Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/653c24-68e5-4ad8-b763-30c9de205afc/1/RTtZB_vcGF989dORyH7nDjg3amU.roa
File:                     RTtZB_vcGF989dORyH7nDjg3amU.roa (raw, json)
Hash identifier:          b1jDzIoauefx4FgyRzqcDh5Ob3YxifiP6BI5Q41QUgA=
Subject key identifier:   45:3B:59:07:FB:DC:18:5F:7C:F5:D3:91:C8:7E:E7:0E:38:37:6A:65
Certificate issuer:       /CN=6b104f1e4abaec1eff80f262c62f96c25438c8e1
Certificate serial:       0196C993D2E1E7E1F2CB03AA0880AC85C4D8
Authority key identifier: 6B:10:4F:1E:4A:BA:EC:1E:FF:80:F2:62:C6:2F:96:C2:54:38:C8:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/axBPHkq67B7_gPJixi-WwlQ4yOE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/653c24-68e5-4ad8-b763-30c9de205afc/1/RTtZB_vcGF989dORyH7nDjg3amU.roa
Signing time:             Tue 13 May 2025 12:17:10 +0000
ROA not before:           Tue 13 May 2025 12:17:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25098
IP address blocks:        62.68.73.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/653c24-68e5-4ad8-b763-30c9de205afc/1/axBPHkq67B7_gPJixi-WwlQ4yOE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/653c24-68e5-4ad8-b763-30c9de205afc/1/axBPHkq67B7_gPJixi-WwlQ4yOE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/axBPHkq67B7_gPJixi-WwlQ4yOE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 03:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c9:93:d2:e1:e7:e1:f2:cb:03:aa:08:80:ac:85:c4:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b104f1e4abaec1eff80f262c62f96c25438c8e1
        Validity
            Not Before: May 13 12:17:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=453b5907fbdc185f7cf5d391c87ee70e38376a65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:71:d3:6b:ee:7d:ce:8f:4c:a7:53:08:b3:23:
                    a8:65:93:31:2e:ab:28:ff:d8:9d:ed:25:38:ba:2f:
                    c5:80:de:d3:82:39:96:8c:d9:9d:8b:45:e5:9c:13:
                    f1:4e:30:ba:69:34:9e:67:db:c8:dd:7e:5c:5f:78:
                    54:15:01:5c:70:13:e9:c0:8c:13:4b:57:41:5c:9f:
                    c3:f2:cf:f9:c3:d4:b5:71:97:2e:45:5b:bb:37:d3:
                    6d:00:9a:a1:db:24:07:4f:f6:95:a2:1c:66:f4:e6:
                    85:71:ad:2c:76:ae:f6:a0:53:64:5b:d8:74:36:94:
                    96:6f:4f:68:6c:1d:c0:a1:90:f7:36:30:f7:21:92:
                    4c:7a:57:21:c3:3f:46:1e:22:40:7a:fe:a3:70:02:
                    46:19:c8:be:ba:7e:96:fd:e9:fe:9f:a5:8d:98:67:
                    f4:67:b7:f2:c2:03:9d:5f:b4:b8:dc:3f:4d:13:0f:
                    a9:04:a5:43:57:47:96:ba:b5:fb:fa:d6:b1:ad:f6:
                    29:d1:90:c2:87:b3:c6:03:16:d9:05:cb:5d:b8:a7:
                    8f:9a:d0:fc:5b:c6:42:c7:d4:ff:04:00:61:a5:31:
                    06:30:ba:8e:21:bd:63:cb:9a:1a:ff:b8:c1:8f:2b:
                    18:a5:de:c9:a6:c1:88:42:01:a0:f2:48:b9:6b:99:
                    db:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:3B:59:07:FB:DC:18:5F:7C:F5:D3:91:C8:7E:E7:0E:38:37:6A:65
            X509v3 Authority Key Identifier:
                keyid:6B:10:4F:1E:4A:BA:EC:1E:FF:80:F2:62:C6:2F:96:C2:54:38:C8:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/axBPHkq67B7_gPJixi-WwlQ4yOE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/653c24-68e5-4ad8-b763-30c9de205afc/1/RTtZB_vcGF989dORyH7nDjg3amU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/653c24-68e5-4ad8-b763-30c9de205afc/1/axBPHkq67B7_gPJixi-WwlQ4yOE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.68.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:54:ef:ff:52:b5:59:ac:7e:36:87:fc:a4:fd:32:66:ca:2d:
         5d:4f:98:85:d4:f4:64:bc:ad:a4:88:3d:d9:4f:d5:7e:e1:05:
         30:31:1a:61:84:de:c8:fd:c3:aa:35:87:72:87:e5:42:bf:59:
         27:38:49:5d:9e:e2:9d:e0:58:e6:c7:28:31:ec:ce:9e:12:11:
         3b:3a:f1:7f:90:04:8e:10:cc:6a:3e:7f:8f:04:9c:87:b7:e7:
         4d:67:4c:28:ff:25:5e:5d:13:5b:dd:38:98:f7:11:4c:e4:fb:
         d4:5d:92:b7:0c:8d:37:6f:6d:7c:33:96:15:0d:40:fa:25:33:
         2c:89:45:50:b3:23:55:c8:c1:fb:d7:3e:e9:2c:c6:f8:ed:f0:
         c7:a0:82:59:87:63:b3:17:91:10:ee:b8:37:62:31:3b:e8:59:
         cc:af:13:32:ad:52:64:82:0e:69:80:04:ff:6a:23:65:f4:e8:
         a8:dc:27:00:3a:17:4d:e4:af:57:d3:ed:89:45:bc:26:51:06:
         74:74:49:39:b3:b2:bb:7b:db:6a:af:ba:79:4d:45:72:ae:22:
         7b:5e:30:eb:05:fc:21:31:9d:f8:dd:2e:52:b5:a4:50:11:4d:
         b7:aa:5a:47:44:b8:8c:aa:c4:13:87:20:cb:94:b6:fb:00:0a:
         69:d3:0f:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbJk9Lh5+HyywOqCICshcTYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiMTA0ZjFlNGFiYWVjMWVmZjgwZjI2MmM2MmY5NmMyNTQz
OGM4ZTEwHhcNMjUwNTEzMTIxNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTNiNTkwN2ZiZGMxODVmN2NmNWQzOTFjODdlZTcwZTM4Mzc2YTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5XHTa+59zo9Mp1MIsyOoZZMxLqso
/9id7SU4ui/FgN7TgjmWjNmdi0XlnBPxTjC6aTSeZ9vI3X5cX3hUFQFccBPpwIwT
S1dBXJ/D8s/5w9S1cZcuRVu7N9NtAJqh2yQHT/aVohxm9OaFca0sdq72oFNkW9h0
NpSWb09obB3AoZD3NjD3IZJMelchwz9GHiJAev6jcAJGGci+un6W/en+n6WNmGf0
Z7fywgOdX7S43D9NEw+pBKVDV0eWurX7+taxrfYp0ZDCh7PGAxbZBctduKePmtD8
W8ZCx9T/BABhpTEGMLqOIb1jy5oa/7jBjysYpd7JpsGIQgGg8ki5a5nbvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEU7WQf73BhffPXTkch+5w44N2plMB8GA1UdIwQY
MBaAFGsQTx5Kuuwe/4DyYsYvlsJUOMjhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXhCUEhrcTY3QjdfZ1BKaXhpLVd3bFE0eU9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS82NTNjMjQtNjhlNS00YWQ4LWI3NjMt
MzBjOWRlMjA1YWZjLzEvUlR0WkJfdmNHRjk4OWRPUnlIN25EamczYW1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS82NTNjMjQtNjhlNS00YWQ4LWI3NjMtMzBjOWRlMjA1YWZj
LzEvYXhCUEhrcTY3QjdfZ1BKaXhpLVd3bFE0eU9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPkRJMA0G
CSqGSIb3DQEBCwUAA4IBAQBwVO//UrVZrH42h/yk/TJmyi1dT5iF1PRkvK2kiD3Z
T9V+4QUwMRphhN7I/cOqNYdyh+VCv1knOEldnuKd4Fjmxygx7M6eEhE7OvF/kASO
EMxqPn+PBJyHt+dNZ0wo/yVeXRNb3TiY9xFM5PvUXZK3DI03b218M5YVDUD6JTMs
iUVQsyNVyMH71z7pLMb47fDHoIJZh2OzF5EQ7rg3YjE76FnMrxMyrVJkgg5pgAT/
aiNl9Oio3CcAOhdN5K9X0+2JRbwmUQZ0dEk5s7K7e9tqr7p5TUVyriJ7XjDrBfwh
MZ343S5StaRQEU23qlpHRLiMqsQThyDLlLb7AApp0w+X
-----END CERTIFICATE-----