Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/5b1319-b987-4f94-b326-5769019fefb8/1/CiO8rz6OpJP8kXEDtL6_femYWdw.roa
File:                     CiO8rz6OpJP8kXEDtL6_femYWdw.roa (raw, json)
Hash identifier:          xrGwN0Y9hlv70stNpeICmZNMBWdiRqCHB0a8cFQp9FI=
Subject key identifier:   0A:23:BC:AF:3E:8E:A4:93:FC:91:71:03:B4:BE:BF:7D:E9:98:59:DC
Certificate issuer:       /CN=81b14fae44dfa0e3349167433c924c9645739861
Certificate serial:       018CC3B69E1D17112E5090F09BDA234474AB
Authority key identifier: 81:B1:4F:AE:44:DF:A0:E3:34:91:67:43:3C:92:4C:96:45:73:98:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gbFPrkTfoOM0kWdDPJJMlkVzmGE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/5b1319-b987-4f94-b326-5769019fefb8/1/CiO8rz6OpJP8kXEDtL6_femYWdw.roa
Signing time:             Mon 01 Jan 2024 06:29:34 +0000
ROA not before:           Mon 01 Jan 2024 06:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35297
IP address blocks:        62.68.74.0/24 maxlen: 24
                          2a12:c480::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/5b1319-b987-4f94-b326-5769019fefb8/1/gbFPrkTfoOM0kWdDPJJMlkVzmGE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/5b1319-b987-4f94-b326-5769019fefb8/1/gbFPrkTfoOM0kWdDPJJMlkVzmGE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gbFPrkTfoOM0kWdDPJJMlkVzmGE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 15:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:9e:1d:17:11:2e:50:90:f0:9b:da:23:44:74:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81b14fae44dfa0e3349167433c924c9645739861
        Validity
            Not Before: Jan  1 06:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a23bcaf3e8ea493fc917103b4bebf7de99859dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:2c:a0:c6:7f:70:7e:36:70:0a:6d:1b:4b:d1:
                    de:f5:8b:b4:f8:4e:39:c9:fb:a6:1c:9a:ca:4a:30:
                    bb:a3:c1:e3:40:3c:c8:9e:35:4a:d4:d9:db:bc:34:
                    b1:f7:28:f0:5b:be:a2:a0:5f:a3:46:62:5c:93:ce:
                    c9:85:52:92:8e:26:4d:81:d7:e8:b9:ae:92:de:aa:
                    66:71:ba:1a:d4:dc:a6:a0:9d:81:16:c0:bf:57:a3:
                    dd:f4:9d:60:18:bd:ca:b0:59:d8:fd:e5:83:5d:df:
                    31:5d:2f:64:4f:4e:84:f7:6d:fd:7b:45:fb:17:29:
                    a7:f1:c1:3f:4f:98:88:54:60:e3:14:bf:1f:83:4d:
                    03:79:38:7b:15:46:ba:c6:24:c6:56:20:6a:39:8c:
                    2a:a6:8f:01:76:96:97:e7:12:4b:ac:1d:27:49:28:
                    ea:a9:96:a7:ea:60:85:51:3c:1e:65:3d:f5:b4:a5:
                    4b:21:a8:75:0f:a5:b2:a1:07:f1:de:55:42:aa:d0:
                    c7:cf:00:b9:d8:54:2a:63:eb:c2:dd:57:f2:db:3b:
                    1a:48:eb:a0:ae:32:01:cf:88:32:49:cc:ac:4e:8d:
                    f1:56:a1:ab:cd:bd:ef:60:c6:18:ce:b5:94:8d:a8:
                    a5:f3:2e:0b:ae:8f:52:50:cf:12:8c:c9:76:67:3d:
                    8c:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:23:BC:AF:3E:8E:A4:93:FC:91:71:03:B4:BE:BF:7D:E9:98:59:DC
            X509v3 Authority Key Identifier:
                keyid:81:B1:4F:AE:44:DF:A0:E3:34:91:67:43:3C:92:4C:96:45:73:98:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gbFPrkTfoOM0kWdDPJJMlkVzmGE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/5b1319-b987-4f94-b326-5769019fefb8/1/CiO8rz6OpJP8kXEDtL6_femYWdw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/5b1319-b987-4f94-b326-5769019fefb8/1/gbFPrkTfoOM0kWdDPJJMlkVzmGE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.68.74.0/24
                IPv6:
                  2a12:c480::/29

    Signature Algorithm: sha256WithRSAEncryption
         89:d1:45:1e:1b:8f:58:d4:49:81:6a:31:46:8b:2e:e2:a7:53:
         07:66:7e:83:d0:5b:df:aa:91:10:1e:4b:15:58:03:69:af:cd:
         db:ec:d3:3f:73:3e:cb:da:af:74:c6:e7:c9:db:f8:e8:4a:08:
         4a:da:66:6f:60:a3:ab:95:c3:f4:04:8e:30:c7:55:34:11:fd:
         af:45:dc:82:e6:46:d3:40:b2:79:9a:97:10:a4:69:c5:a1:de:
         36:d9:b6:0c:60:ec:3b:01:bc:7b:59:43:b7:20:c3:01:65:9c:
         7b:60:ff:0e:0a:f8:75:83:ed:e1:f5:51:cd:ab:e4:3c:fe:8b:
         e3:95:37:a9:76:db:78:b4:3b:fa:e4:60:8a:03:31:6f:bf:11:
         45:19:16:2d:67:d0:46:c9:95:58:e4:d2:70:bf:6e:c6:38:1e:
         17:ed:4a:de:a1:10:59:96:72:6d:3e:fd:b8:49:f9:6a:47:93:
         e4:9c:14:ec:09:b4:d4:35:d8:ab:46:f5:e8:75:82:06:1f:3c:
         a5:0f:d0:86:a7:75:7c:02:3d:50:69:c4:a2:51:5b:96:de:bb:
         9a:90:26:95:8f:d8:ce:c5:53:03:e3:64:ea:0d:b0:07:39:a1:
         00:7d:d8:5d:df:20:82:00:7a:08:1b:de:5b:4e:96:af:08:f4:
         81:72:5a:0c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDtp4dFxEuUJDwm9ojRHSrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxYjE0ZmFlNDRkZmEwZTMzNDkxNjc0MzNjOTI0Yzk2NDU3
Mzk4NjEwHhcNMjQwMTAxMDYyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTIzYmNhZjNlOGVhNDkzZmM5MTcxMDNiNGJlYmY3ZGU5OTg1OWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Sygxn9wfjZwCm0bS9He9Yu0+E45
yfumHJrKSjC7o8HjQDzInjVK1NnbvDSx9yjwW76ioF+jRmJck87JhVKSjiZNgdfo
ua6S3qpmcboa1NymoJ2BFsC/V6Pd9J1gGL3KsFnY/eWDXd8xXS9kT06E9239e0X7
Fymn8cE/T5iIVGDjFL8fg00DeTh7FUa6xiTGViBqOYwqpo8BdpaX5xJLrB0nSSjq
qZan6mCFUTweZT31tKVLIah1D6WyoQfx3lVCqtDHzwC52FQqY+vC3Vfy2zsaSOug
rjIBz4gyScysTo3xVqGrzb3vYMYYzrWUjail8y4Lro9SUM8SjMl2Zz2MzwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAojvK8+jqST/JFxA7S+v33pmFncMB8GA1UdIwQY
MBaAFIGxT65E36DjNJFnQzySTJZFc5hhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2JGUHJrVGZvT00wa1dkRFBKSk1sa1Z6bUdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy81YjEzMTktYjk4Ny00Zjk0LWIzMjYt
NTc2OTAxOWZlZmI4LzEvQ2lPOHJ6Nk9wSlA4a1hFRHRMNl9mZW1ZV2R3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy81YjEzMTktYjk4Ny00Zjk0LWIzMjYtNTc2OTAxOWZlZmI4
LzEvZ2JGUHJrVGZvT00wa1dkRFBKSk1sa1Z6bUdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAPkRKMA0E
AgACMAcDBQMqEsSAMA0GCSqGSIb3DQEBCwUAA4IBAQCJ0UUeG49Y1EmBajFGiy7i
p1MHZn6D0FvfqpEQHksVWANpr83b7NM/cz7L2q90xufJ2/joSghK2mZvYKOrlcP0
BI4wx1U0Ef2vRdyC5kbTQLJ5mpcQpGnFod422bYMYOw7Abx7WUO3IMMBZZx7YP8O
Cvh1g+3h9VHNq+Q8/ovjlTepdtt4tDv65GCKAzFvvxFFGRYtZ9BGyZVY5NJwv27G
OB4X7UreoRBZlnJtPv24SflqR5PknBTsCbTUNdirRvXodYIGHzylD9CGp3V8Aj1Q
acSiUVuW3ruakCaVj9jOxVMD42TqDbAHOaEAfdhd3yCCAHoIG95bTpavCPSBcloM
-----END CERTIFICATE-----