Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/72c587-c5cb-40e4-8ce1-e1b53556c1c3/1/ihdmZnPFfRQouiDEX9hoP7FnJXY.roa
File:                     ihdmZnPFfRQouiDEX9hoP7FnJXY.roa (raw, json)
Hash identifier:          vMOPJDVg/5XoKEVMMHXuz77Sx41YI4RzrWjRsAiZbwY=
Subject key identifier:   8A:17:66:66:73:C5:7D:14:28:BA:20:C4:5F:D8:68:3F:B1:67:25:76
Certificate issuer:       /CN=5e280950653a7ec58c53385d00b381efbb465824
Certificate serial:       0194244548A9B7A4F3FEEAA9958A57D10212
Authority key identifier: 5E:28:09:50:65:3A:7E:C5:8C:53:38:5D:00:B3:81:EF:BB:46:58:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XigJUGU6fsWMUzhdALOB77tGWCQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/72c587-c5cb-40e4-8ce1-e1b53556c1c3/1/ihdmZnPFfRQouiDEX9hoP7FnJXY.roa
Signing time:             Wed 01 Jan 2025 23:48:27 +0000
ROA not before:           Wed 01 Jan 2025 23:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9155
IP address blocks:        185.62.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/72c587-c5cb-40e4-8ce1-e1b53556c1c3/1/XigJUGU6fsWMUzhdALOB77tGWCQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/72c587-c5cb-40e4-8ce1-e1b53556c1c3/1/XigJUGU6fsWMUzhdALOB77tGWCQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XigJUGU6fsWMUzhdALOB77tGWCQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:48:a9:b7:a4:f3:fe:ea:a9:95:8a:57:d1:02:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e280950653a7ec58c53385d00b381efbb465824
        Validity
            Not Before: Jan  1 23:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8a17666673c57d1428ba20c45fd8683fb1672576
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:3f:99:26:4f:65:78:46:46:2a:4b:04:f0:44:
                    8e:8a:77:41:a2:f5:eb:23:6e:11:a6:f6:3f:9e:61:
                    af:2e:4f:6e:0a:ce:f3:65:88:32:43:78:b6:30:02:
                    df:2e:9b:73:ea:90:12:82:70:e6:1c:45:9b:b2:6b:
                    67:cb:5a:54:99:7e:24:41:d6:8a:93:be:65:8a:7d:
                    ff:7b:29:f7:71:98:d9:a5:8d:86:f3:c1:da:32:02:
                    8a:4b:f2:1a:49:59:fb:79:43:ab:1d:32:8a:5b:9b:
                    64:81:bf:13:57:3b:8c:20:dd:95:c5:c2:bf:ac:b1:
                    a3:53:6f:d2:49:2b:85:d6:82:fd:ed:fb:b1:43:f4:
                    40:61:80:bb:f1:4c:15:7d:1d:49:2f:84:40:46:9f:
                    ca:bf:4a:93:f8:b8:f5:31:40:ae:92:d6:15:f7:9c:
                    90:68:fe:ab:67:4a:34:04:30:de:ec:65:e6:fd:78:
                    be:3b:70:f5:6e:d8:94:35:38:7c:1e:66:cc:8c:f1:
                    70:4c:c4:24:91:37:db:8c:59:94:aa:3e:af:4d:be:
                    be:8b:8e:5b:fc:6d:24:20:a4:c0:56:4a:6f:0a:a6:
                    5a:fa:38:4b:37:0b:1b:2a:39:4f:a6:1d:e2:68:eb:
                    43:91:49:22:e1:7f:72:96:cd:df:6e:20:18:a1:31:
                    57:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:17:66:66:73:C5:7D:14:28:BA:20:C4:5F:D8:68:3F:B1:67:25:76
            X509v3 Authority Key Identifier:
                keyid:5E:28:09:50:65:3A:7E:C5:8C:53:38:5D:00:B3:81:EF:BB:46:58:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XigJUGU6fsWMUzhdALOB77tGWCQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/72c587-c5cb-40e4-8ce1-e1b53556c1c3/1/ihdmZnPFfRQouiDEX9hoP7FnJXY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/72c587-c5cb-40e4-8ce1-e1b53556c1c3/1/XigJUGU6fsWMUzhdALOB77tGWCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.62.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:bf:e0:8a:4e:8b:bf:cf:8a:e3:b8:6f:85:80:f1:13:86:66:
         44:1f:de:3c:31:65:08:05:b5:c9:2b:99:55:02:0d:02:ff:56:
         f6:aa:03:b8:08:c1:c9:e0:0d:03:56:5b:fe:ea:09:67:4a:ee:
         36:92:55:ce:61:8b:79:81:57:eb:17:d3:e8:c0:db:67:67:83:
         d9:08:16:fb:38:bb:c9:aa:88:d0:31:00:14:aa:4a:bf:76:bb:
         9f:70:e4:b2:d3:99:47:65:e7:ea:c8:b6:54:5d:e1:98:48:03:
         f6:c1:6d:44:dc:9f:f8:aa:28:fe:de:af:88:97:30:0f:8b:80:
         82:31:3a:80:cf:70:3c:b8:e7:54:70:14:e2:21:3d:d6:5d:57:
         d5:02:3e:bf:47:2d:50:69:44:31:a1:ae:e9:51:98:84:cf:03:
         37:24:83:33:b1:a5:d2:b6:c2:f5:13:43:68:3c:08:3d:ce:fb:
         66:16:dd:ba:64:8e:ad:88:62:dd:80:52:d3:fc:62:87:6d:39:
         18:8a:a7:39:9e:87:d8:8d:90:74:0c:4d:5f:86:83:8e:ae:80:
         81:16:3c:9e:0b:d7:bd:9e:c7:fc:c2:16:b5:b7:40:93:c7:d8:
         2d:a5:da:f0:b1:07:96:0a:de:50:c3:01:1d:82:d9:23:8d:03:
         35:23:29:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRUipt6Tz/uqplYpX0QISMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMjgwOTUwNjUzYTdlYzU4YzUzMzg1ZDAwYjM4MWVmYmI0
NjU4MjQwHhcNMjUwMTAxMjM0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTE3NjY2NjczYzU3ZDE0MjhiYTIwYzQ1ZmQ4NjgzZmIxNjcyNTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzj+ZJk9leEZGKksE8ESOindBovXr
I24RpvY/nmGvLk9uCs7zZYgyQ3i2MALfLptz6pASgnDmHEWbsmtny1pUmX4kQdaK
k75lin3/eyn3cZjZpY2G88HaMgKKS/IaSVn7eUOrHTKKW5tkgb8TVzuMIN2VxcK/
rLGjU2/SSSuF1oL97fuxQ/RAYYC78UwVfR1JL4RARp/Kv0qT+Lj1MUCuktYV95yQ
aP6rZ0o0BDDe7GXm/Xi+O3D1btiUNTh8HmbMjPFwTMQkkTfbjFmUqj6vTb6+i45b
/G0kIKTAVkpvCqZa+jhLNwsbKjlPph3iaOtDkUki4X9yls3fbiAYoTFXaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIoXZmZzxX0UKLogxF/YaD+xZyV2MB8GA1UdIwQY
MBaAFF4oCVBlOn7FjFM4XQCzge+7RlgkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGlnSlVHVTZmc1dNVXpoZEFMT0I3N3RHV0NRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC83MmM1ODctYzVjYi00MGU0LThjZTEt
ZTFiNTM1NTZjMWMzLzEvaWhkbVpuUEZmUlFvdWlERVg5aG9QN0ZuSlhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC83MmM1ODctYzVjYi00MGU0LThjZTEtZTFiNTM1NTZjMWMz
LzEvWGlnSlVHVTZmc1dNVXpoZEFMT0I3N3RHV0NRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuT7mMA0G
CSqGSIb3DQEBCwUAA4IBAQAkv+CKTou/z4rjuG+FgPEThmZEH948MWUIBbXJK5lV
Ag0C/1b2qgO4CMHJ4A0DVlv+6glnSu42klXOYYt5gVfrF9PowNtnZ4PZCBb7OLvJ
qojQMQAUqkq/drufcOSy05lHZefqyLZUXeGYSAP2wW1E3J/4qij+3q+IlzAPi4CC
MTqAz3A8uOdUcBTiIT3WXVfVAj6/Ry1QaUQxoa7pUZiEzwM3JIMzsaXStsL1E0No
PAg9zvtmFt26ZI6tiGLdgFLT/GKHbTkYiqc5nofYjZB0DE1fhoOOroCBFjyeC9e9
nsf8wha1t0CTx9gtpdrwsQeWCt5QwwEdgtkjjQM1Iymx
-----END CERTIFICATE-----