Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/OiUKYkPvCpqnOXZ9zOVHLonU2AY.roa
File:                     OiUKYkPvCpqnOXZ9zOVHLonU2AY.roa (raw, json)
Hash identifier:          Lhbego4QvDRSaxc+Seq5OHB8z3WLSv1waMp2zJgiuoA=
Subject key identifier:   3A:25:0A:62:43:EF:0A:9A:A7:39:76:7D:CC:E5:47:2E:89:D4:D8:06
Certificate issuer:       /CN=d434f1686102876c6216bcea28a5e502ec0d7b6b
Certificate serial:       019423D74D418D5098D23A7D621A92ED848C
Authority key identifier: D4:34:F1:68:61:02:87:6C:62:16:BC:EA:28:A5:E5:02:EC:0D:7B:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1DTxaGECh2xiFrzqKKXlAuwNe2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/OiUKYkPvCpqnOXZ9zOVHLonU2AY.roa
Signing time:             Wed 01 Jan 2025 21:48:20 +0000
ROA not before:           Wed 01 Jan 2025 21:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24580
IP address blocks:        62.81.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/1DTxaGECh2xiFrzqKKXlAuwNe2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/1DTxaGECh2xiFrzqKKXlAuwNe2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1DTxaGECh2xiFrzqKKXlAuwNe2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:4d:41:8d:50:98:d2:3a:7d:62:1a:92:ed:84:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d434f1686102876c6216bcea28a5e502ec0d7b6b
        Validity
            Not Before: Jan  1 21:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3a250a6243ef0a9aa739767dcce5472e89d4d806
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:79:59:6c:0e:cd:3c:4a:96:58:31:2d:82:58:
                    f6:b0:03:a4:f9:03:80:1f:5d:78:7c:27:7d:f6:7f:
                    23:21:5f:4f:73:cd:c1:d1:9d:99:0b:7e:96:60:7c:
                    76:5e:df:9a:5d:4a:c7:21:14:63:40:db:c3:eb:4e:
                    1b:ae:ec:4e:d4:f1:b9:2f:6f:9b:38:37:78:04:35:
                    63:99:f7:a8:79:1f:06:cc:84:fc:e3:56:68:56:7c:
                    1b:a8:53:01:a3:d4:f7:28:a3:52:81:1d:5c:14:9d:
                    80:97:0f:94:1f:56:80:5e:5e:77:2e:5d:1e:55:c5:
                    9a:4b:82:9a:f1:1f:72:3c:dd:27:d5:39:da:56:f4:
                    83:44:6c:b7:bf:9e:c6:91:66:df:72:a1:c2:1b:23:
                    79:ca:51:71:54:b0:5a:e0:67:ea:82:42:14:6f:63:
                    a4:b9:d4:59:dc:9d:bb:60:f1:f5:74:73:54:c8:f9:
                    d2:f0:84:ba:16:e6:3d:2d:9c:c3:ed:38:0d:d4:c6:
                    b5:8b:6d:16:56:16:ea:e7:c3:f6:25:7e:56:42:bd:
                    20:68:bf:42:a5:c1:ec:de:11:9f:7d:3f:08:56:27:
                    42:0e:26:04:79:cf:52:69:13:2f:8e:d9:b8:ab:1e:
                    d2:93:6a:02:15:30:e5:ff:99:77:8b:a6:e6:29:0a:
                    be:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:25:0A:62:43:EF:0A:9A:A7:39:76:7D:CC:E5:47:2E:89:D4:D8:06
            X509v3 Authority Key Identifier:
