Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/Aa4YA-KXvlMOTnj0PexuL_opY6Y.roa
File:                     Aa4YA-KXvlMOTnj0PexuL_opY6Y.roa (raw, json)
Hash identifier:          V8EpPNnie2wxTXgjPeP3dcA8HhHDqOTBye6UuvRHW/4=
Subject key identifier:   01:AE:18:03:E2:97:BE:53:0E:4E:78:F4:3D:EC:6E:2F:FA:29:63:A6
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       01942747F9D9025B0A626A579DD68EB2F7D3
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/Aa4YA-KXvlMOTnj0PexuL_opY6Y.roa
Signing time:             Thu 02 Jan 2025 13:50:15 +0000
ROA not before:           Thu 02 Jan 2025 13:50:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199191
IP address blocks:        62.176.68.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:f9:d9:02:5b:0a:62:6a:57:9d:d6:8e:b2:f7:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  2 13:50:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=01ae1803e297be530e4e78f43dec6e2ffa2963a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:21:d7:70:b0:f5:25:93:42:6f:e4:3c:15:87:
                    14:31:49:67:99:43:f6:16:d6:4b:36:fc:af:12:13:
                    f6:14:0f:b1:d0:33:51:f5:9f:ee:47:1a:57:50:72:
                    27:3d:d1:0f:91:ed:08:d9:b6:cf:8d:32:7a:45:7a:
                    65:67:ce:8b:db:3d:4f:eb:8e:f4:62:34:14:ff:86:
                    93:91:87:da:04:14:db:16:e5:14:b4:75:f1:36:7b:
                    2d:10:56:49:9f:61:94:05:4d:75:6f:f7:79:ee:58:
                    29:a3:66:d6:80:6d:33:60:3f:2a:ed:19:c6:ab:c7:
                    ed:92:7d:b3:18:0f:eb:21:57:81:3a:a1:bd:f7:e8:
                    c1:27:0e:06:bc:8c:cf:63:ad:d9:cd:66:23:0e:73:
                    4b:10:b9:35:42:0c:79:37:64:8b:23:5f:d9:1e:ea:
                    60:0f:6c:69:e7:61:35:6c:bb:0e:b2:fc:73:a6:6b:
                    89:06:a0:88:3a:f8:53:2f:c1:30:01:68:13:f9:0d:
                    a8:6d:91:f9:be:d1:44:69:03:fe:91:b8:db:88:a9:
                    a6:cb:87:58:a0:28:c4:4b:a5:35:42:d4:91:52:2d:
                    3e:6a:78:3e:b6:35:ae:62:07:c4:25:43:ea:28:e3:
                    32:1e:04:0e:d3:bd:4c:94:f8:ad:e6:06:14:d0:73:
                    a6:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:AE:18:03:E2:97:BE:53:0E:4E:78:F4:3D:EC:6E:2F:FA:29:63:A6
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/Aa4YA-KXvlMOTnj0PexuL_opY6Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.176.68.0/23

    Signature Algorithm: sha256WithRSAEncryption
         82:01:c7:28:43:00:ac:d4:ca:cd:31:98:eb:ee:81:20:9c:30:
         3a:56:7e:79:36:c5:1d:97:b0:3c:b6:fc:de:a4:a3:90:52:56:
         dc:ef:d5:94:e8:97:28:8c:ca:a8:97:57:52:e0:68:51:02:9e:
         4a:eb:f5:54:53:33:24:33:bc:11:91:29:2a:fc:d8:db:1f:3c:
         95:b9:88:44:fa:ad:91:6f:54:3d:23:70:d4:b0:05:7d:fd:8b:
         b5:5e:36:6f:48:0f:d6:3b:4b:d5:e6:3a:c5:04:c7:22:6d:12:
         47:16:24:35:3b:45:13:0b:ec:82:e7:9e:77:43:3e:b4:2b:11:
         63:92:fb:13:9a:55:29:86:d1:5f:a6:5c:61:c2:9c:da:08:70:
         a4:7c:2c:09:c9:58:b9:5c:6f:25:7b:38:96:42:06:d4:cb:e2:
         2c:2f:66:e0:28:aa:b7:46:74:0b:cb:94:84:37:a4:b3:a8:97:
         c3:3c:d2:54:3b:30:67:7d:2e:86:c4:01:9a:67:47:12:fb:1e:
         4b:58:32:f3:60:98:b2:86:61:c0:60:0c:37:6b:04:08:03:3d:
         59:7c:d0:f2:22:16:e4:3d:b2:f6:70:8e:af:1d:92:73:cf:dd:
         e6:a0:49:6f:68:b1:65:75:cb:81:31:c3:95:a4:62:f1:22:6a:
         31:66:b7:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR/nZAlsKYmpXndaOsvfTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjUwMTAyMTM1MDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWFlMTgwM2UyOTdiZTUzMGU0ZTc4ZjQzZGVjNmUyZmZhMjk2M2E2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwiHXcLD1JZNCb+Q8FYcUMUlnmUP2
FtZLNvyvEhP2FA+x0DNR9Z/uRxpXUHInPdEPke0I2bbPjTJ6RXplZ86L2z1P6470
YjQU/4aTkYfaBBTbFuUUtHXxNnstEFZJn2GUBU11b/d57lgpo2bWgG0zYD8q7RnG
q8ftkn2zGA/rIVeBOqG99+jBJw4GvIzPY63ZzWYjDnNLELk1Qgx5N2SLI1/ZHupg
D2xp52E1bLsOsvxzpmuJBqCIOvhTL8EwAWgT+Q2obZH5vtFEaQP+kbjbiKmmy4dY
oCjES6U1QtSRUi0+ang+tjWuYgfEJUPqKOMyHgQO071MlPit5gYU0HOm8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAGuGAPil75TDk549D3sbi/6KWOmMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvQWE0WUEtS1h2bE1PVG5qMFBleHVMX29wWTZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBPrBEMA0G
CSqGSIb3DQEBCwUAA4IBAQCCAccoQwCs1MrNMZjr7oEgnDA6Vn55NsUdl7A8tvze
pKOQUlbc79WU6JcojMqol1dS4GhRAp5K6/VUUzMkM7wRkSkq/NjbHzyVuYhE+q2R
b1Q9I3DUsAV9/Yu1XjZvSA/WO0vV5jrFBMcibRJHFiQ1O0UTC+yC5553Qz60KxFj
kvsTmlUphtFfplxhwpzaCHCkfCwJyVi5XG8leziWQgbUy+IsL2bgKKq3RnQLy5SE
N6SzqJfDPNJUOzBnfS6GxAGaZ0cS+x5LWDLzYJiyhmHAYAw3awQIAz1ZfNDyIhbk
PbL2cI6vHZJzz93moElvaLFldcuBMcOVpGLxImoxZrff
-----END CERTIFICATE-----