Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/77264e-4964-4f68-92e5-ffa4339bce4f/1/bZmXrqNyZ8AqEyFlE3XBS1-1gJo.roa
File:                     bZmXrqNyZ8AqEyFlE3XBS1-1gJo.roa (raw, json)
Hash identifier:          aUsLyT1xm0BEqckeaf+LnCJ77YIIEkSZJAG2IbM/gAs=
Subject key identifier:   6D:99:97:AE:A3:72:67:C0:2A:13:21:65:13:75:C1:4B:5F:B5:80:9A
Certificate issuer:       /CN=eac5447c0431a75ee7bb5940a2183c18438eb6b1
Certificate serial:       0194214427F5F5CD19A13C62E2DBC8FAD6D6
Authority key identifier: EA:C5:44:7C:04:31:A7:5E:E7:BB:59:40:A2:18:3C:18:43:8E:B6:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6sVEfAQxp17nu1lAohg8GEOOtrE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/77264e-4964-4f68-92e5-ffa4339bce4f/1/bZmXrqNyZ8AqEyFlE3XBS1-1gJo.roa
Signing time:             Wed 01 Jan 2025 09:48:22 +0000
ROA not before:           Wed 01 Jan 2025 09:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203421
IP address blocks:        62.3.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/77264e-4964-4f68-92e5-ffa4339bce4f/1/6sVEfAQxp17nu1lAohg8GEOOtrE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/77264e-4964-4f68-92e5-ffa4339bce4f/1/6sVEfAQxp17nu1lAohg8GEOOtrE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6sVEfAQxp17nu1lAohg8GEOOtrE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 06:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:27:f5:f5:cd:19:a1:3c:62:e2:db:c8:fa:d6:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eac5447c0431a75ee7bb5940a2183c18438eb6b1
        Validity
            Not Before: Jan  1 09:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6d9997aea37267c02a1321651375c14b5fb5809a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:c5:fa:73:f5:21:0b:93:38:e8:4f:76:42:f1:
                    86:6a:88:aa:de:43:b1:32:a7:ce:88:34:f5:67:58:
                    c9:42:de:7a:f4:29:0f:1d:3d:90:a1:a8:07:8d:6a:
                    a5:97:7a:0a:3c:74:b0:12:98:41:b4:2c:92:53:9e:
                    f9:2c:33:ce:b4:29:ac:14:b0:2f:83:92:e7:8a:e2:
                    be:54:ec:c0:81:05:e1:1e:05:43:1e:31:2b:67:26:
                    b9:2c:06:a3:24:2e:40:94:dc:09:cf:b0:6d:c5:8f:
                    20:ba:0c:20:9a:de:12:8b:8f:d1:0f:40:23:98:18:
                    af:38:14:b5:6a:9b:61:02:6d:c3:a9:4a:0b:74:9e:
                    2d:fb:f3:de:19:d9:35:72:49:07:cb:ce:eb:d0:6f:
                    d1:7e:5c:aa:9d:aa:73:71:89:2a:63:75:80:49:21:
                    af:07:3c:29:dc:11:dc:64:d5:85:bd:54:21:b0:2d:
                    67:5c:03:86:90:66:6c:6f:e3:b8:f5:d6:ea:af:49:
                    8c:ac:f7:1b:b8:01:ad:6b:8f:b6:3b:da:4e:a5:dd:
                    e1:c6:ed:36:0b:82:36:af:30:ad:54:75:8e:ed:32:
                    f9:b9:e3:b9:a7:89:7a:85:21:be:d6:b5:09:f2:1c:
                    54:d6:94:bc:eb:d8:0d:36:7d:f5:f1:0c:58:ff:66:
                    1e:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:99:97:AE:A3:72:67:C0:2A:13:21:65:13:75:C1:4B:5F:B5:80:9A
            X509v3 Authority Key Identifier:
                keyid:EA:C5:44:7C:04:31:A7:5E:E7:BB:59:40:A2:18:3C:18:43:8E:B6:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6sVEfAQxp17nu1lAohg8GEOOtrE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/77264e-4964-4f68-92e5-ffa4339bce4f/1/bZmXrqNyZ8AqEyFlE3XBS1-1gJo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/77264e-4964-4f68-92e5-ffa4339bce4f/1/6sVEfAQxp17nu1lAohg8GEOOtrE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.3.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:37:a5:ea:8f:2a:93:63:12:67:29:a3:61:aa:a9:23:2f:c9:
         46:31:4f:7b:7a:67:5a:c8:ad:d8:b0:e6:81:08:43:fa:72:d4:
         d7:f7:0f:75:14:11:29:d2:0e:41:95:8d:f4:6f:0c:40:2a:91:
         e0:3a:96:58:fc:26:8d:c0:dd:50:7a:0d:76:d2:29:c5:d2:d9:
         7f:ca:89:9a:1a:5e:30:49:39:a3:19:7c:2b:09:cc:fa:af:3f:
         c2:c2:b3:06:80:bd:c4:89:ad:79:bc:05:e1:65:5a:60:dc:ef:
         ea:ec:7c:14:48:30:ba:22:33:4b:e8:93:de:4b:2e:10:08:43:
         52:8e:ea:1e:2f:9f:a5:2c:c0:26:5b:eb:2b:bb:d3:02:18:ee:
         4a:24:f7:74:93:9d:e2:e3:33:2d:33:1e:7e:16:78:74:ec:fd:
         18:95:33:82:3e:33:9f:c5:36:66:22:73:16:9c:29:53:58:fc:
         b5:2f:89:9d:0e:65:f3:a2:b0:10:0b:d8:e0:6a:09:d6:4c:49:
         52:0a:db:d0:34:f2:55:c6:7d:cf:05:e9:bb:d8:c8:c1:86:32:
         63:b7:31:92:e8:31:bb:a4:b9:d2:b0:c7:88:bf:d5:0b:64:74:
         a7:3f:b2:41:52:b6:17:50:9f:fb:c0:67:aa:a4:dc:41:f8:c8:
         7b:8a:7a:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRCf19c0ZoTxi4tvI+tbWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYzU0NDdjMDQzMWE3NWVlN2JiNTk0MGEyMTgzYzE4NDM4
ZWI2YjEwHhcNMjUwMTAxMDk0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDk5OTdhZWEzNzI2N2MwMmExMzIxNjUxMzc1YzE0YjVmYjU4MDlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4MX6c/UhC5M46E92QvGGaoiq3kOx
MqfOiDT1Z1jJQt569CkPHT2QoagHjWqll3oKPHSwEphBtCySU575LDPOtCmsFLAv
g5LniuK+VOzAgQXhHgVDHjErZya5LAajJC5AlNwJz7BtxY8gugwgmt4Si4/RD0Aj
mBivOBS1apthAm3DqUoLdJ4t+/PeGdk1ckkHy87r0G/RflyqnapzcYkqY3WASSGv
Bzwp3BHcZNWFvVQhsC1nXAOGkGZsb+O49dbqr0mMrPcbuAGta4+2O9pOpd3hxu02
C4I2rzCtVHWO7TL5ueO5p4l6hSG+1rUJ8hxU1pS869gNNn318QxY/2YebQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG2Zl66jcmfAKhMhZRN1wUtftYCaMB8GA1UdIwQY
MBaAFOrFRHwEMade57tZQKIYPBhDjraxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnNWRWZBUXhwMTdudTFsQW9oZzhHRU9PdHJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi83NzI2NGUtNDk2NC00ZjY4LTkyZTUt
ZmZhNDMzOWJjZTRmLzEvYlptWHJxTnlaOEFxRXlGbEUzWEJTMS0xZ0pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi83NzI2NGUtNDk2NC00ZjY4LTkyZTUtZmZhNDMzOWJjZTRm
LzEvNnNWRWZBUXhwMTdudTFsQW9oZzhHRU9PdHJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPgM0MA0G
CSqGSIb3DQEBCwUAA4IBAQAkN6XqjyqTYxJnKaNhqqkjL8lGMU97emdayK3YsOaB
CEP6ctTX9w91FBEp0g5BlY30bwxAKpHgOpZY/CaNwN1Qeg120inF0tl/yomaGl4w
STmjGXwrCcz6rz/CwrMGgL3Eia15vAXhZVpg3O/q7HwUSDC6IjNL6JPeSy4QCENS
juoeL5+lLMAmW+sru9MCGO5KJPd0k53i4zMtMx5+Fnh07P0YlTOCPjOfxTZmInMW
nClTWPy1L4mdDmXzorAQC9jgagnWTElSCtvQNPJVxn3PBem72MjBhjJjtzGS6DG7
pLnSsMeIv9ULZHSnP7JBUrYXUJ/7wGeqpNxB+Mh7inrE
-----END CERTIFICATE-----