Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/kwOU6n2U0tlOOT5S3nqF-ntVFYQ.roa
File:                     kwOU6n2U0tlOOT5S3nqF-ntVFYQ.roa (raw, json)
Hash identifier:          tJWykZcdes0s9amE0to1DThjyvp5rw7kHFWEXdqGdBw=
Subject key identifier:   93:03:94:EA:7D:94:D2:D9:4E:39:3E:52:DE:7A:85:FA:7B:55:15:84
Certificate issuer:       /CN=a2900e4655ab349a4632b140719dc97230431725
Certificate serial:       01941F8C9973457DACF7D6C4E549C08F19B1
Authority key identifier: A2:90:0E:46:55:AB:34:9A:46:32:B1:40:71:9D:C9:72:30:43:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/opAORlWrNJpGMrFAcZ3JcjBDFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/kwOU6n2U0tlOOT5S3nqF-ntVFYQ.roa
Signing time:             Wed 01 Jan 2025 01:48:15 +0000
ROA not before:           Wed 01 Jan 2025 01:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208142
IP address blocks:        62.140.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/opAORlWrNJpGMrFAcZ3JcjBDFyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/opAORlWrNJpGMrFAcZ3JcjBDFyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/opAORlWrNJpGMrFAcZ3JcjBDFyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 16:01:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:99:73:45:7d:ac:f7:d6:c4:e5:49:c0:8f:19:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2900e4655ab349a4632b140719dc97230431725
        Validity
            Not Before: Jan  1 01:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=930394ea7d94d2d94e393e52de7a85fa7b551584
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:f0:0d:43:0e:e2:af:27:b1:3a:f4:5b:e9:d4:
                    8a:c3:26:05:b8:6b:42:b7:fa:c2:a5:aa:d2:10:5c:
                    5e:e7:fe:3d:63:10:93:82:d4:af:7b:d5:26:90:ee:
                    f6:70:2f:fd:fd:ab:f5:8f:2f:d7:dd:85:c3:fc:c7:
                    65:e8:d2:32:14:29:ca:2f:fc:fa:46:7f:1e:cf:fc:
                    00:eb:cf:63:0d:83:8a:35:dd:79:79:aa:53:99:2d:
                    d3:b4:96:48:86:d5:32:ad:dc:f9:90:96:5f:e6:11:
                    a5:e5:be:b4:73:b0:b8:d1:42:2c:ce:81:13:9a:5b:
                    3a:d0:ea:47:df:79:b5:7e:88:86:0a:32:68:07:c5:
                    f0:49:cc:24:9b:46:31:68:3b:5f:90:f0:c2:ab:c2:
                    90:c3:69:ec:2d:63:af:16:32:ed:42:4b:4a:9b:25:
                    f0:d9:7c:1b:f7:3e:e4:a6:17:9f:b3:b0:f5:28:f8:
                    c2:5c:d0:52:89:ed:a6:38:f8:c0:7f:f7:50:81:eb:
                    5a:0b:bb:8c:46:07:d3:ff:b8:4f:9b:7e:5f:a8:d4:
                    61:ab:f0:62:81:dc:be:82:77:28:9a:80:08:5b:6e:
                    34:1f:af:1f:05:09:6a:0f:d5:23:0e:e3:a0:d1:4b:
                    08:e8:6a:2f:c4:1b:54:5e:a1:8e:c2:94:b6:21:46:
                    70:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:03:94:EA:7D:94:D2:D9:4E:39:3E:52:DE:7A:85:FA:7B:55:15:84
            X509v3 Authority Key Identifier:
