a7:
         77:68:14:86:21:d7:77:63:24:87:78:1f:4c:2e:89:28:36:a4:
         7a:49:5b:e5:96:13:1e:a4:7c:bb:93:ae:8b:be:82:d4:8e:d1:
         f0:f5:e1:db:ed:d2:52:9d:03:b5:53:15:6b:44:03:a2:dd:c0:
         06:30:58:67:14:1c:d5:74:27:75:de:31:83:7a:4f:b5:a6:3c:
         9d:43:6d:42:e2:e1:e6:77:a4:38:06:ee:76:3b:51:19:3e:09:
         a7:58:29:e7:c4:d4:78:b5:78:17:64:3e:d1:e9:f7:93:ee:f6:
         50:99:6b:fd:3c:9b:64:40:25:b3:61:c9:93:0c:f6:9e:58:7f:
         d9:e1:fe:b0:bb:db:c3:64:b2:6d:77:8d:9f:35:94:6a:70:9a:
         0d:c7:23:69:ba:97:ba:58:ed:5d:09:49:07:8e:90:cc:0e:f1:
         a3:99:ee:98:fe:60:04:10:e3:97:ad:db:b1:65:c1:b9:e9:16:
         32:00:7d:e8:df:31:2c:68:b1:96:fb:35:f1:ca:39:35:d0:34:
         ce:1b:77:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/ANEuytuj+TUaiULJbXJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0MmIxYjVjMDc1YzNkM2JkZmEzNTI1ZDQ3NmIxYjI4Njdj
MmEyY2EwHhcNMjUwMTAxMTc0ODQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjhmODJmNjhmMGNlZWI1MGNkMzkxZjExYTI5MjM4ZDExZDUwMWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA74ToVHeO1ip3l+cZC0A6ICx8vWHR
Q3ez0I3cu0zwkALgYn3i64xhD0KDek9ge4YUQBdIayCOxK/oM1vNqoJUCWzwuyZd
8DK6owxcuOBZaEZ9cGGTx282ZPt4IIhBzgOWDrcjpPWCeRwSD5BAhsDvr4Yh3/7v
T8cSvqF2uM7P8ZN4DEYyds75g4YUWxY1FyAkdjNjb2be5bfH0Io0pl9WZ32/nzOy
QRgrKxYibHZRgQqqkYLw2meuAbTP9dxPLi4jLUnChAGCQfaOomoacf/a/OKCDwjK
Zfmf7GvzWB42DLlnR89WkYffArfUT8TNkuLty87xt4bYPpL3wOZSDJpdlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLaPgvaPDO61DNOR8RopI40R1QG8MB8GA1UdIwQY
MBaAFHQrG1wHXD0736NSXUdrGyhnwqLKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZENzYlhBZGNQVHZmbzFKZFIyc2JLR2ZDb3NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8yMDJhNzktNWJmZS00YTQ4LWE3Zjkt
NDE0MTk2YWM2NDZlLzEvdG8tQzlvOE03clVNMDVIeEdpa2pqUkhWQWJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8yMDJhNzktNWJmZS00YTQ4LWE3ZjktNDE0MTk2YWM2NDZl
LzEvZENzYlhBZGNQVHZmbzFKZFIyc2JLR2ZDb3NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuT4kMA0G
CSqGSIb3DQEBCwUAA4IBAQBDz48h9OGBuklVGSkg9qBCoi00f9i/N54uh5C6zLW9
Na6BnXnd1Ik75VSQq6+tp+nVTIXb+6d3aBSGIdd3YySHeB9MLokoNqR6SVvllhMe
pHy7k66LvoLUjtHw9eHb7dJSnQO1UxVrRAOi3cAGMFhnFBzVdCd13jGDek+1pjyd
Q21C4uHmd6Q4Bu52O1EZPgmnWCnnxNR4tXgXZD7R6feT7vZQmWv9PJtkQCWzYcmT
DPaeWH/Z4f6wu9vDZLJtd42fNZRqcJoNxyNpupe6WO1dCUkHjpDMDvGjme6Y/mAE
EOOXrduxZcG56RYyAH3o3zEsaLGW+zXxyjk10DTOG3d3
-----END CERTIFICATE-----