Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/bf5e70-6665-49de-b9cf-4cfe40f07a6b/1/i4MzjZTpbtZK_ZPjW181XA_QlOs.roa
File:                     i4MzjZTpbtZK_ZPjW181XA_QlOs.roa (raw, json)
Hash identifier:          a3SMnVU0VU8ASpu/GP3SPdiJleFoyqLmWwLdGByzs8I=
Subject key identifier:   8B:83:33:8D:94:E9:6E:D6:4A:FD:93:E3:5B:5F:35:5C:0F:D0:94:EB
Certificate issuer:       /CN=16307d29f5543f21ea3009b9523fe71b8f1369ca
Certificate serial:       01942143AFC7BA2298413F6847544DA7BF2C
Authority key identifier: 16:30:7D:29:F5:54:3F:21:EA:30:09:B9:52:3F:E7:1B:8F:13:69:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FjB9KfVUPyHqMAm5Uj_nG48Taco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/bf5e70-6665-49de-b9cf-4cfe40f07a6b/1/i4MzjZTpbtZK_ZPjW181XA_QlOs.roa
Signing time:             Wed 01 Jan 2025 09:47:51 +0000
ROA not before:           Wed 01 Jan 2025 09:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     32787
IP address blocks:        62.255.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/bf5e70-6665-49de-b9cf-4cfe40f07a6b/1/FjB9KfVUPyHqMAm5Uj_nG48Taco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/bf5e70-6665-49de-b9cf-4cfe40f07a6b/1/FjB9KfVUPyHqMAm5Uj_nG48Taco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FjB9KfVUPyHqMAm5Uj_nG48Taco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:af:c7:ba:22:98:41:3f:68:47:54:4d:a7:bf:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16307d29f5543f21ea3009b9523fe71b8f1369ca
        Validity
            Not Before: Jan  1 09:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8b83338d94e96ed64afd93e35b5f355c0fd094eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:85:ee:4b:d1:d5:04:f9:cb:ce:d7:68:90:88:
                    63:42:12:3f:00:14:d7:39:c0:ad:5b:5c:35:7a:2e:
                    a4:de:c6:f7:0c:b7:44:3f:99:a4:31:be:cd:36:b0:
                    86:3d:bf:28:64:83:ee:36:86:25:8c:b1:7d:35:ea:
                    62:62:c2:26:5c:4c:d0:de:f6:4c:59:28:6e:2e:27:
                    85:cc:03:bb:c3:31:fe:39:73:11:3f:2d:fb:dc:c8:
                    98:54:a0:77:b8:2b:e3:4b:4e:dd:ef:42:28:64:d8:
                    26:3d:5e:78:f7:68:c2:f7:21:bb:8c:49:3f:17:22:
                    24:94:0b:58:ab:fe:7c:87:b2:3f:9e:d7:54:9c:4e:
                    01:04:e7:ce:e9:f0:08:9b:85:22:70:a2:b3:18:df:
                    22:c2:0f:98:b2:b7:bb:2d:f5:7c:b7:30:38:46:e8:
                    2b:3a:6c:2a:aa:73:2d:2e:2f:28:01:84:4d:79:3d:
                    c4:e2:64:e6:38:c8:d5:20:18:1f:de:72:b1:ac:d7:
                    0c:86:da:87:d2:19:38:57:73:66:c8:4f:7e:57:da:
                    76:c4:ce:ec:6a:39:5d:72:40:6e:74:4c:85:82:ab:
                    b5:7c:58:df:c2:8e:42:79:42:c0:b8:af:e9:0b:0e:
                    b9:4f:44:16:5d:b8:4f:91:17:ec:ff:9a:13:06:c2:
                    2c:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:83:33:8D:94:E9:6E:D6:4A:FD:93:E3:5B:5F:35:5C:0F:D0:94:EB
            X509v3 Authority Key Identifier:
                keyid:16:30:7D:29:F5:54:3F:21:EA:30:09:B9:52:3F:E7:1B:8F:13:69:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FjB9KfVUPyHqMAm5Uj_nG48Taco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/bf5e70-6665-49de-b9cf-4cfe40f07a6b/1/i4MzjZTpbtZK_ZPjW181XA_QlOs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/bf5e70-6665-49de-b9cf-4cfe40f07a6b/1/FjB9KfVUPyHqMAm5Uj_nG48Taco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.255.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:b9:2e:cb:00:db:55:2b:5c:8b:0c:5c:d6:f3:c8:2f:a2:b5:
         3b:e2:26:96:41:77:c6:59:4b:34:a6:54:73:b2:15:43:e1:45:
         8f:70:ba:be:41:43:fc:06:5d:2e:2d:e7:32:36:73:4d:b6:01:
         a0:d0:2f:1c:e6:c0:24:c2:13:ed:f5:fb:17:55:79:e8:2d:61:
         0f:7b:df:98:53:11:f7:21:0b:28:14:2a:6d:d7:6f:8a:e9:df:
         c4:98:87:8f:de:d3:e3:98:75:10:41:31:d5:5b:c0:e8:88:4f:
         1b:55:37:4a:5f:fc:f0:db:ba:41:5a:7f:a1:5d:1b:0e:f3:bd:
         77:0c:4a:ca:47:a4:ad:51:44:ed:cd:aa:d5:b1:3a:e6:73:b5:
         d8:53:e6:92:16:59:9a:61:c6:fb:bb:b1:38:5d:db:63:72:6b:
         d4:df:29:d9:de:3f:3c:4e:cd:47:c0:37:8d:c0:3b:5a:87:1f:
         10:b5:19:f0:43:49:f4:46:1b:29:77:e3:1a:81:e0:cf:b4:a1:
         fb:af:fc:c8:9e:fb:26:5d:12:82:22:c2:c9:03:e8:c4:30:41:
         05:8f:70:5a:d2:09:bf:73:b8:03:71:9d:eb:b9:f3:1d:1d:bb:
         fe:56:aa:00:3c:2e:e6:c1:03:10:8f:6e:56:76:4b:e4:f8:54:
         26:0a:7d:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ6/HuiKYQT9oR1RNp78sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2MzA3ZDI5ZjU1NDNmMjFlYTMwMDliOTUyM2ZlNzFiOGYx
MzY5Y2EwHhcNMjUwMTAxMDk0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjgzMzM4ZDk0ZTk2ZWQ2NGFmZDkzZTM1YjVmMzU1YzBmZDA5NGViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYXuS9HVBPnLztdokIhjQhI/ABTX
OcCtW1w1ei6k3sb3DLdEP5mkMb7NNrCGPb8oZIPuNoYljLF9NepiYsImXEzQ3vZM
WShuLieFzAO7wzH+OXMRPy373MiYVKB3uCvjS07d70IoZNgmPV5492jC9yG7jEk/
FyIklAtYq/58h7I/ntdUnE4BBOfO6fAIm4UicKKzGN8iwg+Ysre7LfV8tzA4Rugr
OmwqqnMtLi8oAYRNeT3E4mTmOMjVIBgf3nKxrNcMhtqH0hk4V3NmyE9+V9p2xM7s
ajldckBudEyFgqu1fFjfwo5CeULAuK/pCw65T0QWXbhPkRfs/5oTBsIsWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIuDM42U6W7WSv2T41tfNVwP0JTrMB8GA1UdIwQY
MBaAFBYwfSn1VD8h6jAJuVI/5xuPE2nKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmpCOUtmVlVQeUhxTUFtNVVqX25HNDhUYWNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9iZjVlNzAtNjY2NS00OWRlLWI5Y2Yt
NGNmZTQwZjA3YTZiLzEvaTRNempaVHBidFpLX1pQalcxODFYQV9RbE9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9iZjVlNzAtNjY2NS00OWRlLWI5Y2YtNGNmZTQwZjA3YTZi
LzEvRmpCOUtmVlVQeUhxTUFtNVVqX25HNDhUYWNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPv+OMA0G
CSqGSIb3DQEBCwUAA4IBAQA6uS7LANtVK1yLDFzW88gvorU74iaWQXfGWUs0plRz
shVD4UWPcLq+QUP8Bl0uLecyNnNNtgGg0C8c5sAkwhPt9fsXVXnoLWEPe9+YUxH3
IQsoFCpt12+K6d/EmIeP3tPjmHUQQTHVW8DoiE8bVTdKX/zw27pBWn+hXRsO8713
DErKR6StUUTtzarVsTrmc7XYU+aSFlmaYcb7u7E4XdtjcmvU3ynZ3j88Ts1HwDeN
wDtahx8QtRnwQ0n0Rhspd+MageDPtKH7r/zInvsmXRKCIsLJA+jEMEEFj3Ba0gm/
c7gDcZ3rufMdHbv+VqoAPC7mwQMQj25Wdkvk+FQmCn3z
-----END CERTIFICATE-----