Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/_yIO4FNANqSokrvVe5WQwr9iSSk.roa
File:                     _yIO4FNANqSokrvVe5WQwr9iSSk.roa (raw, json)
Hash identifier:          8Hi3sHOBnyVjuGPOckBQEiU5WylQWHXzZ5NaWzpwynU=
Subject key identifier:   FF:22:0E:E0:53:40:36:A4:A8:92:BB:D5:7B:95:90:C2:BF:62:49:29
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       019421B22F955D313EE8A76592840F982E1D
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/_yIO4FNANqSokrvVe5WQwr9iSSk.roa
Signing time:             Wed 01 Jan 2025 11:48:33 +0000
ROA not before:           Wed 01 Jan 2025 11:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6453
IP address blocks:        85.208.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 19:46:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:2f:95:5d:31:3e:e8:a7:65:92:84:0f:98:2e:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan  1 11:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ff220ee0534036a4a892bbd57b9590c2bf624929
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:f4:a4:87:54:00:88:65:12:29:38:79:e0:4f:
                    24:dc:b4:c7:46:ff:4d:1f:9c:79:00:77:72:ba:f7:
                    cf:db:3e:e8:13:22:ae:ad:30:0f:e3:72:e8:57:a4:
                    94:bd:14:6c:47:5a:b5:56:55:52:bb:09:12:24:1d:
                    62:da:90:4d:59:78:c6:aa:cf:52:fb:f2:44:4b:64:
                    d7:20:7a:67:0e:ea:0f:cc:5c:81:1f:79:12:17:35:
                    e1:e2:50:2c:fa:fa:d2:bb:2e:0e:09:19:ab:aa:01:
                    c7:5b:ab:d7:a1:43:07:8c:c9:dd:49:79:f5:68:12:
                    0f:cd:02:bf:6e:0f:2e:b1:67:2e:6c:6a:3a:f7:2d:
                    dc:d4:86:91:6e:f1:7c:46:5a:e6:3c:1a:8d:3a:7d:
                    f4:d9:5a:20:d2:83:30:56:e3:a9:bc:82:cd:3d:43:
                    74:f3:31:90:5a:d8:d5:5d:0e:bf:70:6a:aa:a6:01:
                    88:5c:40:9c:8c:54:76:20:7b:ed:9e:77:74:10:24:
                    6c:5b:4a:b2:88:67:d3:35:70:59:be:16:13:4c:a4:
                    5c:2a:b1:b8:bd:6c:89:71:40:2c:34:ba:1c:29:8b:
                    75:7e:75:8a:46:e7:14:db:ec:46:39:bf:e7:97:8b:
                    a3:5b:ac:f2:c5:9d:58:00:84:8e:a3:df:b6:25:1c:
                    1c:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:22:0E:E0:53:40:36:A4:A8:92:BB:D5:7B:95:90:C2:BF:62:49:29
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/_yIO4FNANqSokrvVe5WQwr9iSSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:17:88:6b:36:be:1d:6a:74:c1:4f:9d:51:34:7b:8b:d7:0b:
         2a:06:44:59:ca:e1:e1:ba:dc:65:98:1f:bb:01:e5:49:12:16:
         53:9e:8f:9a:dc:8f:f5:2c:75:67:b1:58:58:49:e9:23:41:32:
         b5:a8:d0:68:94:1b:68:f8:06:56:a4:68:2a:77:ec:9e:33:b6:
         98:3b:36:aa:ea:aa:5e:25:7c:c5:2d:85:c4:10:2c:12:1a:0d:
         6d:30:e2:fa:c0:c1:81:a5:96:1d:b9:83:99:fb:8f:c7:ff:e4:
         ff:3d:0b:c3:bb:5d:df:67:5a:ff:95:2a:ee:bb:2c:25:0e:0d:
         99:ba:23:d1:c4:e0:7b:3c:39:ae:bc:cc:54:a3:dc:f5:d9:57:
         dc:56:ad:e5:42:94:2f:e9:74:6d:57:32:9f:13:a5:b4:34:d4:
         3c:bb:69:4b:7b:be:49:90:71:97:74:08:4a:a2:44:a1:8a:46:
         f5:17:0d:99:62:70:96:e5:68:37:ce:89:b5:16:e1:ec:62:ab:
         87:8f:04:dd:f6:d8:91:2e:79:d4:25:7e:72:8e:b9:57:19:8a:
         7d:b8:01:91:e3:9b:08:ea:ed:2b:fd:01:5c:ad:15:9b:31:c7:
         77:e3:e5:c4:8f:c5:10:48:d3:19:85:4e:11:11:a1:f6:2a:f2:
         f0:f3:df:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsi+VXTE+6KdlkoQPmC4dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjUwMTAxMTE0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjIyMGVlMDUzNDAzNmE0YTg5MmJiZDU3Yjk1OTBjMmJmNjI0OTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2PSkh1QAiGUSKTh54E8k3LTHRv9N
H5x5AHdyuvfP2z7oEyKurTAP43LoV6SUvRRsR1q1VlVSuwkSJB1i2pBNWXjGqs9S
+/JES2TXIHpnDuoPzFyBH3kSFzXh4lAs+vrSuy4OCRmrqgHHW6vXoUMHjMndSXn1
aBIPzQK/bg8usWcubGo69y3c1IaRbvF8RlrmPBqNOn302Vog0oMwVuOpvILNPUN0
8zGQWtjVXQ6/cGqqpgGIXECcjFR2IHvtnnd0ECRsW0qyiGfTNXBZvhYTTKRcKrG4
vWyJcUAsNLocKYt1fnWKRucU2+xGOb/nl4ujW6zyxZ1YAISOo9+2JRwcvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP8iDuBTQDakqJK71XuVkMK/YkkpMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvX3lJTzRGTkFOcVNva3J2VmU1V1F3cjlpU1NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdBwMA0G
CSqGSIb3DQEBCwUAA4IBAQBCF4hrNr4danTBT51RNHuL1wsqBkRZyuHhutxlmB+7
AeVJEhZTno+a3I/1LHVnsVhYSekjQTK1qNBolBto+AZWpGgqd+yeM7aYOzaq6qpe
JXzFLYXEECwSGg1tMOL6wMGBpZYduYOZ+4/H/+T/PQvDu13fZ1r/lSruuywlDg2Z
uiPRxOB7PDmuvMxUo9z12VfcVq3lQpQv6XRtVzKfE6W0NNQ8u2lLe75JkHGXdAhK
okShikb1Fw2ZYnCW5Wg3zom1FuHsYquHjwTd9tiRLnnUJX5yjrlXGYp9uAGR45sI
6u0r/QFcrRWbMcd34+XEj8UQSNMZhU4REaH2KvLw898X
-----END CERTIFICATE-----