Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/4ef680-7c55-4a5b-8568-336ac9456464/1/6dFmm5sRY32IWZd8jLU8_s5imvY.roa
File:                     6dFmm5sRY32IWZd8jLU8_s5imvY.roa (raw, json)
Hash identifier:          udPQ8wWzpwcAiDjrHHyq/uTqqzcEbt4FowH3Qt/QIEM=
Subject key identifier:   E9:D1:66:9B:9B:11:63:7D:88:59:97:7C:8C:B5:3C:FE:CE:62:9A:F6
Certificate issuer:       /CN=3a4945e46764029d2581d820c3373fa445855539
Certificate serial:       01970C713368F8D3E49DC1A8B35781222180
Authority key identifier: 3A:49:45:E4:67:64:02:9D:25:81:D8:20:C3:37:3F:A4:45:85:55:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OklF5GdkAp0lgdggwzc_pEWFVTk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/4ef680-7c55-4a5b-8568-336ac9456464/1/6dFmm5sRY32IWZd8jLU8_s5imvY.roa
Signing time:             Mon 26 May 2025 11:53:54 +0000
ROA not before:           Mon 26 May 2025 11:53:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     18811
IP address blocks:        62.244.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/4ef680-7c55-4a5b-8568-336ac9456464/1/OklF5GdkAp0lgdggwzc_pEWFVTk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/4ef680-7c55-4a5b-8568-336ac9456464/1/OklF5GdkAp0lgdggwzc_pEWFVTk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OklF5GdkAp0lgdggwzc_pEWFVTk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 08:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:0c:71:33:68:f8:d3:e4:9d:c1:a8:b3:57:81:22:21:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a4945e46764029d2581d820c3373fa445855539
        Validity
            Not Before: May 26 11:53:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e9d1669b9b11637d8859977c8cb53cfece629af6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:37:ba:d1:6d:6b:dc:99:16:5f:69:8b:dc:23:
                    c3:83:8d:71:7c:d2:20:13:9a:61:8c:2d:1d:f8:b1:
                    84:a5:75:f0:05:97:74:e9:15:0c:d3:f2:6c:51:fc:
                    79:65:b5:ca:dd:27:45:64:92:b7:1f:8d:49:ea:a0:
                    0d:52:22:53:19:ae:8b:56:69:1d:68:40:05:2c:0c:
                    b2:20:41:75:3d:e0:a5:b2:67:1c:b6:a4:99:5e:e6:
                    89:9c:ea:8c:df:07:a2:b8:c2:ab:18:b6:e6:e2:4c:
                    26:83:0a:2f:89:c3:45:f4:24:67:d8:5e:7d:a3:ca:
                    5c:5b:87:f0:83:bb:15:8b:3d:0c:b7:fa:6b:97:f3:
                    51:69:93:93:41:04:a8:b4:96:f9:08:45:db:08:83:
                    7f:ea:c6:d1:90:b0:fe:8f:aa:93:8e:d5:52:fb:a4:
                    5a:72:b8:25:5e:a9:ba:8f:bf:1e:6c:c9:8e:53:08:
                    0b:5d:c4:89:4c:8f:a2:0b:05:09:ab:ec:68:98:84:
                    72:46:22:88:60:4b:f8:e8:5d:be:87:f1:87:f0:5f:
                    89:c0:6f:6c:2f:d9:4b:09:16:6a:7a:cf:9a:5d:33:
                    51:a8:6d:2f:4c:b2:7a:d8:7b:9c:d8:f7:3c:35:3b:
                    67:76:3e:b8:0b:f9:88:91:2c:16:a6:5f:d1:79:cc:
                    25:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:D1:66:9B:9B:11:63:7D:88:59:97:7C:8C:B5:3C:FE:CE:62:9A:F6
            X509v3 Authority Key Identifier:
