Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/74b280-e1b4-4310-8085-d65617bd3b4f/1/ibL-wM5Utk3qSFo0-NrYlsVtpTI.roa
File:                     ibL-wM5Utk3qSFo0-NrYlsVtpTI.roa (raw, json)
Hash identifier:          H67n/HQzKROWvSa4M/HKFg5PRZKUR6a+MTAqwbhiOYk=
Subject key identifier:   89:B2:FE:C0:CE:54:B6:4D:EA:48:5A:34:F8:DA:D8:96:C5:6D:A5:32
Certificate issuer:       /CN=0a6d5b2c6ea00931631554066f995146e3ff0144
Certificate serial:       019423699107168D97D25A9ED98E4B753935
Authority key identifier: 0A:6D:5B:2C:6E:A0:09:31:63:15:54:06:6F:99:51:46:E3:FF:01:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Cm1bLG6gCTFjFVQGb5lRRuP_AUQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/74b280-e1b4-4310-8085-d65617bd3b4f/1/ibL-wM5Utk3qSFo0-NrYlsVtpTI.roa
Signing time:             Wed 01 Jan 2025 19:48:28 +0000
ROA not before:           Wed 01 Jan 2025 19:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198471
IP address blocks:        62.170.168.0/22 maxlen: 24
                          83.98.80.0/20 maxlen: 24
                          109.235.156.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/74b280-e1b4-4310-8085-d65617bd3b4f/1/Cm1bLG6gCTFjFVQGb5lRRuP_AUQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/74b280-e1b4-4310-8085-d65617bd3b4f/1/Cm1bLG6gCTFjFVQGb5lRRuP_AUQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Cm1bLG6gCTFjFVQGb5lRRuP_AUQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 22:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:91:07:16:8d:97:d2:5a:9e:d9:8e:4b:75:39:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a6d5b2c6ea00931631554066f995146e3ff0144
        Validity
            Not Before: Jan  1 19:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=89b2fec0ce54b64dea485a34f8dad896c56da532
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:2e:4d:0e:f1:53:65:7d:b1:82:72:4c:75:b7:
                    a0:e2:e9:cf:2e:1f:40:ab:ee:3f:a4:60:06:f7:52:
                    15:8f:7c:7b:3f:9c:ea:10:20:9d:1b:39:70:59:d9:
                    4e:fb:d0:5b:d3:08:54:4e:a6:c0:3e:17:a1:af:ac:
                    72:14:e5:c2:ff:d3:c0:c4:74:be:c3:19:ac:e4:bd:
                    f0:e4:73:64:6b:a8:6c:2e:7b:33:76:c6:1b:70:cd:
                    bb:01:cc:89:cc:50:9e:44:79:b3:7f:a4:df:b9:3d:
                    5b:6f:30:e0:47:b2:82:ad:4e:3a:80:33:92:95:3d:
                    f0:15:44:c4:3a:b3:0e:50:48:41:13:2c:b9:da:55:
                    29:15:c5:7c:0c:f4:80:fa:02:58:fc:9b:70:4b:6a:
                    09:1f:4b:1e:47:55:97:0c:9c:9d:be:9b:66:79:2d:
                    75:aa:f4:45:aa:be:04:f8:07:23:eb:ba:06:91:56:
                    72:ff:99:c3:61:b3:53:00:c8:fa:4c:f5:ee:51:ad:
                    3f:12:68:b9:83:80:c6:46:5d:4a:bb:af:63:21:1c:
                    e1:a4:2c:0b:30:a2:df:9b:1b:40:82:cd:4f:65:fb:
                    b7:05:c5:75:8d:06:52:5e:e6:4c:39:87:b4:3d:d8:
                    55:0a:97:21:01:e5:34:dc:67:9e:55:d6:12:7b:42:
                    e4:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:B2:FE:C0:CE:54:B6:4D:EA:48:5A:34:F8:DA:D8:96:C5:6D:A5:32
            X509v3 Authority Key Identifier:
                keyid:0A:6D:5B:2C:6E:A0:09:31:63:15:54:06:6F:99:51:46:E3:FF:01:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Cm1bLG6gCTFjFVQGb5lRRuP_AUQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/74b280-e1b4-4310-8085-d65617bd3b4f/1/ibL-wM5Utk3qSFo0-NrYlsVtpTI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/74b280-e1b4-4310-8085-d65617bd3b4f/1/Cm1bLG6gCTFjFVQGb5lRRuP_AUQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.170.168.0/22
                  83.98.80.0/20
                  109.235.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6a:46:50:fa:89:86:bb:56:fb:31:ef:c5:f8:6b:f4:31:0c:c2:
         26:41:9e:36:ad:83:76:ea:85:47:f4:5f:23:9d:ec:0c:5e:1e:
         0c:c9:63:f5:e4:7f:da:ef:ee:17:a9:d7:77:34:e0:2b:d4:61:
         1c:58:12:0d:bd:07:04:25:57:54:05:e9:fe:de:2c:aa:8e:0b:
         de:ef:75:b1:c7:2f:2a:02:ce:77:1f:67:4c:11:ce:de:f6:c7:
         75:45:3e:0c:68:38:95:dd:f2:73:dc:aa:cc:60:31:4b:f2:f6:
         ad:5a:a7:d3:bd:5c:5e:59:27:cf:b1:bf:6c:ed:d1:16:15:c6:
         64:3d:b3:dd:17:eb:c9:8b:87:ad:12:b3:8c:48:56:c1:07:68:
         a5:44:32:b1:c0:7b:94:fd:f5:3d:cb:b1:67:f1:03:24:d8:f3:
         83:cc:5b:65:e5:42:fc:1a:74:e5:ea:bb:f9:02:fe:ac:ff:52:
         df:f2:7a:8a:42:34:38:da:21:0b:78:f9:f5:2b:6e:69:ec:79:
         f2:61:17:70:50:39:e8:a1:1d:2c:f8:7c:dc:53:f8:3b:5c:37:
         56:e6:a1:d8:ce:2d:db:e1:d7:21:2c:78:ae:b1:09:b1:3f:62:
         77:58:f9:34:ce:08:a6:d6:9c:7d:dd:7a:b5:f8:de:dd:05:a6:
         6f:97:31:a9
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQjaZEHFo2X0lqe2Y5LdTk1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhNmQ1YjJjNmVhMDA5MzE2MzE1NTQwNjZmOTk1MTQ2ZTNm
ZjAxNDQwHhcNMjUwMTAxMTk0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWIyZmVjMGNlNTRiNjRkZWE0ODVhMzRmOGRhZDg5NmM1NmRhNTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyS5NDvFTZX2xgnJMdbeg4unPLh9A
q+4/pGAG91IVj3x7P5zqECCdGzlwWdlO+9Bb0whUTqbAPhehr6xyFOXC/9PAxHS+
wxms5L3w5HNka6hsLnszdsYbcM27AcyJzFCeRHmzf6TfuT1bbzDgR7KCrU46gDOS
lT3wFUTEOrMOUEhBEyy52lUpFcV8DPSA+gJY/JtwS2oJH0seR1WXDJydvptmeS11
qvRFqr4E+Acj67oGkVZy/5nDYbNTAMj6TPXuUa0/Emi5g4DGRl1Ku69jIRzhpCwL
MKLfmxtAgs1PZfu3BcV1jQZSXuZMOYe0PdhVCpchAeU03GeeVdYSe0LkTQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFImy/sDOVLZN6khaNPja2JbFbaUyMB8GA1UdIwQY
MBaAFAptWyxuoAkxYxVUBm+ZUUbj/wFEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ20xYkxHNmdDVEZqRlZRR2I1bFJSdVBfQVVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS83NGIyODAtZTFiNC00MzEwLTgwODUt
ZDY1NjE3YmQzYjRmLzEvaWJMLXdNNVV0azNxU0ZvMC1Ocllsc1Z0cFRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS83NGIyODAtZTFiNC00MzEwLTgwODUtZDY1NjE3YmQzYjRm
LzEvQ20xYkxHNmdDVEZqRlZRR2I1bFJSdVBfQVVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCPqqoAwQE
U2JQAwQCbeucMA0GCSqGSIb3DQEBCwUAA4IBAQBqRlD6iYa7Vvsx78X4a/QxDMIm
QZ42rYN26oVH9F8jnewMXh4MyWP15H/a7+4Xqdd3NOAr1GEcWBINvQcEJVdUBen+
3iyqjgve73Wxxy8qAs53H2dMEc7e9sd1RT4MaDiV3fJz3KrMYDFL8vatWqfTvVxe
WSfPsb9s7dEWFcZkPbPdF+vJi4etErOMSFbBB2ilRDKxwHuU/fU9y7Fn8QMk2POD
zFtl5UL8GnTl6rv5Av6s/1Lf8nqKQjQ42iELePn1K25p7HnyYRdwUDnooR0s+Hzc
U/g7XDdW5qHYzi3b4dchLHiusQmxP2J3WPk0zgim1px93Xq1+N7dBaZvlzGp
-----END CERTIFICATE-----