Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/FXYvz9E0JYqF8RzOei7ox1lSgbE.roa
File:                     FXYvz9E0JYqF8RzOei7ox1lSgbE.roa (raw, json)
Hash identifier:          oUsJ92odAeW0Rii1JU/A8TMIgyDgz0YKa9dc9QUQIOI=
Subject key identifier:   15:76:2F:CF:D1:34:25:8A:85:F1:1C:CE:7A:2E:E8:C7:59:52:81:B1
Certificate issuer:       /CN=00775d9471b85d963fef6d283590e2d942dd5c21
Certificate serial:       01962EA09C34526B21F7297B5452B3B3FF37
Authority key identifier: 00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/FXYvz9E0JYqF8RzOei7ox1lSgbE.roa
Signing time:             Sun 13 Apr 2025 10:09:59 +0000
ROA not before:           Sun 13 Apr 2025 10:09:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24631
IP address blocks:        62.220.97.0/24 maxlen: 24
                          87.107.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Apr 2025 19:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:2e:a0:9c:34:52:6b:21:f7:29:7b:54:52:b3:b3:ff:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00775d9471b85d963fef6d283590e2d942dd5c21
        Validity
            Not Before: Apr 13 10:09:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=15762fcfd134258a85f11cce7a2ee8c7595281b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:0e:b5:77:b5:66:cf:20:60:af:fc:9d:67:8a:
                    01:4a:fd:2e:43:ee:11:7f:ee:8b:49:dd:2c:68:c2:
                    f7:3c:3c:2a:ad:dd:db:e6:71:e0:7a:7a:7a:72:b8:
                    c5:e9:8e:aa:c0:88:1f:d1:21:83:00:9c:3c:b8:0d:
                    db:ab:68:10:17:23:dd:25:64:da:60:22:92:e2:36:
                    82:b2:7a:3a:21:96:fb:59:19:9e:5d:e8:fe:44:27:
                    af:b3:aa:18:f6:87:d4:f4:12:1e:68:1c:3d:f4:c2:
                    9d:fa:43:b0:70:8a:c5:d7:59:96:b6:08:96:4a:df:
                    5a:68:96:d7:cb:39:68:9d:8b:a3:90:6a:e6:84:04:
                    c9:e9:d2:54:fc:92:56:a1:64:74:64:83:4e:d9:00:
                    a4:d4:e4:8a:ea:d4:14:dc:75:68:97:a2:92:55:d0:
                    ef:e2:fa:3d:77:b5:9f:e9:64:36:d3:54:b6:2a:b7:
                    c9:e4:28:ea:f3:f6:09:3e:f6:7c:f5:13:1f:1f:92:
                    f7:b2:47:16:06:7e:ea:5d:1f:9b:8e:81:03:38:f4:
                    61:dc:77:7a:4a:d7:02:2e:f3:28:50:ff:03:5c:cb:
                    d4:1a:c1:87:5f:b0:74:82:84:8e:49:bb:f0:97:b8:
                    16:00:64:d3:4f:64:c3:47:c3:56:90:d0:96:56:59:
                    2b:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:76:2F:CF:D1:34:25:8A:85:F1:1C:CE:7A:2E:E8:C7:59:52:81:B1
            X509v3 Authority Key Identifier:
                keyid:00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/FXYvz9E0JYqF8RzOei7ox1lSgbE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.220.97.0/24
                  87.107.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:66:3a:ef:d9:9f:2f:74:30:ff:ef:45:09:f9:ed:ed:e1:1d:
         0d:d3:9e:c9:ab:71:8a:a6:24:b5:78:9b:13:0e:9f:76:5a:d2:
         88:7a:6c:79:86:8b:93:04:05:2f:ea:8e:d2:a3:47:b8:9a:d0:
         83:01:80:96:84:c8:28:84:bb:66:bf:d0:3d:c5:d5:d3:9a:5d:
         33:50:a4:b0:e9:b2:f4:05:82:6a:99:56:02:84:f9:d0:69:9f:
         7a:00:ce:c7:43:e6:aa:56:bb:75:ac:a9:6c:15:c0:37:65:1d:
         47:c5:f3:e0:cc:54:d2:11:66:0d:1e:02:05:d1:1e:f7:67:d7:
         91:ca:2e:f8:63:35:3c:7d:42:ad:dc:2d:9c:3d:81:97:17:bc:
         9d:a2:fb:97:83:3a:67:d5:69:96:ce:ba:6b:60:10:a2:ba:74:
         d8:7d:14:b4:c9:a9:0d:4c:2a:03:b0:c0:56:53:40:9a:fb:b1:
         07:bc:c4:30:f5:f8:a3:e0:ae:ea:08:91:79:84:69:c5:63:58:
         3f:bc:16:f0:db:5a:a4:06:dc:0d:e6:db:22:65:de:1a:02:01:
         73:44:0e:60:f3:e8:74:67:4d:bf:39:f5:1d:16:da:6f:64:bd:
         96:16:14:db:e9:b8:a2:6d:25:1f:d7:cf:b1:63:69:fa:62:c8:
         39:e0:0d:10
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZYuoJw0Umsh9yl7VFKzs/83MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNzc1ZDk0NzFiODVkOTYzZmVmNmQyODM1OTBlMmQ5NDJk
ZDVjMjEwHhcNMjUwNDEzMTAwOTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTc2MmZjZmQxMzQyNThhODVmMTFjY2U3YTJlZThjNzU5NTI4MWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtQ61d7VmzyBgr/ydZ4oBSv0uQ+4R
f+6LSd0saML3PDwqrd3b5nHgenp6crjF6Y6qwIgf0SGDAJw8uA3bq2gQFyPdJWTa
YCKS4jaCsno6IZb7WRmeXej+RCevs6oY9ofU9BIeaBw99MKd+kOwcIrF11mWtgiW
St9aaJbXyzlonYujkGrmhATJ6dJU/JJWoWR0ZINO2QCk1OSK6tQU3HVol6KSVdDv
4vo9d7Wf6WQ201S2KrfJ5Cjq8/YJPvZ89RMfH5L3skcWBn7qXR+bjoEDOPRh3Hd6
StcCLvMoUP8DXMvUGsGHX7B0goSOSbvwl7gWAGTTT2TDR8NWkNCWVlkrbwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBV2L8/RNCWKhfEcznou6MdZUoGxMB8GA1UdIwQY
MBaAFAB3XZRxuF2WP+9tKDWQ4tlC3VwhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQt
NzZiMzNlNGNlODIxLzEvRlhZdno5RTBKWXFGOFJ6T2VpN294MWxTZ2JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQtNzZiMzNlNGNlODIx
LzEvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPtxhAwQA
V2tmMA0GCSqGSIb3DQEBCwUAA4IBAQBzZjrv2Z8vdDD/70UJ+e3t4R0N057Jq3GK
piS1eJsTDp92WtKIemx5houTBAUv6o7So0e4mtCDAYCWhMgohLtmv9A9xdXTml0z
UKSw6bL0BYJqmVYChPnQaZ96AM7HQ+aqVrt1rKlsFcA3ZR1HxfPgzFTSEWYNHgIF
0R73Z9eRyi74YzU8fUKt3C2cPYGXF7ydovuXgzpn1WmWzrprYBCiunTYfRS0yakN
TCoDsMBWU0Ca+7EHvMQw9fij4K7qCJF5hGnFY1g/vBbw21qkBtwN5tsiZd4aAgFz
RA5g8+h0Z02/OfUdFtpvZL2WFhTb6biibSUf18+xY2n6Ysg54A0Q
-----END CERTIFICATE-----