Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/1a830a-f061-4cdc-bafb-a2fe9f015d71/1/U_VYKpyLv0RVfRm74yG5a_Vrkf4.roa
File:                     U_VYKpyLv0RVfRm74yG5a_Vrkf4.roa (raw, json)
Hash identifier:          el4MUGQYFxb5aJybMsuuruh6kVWrWKqPLvaGeVjGVyY=
Subject key identifier:   53:F5:58:2A:9C:8B:BF:44:55:7D:19:BB:E3:21:B9:6B:F5:6B:91:FE
Certificate issuer:       /CN=efad344eb5f7eb1dee4b8f8435fb5b9d87663e9d
Certificate serial:       019424B3A37C045E7EEF00CC9E41209F5E40
Authority key identifier: EF:AD:34:4E:B5:F7:EB:1D:EE:4B:8F:84:35:FB:5B:9D:87:66:3E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7600TrX36x3uS4-ENftbnYdmPp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/1a830a-f061-4cdc-bafb-a2fe9f015d71/1/U_VYKpyLv0RVfRm74yG5a_Vrkf4.roa
Signing time:             Thu 02 Jan 2025 01:49:00 +0000
ROA not before:           Thu 02 Jan 2025 01:49:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212377
IP address blocks:        62.36.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/1a830a-f061-4cdc-bafb-a2fe9f015d71/1/7600TrX36x3uS4-ENftbnYdmPp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/1a830a-f061-4cdc-bafb-a2fe9f015d71/1/7600TrX36x3uS4-ENftbnYdmPp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7600TrX36x3uS4-ENftbnYdmPp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:a3:7c:04:5e:7e:ef:00:cc:9e:41:20:9f:5e:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=efad344eb5f7eb1dee4b8f8435fb5b9d87663e9d
        Validity
            Not Before: Jan  2 01:49:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=53f5582a9c8bbf44557d19bbe321b96bf56b91fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:b3:e9:e2:39:34:3d:88:7f:44:f2:47:82:2d:
                    2c:f1:ee:d3:ef:99:91:d4:e9:e8:d0:73:6c:01:3e:
                    83:ed:29:97:ea:2f:61:1d:00:88:3c:67:01:b7:64:
                    fe:08:cd:d5:d9:47:68:d8:80:2b:1b:a5:b6:d9:93:
                    35:30:84:ab:b5:7f:7c:2f:b6:ad:42:9b:bc:ec:ab:
                    91:f6:68:3d:1d:a0:66:a8:8d:c0:aa:89:e1:9b:dc:
                    90:14:75:c1:38:b2:75:ba:3f:bc:ff:c4:ae:6f:3e:
                    4c:03:ab:06:82:56:9b:f0:ce:fb:0e:99:a4:48:4f:
                    d8:fb:56:44:8f:af:82:ac:4f:3b:5d:66:95:33:4d:
                    5f:39:36:d2:8e:b8:e3:62:fe:72:ad:10:6f:25:24:
                    26:e5:0a:f8:ae:90:41:e7:b9:e2:77:e0:7d:bd:3e:
                    6e:60:41:05:28:5a:fb:86:cd:ef:7e:5b:0b:e1:c0:
                    06:14:32:7c:b8:71:d3:33:06:a3:23:1a:06:9b:b1:
                    ba:52:e5:e3:fd:28:85:fe:db:d6:6e:d8:44:8d:43:
                    f0:63:41:8a:aa:70:81:d7:ee:81:48:76:69:7e:87:
                    29:db:f7:fc:64:1b:f4:2c:1b:3c:bf:b5:af:44:eb:
                    d7:5d:a0:6d:2f:ab:79:f6:0d:15:7e:44:3e:af:68:
                    8a:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:F5:58:2A:9C:8B:BF:44:55:7D:19:BB:E3:21:B9:6B:F5:6B:91:FE
            X509v3 Authority Key Identifier:
                keyid:EF:AD:34:4E:B5:F7:EB:1D:EE:4B:8F:84:35:FB:5B:9D:87:66:3E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7600TrX36x3uS4-ENftbnYdmPp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/1a830a-f061-4cdc-bafb-a2fe9f015d71/1/U_VYKpyLv0RVfRm74yG5a_Vrkf4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/1a830a-f061-4cdc-bafb-a2fe9f015d71/1/7600TrX36x3uS4-ENftbnYdmPp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.36.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:d4:c6:47:6e:91:53:91:14:e5:fe:39:cb:f8:47:b6:81:b1:
         2b:9f:e2:b0:51:19:12:1e:19:44:d0:09:39:8d:ae:6e:d2:a0:
         88:52:d5:49:2f:9c:8e:0d:c9:e9:71:47:00:71:7b:77:c0:1c:
         86:ec:32:6f:4a:dd:ce:b5:2c:ff:41:fa:72:da:be:81:83:5d:
         7f:5a:a2:08:5b:98:af:05:df:d7:ec:c5:f6:a8:d1:78:3c:ef:
         28:6b:25:f9:b4:45:0e:e7:0f:a3:be:c4:91:3e:51:01:fa:ec:
         0d:61:1c:f6:61:26:5c:f1:71:4e:13:5f:f6:80:85:6c:9d:49:
         07:95:4a:a0:3c:c4:26:4b:c8:6b:a6:b5:d8:99:83:19:95:05:
         38:f7:ca:a8:88:04:5d:2e:fc:df:68:88:6e:5b:1e:50:d2:9d:
         bc:1e:c4:29:dc:98:34:00:c6:72:30:95:d7:dd:13:60:c5:fe:
         2e:60:a9:7f:7a:bc:98:39:bf:8d:88:f9:16:89:2f:d3:28:a7:
         06:cf:ec:ea:ad:09:fd:22:13:e7:79:c8:bf:4c:0f:a2:3d:65:
         a6:e4:c3:f4:32:6d:60:0f:e0:27:ed:f4:d7:de:77:7b:f7:8b:
         22:57:74:1b:51:93:48:49:b7:cc:22:af:a5:b8:f2:d8:ab:24:
         19:97:fd:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks6N8BF5+7wDMnkEgn15AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmYWQzNDRlYjVmN2ViMWRlZTRiOGY4NDM1ZmI1YjlkODc2
NjNlOWQwHhcNMjUwMTAyMDE0OTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2Y1NTgyYTljOGJiZjQ0NTU3ZDE5YmJlMzIxYjk2YmY1NmI5MWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLPp4jk0PYh/RPJHgi0s8e7T75mR
1Ono0HNsAT6D7SmX6i9hHQCIPGcBt2T+CM3V2Udo2IArG6W22ZM1MISrtX98L7at
Qpu87KuR9mg9HaBmqI3Aqonhm9yQFHXBOLJ1uj+8/8Subz5MA6sGglab8M77Dpmk
SE/Y+1ZEj6+CrE87XWaVM01fOTbSjrjjYv5yrRBvJSQm5Qr4rpBB57nid+B9vT5u
YEEFKFr7hs3vflsL4cAGFDJ8uHHTMwajIxoGm7G6UuXj/SiF/tvWbthEjUPwY0GK
qnCB1+6BSHZpfocp2/f8ZBv0LBs8v7WvROvXXaBtL6t59g0VfkQ+r2iKkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFP1WCqci79EVX0Zu+MhuWv1a5H+MB8GA1UdIwQY
MBaAFO+tNE619+sd7kuPhDX7W52HZj6dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzYwMFRyWDM2eDN1UzQtRU5mdGJuWWRtUHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8xYTgzMGEtZjA2MS00Y2RjLWJhZmIt
YTJmZTlmMDE1ZDcxLzEvVV9WWUtweUx2MFJWZlJtNzR5RzVhX1Zya2Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8xYTgzMGEtZjA2MS00Y2RjLWJhZmItYTJmZTlmMDE1ZDcx
LzEvNzYwMFRyWDM2eDN1UzQtRU5mdGJuWWRtUHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPiQ3MA0G
CSqGSIb3DQEBCwUAA4IBAQAY1MZHbpFTkRTl/jnL+Ee2gbErn+KwURkSHhlE0Ak5
ja5u0qCIUtVJL5yODcnpcUcAcXt3wByG7DJvSt3OtSz/Qfpy2r6Bg11/WqIIW5iv
Bd/X7MX2qNF4PO8oayX5tEUO5w+jvsSRPlEB+uwNYRz2YSZc8XFOE1/2gIVsnUkH
lUqgPMQmS8hrprXYmYMZlQU498qoiARdLvzfaIhuWx5Q0p28HsQp3Jg0AMZyMJXX
3RNgxf4uYKl/eryYOb+NiPkWiS/TKKcGz+zqrQn9IhPneci/TA+iPWWm5MP0Mm1g
D+An7fTX3nd794siV3QbUZNISbfMIq+luPLYqyQZl/3+
-----END CERTIFICATE-----