                keyid:A2:90:0E:46:55:AB:34:9A:46:32:B1:40:71:9D:C9:72:30:43:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/opAORlWrNJpGMrFAcZ3JcjBDFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/kwOU6n2U0tlOOT5S3nqF-ntVFYQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/opAORlWrNJpGMrFAcZ3JcjBDFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.140.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:5e:45:f4:34:58:e2:8e:51:fb:e6:3d:41:bf:71:d9:f0:78:
         58:48:68:2f:d4:94:8a:25:9a:82:16:44:92:bc:37:3d:f7:85:
         cb:40:99:70:a0:39:50:22:bb:d6:88:23:1c:cc:83:d2:25:2b:
         80:cc:f0:68:97:80:2a:a6:14:43:3b:02:c0:c7:7a:fa:d5:8c:
         a2:fb:4b:b0:f7:bc:82:ec:61:46:53:14:79:f8:04:8e:07:0c:
         83:03:85:7c:46:f9:c1:c4:ab:8a:3f:41:be:04:0c:b5:68:a8:
         7e:36:c5:8d:13:b0:d1:c8:96:37:73:34:28:75:e1:4e:18:1d:
         f6:8a:09:66:71:ec:9b:fc:7c:15:ba:03:fa:2e:32:08:fd:15:
         ab:e5:ef:08:1b:85:9b:7f:1e:38:9f:87:da:75:fc:e8:dd:5c:
         39:f2:ba:39:11:d8:56:df:92:36:5d:b4:f9:42:8d:eb:44:39:
         ba:00:d9:18:33:3f:c3:09:59:a5:75:42:f4:f3:44:8f:99:77:
         2e:7c:8d:d2:13:73:8e:35:d7:40:d2:d0:24:9d:c9:6b:31:6c:
         d1:04:3b:a6:12:3b:7b:ef:32:2c:64:8a:89:09:23:ab:78:1e:
         3d:e4:fd:28:74:65:39:d8:57:6f:02:8a:26:9d:d5:8b:1b:b3:
         a3:25:d6:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjJlzRX2s99bE5UnAjxmxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyOTAwZTQ2NTVhYjM0OWE0NjMyYjE0MDcxOWRjOTcyMzA0
MzE3MjUwHhcNMjUwMTAxMDE0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzAzOTRlYTdkOTRkMmQ5NGUzOTNlNTJkZTdhODVmYTdiNTUxNTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/ANQw7iryexOvRb6dSKwyYFuGtC
t/rCparSEFxe5/49YxCTgtSve9UmkO72cC/9/av1jy/X3YXD/Mdl6NIyFCnKL/z6
Rn8ez/wA689jDYOKNd15eapTmS3TtJZIhtUyrdz5kJZf5hGl5b60c7C40UIszoET
mls60OpH33m1foiGCjJoB8XwScwkm0YxaDtfkPDCq8KQw2nsLWOvFjLtQktKmyXw
2Xwb9z7kphefs7D1KPjCXNBSie2mOPjAf/dQgetaC7uMRgfT/7hPm35fqNRhq/Bi
gdy+gncomoAIW240H68fBQlqD9UjDuOg0UsI6GovxBtUXqGOwpS2IUZwzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJMDlOp9lNLZTjk+Ut56hfp7VRWEMB8GA1UdIwQY
MBaAFKKQDkZVqzSaRjKxQHGdyXIwQxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3BBT1JsV3JOSnBHTXJGQWNaM0pjakJERnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC80ZjcwMWEtZWQ2Zi00N2M4LWJmNzMt
ZjRjNWZjM2NhMmM0LzEva3dPVTZuMlUwdGxPT1Q1UzNucUYtbnRWRllRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC80ZjcwMWEtZWQ2Zi00N2M4LWJmNzMtZjRjNWZjM2NhMmM0
LzEvb3BBT1JsV3JOSnBHTXJGQWNaM0pjakJERnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPoz4MA0G
CSqGSIb3DQEBCwUAA4IBAQBDXkX0NFjijlH75j1Bv3HZ8HhYSGgv1JSKJZqCFkSS
vDc994XLQJlwoDlQIrvWiCMczIPSJSuAzPBol4AqphRDOwLAx3r61Yyi+0uw97yC
7GFGUxR5+ASOBwyDA4V8RvnBxKuKP0G+BAy1aKh+NsWNE7DRyJY3czQodeFOGB32
iglmceyb/HwVugP6LjII/RWr5e8IG4Wbfx44n4fadfzo3Vw58ro5EdhW35I2XbT5
Qo3rRDm6ANkYMz/DCVmldUL080SPmXcufI3SE3OONddA0tAknclrMWzRBDumEjt7
7zIsZIqJCSOreB495P0odGU52FdvAoomndWLG7OjJdYr
-----END CERTIFICATE-----