Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/5c5ad0-d2da-40db-95d1-e7be5e30ad2d/1/q8AP7H93ZbNKPWz_Zh0y6fK8m7g.roa
File:                     q8AP7H93ZbNKPWz_Zh0y6fK8m7g.roa (raw, json)
Hash identifier:          Jd2YHA+NTHYb6+qWLH1KGDGjnXW6xUSmZVAZe2REuGQ=
Subject key identifier:   AB:C0:0F:EC:7F:77:65:B3:4A:3D:6C:FF:66:1D:32:E9:F2:BC:9B:B8
Certificate issuer:       /CN=3692fedf59c60d3254e37a9c8ecde11c9ba1282a
Certificate serial:       01941FFA9DC0962F1CE8C6B84F36F60EB12C
Authority key identifier: 36:92:FE:DF:59:C6:0D:32:54:E3:7A:9C:8E:CD:E1:1C:9B:A1:28:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NpL-31nGDTJU43qcjs3hHJuhKCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/5c5ad0-d2da-40db-95d1-e7be5e30ad2d/1/q8AP7H93ZbNKPWz_Zh0y6fK8m7g.roa
Signing time:             Wed 01 Jan 2025 03:48:25 +0000
ROA not before:           Wed 01 Jan 2025 03:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48492
IP address blocks:        62.201.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/5c5ad0-d2da-40db-95d1-e7be5e30ad2d/1/NpL-31nGDTJU43qcjs3hHJuhKCo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/5c5ad0-d2da-40db-95d1-e7be5e30ad2d/1/NpL-31nGDTJU43qcjs3hHJuhKCo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NpL-31nGDTJU43qcjs3hHJuhKCo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 06:01:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:9d:c0:96:2f:1c:e8:c6:b8:4f:36:f6:0e:b1:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3692fedf59c60d3254e37a9c8ecde11c9ba1282a
        Validity
            Not Before: Jan  1 03:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=abc00fec7f7765b34a3d6cff661d32e9f2bc9bb8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:22:07:e2:c3:f8:94:84:b9:9a:b9:74:0a:17:
                    b0:61:f6:43:7d:ac:49:45:24:3b:99:98:2e:50:4a:
                    d5:b1:86:01:e7:97:e4:77:f1:7a:5e:b2:45:e2:31:
                    cd:43:16:ea:f3:41:91:42:e5:3a:87:f9:94:fe:19:
                    ee:80:e9:64:ce:1d:53:b5:0c:f6:8a:32:f9:f5:b0:
                    d5:8c:03:b1:a0:23:c6:9d:f0:13:c3:46:da:f3:32:
                    2d:7d:03:ae:46:1e:00:fb:bb:9f:b5:65:04:c5:42:
                    c9:35:77:bb:de:53:79:74:56:19:df:c0:3c:21:79:
                    23:17:b1:95:70:29:5c:30:6c:4e:15:c4:eb:d3:89:
                    4f:1c:de:50:e1:e8:86:da:08:b1:44:25:a8:38:10:
                    61:07:10:33:f9:56:db:75:0d:a5:9b:fb:f0:49:cc:
                    62:88:34:5c:84:68:1f:b0:64:9d:4c:6b:6a:f6:6d:
                    f9:e1:68:c0:cf:c6:25:2f:a5:f0:80:7f:ac:17:4a:
                    c2:6b:8c:55:87:fb:66:80:9b:c0:de:53:be:7e:f0:
                    cb:fb:3f:d7:b9:93:02:b6:44:27:ea:29:f5:5f:31:
                    e8:e0:50:f4:f1:7e:a3:19:5c:86:7a:1f:81:6f:0b:
                    a0:a9:b3:39:75:5e:b3:cd:67:19:fe:43:4c:f7:63:
                    0e:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:C0:0F:EC:7F:77:65:B3:4A:3D:6C:FF:66:1D:32:E9:F2:BC:9B:B8
            X509v3 Authority Key Identifier:
                keyid:36:92:FE:DF:59:C6:0D:32:54:E3:7A:9C:8E:CD:E1:1C:9B:A1:28:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NpL-31nGDTJU43qcjs3hHJuhKCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/5c5ad0-d2da-40db-95d1-e7be5e30ad2d/1/q8AP7H93ZbNKPWz_Zh0y6fK8m7g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/5c5ad0-d2da-40db-95d1-e7be5e30ad2d/1/NpL-31nGDTJU43qcjs3hHJuhKCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.201.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:0f:1e:8e:16:e1:7b:25:d6:e7:f5:77:e2:57:33:bf:6a:d8:
         34:90:3d:a7:fd:7b:c6:a1:19:4d:01:64:ed:d6:d4:e5:d7:d9:
         86:ee:0c:80:0d:4f:0a:52:16:0d:1c:52:b5:55:ff:f0:4a:e6:
         d4:25:90:3d:d4:1e:2b:57:91:fd:54:8d:7c:c4:7c:7e:e9:f1:
         03:95:fa:5f:09:7c:5f:37:f4:58:f9:61:d0:af:bc:da:e9:2f:
         3d:45:ae:f0:36:10:fc:c2:a2:f7:b5:13:85:85:72:f4:4e:77:
         5d:c5:07:6e:f8:a5:d3:6c:63:41:16:c9:87:35:de:91:fe:ec:
         27:5e:9c:fb:94:fe:fd:50:43:f6:c3:d9:aa:ae:c7:05:af:9b:
         d0:e4:b7:95:6a:52:62:a6:5f:00:e2:7c:cf:83:68:05:b5:7e:
         20:05:a7:06:6e:66:73:91:50:f7:4b:71:38:25:bf:2f:fc:9a:
         86:ce:2f:42:0e:6f:0c:35:33:a5:58:06:bc:88:6c:bc:78:66:
         22:fa:01:dd:da:e9:5d:99:c2:90:d7:a2:c2:6c:09:1f:76:73:
         77:28:bc:e6:21:5e:78:7a:81:a2:cd:80:79:cc:74:aa:a2:a2:
         b3:e1:91:d8:9f:4d:75:6a:ba:2e:32:5a:82:66:14:70:67:ea:
         5d:da:c0:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+p3Ali8c6Ma4Tzb2DrEsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OTJmZWRmNTljNjBkMzI1NGUzN2E5YzhlY2RlMTFjOWJh
MTI4MmEwHhcNMjUwMTAxMDM0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmMwMGZlYzdmNzc2NWIzNGEzZDZjZmY2NjFkMzJlOWYyYmM5YmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoyIH4sP4lIS5mrl0ChewYfZDfaxJ
RSQ7mZguUErVsYYB55fkd/F6XrJF4jHNQxbq80GRQuU6h/mU/hnugOlkzh1TtQz2
ijL59bDVjAOxoCPGnfATw0ba8zItfQOuRh4A+7uftWUExULJNXe73lN5dFYZ38A8
IXkjF7GVcClcMGxOFcTr04lPHN5Q4eiG2gixRCWoOBBhBxAz+VbbdQ2lm/vwScxi
iDRchGgfsGSdTGtq9m354WjAz8YlL6XwgH+sF0rCa4xVh/tmgJvA3lO+fvDL+z/X
uZMCtkQn6in1XzHo4FD08X6jGVyGeh+BbwugqbM5dV6zzWcZ/kNM92MONQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKvAD+x/d2WzSj1s/2YdMunyvJu4MB8GA1UdIwQY
MBaAFDaS/t9Zxg0yVON6nI7N4RyboSgqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnBMLTMxbkdEVEpVNDNxY2pzM2hISnVoS0NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi81YzVhZDAtZDJkYS00MGRiLTk1ZDEt
ZTdiZTVlMzBhZDJkLzEvcThBUDdIOTNaYk5LUFd6X1poMHk2Zks4bTdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi81YzVhZDAtZDJkYS00MGRiLTk1ZDEtZTdiZTVlMzBhZDJk
LzEvTnBMLTMxbkdEVEpVNDNxY2pzM2hISnVoS0NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPsnvMA0G
CSqGSIb3DQEBCwUAA4IBAQBkDx6OFuF7Jdbn9XfiVzO/atg0kD2n/XvGoRlNAWTt
1tTl19mG7gyADU8KUhYNHFK1Vf/wSubUJZA91B4rV5H9VI18xHx+6fEDlfpfCXxf
N/RY+WHQr7za6S89Ra7wNhD8wqL3tROFhXL0TnddxQdu+KXTbGNBFsmHNd6R/uwn
Xpz7lP79UEP2w9mqrscFr5vQ5LeValJipl8A4nzPg2gFtX4gBacGbmZzkVD3S3E4
Jb8v/JqGzi9CDm8MNTOlWAa8iGy8eGYi+gHd2uldmcKQ16LCbAkfdnN3KLzmIV54
eoGizYB5zHSqoqKz4ZHYn011arouMlqCZhRwZ+pd2sAb
-----END CERTIFICATE-----