Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/bc5fd7-3e63-4945-afb7-1175e5a07a55/1/ap5KNPIgh8eRLDgd9o9o98m3A_g.roa
File:                     ap5KNPIgh8eRLDgd9o9o98m3A_g.roa (raw, json)
Hash identifier:          wFA6DMYFq5ZeJnSJaOkvybASHTJl6BSASaBH5ShXruc=
Subject key identifier:   6A:9E:4A:34:F2:20:87:C7:91:2C:38:1D:F6:8F:68:F7:C9:B7:03:F8
Certificate issuer:       /CN=d3f60b176d95fd8d3d0bd65c5d12c83941f7f054
Certificate serial:       01963ADCCA08EA37E8ADF78342A951DB5AAC
Authority key identifier: D3:F6:0B:17:6D:95:FD:8D:3D:0B:D6:5C:5D:12:C8:39:41:F7:F0:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0_YLF22V_Y09C9ZcXRLIOUH38FQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/bc5fd7-3e63-4945-afb7-1175e5a07a55/1/ap5KNPIgh8eRLDgd9o9o98m3A_g.roa
Signing time:             Tue 15 Apr 2025 19:11:10 +0000
ROA not before:           Tue 15 Apr 2025 19:11:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6984
IP address blocks:        62.189.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/bc5fd7-3e63-4945-afb7-1175e5a07a55/1/0_YLF22V_Y09C9ZcXRLIOUH38FQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/bc5fd7-3e63-4945-afb7-1175e5a07a55/1/0_YLF22V_Y09C9ZcXRLIOUH38FQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0_YLF22V_Y09C9ZcXRLIOUH38FQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 07:29:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:3a:dc:ca:08:ea:37:e8:ad:f7:83:42:a9:51:db:5a:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3f60b176d95fd8d3d0bd65c5d12c83941f7f054
        Validity
            Not Before: Apr 15 19:11:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6a9e4a34f22087c7912c381df68f68f7c9b703f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:3c:b1:44:ea:66:40:2c:a1:16:2d:ad:a6:d2:
                    ff:a0:4d:be:08:32:7b:ec:d9:c1:47:54:e3:ba:82:
                    cd:b7:cb:e6:0c:d0:d7:7d:fa:bc:e5:71:89:5e:4a:
                    5b:69:72:3b:4b:f6:d8:d1:79:12:ea:70:06:05:90:
                    68:db:f3:ac:27:83:2b:bf:13:3d:32:9c:0a:9a:35:
                    09:f2:9c:be:30:67:4b:93:f8:5d:83:09:43:2d:9f:
                    b9:6a:d7:86:83:4d:ff:49:e1:4e:52:17:cb:b0:c6:
                    86:0b:5c:84:32:fd:bb:3d:8e:31:64:61:7b:49:56:
                    49:29:c5:c6:82:44:10:31:5f:c8:5c:d6:e8:c3:c8:
                    e7:d6:db:07:eb:4f:ce:34:6f:3f:71:4a:42:19:1f:
                    09:e3:57:5e:2f:92:cd:71:1e:50:c7:23:4a:fe:ba:
                    e4:72:20:f8:ce:1b:d8:0e:7d:de:cf:dc:32:59:96:
                    31:0b:51:dd:81:8e:66:df:7f:f8:5f:27:d7:58:21:
                    59:ed:ac:aa:e9:ee:31:da:67:e0:db:55:63:a3:cd:
                    d8:97:84:69:3d:2b:02:c8:11:9e:dc:42:80:df:a9:
                    5f:65:a7:e5:11:4d:60:d8:f2:51:59:de:92:18:b1:
                    ef:ac:02:2c:15:cb:96:53:30:c4:e6:b1:71:fc:cb:
                    47:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:9E:4A:34:F2:20:87:C7:91:2C:38:1D:F6:8F:68:F7:C9:B7:03:F8
            X509v3 Authority Key Identifier:
                keyid:D3:F6:0B:17:6D:95:FD:8D:3D:0B:D6:5C:5D:12:C8:39:41:F7:F0:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0_YLF22V_Y09C9ZcXRLIOUH38FQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/bc5fd7-3e63-4945-afb7-1175e5a07a55/1/ap5KNPIgh8eRLDgd9o9o98m3A_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/bc5fd7-3e63-4945-afb7-1175e5a07a55/1/0_YLF22V_Y09C9ZcXRLIOUH38FQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.189.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:f5:d6:56:de:e0:3a:fe:9a:54:c0:74:02:41:35:ec:2c:ed:
         b4:a1:98:49:de:db:cf:d5:d7:ee:68:32:47:f2:34:02:5a:ba:
         6e:44:c2:ea:63:0f:98:15:5f:0e:7c:85:72:54:0f:c7:88:e2:
         06:c2:7c:90:3a:69:34:17:cd:d4:f8:5c:90:81:fd:9a:34:50:
         89:57:9d:e2:4d:fa:e6:fc:fe:6b:66:34:f4:7d:0f:ce:6c:e2:
         34:50:a7:c0:09:2d:d0:b3:9f:c9:6a:3e:6c:78:10:c9:45:bf:
         40:8d:a1:65:5f:20:d4:bb:7f:f0:8d:d8:98:c2:97:1d:90:d0:
         40:de:df:c8:29:d5:89:88:e9:fb:60:a1:8a:c1:3f:19:99:be:
         02:e7:e3:1a:41:08:58:90:80:c1:56:75:04:bf:7d:72:df:bf:
         1d:4f:85:0a:8e:05:85:d3:05:69:48:ca:e2:e3:fa:e5:b0:0d:
         d6:db:38:e1:2a:ee:4f:cd:82:25:90:69:7c:57:79:ed:78:12:
         a8:a2:4f:dd:d1:c3:c3:95:f4:26:42:d5:60:a2:5f:1a:75:a9:
         cd:3d:01:f9:d1:b5:47:43:68:8c:5d:b5:e6:41:d2:28:7b:79:
         37:a4:01:7f:5c:d6:83:bc:ea:fe:d9:df:b6:67:36:0b:42:27:
         99:02:84:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZY63MoI6jforfeDQqlR21qsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzZjYwYjE3NmQ5NWZkOGQzZDBiZDY1YzVkMTJjODM5NDFm
N2YwNTQwHhcNMjUwNDE1MTkxMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTllNGEzNGYyMjA4N2M3OTEyYzM4MWRmNjhmNjhmN2M5YjcwM2Y4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAszyxROpmQCyhFi2tptL/oE2+CDJ7
7NnBR1TjuoLNt8vmDNDXffq85XGJXkpbaXI7S/bY0XkS6nAGBZBo2/OsJ4MrvxM9
MpwKmjUJ8py+MGdLk/hdgwlDLZ+5ateGg03/SeFOUhfLsMaGC1yEMv27PY4xZGF7
SVZJKcXGgkQQMV/IXNbow8jn1tsH60/ONG8/cUpCGR8J41deL5LNcR5QxyNK/rrk
ciD4zhvYDn3ez9wyWZYxC1HdgY5m33/4XyfXWCFZ7ayq6e4x2mfg21Vjo83Yl4Rp
PSsCyBGe3EKA36lfZaflEU1g2PJRWd6SGLHvrAIsFcuWUzDE5rFx/MtHSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGqeSjTyIIfHkSw4HfaPaPfJtwP4MB8GA1UdIwQY
MBaAFNP2Cxdtlf2NPQvWXF0SyDlB9/BUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMF9ZTEYyMlZfWTA5QzlaY1hSTElPVUgzOEZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9iYzVmZDctM2U2My00OTQ1LWFmYjct
MTE3NWU1YTA3YTU1LzEvYXA1S05QSWdoOGVSTERnZDlvOW85OG0zQV9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9iYzVmZDctM2U2My00OTQ1LWFmYjctMTE3NWU1YTA3YTU1
LzEvMF9ZTEYyMlZfWTA5QzlaY1hSTElPVUgzOEZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPr2VMA0G
CSqGSIb3DQEBCwUAA4IBAQB69dZW3uA6/ppUwHQCQTXsLO20oZhJ3tvP1dfuaDJH
8jQCWrpuRMLqYw+YFV8OfIVyVA/HiOIGwnyQOmk0F83U+FyQgf2aNFCJV53iTfrm
/P5rZjT0fQ/ObOI0UKfACS3Qs5/Jaj5seBDJRb9AjaFlXyDUu3/wjdiYwpcdkNBA
3t/IKdWJiOn7YKGKwT8Zmb4C5+MaQQhYkIDBVnUEv31y378dT4UKjgWF0wVpSMri
4/rlsA3W2zjhKu5PzYIlkGl8V3nteBKook/d0cPDlfQmQtVgol8adanNPQH50bVH
Q2iMXbXmQdIoe3k3pAF/XNaDvOr+2d+2ZzYLQieZAoSK
-----END CERTIFICATE-----