Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/e51856-e52e-4b24-8c99-c240bfc9cbc1/1/ssFKfAim1kdcPbEWdvF2-soya7g.roa
File:                     ssFKfAim1kdcPbEWdvF2-soya7g.roa (raw, json)
Hash identifier:          2H6ZUU9VEnTNJPV3f0t76BoLVUBlAtHtLT8Ceczu/6I=
Subject key identifier:   B2:C1:4A:7C:08:A6:D6:47:5C:3D:B1:16:76:F1:76:FA:CA:32:6B:B8
Certificate issuer:       /CN=6161470d39be4ba2dd5df8fa47b16396278e670a
Certificate serial:       01968705DCC51E918B752283F3FB7C18A9D9
Authority key identifier: 61:61:47:0D:39:BE:4B:A2:DD:5D:F8:FA:47:B1:63:96:27:8E:67:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YWFHDTm-S6LdXfj6R7FjlieOZwo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/e51856-e52e-4b24-8c99-c240bfc9cbc1/1/ssFKfAim1kdcPbEWdvF2-soya7g.roa
Signing time:             Wed 30 Apr 2025 14:07:10 +0000
ROA not before:           Wed 30 Apr 2025 14:07:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213922
IP address blocks:        62.164.156.0/22 maxlen: 24
                          2a0c:6ec0:a01::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/e51856-e52e-4b24-8c99-c240bfc9cbc1/1/YWFHDTm-S6LdXfj6R7FjlieOZwo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/e51856-e52e-4b24-8c99-c240bfc9cbc1/1/YWFHDTm-S6LdXfj6R7FjlieOZwo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YWFHDTm-S6LdXfj6R7FjlieOZwo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 May 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:87:05:dc:c5:1e:91:8b:75:22:83:f3:fb:7c:18:a9:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6161470d39be4ba2dd5df8fa47b16396278e670a
        Validity
            Not Before: Apr 30 14:07:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b2c14a7c08a6d6475c3db11676f176faca326bb8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:11:49:90:32:3d:4a:78:ce:53:8c:1d:bf:1c:
                    55:bc:fe:e1:a5:eb:37:fa:93:c5:35:fc:37:10:16:
                    7f:f4:7e:43:cc:7a:a4:5f:90:ac:64:a2:53:83:b2:
                    ff:5f:49:47:f4:b7:64:59:c9:56:e7:bd:ab:c5:b9:
                    ba:21:bb:e4:6f:33:f4:a7:8c:10:97:d8:82:79:a5:
                    5b:08:d4:09:1e:32:c1:41:56:43:2e:a1:68:d9:98:
                    de:fe:3a:48:3e:83:9e:60:f8:4a:ab:98:05:d9:54:
                    d9:83:70:e7:43:6d:b1:4d:43:3a:06:e7:72:e2:d2:
                    75:ec:ac:a7:48:b7:d6:8f:46:41:14:2e:ce:d5:f0:
                    a0:9a:f1:b7:7b:10:d2:86:26:ac:07:1d:d8:e8:bb:
                    49:d0:89:5b:93:aa:0d:7e:24:c7:b8:6a:fc:32:fa:
                    f8:51:13:e9:6f:d2:64:a9:bb:e8:e1:fe:30:61:cc:
                    7e:22:c5:10:2f:fb:37:3b:ab:9c:23:76:8e:08:dc:
                    ec:5f:71:ef:7f:cd:60:4c:15:dd:46:f3:10:b7:2a:
                    6b:7f:c7:a4:a9:a8:d1:be:cb:ac:53:fc:93:27:82:
                    ce:57:26:a7:07:41:08:cb:de:31:34:26:12:52:aa:
                    1c:15:2f:49:b6:f0:08:8f:2b:66:94:0a:1b:88:6a:
                    bf:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:C1:4A:7C:08:A6:D6:47:5C:3D:B1:16:76:F1:76:FA:CA:32:6B:B8
            X509v3 Authority Key Identifier:
