Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/KJ5M5xCQash8uZRKDjM1gqM6_GA.roa
File:                     KJ5M5xCQash8uZRKDjM1gqM6_GA.roa (raw, json)
Hash identifier:          bGI5aTy4U/ATecO9V+TMfmED/aVfz5oBChs2Drp8ZoA=
Subject key identifier:   28:9E:4C:E7:10:90:6A:C8:7C:B9:94:4A:0E:33:35:82:A3:3A:FC:60
Certificate issuer:       /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial:       019420D65A3120E070BA8EEB77229F5CBF09
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/KJ5M5xCQash8uZRKDjM1gqM6_GA.roa
Signing time:             Wed 01 Jan 2025 07:48:26 +0000
ROA not before:           Wed 01 Jan 2025 07:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58061
IP address blocks:        62.112.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 02:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:5a:31:20:e0:70:ba:8e:eb:77:22:9f:5c:bf:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
        Validity
            Not Before: Jan  1 07:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=289e4ce710906ac87cb9944a0e333582a33afc60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:e5:69:5c:0e:96:82:b2:95:6b:90:c7:d2:3e:
                    b0:6f:b6:3d:60:34:e6:d2:b9:ae:49:37:11:98:ca:
                    2d:57:fd:fa:6e:86:55:f1:d4:11:52:88:24:0c:43:
                    78:fd:41:68:d6:b0:d6:b0:af:6d:e2:2c:63:46:e6:
                    76:79:18:5e:3e:13:68:f0:91:6f:9c:b1:c4:09:ab:
                    13:c7:07:21:63:40:f2:f0:e6:25:f4:7e:51:d3:2b:
                    c6:b2:cc:99:ed:b7:54:90:db:7a:b9:aa:9f:3b:60:
                    29:72:d3:aa:fc:7c:8c:ea:8d:07:3e:b6:e8:65:19:
                    7f:4b:11:d7:10:0c:ec:59:1c:b3:d7:5a:14:19:3a:
                    50:0b:72:76:9a:bc:24:0b:cd:45:36:63:2a:f3:5d:
                    fb:3e:d0:2b:9e:e1:1d:aa:7f:9f:a3:f4:b5:a4:7b:
                    89:f0:62:bf:78:da:5d:4c:e3:a4:8b:68:e5:ba:69:
                    91:0d:13:92:a4:3b:b2:b7:02:8e:85:15:1b:23:20:
                    74:93:49:18:93:a7:d2:b2:3c:c5:fa:13:a2:81:03:
                    a5:cd:4e:e7:82:c0:b4:c2:fb:93:2c:43:66:64:51:
                    c1:88:c1:7b:7c:44:ff:60:c2:b1:76:a9:94:c1:70:
                    a9:17:05:0e:50:1d:d7:ac:65:fd:04:42:d2:9f:f4:
                    b0:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:9E:4C:E7:10:90:6A:C8:7C:B9:94:4A:0E:33:35:82:A3:3A:FC:60
            X509v3 Authority Key Identifier:
                keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/KJ5M5xCQash8uZRKDjM1gqM6_GA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.112.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:8e:88:23:db:5e:76:60:0e:43:9b:93:ff:10:3c:b9:ca:44:
         38:6b:aa:38:c5:50:9d:cf:d0:bf:5a:72:df:d7:ca:12:2c:67:
         ad:68:9f:5e:b9:c8:89:52:11:f9:9e:76:2c:73:2b:37:94:b6:
         a9:3b:72:fe:10:88:27:f2:2e:67:6b:5e:0d:7b:fe:96:6e:3a:
         ab:33:29:16:b2:87:cf:4e:b1:79:2a:22:e7:1f:49:88:29:1d:
         96:66:a2:60:45:31:e8:5d:4b:8a:dd:2c:af:08:9b:1b:e7:be:
         c1:d9:c3:3b:19:85:7d:27:f2:7d:7a:a0:32:ad:d9:6e:b8:6d:
         6c:15:87:f5:54:da:88:fa:1d:2b:80:ac:91:92:35:f6:91:22:
         7c:f0:07:2b:bf:0c:f1:2e:59:38:b9:39:25:8c:42:6a:a5:88:
         e0:85:fe:d6:b8:0b:a9:68:62:fc:fe:54:18:4d:c9:82:0e:83:
         c9:ea:34:83:25:74:9e:14:22:c9:08:47:2f:a8:02:95:cb:dc:
         c7:52:50:a7:a9:a5:c6:8a:77:89:7e:a4:8f:25:8c:02:be:ce:
         40:a3:56:5e:8e:40:93:f9:96:dc:ca:e9:23:56:be:8f:13:e6:
         05:55:c6:41:37:3b:f8:94:0a:04:60:66:79:8c:b2:79:3c:8e:
         53:61:d4:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1loxIOBwuo7rdyKfXL8JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjUwMTAxMDc0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODllNGNlNzEwOTA2YWM4N2NiOTk0NGEwZTMzMzU4MmEzM2FmYzYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuVpXA6WgrKVa5DH0j6wb7Y9YDTm
0rmuSTcRmMotV/36boZV8dQRUogkDEN4/UFo1rDWsK9t4ixjRuZ2eRhePhNo8JFv
nLHECasTxwchY0Dy8OYl9H5R0yvGssyZ7bdUkNt6uaqfO2ApctOq/HyM6o0HPrbo
ZRl/SxHXEAzsWRyz11oUGTpQC3J2mrwkC81FNmMq8137PtArnuEdqn+fo/S1pHuJ
8GK/eNpdTOOki2jlummRDROSpDuytwKOhRUbIyB0k0kYk6fSsjzF+hOigQOlzU7n
gsC0wvuTLENmZFHBiMF7fET/YMKxdqmUwXCpFwUOUB3XrGX9BELSn/SwAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCieTOcQkGrIfLmUSg4zNYKjOvxgMB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvS0o1TTV4Q1Fhc2g4dVpSS0RqTTFncU02X0dBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPnAeMA0G
CSqGSIb3DQEBCwUAA4IBAQBfjogj2152YA5Dm5P/EDy5ykQ4a6o4xVCdz9C/WnLf
18oSLGetaJ9euciJUhH5nnYscys3lLapO3L+EIgn8i5na14Ne/6WbjqrMykWsofP
TrF5KiLnH0mIKR2WZqJgRTHoXUuK3SyvCJsb577B2cM7GYV9J/J9eqAyrdluuG1s
FYf1VNqI+h0rgKyRkjX2kSJ88AcrvwzxLlk4uTkljEJqpYjghf7WuAupaGL8/lQY
TcmCDoPJ6jSDJXSeFCLJCEcvqAKVy9zHUlCnqaXGineJfqSPJYwCvs5Ao1ZejkCT
+ZbcyukjVr6PE+YFVcZBNzv4lAoEYGZ5jLJ5PI5TYdSN
-----END CERTIFICATE-----