Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/TYLqPo86M3IskkS-c879kXMl_VI.roa
File:                     TYLqPo86M3IskkS-c879kXMl_VI.roa (raw, json)
Hash identifier:          nT3g/VXKbYizlcRagt4gBjuiNv3Tam8Q63BzirKofTU=
Subject key identifier:   4D:82:EA:3E:8F:3A:33:72:2C:92:44:BE:73:CE:FD:91:73:25:FD:52
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       019421B22DB9C098816E0F59AC777A52CA30
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/TYLqPo86M3IskkS-c879kXMl_VI.roa
Signing time:             Wed 01 Jan 2025 11:48:32 +0000
ROA not before:           Wed 01 Jan 2025 11:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        85.208.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 01:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:2d:b9:c0:98:81:6e:0f:59:ac:77:7a:52:ca:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan  1 11:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4d82ea3e8f3a33722c9244be73cefd917325fd52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:85:eb:2f:91:70:f5:66:6e:1c:6c:ba:9a:13:
                    c5:5a:63:ef:ee:1a:7b:58:ff:e5:eb:f8:06:79:17:
                    94:79:7d:df:a6:a3:d0:e9:a1:2c:30:fe:e6:12:23:
                    39:a9:24:c1:f9:c0:d4:44:49:9d:2b:33:64:5b:35:
                    ee:cf:24:68:3c:82:90:f3:ce:7d:95:18:cd:02:86:
                    7c:67:80:ea:11:c3:a2:2f:c6:f1:e8:7f:04:f3:c9:
                    88:8a:0a:5b:15:3a:04:b7:73:59:64:4d:f5:7c:5c:
                    be:2a:4c:69:e7:d4:47:49:60:2b:95:64:d4:1c:dc:
                    d0:40:4b:eb:44:4d:5c:1b:22:f0:c4:f5:96:d0:ae:
                    ea:2b:df:f8:b2:7b:5b:b4:02:5e:2e:d3:26:d2:6c:
                    89:cb:54:86:8b:85:85:04:d4:60:ca:39:ba:b1:02:
                    c6:b0:ab:c6:ad:46:2f:17:0a:71:31:1f:08:a6:c3:
                    a8:64:a9:3d:57:c1:9e:2f:d2:8a:d3:88:cb:10:08:
                    5a:80:f5:76:8b:2e:52:73:2b:bc:3d:e0:a5:1b:5c:
                    12:4d:8f:41:49:2e:79:76:aa:43:1c:1b:28:37:23:
                    53:61:9c:f9:a5:cc:36:d5:d9:0e:8f:b8:3d:93:40:
                    c7:a1:7d:84:51:03:9a:5e:3e:c5:8e:2f:1b:49:d0:
                    73:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:82:EA:3E:8F:3A:33:72:2C:92:44:BE:73:CE:FD:91:73:25:FD:52
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/TYLqPo86M3IskkS-c879kXMl_VI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ce:71:3d:8f:fd:02:4f:85:c2:f5:78:e4:c9:37:0c:f5:10:f3:
         ee:74:fb:09:68:89:c1:28:d6:18:59:55:a7:fb:ed:57:e7:13:
         ab:76:fa:55:0d:c6:c1:62:60:d3:93:cc:b3:e3:09:04:34:3e:
         ef:b7:e0:82:f7:33:bf:f2:2b:5a:ee:42:c2:4b:88:fd:c1:32:
         c9:df:b9:7b:2e:c1:20:04:49:bb:56:e1:e3:fe:fc:96:b1:74:
         a3:2b:8d:e6:e2:14:9c:ad:f1:f3:9c:aa:97:48:63:4d:ab:20:
         c1:91:81:67:8e:7f:b3:26:29:f8:1e:61:05:8f:1f:f4:08:f0:
         cd:48:e3:04:67:65:6e:0e:6a:00:3b:91:0a:3b:75:a0:91:70:
         ed:4e:c9:45:d4:95:fc:e5:d5:a0:c2:09:5b:72:d7:7e:2b:c9:
         48:46:d3:3e:a1:1a:97:a4:ce:77:6c:0f:c8:fb:d3:d9:c6:7a:
         85:09:81:4e:c0:a1:e6:ed:69:76:e7:34:85:97:a8:9d:ba:8a:
         5f:0e:3d:b6:1a:d8:29:2a:fc:7d:f1:c9:9b:77:33:d9:a1:da:
         73:96:4e:3c:50:b5:52:64:c0:65:fe:f5:72:c0:14:99:b5:0f:
         14:44:f3:a9:89:fc:bb:14:e2:9e:4e:f3:22:71:a2:7e:0c:22:
         2b:74:e2:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsi25wJiBbg9ZrHd6UsowMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjUwMTAxMTE0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDgyZWEzZThmM2EzMzcyMmM5MjQ0YmU3M2NlZmQ5MTczMjVmZDUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi4XrL5Fw9WZuHGy6mhPFWmPv7hp7
WP/l6/gGeReUeX3fpqPQ6aEsMP7mEiM5qSTB+cDUREmdKzNkWzXuzyRoPIKQ8859
lRjNAoZ8Z4DqEcOiL8bx6H8E88mIigpbFToEt3NZZE31fFy+Kkxp59RHSWArlWTU
HNzQQEvrRE1cGyLwxPWW0K7qK9/4sntbtAJeLtMm0myJy1SGi4WFBNRgyjm6sQLG
sKvGrUYvFwpxMR8IpsOoZKk9V8GeL9KK04jLEAhagPV2iy5Scyu8PeClG1wSTY9B
SS55dqpDHBsoNyNTYZz5pcw21dkOj7g9k0DHoX2EUQOaXj7Fji8bSdBzuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE2C6j6POjNyLJJEvnPO/ZFzJf1SMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvVFlMcVBvODZNM0lza2tTLWM4NzlrWE1sX1ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdBwMA0G
CSqGSIb3DQEBCwUAA4IBAQDOcT2P/QJPhcL1eOTJNwz1EPPudPsJaInBKNYYWVWn
++1X5xOrdvpVDcbBYmDTk8yz4wkEND7vt+CC9zO/8ita7kLCS4j9wTLJ37l7LsEg
BEm7VuHj/vyWsXSjK43m4hScrfHznKqXSGNNqyDBkYFnjn+zJin4HmEFjx/0CPDN
SOMEZ2VuDmoAO5EKO3WgkXDtTslF1JX85dWgwglbctd+K8lIRtM+oRqXpM53bA/I
+9PZxnqFCYFOwKHm7Wl25zSFl6iduopfDj22GtgpKvx98cmbdzPZodpzlk48ULVS
ZMBl/vVywBSZtQ8URPOpify7FOKeTvMicaJ+DCIrdOIO
-----END CERTIFICATE-----