                keyid:61:61:47:0D:39:BE:4B:A2:DD:5D:F8:FA:47:B1:63:96:27:8E:67:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YWFHDTm-S6LdXfj6R7FjlieOZwo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/e51856-e52e-4b24-8c99-c240bfc9cbc1/1/ssFKfAim1kdcPbEWdvF2-soya7g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/e51856-e52e-4b24-8c99-c240bfc9cbc1/1/YWFHDTm-S6LdXfj6R7FjlieOZwo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.164.156.0/22
                IPv6:
                  2a0c:6ec0:a01::/48

    Signature Algorithm: sha256WithRSAEncryption
         a8:b0:c1:9f:bc:d9:ef:85:41:73:f1:e5:f4:26:f6:d0:5c:40:
         55:ff:ee:d1:2e:e6:71:29:85:07:8e:27:6e:d3:64:5e:88:d9:
         9a:35:54:7c:1e:d0:ba:e8:7d:b9:61:6c:95:9b:bd:5d:41:38:
         31:cb:77:aa:b4:0c:9e:d8:19:b0:da:e3:9c:26:7b:2c:8b:45:
         27:89:c4:73:3c:93:5d:04:3e:82:0a:68:95:c2:d3:c6:f5:a1:
         d7:30:c5:3f:cd:3d:43:e0:9b:75:26:18:2e:15:0b:22:f4:cc:
         b1:dd:7b:db:b4:28:cd:3a:37:47:fd:a8:99:91:09:d6:01:6a:
         cf:be:6e:04:5a:49:b7:1b:0b:a4:4a:78:a0:b2:d5:a6:3b:92:
         bb:b9:5d:0b:47:64:4d:9e:56:d1:e6:61:ab:03:65:23:1a:08:
         97:0d:aa:50:56:04:a8:33:68:f1:7c:81:b9:0b:b2:da:e8:4f:
         24:5d:26:4e:5a:2a:42:f1:ad:aa:75:c6:9c:10:35:5f:3c:29:
         a1:35:75:5f:26:d0:ce:d0:75:d6:3d:c7:1e:d6:60:69:91:80:
         b0:20:c5:a7:68:8d:c3:46:50:0c:75:38:a4:7d:c7:c8:f0:3c:
         e6:bb:c2:c1:25:0d:55:4d:41:2d:19:4a:fb:91:a6:07:61:53:
         89:14:e7:c3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZaHBdzFHpGLdSKD8/t8GKnZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxNjE0NzBkMzliZTRiYTJkZDVkZjhmYTQ3YjE2Mzk2Mjc4
ZTY3MGEwHhcNMjUwNDMwMTQwNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmMxNGE3YzA4YTZkNjQ3NWMzZGIxMTY3NmYxNzZmYWNhMzI2YmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAthFJkDI9SnjOU4wdvxxVvP7hpes3
+pPFNfw3EBZ/9H5DzHqkX5CsZKJTg7L/X0lH9LdkWclW572rxbm6IbvkbzP0p4wQ
l9iCeaVbCNQJHjLBQVZDLqFo2Zje/jpIPoOeYPhKq5gF2VTZg3DnQ22xTUM6Budy
4tJ17KynSLfWj0ZBFC7O1fCgmvG3exDShiasBx3Y6LtJ0Ilbk6oNfiTHuGr8Mvr4
URPpb9Jkqbvo4f4wYcx+IsUQL/s3O6ucI3aOCNzsX3Hvf81gTBXdRvMQtyprf8ek
qajRvsusU/yTJ4LOVyanB0EIy94xNCYSUqocFS9JtvAIjytmlAobiGq/MwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLLBSnwIptZHXD2xFnbxdvrKMmu4MB8GA1UdIwQY
MBaAFGFhRw05vkui3V34+kexY5YnjmcKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVdGSERUbS1TNkxkWGZqNlI3RmpsaWVPWndvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi9lNTE4NTYtZTUyZS00YjI0LThjOTkt
YzI0MGJmYzljYmMxLzEvc3NGS2ZBaW0xa2RjUGJFV2R2RjItc295YTdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi9lNTE4NTYtZTUyZS00YjI0LThjOTktYzI0MGJmYzljYmMx
LzEvWVdGSERUbS1TNkxkWGZqNlI3RmpsaWVPWndvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCPqScMA8E
AgACMAkDBwAqDG7ACgEwDQYJKoZIhvcNAQELBQADggEBAKiwwZ+82e+FQXPx5fQm
9tBcQFX/7tEu5nEphQeOJ27TZF6I2Zo1VHwe0LrofblhbJWbvV1BODHLd6q0DJ7Y
GbDa45wmeyyLRSeJxHM8k10EPoIKaJXC08b1odcwxT/NPUPgm3UmGC4VCyL0zLHd
e9u0KM06N0f9qJmRCdYBas++bgRaSbcbC6RKeKCy1aY7kru5XQtHZE2eVtHmYasD
ZSMaCJcNqlBWBKgzaPF8gbkLstroTyRdJk5aKkLxrap1xpwQNV88KaE1dV8m0M7Q
ddY9xx7WYGmRgLAgxadojcNGUAx1OKR9x8jwPOa7wsElDVVNQS0ZSvuRpgdhU4kU
58M=
-----END CERTIFICATE-----