                keyid:3A:49:45:E4:67:64:02:9D:25:81:D8:20:C3:37:3F:A4:45:85:55:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OklF5GdkAp0lgdggwzc_pEWFVTk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/4ef680-7c55-4a5b-8568-336ac9456464/1/6dFmm5sRY32IWZd8jLU8_s5imvY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/4ef680-7c55-4a5b-8568-336ac9456464/1/OklF5GdkAp0lgdggwzc_pEWFVTk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.244.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:ff:eb:fa:37:0c:f1:8e:8c:4f:13:50:8f:8e:c9:12:9d:0b:
         cc:07:59:35:b6:ee:9a:42:66:e7:94:6c:06:37:cf:55:6b:e6:
         53:91:04:4e:b5:0a:21:cd:77:fa:45:75:11:ed:05:de:ae:d1:
         56:11:7a:c1:de:db:47:88:72:79:83:e2:55:82:5f:54:81:ab:
         ce:a7:2e:12:45:59:13:3a:53:d2:c1:3a:d7:d1:50:a5:77:cf:
         76:ca:48:14:fe:e3:75:3f:2a:7c:61:f7:8e:9e:b7:13:df:17:
         4f:01:5a:72:bf:65:05:4b:55:d9:71:e6:8b:5f:c1:b0:73:85:
         bd:7c:7b:24:67:8a:e0:30:6c:77:84:ff:84:87:29:9f:a9:56:
         93:cd:01:9b:c9:2d:35:fc:34:c6:f0:d9:5b:87:6f:64:e3:93:
         e7:b3:13:e8:36:1d:a0:c6:c7:30:67:8f:32:d7:70:21:d5:0e:
         cf:45:6b:c3:d0:81:23:14:f3:7f:d2:e5:3f:1e:5e:48:32:e7:
         9c:56:fa:e3:78:52:d9:fe:da:1e:58:dc:2f:a6:ea:67:13:05:
         d5:02:ad:1d:0c:8a:4d:30:fb:30:21:f4:ea:cd:fa:c7:42:9b:
         9f:24:55:e2:3f:92:d2:b5:2b:39:e0:6a:8e:e6:6a:51:6b:c9:
         1b:e1:a8:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcMcTNo+NPkncGos1eBIiGAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhNDk0NWU0Njc2NDAyOWQyNTgxZDgyMGMzMzczZmE0NDU4
NTU1MzkwHhcNMjUwNTI2MTE1MzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWQxNjY5YjliMTE2MzdkODg1OTk3N2M4Y2I1M2NmZWNlNjI5YWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtje60W1r3JkWX2mL3CPDg41xfNIg
E5phjC0d+LGEpXXwBZd06RUM0/JsUfx5ZbXK3SdFZJK3H41J6qANUiJTGa6LVmkd
aEAFLAyyIEF1PeClsmcctqSZXuaJnOqM3weiuMKrGLbm4kwmgwovicNF9CRn2F59
o8pcW4fwg7sViz0Mt/prl/NRaZOTQQSotJb5CEXbCIN/6sbRkLD+j6qTjtVS+6Ra
crglXqm6j78ebMmOUwgLXcSJTI+iCwUJq+xomIRyRiKIYEv46F2+h/GH8F+JwG9s
L9lLCRZqes+aXTNRqG0vTLJ62Huc2Pc8NTtndj64C/mIkSwWpl/RecwlFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOnRZpubEWN9iFmXfIy1PP7OYpr2MB8GA1UdIwQY
MBaAFDpJReRnZAKdJYHYIMM3P6RFhVU5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2tsRjVHZGtBcDBsZ2RnZ3d6Y19wRVdGVlRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS80ZWY2ODAtN2M1NS00YTViLTg1Njgt
MzM2YWM5NDU2NDY0LzEvNmRGbW01c1JZMzJJV1pkOGpMVThfczVpbXZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS80ZWY2ODAtN2M1NS00YTViLTg1NjgtMzM2YWM5NDU2NDY0
LzEvT2tsRjVHZGtBcDBsZ2RnZ3d6Y19wRVdGVlRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPvQlMA0G
CSqGSIb3DQEBCwUAA4IBAQA//+v6NwzxjoxPE1CPjskSnQvMB1k1tu6aQmbnlGwG
N89Va+ZTkQROtQohzXf6RXUR7QXertFWEXrB3ttHiHJ5g+JVgl9UgavOpy4SRVkT
OlPSwTrX0VCld892ykgU/uN1Pyp8YfeOnrcT3xdPAVpyv2UFS1XZceaLX8Gwc4W9
fHskZ4rgMGx3hP+EhymfqVaTzQGbyS01/DTG8Nlbh29k45PnsxPoNh2gxscwZ48y
13Ah1Q7PRWvD0IEjFPN/0uU/Hl5IMuecVvrjeFLZ/toeWNwvpupnEwXVAq0dDIpN
MPswIfTqzfrHQpufJFXiP5LStSs54GqO5mpRa8kb4ajB
-----END CERTIFICATE-----