                keyid:D4:34:F1:68:61:02:87:6C:62:16:BC:EA:28:A5:E5:02:EC:0D:7B:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1DTxaGECh2xiFrzqKKXlAuwNe2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/OiUKYkPvCpqnOXZ9zOVHLonU2AY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/1DTxaGECh2xiFrzqKKXlAuwNe2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.81.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:f6:dc:d9:bd:81:68:8b:36:21:77:b5:ae:d5:40:bd:50:66:
         cd:2a:44:8f:e7:e8:7a:4d:90:b4:95:7e:5f:3e:26:cf:1a:51:
         ba:1f:10:f8:bc:c7:e9:a7:5d:63:63:d2:22:d3:91:b8:2c:92:
         a5:a7:15:3e:4f:c9:54:f0:07:fe:b3:ec:de:1a:22:10:fe:fc:
         72:23:81:55:cb:03:18:f7:ee:bc:ee:ca:08:00:b1:46:38:7f:
         57:53:fd:85:84:a1:63:1f:be:a1:37:77:e7:0b:de:94:42:b7:
         96:bf:ea:08:fa:86:c1:ef:f5:84:0d:d7:60:46:cd:93:2e:4d:
         93:d4:80:b9:2d:6b:63:dc:b9:43:f0:31:93:3c:32:18:e6:3f:
         ee:c2:77:91:da:58:c4:c2:81:8e:2e:70:de:fe:fc:82:74:d6:
         e7:8a:8b:7a:47:8c:fa:e0:fb:3f:93:a1:be:74:97:03:09:4c:
         08:cc:37:c0:da:2c:68:da:7e:37:6a:a1:c8:75:bc:cb:d4:44:
         81:98:ad:f2:f9:7b:dd:f0:11:e5:3c:8e:25:45:62:b8:0b:b2:
         30:cc:a3:b8:27:5e:6f:77:7e:04:6e:b7:9d:63:16:b4:f4:ec:
         3d:9c:89:8e:c2:28:45:32:ee:63:32:8a:0e:17:83:42:7e:b6:
         1e:66:19:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj101BjVCY0jp9YhqS7YSMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0MzRmMTY4NjEwMjg3NmM2MjE2YmNlYTI4YTVlNTAyZWMw
ZDdiNmIwHhcNMjUwMTAxMjE0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTI1MGE2MjQzZWYwYTlhYTczOTc2N2RjY2U1NDcyZTg5ZDRkODA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkHlZbA7NPEqWWDEtglj2sAOk+QOA
H114fCd99n8jIV9Pc83B0Z2ZC36WYHx2Xt+aXUrHIRRjQNvD604bruxO1PG5L2+b
ODd4BDVjmfeoeR8GzIT841ZoVnwbqFMBo9T3KKNSgR1cFJ2Alw+UH1aAXl53Ll0e
VcWaS4Ka8R9yPN0n1TnaVvSDRGy3v57GkWbfcqHCGyN5ylFxVLBa4GfqgkIUb2Ok
udRZ3J27YPH1dHNUyPnS8IS6FuY9LZzD7TgN1Ma1i20WVhbq58P2JX5WQr0gaL9C
pcHs3hGffT8IVidCDiYEec9SaRMvjtm4qx7Sk2oCFTDl/5l3i6bmKQq+gQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDolCmJD7wqapzl2fczlRy6J1NgGMB8GA1UdIwQY
MBaAFNQ08WhhAodsYha86iil5QLsDXtrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMURUeGFHRUNoMnhpRnJ6cUtLWGxBdXdOZTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC83MjZiYjQtNWQ4Ny00MDJkLTkxY2Ut
NTcxMmQ5NWFlNjM4LzEvT2lVS1lrUHZDcHFuT1haOXpPVkhMb25VMkFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC83MjZiYjQtNWQ4Ny00MDJkLTkxY2UtNTcxMmQ5NWFlNjM4
LzEvMURUeGFHRUNoMnhpRnJ6cUtLWGxBdXdOZTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPlGhMA0G
CSqGSIb3DQEBCwUAA4IBAQAF9tzZvYFoizYhd7Wu1UC9UGbNKkSP5+h6TZC0lX5f
PibPGlG6HxD4vMfpp11jY9Ii05G4LJKlpxU+T8lU8Af+s+zeGiIQ/vxyI4FVywMY
9+687soIALFGOH9XU/2FhKFjH76hN3fnC96UQreWv+oI+obB7/WEDddgRs2TLk2T
1IC5LWtj3LlD8DGTPDIY5j/uwneR2ljEwoGOLnDe/vyCdNbniot6R4z64Ps/k6G+
dJcDCUwIzDfA2ixo2n43aqHIdbzL1ESBmK3y+Xvd8BHlPI4lRWK4C7IwzKO4J15v
d34EbredYxa09Ow9nImOwihFMu5jMooOF4NCfrYeZhkL
-----END CERTIFICATE-----