Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/480f4a-a937-4149-aee8-e32924ac7b63/1/YtQ9-mlElYwUpXvtTBFXExjq8_8.roa
File:                     YtQ9-mlElYwUpXvtTBFXExjq8_8.roa (raw, json)
Hash identifier:          wqv6+ikYWOEh+dOT8PJAZxp/xzYOpnhQ7lDZyj0SG6U=
Subject key identifier:   62:D4:3D:FA:69:44:95:8C:14:A5:7B:ED:4C:11:57:13:18:EA:F3:FF
Certificate issuer:       /CN=b78678bd654ca6b10a5c773bc269754dc234cfd5
Certificate serial:       01972F42C69F7985326070A1FE8534C929B9
Authority key identifier: B7:86:78:BD:65:4C:A6:B1:0A:5C:77:3B:C2:69:75:4D:C2:34:CF:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t4Z4vWVMprEKXHc7wml1TcI0z9U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/480f4a-a937-4149-aee8-e32924ac7b63/1/YtQ9-mlElYwUpXvtTBFXExjq8_8.roa
Signing time:             Mon 02 Jun 2025 06:09:54 +0000
ROA not before:           Mon 02 Jun 2025 06:09:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214123
IP address blocks:        192.140.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/480f4a-a937-4149-aee8-e32924ac7b63/1/t4Z4vWVMprEKXHc7wml1TcI0z9U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/480f4a-a937-4149-aee8-e32924ac7b63/1/t4Z4vWVMprEKXHc7wml1TcI0z9U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t4Z4vWVMprEKXHc7wml1TcI0z9U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:2f:42:c6:9f:79:85:32:60:70:a1:fe:85:34:c9:29:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b78678bd654ca6b10a5c773bc269754dc234cfd5
        Validity
            Not Before: Jun  2 06:09:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=62d43dfa6944958c14a57bed4c11571318eaf3ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:b1:9f:75:84:12:e8:1f:b5:13:99:1d:2a:e0:
                    cf:7d:71:53:67:b1:a1:37:d0:b3:9e:29:88:26:95:
                    e3:eb:e4:db:cb:3f:86:de:42:2a:26:00:8f:e4:62:
                    69:c9:86:da:35:ad:14:65:5d:d6:60:29:bd:fe:14:
                    c6:57:06:99:f3:fd:7b:c6:27:c2:2f:df:c6:df:e2:
                    5d:1c:90:04:c8:de:85:52:7e:6b:c6:b0:a4:6d:ea:
                    85:4c:24:66:16:2f:df:bc:87:cc:7b:9c:f9:c3:e3:
                    fc:38:64:14:6b:a3:06:8c:8b:0b:09:e3:70:d3:14:
                    71:99:8e:77:f0:c6:91:a5:1a:7e:ef:54:7b:73:2a:
                    16:f1:fc:7f:a4:0f:ec:48:04:83:74:cf:49:8c:87:
                    56:19:75:be:8d:cf:5b:45:fa:dc:a9:e4:f5:fd:33:
                    2c:14:19:70:3f:6e:77:5e:dd:d7:ea:f4:6b:6d:ea:
                    a4:54:83:9e:66:a9:b5:e7:f9:dd:be:c1:9c:28:d0:
                    27:9e:ca:bf:f7:ac:a0:d2:07:41:c9:e7:f3:a8:79:
                    13:3d:3c:9e:8f:18:ea:23:d1:be:16:42:75:9a:80:
                    44:0d:bf:5d:1c:7b:9b:b6:a3:e7:06:fb:79:61:86:
                    5e:de:3a:7c:78:21:1f:ce:8c:0f:f3:ab:8a:bd:f8:
                    7b:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:D4:3D:FA:69:44:95:8C:14:A5:7B:ED:4C:11:57:13:18:EA:F3:FF
            X509v3 Authority Key Identifier:
                keyid:B7:86:78:BD:65:4C:A6:B1:0A:5C:77:3B:C2:69:75:4D:C2:34:CF:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t4Z4vWVMprEKXHc7wml1TcI0z9U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/480f4a-a937-4149-aee8-e32924ac7b63/1/YtQ9-mlElYwUpXvtTBFXExjq8_8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/480f4a-a937-4149-aee8-e32924ac7b63/1/t4Z4vWVMprEKXHc7wml1TcI0z9U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.140.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:d1:75:0c:e9:64:56:dd:f2:3a:36:a0:48:8d:09:26:b5:51:
         0f:96:1f:4a:de:92:4b:b3:15:62:a8:4e:e1:8a:f0:5f:7b:02:
         cc:78:c3:4a:7a:10:d0:85:7d:9e:4f:17:d5:bf:3c:06:d1:d2:
         c3:47:73:e0:f8:c0:f4:c6:f9:f9:d5:f0:d6:57:fb:de:1d:59:
         85:3e:f1:7d:da:3a:c1:ac:c8:71:23:51:cf:6e:57:eb:8d:1c:
         c5:c3:8b:82:f1:ef:4a:c5:93:78:eb:fa:19:27:16:a6:5b:b9:
         9f:47:27:ef:35:15:b0:a4:c4:4f:d1:c1:48:f2:94:d6:1b:56:
         a6:5d:a1:e5:f6:83:f9:52:fc:9a:08:fd:01:e7:c6:33:dc:3a:
         44:eb:93:c1:e9:be:f1:3c:ca:de:05:1d:06:21:4a:d2:3f:bb:
         87:22:46:96:6c:4c:40:82:49:11:f2:07:ac:eb:d2:dc:62:05:
         e2:11:54:74:2f:f1:29:77:92:72:de:b2:cf:21:03:c7:ad:2f:
         d4:28:18:22:1c:6c:9f:fb:45:61:cf:c4:12:0f:d1:cc:6e:56:
         0c:9a:5b:1e:8c:60:84:f4:82:79:99:0e:2c:a4:78:db:01:dc:
         08:d4:75:9d:fe:ad:64:af:b9:3d:f8:df:10:be:41:45:b6:57:
         e7:e4:bb:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcvQsafeYUyYHCh/oU0ySm5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3ODY3OGJkNjU0Y2E2YjEwYTVjNzczYmMyNjk3NTRkYzIz
NGNmZDUwHhcNMjUwNjAyMDYwOTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmQ0M2RmYTY5NDQ5NThjMTRhNTdiZWQ0YzExNTcxMzE4ZWFmM2ZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0bGfdYQS6B+1E5kdKuDPfXFTZ7Gh
N9CznimIJpXj6+Tbyz+G3kIqJgCP5GJpyYbaNa0UZV3WYCm9/hTGVwaZ8/17xifC
L9/G3+JdHJAEyN6FUn5rxrCkbeqFTCRmFi/fvIfMe5z5w+P8OGQUa6MGjIsLCeNw
0xRxmY538MaRpRp+71R7cyoW8fx/pA/sSASDdM9JjIdWGXW+jc9bRfrcqeT1/TMs
FBlwP253Xt3X6vRrbeqkVIOeZqm15/ndvsGcKNAnnsq/96yg0gdByefzqHkTPTye
jxjqI9G+FkJ1moBEDb9dHHubtqPnBvt5YYZe3jp8eCEfzowP86uKvfh78wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGLUPfppRJWMFKV77UwRVxMY6vP/MB8GA1UdIwQY
MBaAFLeGeL1lTKaxClx3O8JpdU3CNM/VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDRaNHZXVk1wckVLWEhjN3dtbDFUY0kwejlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS80ODBmNGEtYTkzNy00MTQ5LWFlZTgt
ZTMyOTI0YWM3YjYzLzEvWXRROS1tbEVsWXdVcFh2dFRCRlhFeGpxOF84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS80ODBmNGEtYTkzNy00MTQ5LWFlZTgtZTMyOTI0YWM3YjYz
LzEvdDRaNHZXVk1wckVLWEhjN3dtbDFUY0kwejlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwIzlMA0G
CSqGSIb3DQEBCwUAA4IBAQBP0XUM6WRW3fI6NqBIjQkmtVEPlh9K3pJLsxViqE7h
ivBfewLMeMNKehDQhX2eTxfVvzwG0dLDR3Pg+MD0xvn51fDWV/veHVmFPvF92jrB
rMhxI1HPblfrjRzFw4uC8e9KxZN46/oZJxamW7mfRyfvNRWwpMRP0cFI8pTWG1am
XaHl9oP5UvyaCP0B58Yz3DpE65PB6b7xPMreBR0GIUrSP7uHIkaWbExAgkkR8ges
69LcYgXiEVR0L/Epd5Jy3rLPIQPHrS/UKBgiHGyf+0Vhz8QSD9HMblYMmlsejGCE
9IJ5mQ4spHjbAdwI1HWd/q1kr7k9+N8QvkFFtlfn5Ls3
-----END CERTIFICATE-----