Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/7b6edc-ad23-4d73-ab56-0a1a35897f10/1/xzAOimHDia6u9KEZ2lcYuzbmUh8.roa
File:                     xzAOimHDia6u9KEZ2lcYuzbmUh8.roa (raw, json)
Hash identifier:          twU3Zu+3OA4eLfmXFSTTDjCKPfrJ6o8S1Q+yF0JIdC4=
Subject key identifier:   C7:30:0E:8A:61:C3:89:AE:AE:F4:A1:19:DA:57:18:BB:36:E6:52:1F
Certificate issuer:       /CN=929352a8d2dd70c91ffcec8e323fe69f1e9a4139
Certificate serial:       01942368FD690B7A6A6A6BA116DD6A32AD1E
Authority key identifier: 92:93:52:A8:D2:DD:70:C9:1F:FC:EC:8E:32:3F:E6:9F:1E:9A:41:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kpNSqNLdcMkf_OyOMj_mnx6aQTk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/7b6edc-ad23-4d73-ab56-0a1a35897f10/1/xzAOimHDia6u9KEZ2lcYuzbmUh8.roa
Signing time:             Wed 01 Jan 2025 19:47:50 +0000
ROA not before:           Wed 01 Jan 2025 19:47:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206718
IP address blocks:        62.4.108.0/24 maxlen: 24
                          62.4.116.0/24 maxlen: 24
                          62.4.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/7b6edc-ad23-4d73-ab56-0a1a35897f10/1/kpNSqNLdcMkf_OyOMj_mnx6aQTk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/7b6edc-ad23-4d73-ab56-0a1a35897f10/1/kpNSqNLdcMkf_OyOMj_mnx6aQTk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kpNSqNLdcMkf_OyOMj_mnx6aQTk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:68:fd:69:0b:7a:6a:6a:6b:a1:16:dd:6a:32:ad:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=929352a8d2dd70c91ffcec8e323fe69f1e9a4139
        Validity
            Not Before: Jan  1 19:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c7300e8a61c389aeaef4a119da5718bb36e6521f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:64:76:03:96:5c:8e:a3:d6:1f:87:18:0a:a2:
                    ad:89:03:b9:33:d1:65:29:6b:ef:89:6e:9b:39:3e:
                    50:8c:fa:70:e2:8a:83:2b:48:41:5b:02:77:d2:5b:
                    28:a0:f0:cf:6a:c3:e2:62:33:1d:2e:91:8f:83:6f:
                    af:82:8e:f5:d4:81:e9:9d:50:8d:fe:22:7a:65:99:
                    ee:31:ff:b8:66:37:9e:07:04:56:ee:d1:c9:22:4c:
                    16:db:f7:bf:95:0e:54:6f:d2:ff:0c:79:43:f7:bb:
                    25:76:52:31:26:79:9b:64:42:e4:d5:2c:02:0d:ea:
                    b3:ca:7e:c8:06:f6:c1:e9:d0:28:95:d6:02:5f:c0:
                    a8:97:43:76:c3:2a:8d:77:32:fb:f9:f6:68:f1:3b:
                    0f:84:04:35:90:38:66:d0:a5:94:53:02:36:82:2f:
                    d1:0b:2c:23:5e:0d:69:04:86:d0:14:72:10:15:09:
                    23:08:ab:5a:0c:ab:23:89:7f:25:11:e3:88:88:cb:
                    d6:85:9f:e1:32:b7:e5:dd:2f:2a:86:c8:14:1d:93:
                    2a:19:8e:87:bf:c7:c2:c5:e6:13:2f:ce:37:ff:f0:
                    d8:e7:94:cf:54:ff:e3:e0:86:a7:74:95:d1:42:ca:
                    f1:80:49:61:57:bc:60:27:6c:c1:95:6d:7e:ea:a0:
                    e2:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:30:0E:8A:61:C3:89:AE:AE:F4:A1:19:DA:57:18:BB:36:E6:52:1F
            X509v3 Authority Key Identifier:
                keyid:92:93:52:A8:D2:DD:70:C9:1F:FC:EC:8E:32:3F:E6:9F:1E:9A:41:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kpNSqNLdcMkf_OyOMj_mnx6aQTk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/7b6edc-ad23-4d73-ab56-0a1a35897f10/1/xzAOimHDia6u9KEZ2lcYuzbmUh8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/7b6edc-ad23-4d73-ab56-0a1a35897f10/1/kpNSqNLdcMkf_OyOMj_mnx6aQTk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.4.108.0/24
                  62.4.116.0/24
                  62.4.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:81:b0:33:3f:f6:37:e6:ab:21:0b:af:a1:c1:89:ef:5c:03:
         2c:75:43:29:5d:a0:e8:eb:7e:89:88:98:76:4b:61:cb:ec:88:
         b4:57:8e:aa:9a:31:5c:0f:32:db:6b:13:bd:4c:10:5e:bc:d9:
         6c:60:da:55:13:6b:cc:33:40:1e:a3:6d:fb:37:f7:63:a8:ea:
         27:9b:76:53:a7:61:ea:84:b6:a9:ec:32:7d:f0:8b:fc:c5:45:
         19:ab:81:ad:23:f2:7e:cd:4f:6c:77:30:99:a2:6c:0c:8c:6e:
         64:9a:07:74:17:95:50:7a:a7:fb:91:fe:cc:b6:cc:c8:88:39:
         ed:19:b3:67:c5:52:5d:4f:00:1b:1e:84:66:34:2a:ae:46:9f:
         3f:c6:b4:ea:3a:db:dc:db:fe:33:78:ac:37:fd:29:07:75:e1:
         49:b6:e2:2e:59:58:53:c7:99:d9:6b:b4:38:cb:95:58:8a:55:
         bd:7f:8e:c7:ad:0f:ac:d7:54:56:fc:89:09:4a:1c:a2:5e:73:
         e8:21:ce:c2:ff:33:2b:3a:53:04:60:b5:cf:ee:8b:a7:3f:7c:
         05:50:3b:57:f3:8c:a3:b9:60:06:04:a0:ba:f4:a8:aa:0b:4a:
         c5:38:d0:c0:60:1b:80:9c:f2:de:68:3c:87:2c:f7:26:b6:64:
         a0:b6:28:c7
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQjaP1pC3pqamuhFt1qMq0eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyOTM1MmE4ZDJkZDcwYzkxZmZjZWM4ZTMyM2ZlNjlmMWU5
YTQxMzkwHhcNMjUwMTAxMTk0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzMwMGU4YTYxYzM4OWFlYWVmNGExMTlkYTU3MThiYjM2ZTY1MjFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2R2A5ZcjqPWH4cYCqKtiQO5M9Fl
KWvviW6bOT5QjPpw4oqDK0hBWwJ30lsooPDPasPiYjMdLpGPg2+vgo711IHpnVCN
/iJ6ZZnuMf+4ZjeeBwRW7tHJIkwW2/e/lQ5Ub9L/DHlD97sldlIxJnmbZELk1SwC
Deqzyn7IBvbB6dAoldYCX8Col0N2wyqNdzL7+fZo8TsPhAQ1kDhm0KWUUwI2gi/R
CywjXg1pBIbQFHIQFQkjCKtaDKsjiX8lEeOIiMvWhZ/hMrfl3S8qhsgUHZMqGY6H
v8fCxeYTL843//DY55TPVP/j4IandJXRQsrxgElhV7xgJ2zBlW1+6qDi8QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMcwDophw4murvShGdpXGLs25lIfMB8GA1UdIwQY
MBaAFJKTUqjS3XDJH/zsjjI/5p8emkE5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3BOU3FOTGRjTWtmX095T01qX21ueDZhUVRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi83YjZlZGMtYWQyMy00ZDczLWFiNTYt
MGExYTM1ODk3ZjEwLzEveHpBT2ltSERpYTZ1OUtFWjJsY1l1emJtVWg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi83YjZlZGMtYWQyMy00ZDczLWFiNTYtMGExYTM1ODk3ZjEw
LzEva3BOU3FOTGRjTWtmX095T01qX21ueDZhUVRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAPgRsAwQA
PgR0AwQAPgR7MA0GCSqGSIb3DQEBCwUAA4IBAQA+gbAzP/Y35qshC6+hwYnvXAMs
dUMpXaDo636JiJh2S2HL7Ii0V46qmjFcDzLbaxO9TBBevNlsYNpVE2vMM0Aeo237
N/djqOonm3ZTp2HqhLap7DJ98Iv8xUUZq4GtI/J+zU9sdzCZomwMjG5kmgd0F5VQ
eqf7kf7MtszIiDntGbNnxVJdTwAbHoRmNCquRp8/xrTqOtvc2/4zeKw3/SkHdeFJ
tuIuWVhTx5nZa7Q4y5VYilW9f47HrQ+s11RW/IkJShyiXnPoIc7C/zMrOlMEYLXP
7ounP3wFUDtX84yjuWAGBKC69KiqC0rFONDAYBuAnPLeaDyHLPcmtmSgtijH
-----END CERTIFICATE-----