Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/Ly5l7uAGGOrfvlsGGnQdz0V4nKE.roa
File:                     Ly5l7uAGGOrfvlsGGnQdz0V4nKE.roa (raw, json)
Hash identifier:          ZxmUNWDmKGotedZO8VKzz/Oj5QRxUTc3RwaJAGYeFSE=
Subject key identifier:   2F:2E:65:EE:E0:06:18:EA:DF:BE:5B:06:1A:74:1D:CF:45:78:9C:A1
Certificate issuer:       /CN=166afc51c922fd842fec5b0cbbd26ebdbd1a161e
Certificate serial:       0196429BD2F9D08A0D9535FE5C3761858361
Authority key identifier: 16:6A:FC:51:C9:22:FD:84:2F:EC:5B:0C:BB:D2:6E:BD:BD:1A:16:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/Ly5l7uAGGOrfvlsGGnQdz0V4nKE.roa
Signing time:             Thu 17 Apr 2025 07:17:10 +0000
ROA not before:           Thu 17 Apr 2025 07:17:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     54339
IP address blocks:        62.112.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 07:29:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:42:9b:d2:f9:d0:8a:0d:95:35:fe:5c:37:61:85:83:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=166afc51c922fd842fec5b0cbbd26ebdbd1a161e
        Validity
            Not Before: Apr 17 07:17:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2f2e65eee00618eadfbe5b061a741dcf45789ca1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:b1:bd:37:8e:57:3f:5d:55:db:ec:01:ef:c0:
                    ba:88:be:13:21:8d:1e:05:90:e0:dd:e2:44:c6:c2:
                    4d:96:28:65:c4:3d:a1:42:a5:ca:02:7e:6b:c3:ba:
                    71:c9:d6:96:ff:50:e9:1a:2b:5f:75:2b:99:81:80:
                    61:a8:d4:48:58:08:72:68:83:5e:b8:fb:81:a5:33:
                    53:6e:fb:9d:9c:53:7a:b5:41:99:7e:22:02:b1:aa:
                    be:4d:c2:d7:c3:bf:1e:23:3c:af:dc:b8:47:d0:02:
                    34:13:0b:43:5e:48:e5:cc:a6:03:c5:27:d3:dd:b9:
                    e0:15:db:9d:a2:fd:a5:8d:ee:87:a3:06:3a:f4:d8:
                    b2:df:55:4c:c3:62:6f:84:3a:71:77:9c:17:a5:fd:
                    32:f9:0b:df:b8:7f:5b:a4:8c:e8:1e:41:81:17:81:
                    f4:bd:7c:7b:57:18:09:9f:7a:fc:c0:5f:aa:15:7a:
                    3a:50:35:ba:30:5b:81:c6:43:0f:8c:54:99:4c:fd:
                    3f:2b:41:db:03:97:d2:e7:ab:9b:53:0a:65:0b:92:
                    32:85:dd:7a:93:ff:25:9c:c7:71:99:c5:2c:d0:02:
                    06:2d:d5:b0:1d:49:d7:bb:6d:e0:e5:7e:fc:b2:e9:
                    20:0e:e4:10:0b:23:17:e1:8c:ad:d5:9e:b7:60:60:
                    39:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:2E:65:EE:E0:06:18:EA:DF:BE:5B:06:1A:74:1D:CF:45:78:9C:A1
            X509v3 Authority Key Identifier:
                keyid:16:6A:FC:51:C9:22:FD:84:2F:EC:5B:0C:BB:D2:6E:BD:BD:1A:16:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/Ly5l7uAGGOrfvlsGGnQdz0V4nKE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.112.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:fa:75:ba:f9:c9:67:3d:b1:5c:20:99:53:2e:47:6e:b5:ce:
         b0:18:7a:0f:22:c9:7f:04:2c:46:24:b2:57:ae:8d:85:4d:b7:
         ab:9e:42:c0:43:3a:82:33:5c:6e:2d:40:c9:00:57:a5:0b:51:
         12:8d:5b:6b:bd:56:18:44:02:e7:37:b7:bc:f7:03:14:fb:04:
         62:80:64:6a:28:45:d5:ee:d7:6c:05:12:60:d8:06:cc:44:c9:
         b0:29:1b:7d:5e:be:7e:8e:c8:a3:cf:52:a9:ce:08:0e:66:33:
         02:8e:2f:c1:9c:d3:96:68:14:9a:b6:f4:d5:57:5b:05:d6:13:
         d0:0c:72:a2:15:32:dd:b5:ee:e5:f5:d7:e0:ee:75:d2:ab:02:
         c6:f0:04:cf:0c:2f:27:34:1e:be:df:d7:cb:af:15:06:00:c3:
         55:c5:7c:ad:f4:f2:58:d9:4c:05:be:d0:4e:e0:a9:27:49:4e:
         4c:08:8d:9d:1c:7d:17:3b:80:46:4c:25:bf:72:2b:54:a7:e6:
         42:b8:b1:c5:d2:b6:9a:bf:ee:76:47:c2:27:3f:a7:63:b5:de:
         9c:86:76:f1:ef:66:74:25:00:7d:f2:39:d5:83:2c:3a:24:24:
         34:d4:5b:d6:f7:e1:32:c9:18:93:c1:86:09:93:03:28:cc:05:
         d1:18:bd:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZCm9L50IoNlTX+XDdhhYNhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2NmFmYzUxYzkyMmZkODQyZmVjNWIwY2JiZDI2ZWJkYmQx
YTE2MWUwHhcNMjUwNDE3MDcxNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjJlNjVlZWUwMDYxOGVhZGZiZTViMDYxYTc0MWRjZjQ1Nzg5Y2ExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl7G9N45XP11V2+wB78C6iL4TIY0e
BZDg3eJExsJNlihlxD2hQqXKAn5rw7pxydaW/1DpGitfdSuZgYBhqNRIWAhyaINe
uPuBpTNTbvudnFN6tUGZfiICsaq+TcLXw78eIzyv3LhH0AI0EwtDXkjlzKYDxSfT
3bngFdudov2lje6HowY69Niy31VMw2JvhDpxd5wXpf0y+QvfuH9bpIzoHkGBF4H0
vXx7VxgJn3r8wF+qFXo6UDW6MFuBxkMPjFSZTP0/K0HbA5fS56ubUwplC5Iyhd16
k/8lnMdxmcUs0AIGLdWwHUnXu23g5X78sukgDuQQCyMX4Yyt1Z63YGA5IQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC8uZe7gBhjq375bBhp0Hc9FeJyhMB8GA1UdIwQY
MBaAFBZq/FHJIv2EL+xbDLvSbr29GhYeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRm1yOFVja2lfWVF2N0ZzTXU5SnV2YjBhRmg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy84OGM0NTQtY2JhYS00M2ZkLWIzYzEt
MTNiOTExMGNlMjBjLzEvTHk1bDd1QUdHT3JmdmxzR0duUWR6MFY0bktFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy84OGM0NTQtY2JhYS00M2ZkLWIzYzEtMTNiOTExMGNlMjBj
LzEvRm1yOFVja2lfWVF2N0ZzTXU5SnV2YjBhRmg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPnDOMA0G
CSqGSIb3DQEBCwUAA4IBAQAN+nW6+clnPbFcIJlTLkdutc6wGHoPIsl/BCxGJLJX
ro2FTbernkLAQzqCM1xuLUDJAFelC1ESjVtrvVYYRALnN7e89wMU+wRigGRqKEXV
7tdsBRJg2AbMRMmwKRt9Xr5+jsijz1KpzggOZjMCji/BnNOWaBSatvTVV1sF1hPQ
DHKiFTLdte7l9dfg7nXSqwLG8ATPDC8nNB6+39fLrxUGAMNVxXyt9PJY2UwFvtBO
4KknSU5MCI2dHH0XO4BGTCW/citUp+ZCuLHF0raav+52R8InP6djtd6chnbx72Z0
JQB98jnVgyw6JCQ01FvW9+EyyRiTwYYJkwMozAXRGL0+
-----END CERTIFICATE-----