Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/7pUPe8RpSvKTdyVRYqLW6tbY56M.roa
File:                     7pUPe8RpSvKTdyVRYqLW6tbY56M.roa (raw, json)
Hash identifier:          5ssik3sLDGkiyU7tyuL9SPEHjFYep6TrA8vF90xn3tQ=
Subject key identifier:   EE:95:0F:7B:C4:69:4A:F2:93:77:25:51:62:A2:D6:EA:D6:D8:E7:A3
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       01942747FBFFC306ECAD553AFE97BB4F1C54
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/7pUPe8RpSvKTdyVRYqLW6tbY56M.roa
Signing time:             Thu 02 Jan 2025 13:50:16 +0000
ROA not before:           Thu 02 Jan 2025 13:50:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201114
IP address blocks:        62.176.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:fb:ff:c3:06:ec:ad:55:3a:fe:97:bb:4f:1c:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  2 13:50:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ee950f7bc4694af29377255162a2d6ead6d8e7a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:74:dc:94:ee:47:c3:14:68:7f:88:42:76:01:
                    3f:ad:31:16:b2:9f:46:59:df:a0:1b:b2:c7:4c:7f:
                    2a:1b:29:f3:f0:bc:83:57:13:81:3b:a6:ea:82:5c:
                    e8:e8:c1:36:4e:41:93:e3:ce:9f:9b:6f:7d:b8:5a:
                    05:ac:df:9a:b9:41:fd:fc:b2:a5:f6:06:0a:8f:f6:
                    05:c1:ba:32:1b:e3:3f:e8:59:dd:6f:e0:33:b1:84:
                    da:19:6b:9c:98:bd:15:c4:64:76:7a:69:6b:ea:4a:
                    77:fd:0d:ea:e5:24:5b:29:69:cc:36:ae:ce:0a:17:
                    97:2e:aa:9f:a9:e4:42:c9:a4:81:d7:6b:bc:c6:24:
                    68:36:6b:05:13:20:4a:45:91:05:c4:70:ee:f6:1f:
                    91:6f:56:5c:72:c5:c5:cf:5e:1b:ac:eb:e8:1f:b7:
                    c0:ef:ce:57:6c:f6:eb:5f:23:e8:9e:14:27:7a:2d:
                    00:2b:39:7b:47:ff:5b:5e:e9:04:c2:32:72:b4:00:
                    73:f3:8e:ce:96:55:d5:1e:bb:79:79:7e:41:99:03:
                    43:9f:cd:dc:ea:1d:34:f5:b4:0f:b7:f3:89:0f:4d:
                    2e:ce:6a:45:82:e0:73:67:8b:58:25:e8:31:46:14:
                    ba:46:b6:6e:c5:ac:fa:4e:55:ee:7a:43:b2:a9:ee:
                    3e:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:95:0F:7B:C4:69:4A:F2:93:77:25:51:62:A2:D6:EA:D6:D8:E7:A3
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/7pUPe8RpSvKTdyVRYqLW6tbY56M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.176.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:57:27:da:8c:60:36:b3:6c:71:06:5f:49:68:86:a2:fa:c9:
         1b:28:2c:a8:f8:ff:ce:45:e5:0a:df:35:c8:85:6d:2c:28:4c:
         b3:1c:c9:db:c0:5c:0b:0f:6a:af:cb:6a:a0:54:94:af:b3:96:
         9d:cc:a6:c4:c9:84:1a:de:39:5d:ff:9d:f8:52:43:eb:3b:d1:
         4a:32:20:0f:61:77:4f:fb:10:58:1e:6c:db:7f:69:ed:c0:8f:
         31:10:03:90:4c:c1:fa:9c:15:2c:af:8e:2f:97:03:09:19:94:
         eb:17:a1:c6:9c:15:af:93:76:e7:68:b1:f3:b3:51:bb:e8:06:
         f9:f0:6d:33:02:b4:c4:57:7c:41:4e:2f:9a:e1:01:4f:a5:75:
         d2:c8:f9:6a:84:92:af:90:a8:03:50:4c:c8:90:d3:18:9b:18:
         46:8f:e2:0c:07:a2:6e:95:ca:73:e2:d7:b4:bb:2f:c0:a9:ca:
         d2:9c:2a:d6:19:b6:46:cd:be:e4:a7:7f:21:52:ef:bb:db:6f:
         af:61:11:46:68:f3:66:ce:52:45:28:63:89:0a:80:c0:03:de:
         c3:e7:7b:81:c2:38:f1:3c:1e:83:b1:9b:28:8d:c9:63:84:13:
         fb:f3:59:3f:cd:a0:45:25:a5:78:fe:73:f9:3b:73:f2:de:35:
         5e:3f:c7:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR/v/wwbsrVU6/pe7TxxUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjUwMTAyMTM1MDE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTk1MGY3YmM0Njk0YWYyOTM3NzI1NTE2MmEyZDZlYWQ2ZDhlN2EzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXTclO5HwxRof4hCdgE/rTEWsp9G
Wd+gG7LHTH8qGynz8LyDVxOBO6bqglzo6ME2TkGT486fm299uFoFrN+auUH9/LKl
9gYKj/YFwboyG+M/6Fndb+AzsYTaGWucmL0VxGR2emlr6kp3/Q3q5SRbKWnMNq7O
CheXLqqfqeRCyaSB12u8xiRoNmsFEyBKRZEFxHDu9h+Rb1ZccsXFz14brOvoH7fA
785XbPbrXyPonhQnei0AKzl7R/9bXukEwjJytABz847OllXVHrt5eX5BmQNDn83c
6h009bQPt/OJD00uzmpFguBzZ4tYJegxRhS6RrZuxaz6TlXuekOyqe4+xQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO6VD3vEaUryk3clUWKi1urW2OejMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvN3BVUGU4UnBTdktUZHlWUllxTFc2dGJZNTZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPrB5MA0G
CSqGSIb3DQEBCwUAA4IBAQCKVyfajGA2s2xxBl9JaIai+skbKCyo+P/OReUK3zXI
hW0sKEyzHMnbwFwLD2qvy2qgVJSvs5adzKbEyYQa3jld/534UkPrO9FKMiAPYXdP
+xBYHmzbf2ntwI8xEAOQTMH6nBUsr44vlwMJGZTrF6HGnBWvk3bnaLHzs1G76Ab5
8G0zArTEV3xBTi+a4QFPpXXSyPlqhJKvkKgDUEzIkNMYmxhGj+IMB6Julcpz4te0
uy/AqcrSnCrWGbZGzb7kp38hUu+722+vYRFGaPNmzlJFKGOJCoDAA97D53uBwjjx
PB6DsZsojcljhBP781k/zaBFJaV4/nP5O3Py3jVeP8fI
-----END CERTIFICATE-----