Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Nh1ckidMNKlHTaQDjmBWaD_RTqU.roa
File:                     Nh1ckidMNKlHTaQDjmBWaD_RTqU.roa (raw, json)
Hash identifier:          HGI9KzkrMn/Mgs6qOK3BC5AOQs+VrhmYJ0sTwXf2f0M=
Subject key identifier:   36:1D:5C:92:27:4C:34:A9:47:4D:A4:03:8E:60:56:68:3F:D1:4E:A5
Certificate issuer:       /CN=12fd558a64e97586a43dc7ee50a8d6b292365b60
Certificate serial:       0194266ADA2035BE955EC55E15A1A6A3D113
Authority key identifier: 12:FD:55:8A:64:E9:75:86:A4:3D:C7:EE:50:A8:D6:B2:92:36:5B:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Nh1ckidMNKlHTaQDjmBWaD_RTqU.roa
Signing time:             Thu 02 Jan 2025 09:48:44 +0000
ROA not before:           Thu 02 Jan 2025 09:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216183
IP address blocks:        62.3.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6a:da:20:35:be:95:5e:c5:5e:15:a1:a6:a3:d1:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12fd558a64e97586a43dc7ee50a8d6b292365b60
        Validity
            Not Before: Jan  2 09:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=361d5c92274c34a9474da4038e6056683fd14ea5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:be:92:77:90:dc:b8:5c:b0:48:ec:81:36:5d:
                    ca:5d:e1:e8:a2:fd:73:20:33:7d:11:91:8a:40:b8:
                    23:2e:24:92:27:de:aa:95:ef:8a:41:fb:cd:64:96:
                    8f:e7:83:e6:a1:c6:f0:7d:a8:78:27:a2:22:5c:e7:
                    c0:14:29:59:03:f2:6e:a8:b9:cf:9e:a8:ef:82:a0:
                    ff:4a:c1:aa:e9:2a:03:a1:fa:78:7c:75:cc:f0:5b:
                    5b:e2:20:a4:ef:3e:0a:cc:c7:23:09:d1:f7:08:49:
                    96:f6:f6:ed:ed:39:48:62:7a:77:be:43:8b:7b:e2:
                    f5:5c:58:4e:ab:b4:cb:44:39:dd:c7:01:03:62:a3:
                    c2:dc:ac:a9:7b:08:85:7f:98:e4:4e:8e:57:00:4a:
                    5d:f2:57:4d:a1:d2:ba:ed:89:30:c3:c8:39:de:b7:
                    92:a7:a7:e4:82:cd:f9:65:52:ad:7d:6d:30:94:b4:
                    27:15:86:ff:4c:36:c3:b4:ee:35:9b:7f:0d:56:75:
                    de:72:bd:77:22:8a:b7:40:92:a3:b4:2b:7d:4b:c9:
                    8d:b5:bb:4a:8f:c6:cd:86:a2:21:3f:b8:2f:4f:42:
                    1d:26:74:b0:5c:34:49:20:13:04:9e:24:fc:4a:59:
                    94:27:32:0f:22:09:94:6c:0d:7a:3d:ef:0c:df:12:
                    61:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:1D:5C:92:27:4C:34:A9:47:4D:A4:03:8E:60:56:68:3F:D1:4E:A5
            X509v3 Authority Key Identifier:
                keyid:12:FD:55:8A:64:E9:75:86:A4:3D:C7:EE:50:A8:D6:B2:92:36:5B:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Nh1ckidMNKlHTaQDjmBWaD_RTqU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.3.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:e3:60:09:56:ee:e6:ab:2a:67:99:69:8a:54:b7:99:a8:ca:
         27:01:33:84:46:fb:b9:11:c1:1a:6c:f3:39:7b:5c:67:14:4c:
         17:f0:d9:27:f2:6d:8c:59:c8:29:ce:25:d3:a3:fc:e6:0a:1a:
         73:e2:f9:c6:46:07:b6:25:d9:b4:93:5d:e0:75:21:d8:4c:f5:
         d0:1c:0b:d8:11:fd:0b:b2:4f:08:22:fc:14:9c:88:d3:43:1c:
         c5:63:a8:72:81:7a:9f:1f:eb:99:dd:fd:fd:10:4e:a7:42:24:
         f6:7a:c5:be:e6:e9:fb:4c:c7:01:26:a8:af:a5:86:66:e8:85:
         20:a5:ca:8a:b1:45:c9:d1:01:8e:a3:b9:fc:79:9d:1d:57:8e:
         66:aa:89:a7:82:88:13:d5:ae:77:6c:15:8c:76:d6:d0:51:dd:
         57:c9:bf:99:4b:b8:29:b9:89:02:d6:6c:c2:c3:ad:2b:18:65:
         ae:06:ea:30:53:8d:7f:f8:e9:41:58:75:ff:10:d6:06:90:00:
         2e:54:fd:1f:9e:68:bf:0e:ef:36:47:50:74:ec:7b:f5:b3:43:
         7e:e9:bb:ff:3c:b4:a4:cc:41:6b:95:77:b1:1c:e9:fc:16:dd:
         58:cb:79:9f:43:7d:d3:e2:1a:d3:ca:60:cb:8c:a5:87:c1:70:
         40:36:2d:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmatogNb6VXsVeFaGmo9ETMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyZmQ1NThhNjRlOTc1ODZhNDNkYzdlZTUwYThkNmIyOTIz
NjViNjAwHhcNMjUwMTAyMDk0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjFkNWM5MjI3NGMzNGE5NDc0ZGE0MDM4ZTYwNTY2ODNmZDE0ZWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4r6Sd5DcuFywSOyBNl3KXeHoov1z
IDN9EZGKQLgjLiSSJ96qle+KQfvNZJaP54Pmocbwfah4J6IiXOfAFClZA/JuqLnP
nqjvgqD/SsGq6SoDofp4fHXM8Ftb4iCk7z4KzMcjCdH3CEmW9vbt7TlIYnp3vkOL
e+L1XFhOq7TLRDndxwEDYqPC3KypewiFf5jkTo5XAEpd8ldNodK67Ykww8g53reS
p6fkgs35ZVKtfW0wlLQnFYb/TDbDtO41m38NVnXecr13Ioq3QJKjtCt9S8mNtbtK
j8bNhqIhP7gvT0IdJnSwXDRJIBMEniT8SlmUJzIPIgmUbA16Pe8M3xJhtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDYdXJInTDSpR02kA45gVmg/0U6lMB8GA1UdIwQY
MBaAFBL9VYpk6XWGpD3H7lCo1rKSNltgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXYxVmltVHBkWWFrUGNmdVVLaldzcEkyVzJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9hZjk2ZGYtYTRkNS00OGY5LWFjMGMt
MjRkOGU3NDdjMzhmLzEvTmgxY2tpZE1OS2xIVGFRRGptQldhRF9SVHFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS9hZjk2ZGYtYTRkNS00OGY5LWFjMGMtMjRkOGU3NDdjMzhm
LzEvRXYxVmltVHBkWWFrUGNmdVVLaldzcEkyVzJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPgM2MA0G
CSqGSIb3DQEBCwUAA4IBAQBU42AJVu7mqypnmWmKVLeZqMonATOERvu5EcEabPM5
e1xnFEwX8Nkn8m2MWcgpziXTo/zmChpz4vnGRge2Jdm0k13gdSHYTPXQHAvYEf0L
sk8IIvwUnIjTQxzFY6hygXqfH+uZ3f39EE6nQiT2esW+5un7TMcBJqivpYZm6IUg
pcqKsUXJ0QGOo7n8eZ0dV45mqomngogT1a53bBWMdtbQUd1Xyb+ZS7gpuYkC1mzC
w60rGGWuBuowU41/+OlBWHX/ENYGkAAuVP0fnmi/Du82R1B07Hv1s0N+6bv/PLSk
zEFrlXexHOn8Ft1Yy3mfQ33T4hrTymDLjKWHwXBANi2e
-----END CERTIFICATE-----