Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/oZ9c-cf3fytRd1gUKa-yKMryWyc.roa
File:                     oZ9c-cf3fytRd1gUKa-yKMryWyc.roa (raw, json)
Hash identifier:          oVpNnyj3Q4erDPtxRbtlvwTOyX85R4wNKr3fIqWYgNo=
Subject key identifier:   A1:9F:5C:F9:C7:F7:7F:2B:51:77:58:14:29:AF:B2:28:CA:F2:5B:27
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       019708B1BB8EFBF3517A223286523C210AA7
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/oZ9c-cf3fytRd1gUKa-yKMryWyc.roa
Signing time:             Sun 25 May 2025 18:25:54 +0000
ROA not before:           Sun 25 May 2025 18:25:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208483
IP address blocks:        45.8.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:08:b1:bb:8e:fb:f3:51:7a:22:32:86:52:3c:21:0a:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: May 25 18:25:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a19f5cf9c7f77f2b5177581429afb228caf25b27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:d5:34:e5:61:f1:11:84:47:9b:d2:82:4c:7a:
                    cd:eb:06:7a:2a:82:54:a5:49:5d:55:1d:91:9d:91:
                    3e:90:46:93:17:5d:09:95:ce:d0:38:91:66:d7:ff:
                    9f:e6:3e:29:b5:85:b4:f1:12:ef:65:ee:59:df:9a:
                    1a:44:a0:56:0a:f7:3b:fb:5d:aa:7d:c0:7c:42:ca:
                    36:67:e2:2a:90:ea:a9:f4:89:4a:63:1d:82:62:8c:
                    d0:4d:67:d7:2e:50:e8:99:01:8a:32:45:ef:2c:75:
                    30:8c:4b:ae:e6:4f:06:64:48:89:13:f2:06:98:72:
                    4a:ed:d7:67:6d:53:1c:23:9e:96:36:12:b2:27:22:
                    0a:a3:d3:f2:17:63:ca:99:92:62:b4:8a:76:26:65:
                    59:ff:29:cc:47:35:83:fb:e2:4e:01:1e:2d:a9:25:
                    46:37:5d:d4:e7:d1:2a:e9:8c:78:8c:8d:d6:54:5d:
                    0d:8c:0d:2c:29:2c:26:c2:50:90:25:5a:04:04:a2:
                    ff:c5:87:be:25:bc:13:b4:6c:b2:0d:2b:90:54:6e:
                    1d:01:28:4c:90:44:8a:d9:bb:b0:89:28:6a:bf:58:
                    7f:52:52:d3:c5:fe:f3:47:fb:20:75:de:e6:d6:bf:
                    e6:e2:1e:d5:f8:60:d5:1b:41:da:3f:25:bb:ab:41:
                    09:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:9F:5C:F9:C7:F7:7F:2B:51:77:58:14:29:AF:B2:28:CA:F2:5B:27
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/oZ9c-cf3fytRd1gUKa-yKMryWyc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:e1:90:e3:7e:61:36:81:fe:6d:02:bb:89:3c:7a:d4:08:05:
         31:bc:aa:8d:b8:63:33:d0:3e:32:96:b1:2b:95:e7:2a:d1:d1:
         71:17:6f:f3:0d:01:aa:9f:fa:ac:74:5b:b4:b9:be:81:3f:23:
         c4:b2:cd:29:2c:b3:bb:fe:bf:0c:a2:2b:ef:70:4f:55:19:9d:
         35:17:a8:e7:d8:fe:06:a2:9f:ae:ce:76:df:97:5c:2e:f3:9b:
         92:e3:e5:96:24:28:0b:62:86:84:66:4c:3c:df:bc:de:5b:af:
         54:4c:4b:24:2e:03:67:85:d0:6c:e3:e2:78:cb:28:b4:ff:a3:
         00:80:51:f7:97:46:b3:96:51:23:e3:8a:0c:eb:52:0e:c1:fc:
         a3:15:cb:f5:86:39:9e:22:7a:57:c4:84:de:8a:76:08:b5:6b:
         b3:c5:02:bd:fc:e8:63:91:a5:6e:d0:a3:e8:68:4a:30:6d:d0:
         fc:7a:87:19:ae:a5:15:98:c1:76:53:0d:bc:7c:cf:a2:55:60:
         41:30:90:62:06:5a:e1:f2:7f:64:87:af:cf:8e:05:9c:7d:c6:
         25:b6:42:63:c1:21:01:0b:94:91:52:c2:f8:3a:42:ca:0e:24:
         7f:ae:e1:82:bb:24:cd:1c:76:e7:4d:62:70:84:f3:38:f7:92:
         23:1e:c9:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcIsbuO+/NReiIyhlI8IQqnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjUwNTI1MTgyNTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTlmNWNmOWM3Zjc3ZjJiNTE3NzU4MTQyOWFmYjIyOGNhZjI1YjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqtU05WHxEYRHm9KCTHrN6wZ6KoJU
pUldVR2RnZE+kEaTF10Jlc7QOJFm1/+f5j4ptYW08RLvZe5Z35oaRKBWCvc7+12q
fcB8Qso2Z+IqkOqp9IlKYx2CYozQTWfXLlDomQGKMkXvLHUwjEuu5k8GZEiJE/IG
mHJK7ddnbVMcI56WNhKyJyIKo9PyF2PKmZJitIp2JmVZ/ynMRzWD++JOAR4tqSVG
N13U59Eq6Yx4jI3WVF0NjA0sKSwmwlCQJVoEBKL/xYe+JbwTtGyyDSuQVG4dAShM
kESK2buwiShqv1h/UlLTxf7zR/sgdd7m1r/m4h7V+GDVG0HaPyW7q0EJfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKGfXPnH938rUXdYFCmvsijK8lsnMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvb1o5Yy1jZjNmeXRSZDFnVUthLXlLTXJ5V3ljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQjEMA0G
CSqGSIb3DQEBCwUAA4IBAQA34ZDjfmE2gf5tAruJPHrUCAUxvKqNuGMz0D4ylrEr
lecq0dFxF2/zDQGqn/qsdFu0ub6BPyPEss0pLLO7/r8MoivvcE9VGZ01F6jn2P4G
op+uznbfl1wu85uS4+WWJCgLYoaEZkw837zeW69UTEskLgNnhdBs4+J4yyi0/6MA
gFH3l0azllEj44oM61IOwfyjFcv1hjmeInpXxITeinYItWuzxQK9/OhjkaVu0KPo
aEowbdD8eocZrqUVmMF2Uw28fM+iVWBBMJBiBlrh8n9kh6/PjgWcfcYltkJjwSEB
C5SRUsL4OkLKDiR/ruGCuyTNHHbnTWJwhPM495IjHsno
-----END CERTIFICATE-----