Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/7fa943-9ea6-4068-b6ae-a4d413d7f89c/1/dJ3sMClT1nzY6ah-C08c4xayKh4.roa
File:                     dJ3sMClT1nzY6ah-C08c4xayKh4.roa (raw, json)
Hash identifier:          y9dD6eZbJdUtirxnu+MfTeTv9qcRoIhNkzIpNqVLlDg=
Subject key identifier:   74:9D:EC:30:29:53:D6:7C:D8:E9:A8:7E:0B:4F:1C:E3:16:B2:2A:1E
Certificate issuer:       /CN=93ece780dfda43ab4a841727eb20d71fc76528bc
Certificate serial:       0194258F3815AD94A81CBD982F6F255E175B
Authority key identifier: 93:EC:E7:80:DF:DA:43:AB:4A:84:17:27:EB:20:D7:1F:C7:65:28:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k-zngN_aQ6tKhBcn6yDXH8dlKLw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/7fa943-9ea6-4068-b6ae-a4d413d7f89c/1/dJ3sMClT1nzY6ah-C08c4xayKh4.roa
Signing time:             Thu 02 Jan 2025 05:48:50 +0000
ROA not before:           Thu 02 Jan 2025 05:48:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     36666
IP address blocks:        62.169.158.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/7fa943-9ea6-4068-b6ae-a4d413d7f89c/1/k-zngN_aQ6tKhBcn6yDXH8dlKLw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/7fa943-9ea6-4068-b6ae-a4d413d7f89c/1/k-zngN_aQ6tKhBcn6yDXH8dlKLw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k-zngN_aQ6tKhBcn6yDXH8dlKLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:38:15:ad:94:a8:1c:bd:98:2f:6f:25:5e:17:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93ece780dfda43ab4a841727eb20d71fc76528bc
        Validity
            Not Before: Jan  2 05:48:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=749dec302953d67cd8e9a87e0b4f1ce316b22a1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:6f:ce:8f:ad:94:93:8c:14:9e:f0:23:93:7e:
                    a9:09:56:5f:a6:c3:67:fa:ef:f6:68:7e:72:0a:88:
                    a5:bc:b2:da:86:45:8c:c8:50:d2:56:3b:f8:51:12:
                    56:22:84:ba:38:9c:f6:c6:d6:c9:4a:f2:8e:31:31:
                    1a:4f:f9:34:47:1a:37:5c:0e:44:4f:68:17:24:31:
                    a4:69:9d:9e:f1:fb:93:bf:4b:41:8c:ce:17:72:75:
                    e8:97:bb:59:25:23:68:8d:40:1a:d3:06:a5:f0:16:
                    bc:a8:a0:40:e0:70:8a:0d:97:77:cc:a6:f0:6a:dc:
                    70:87:01:61:bd:03:a4:51:e6:1b:ba:16:ca:fb:d2:
                    2e:d1:3e:4b:07:01:3b:73:fd:e8:57:83:12:f5:95:
                    e9:57:be:b0:c6:a1:fb:57:0f:c7:0d:ee:21:55:20:
                    45:f5:35:22:34:c9:53:4b:36:77:96:9f:40:d3:41:
                    57:46:5c:9e:74:22:e2:44:19:f2:ab:92:33:e4:3a:
                    9c:47:50:d6:d7:29:dc:3b:db:53:56:d1:de:40:3c:
                    9c:95:f6:c0:f7:51:2a:3f:67:fd:06:70:e5:27:48:
                    22:ea:cd:2f:08:9a:1b:0d:30:11:f5:f9:b5:b3:a2:
                    62:3c:21:8d:4b:79:11:bb:d8:bb:77:b0:7a:9b:e6:
                    3a:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:9D:EC:30:29:53:D6:7C:D8:E9:A8:7E:0B:4F:1C:E3:16:B2:2A:1E
            X509v3 Authority Key Identifier:
                keyid:93:EC:E7:80:DF:DA:43:AB:4A:84:17:27:EB:20:D7:1F:C7:65:28:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k-zngN_aQ6tKhBcn6yDXH8dlKLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/7fa943-9ea6-4068-b6ae-a4d413d7f89c/1/dJ3sMClT1nzY6ah-C08c4xayKh4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/7fa943-9ea6-4068-b6ae-a4d413d7f89c/1/k-zngN_aQ6tKhBcn6yDXH8dlKLw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.169.158.0/23

    Signature Algorithm: sha256WithRSAEncryption
         44:9d:d5:25:97:ef:bc:52:b2:c9:e0:6e:22:21:4b:f7:b5:b8:
         7c:ab:d9:69:be:52:7c:68:c6:cb:89:f5:d2:09:70:57:66:0d:
         9f:ab:f2:16:36:d9:18:f2:2f:7c:80:fb:2f:11:fd:89:8e:a2:
         9d:be:1e:ce:cf:05:bb:91:45:2f:ee:f8:b3:0f:c0:d4:00:cd:
         f6:ae:3e:23:b0:89:4e:64:71:53:23:ac:67:19:39:69:42:a2:
         c5:e5:e6:d7:2c:2f:03:4e:9c:9e:34:a7:7e:27:c3:f5:75:61:
         04:54:a4:7d:57:76:f1:f3:66:87:de:11:62:92:37:05:0c:39:
         ae:9f:c5:bf:39:9b:e9:9c:bc:75:6a:f3:8f:c4:b7:6f:ac:6f:
         fb:1d:10:79:a4:26:37:f8:97:1f:6e:5c:24:14:3d:ce:9f:6f:
         79:60:85:af:c5:49:a4:b2:46:8b:a7:00:4e:0f:95:f8:4b:69:
         12:4a:e9:91:c7:44:9e:40:00:98:2e:9c:b8:fd:77:c5:d7:29:
         97:c7:5f:1d:0a:3f:3c:cf:f9:1f:ab:1d:92:b1:55:06:68:3f:
         77:4d:2b:0b:42:50:29:59:76:ce:73:a2:f3:c8:b0:c7:89:ad:
         e2:90:16:2e:9a:3d:98:11:cb:43:15:31:d0:ef:07:77:11:2f:
         69:0d:a8:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljzgVrZSoHL2YL28lXhdbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZWNlNzgwZGZkYTQzYWI0YTg0MTcyN2ViMjBkNzFmYzc2
NTI4YmMwHhcNMjUwMTAyMDU0ODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDlkZWMzMDI5NTNkNjdjZDhlOWE4N2UwYjRmMWNlMzE2YjIyYTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtG/Oj62Uk4wUnvAjk36pCVZfpsNn
+u/2aH5yCoilvLLahkWMyFDSVjv4URJWIoS6OJz2xtbJSvKOMTEaT/k0Rxo3XA5E
T2gXJDGkaZ2e8fuTv0tBjM4XcnXol7tZJSNojUAa0wal8Ba8qKBA4HCKDZd3zKbw
atxwhwFhvQOkUeYbuhbK+9Iu0T5LBwE7c/3oV4MS9ZXpV76wxqH7Vw/HDe4hVSBF
9TUiNMlTSzZ3lp9A00FXRlyedCLiRBnyq5Iz5DqcR1DW1yncO9tTVtHeQDyclfbA
91EqP2f9BnDlJ0gi6s0vCJobDTAR9fm1s6JiPCGNS3kRu9i7d7B6m+Y6FQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHSd7DApU9Z82OmofgtPHOMWsioeMB8GA1UdIwQY
MBaAFJPs54Df2kOrSoQXJ+sg1x/HZSi8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvay16bmdOX2FRNnRLaEJjbjZ5RFhIOGRsS0x3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy83ZmE5NDMtOWVhNi00MDY4LWI2YWUt
YTRkNDEzZDdmODljLzEvZEozc01DbFQxbnpZNmFoLUMwOGM0eGF5S2g0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy83ZmE5NDMtOWVhNi00MDY4LWI2YWUtYTRkNDEzZDdmODlj
LzEvay16bmdOX2FRNnRLaEJjbjZ5RFhIOGRsS0x3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBPqmeMA0G
CSqGSIb3DQEBCwUAA4IBAQBEndUll++8UrLJ4G4iIUv3tbh8q9lpvlJ8aMbLifXS
CXBXZg2fq/IWNtkY8i98gPsvEf2JjqKdvh7OzwW7kUUv7vizD8DUAM32rj4jsIlO
ZHFTI6xnGTlpQqLF5ebXLC8DTpyeNKd+J8P1dWEEVKR9V3bx82aH3hFikjcFDDmu
n8W/OZvpnLx1avOPxLdvrG/7HRB5pCY3+JcfblwkFD3On295YIWvxUmkskaLpwBO
D5X4S2kSSumRx0SeQACYLpy4/XfF1ymXx18dCj88z/kfqx2SsVUGaD93TSsLQlAp
WXbOc6LzyLDHia3ikBYumj2YEctDFTHQ7wd3ES9pDaiR
-----END CERTIFICATE-----