Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/X-W8Mcz2rItIgyfKQVbVLvp3zm4.roa
File:                     X-W8Mcz2rItIgyfKQVbVLvp3zm4.roa (raw, json)
Hash identifier:          5Lfv4S3GofhPRjaLiljoPC2i2l1IvIzdCWBu8gOy6U0=
Subject key identifier:   5F:E5:BC:31:CC:F6:AC:8B:48:83:27:CA:41:56:D5:2E:FA:77:CE:6E
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       018D16467B2C37D72C93B4AD8D03A4607E44
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/X-W8Mcz2rItIgyfKQVbVLvp3zm4.roa
Signing time:             Wed 17 Jan 2024 07:15:34 +0000
ROA not before:           Wed 17 Jan 2024 07:15:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397373
IP address blocks:        62.60.240.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 07:03:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:16:46:7b:2c:37:d7:2c:93:b4:ad:8d:03:a4:60:7e:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Jan 17 07:15:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5fe5bc31ccf6ac8b488327ca4156d52efa77ce6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:a8:3c:6d:28:31:b7:76:e9:8a:e9:33:20:a8:
                    bf:ac:53:8a:07:f1:76:46:a5:95:0c:09:85:d5:15:
                    21:47:4b:d4:e5:09:8f:b7:75:68:dd:03:f8:32:31:
                    52:b4:9f:3c:b5:75:26:20:0d:85:63:8e:61:6c:1e:
                    47:e1:12:96:d8:be:d8:50:84:ca:d8:0f:58:c7:6f:
                    25:68:53:7d:75:20:6e:1d:e3:1f:c4:41:b0:9c:8e:
                    d2:fc:74:47:07:b4:71:25:10:63:aa:ab:15:26:46:
                    df:34:95:0d:f0:1d:8f:a8:99:1f:e3:ff:24:1c:78:
                    ab:58:9a:12:21:95:62:96:c7:24:08:b6:9f:2e:bb:
                    eb:11:1d:00:ae:88:8b:74:41:8d:a8:8a:d6:69:9a:
                    02:f0:fa:ff:b2:a2:a1:8c:b4:43:65:38:ac:0f:57:
                    3b:e9:47:b7:a9:e7:7f:77:1d:a6:39:4a:09:f2:49:
                    db:2c:87:8b:00:74:6d:8d:cb:2b:8c:4b:14:fc:2c:
                    89:3d:92:18:29:93:15:a8:ac:12:48:07:29:a7:c6:
                    e3:a4:58:22:6c:75:b2:b0:27:99:83:11:33:88:42:
                    b4:8d:44:c4:0e:20:9d:f4:64:3b:4e:6e:4c:c6:9b:
                    27:b2:c4:53:81:c2:25:8f:9a:17:92:9b:c0:c3:20:
                    0b:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:E5:BC:31:CC:F6:AC:8B:48:83:27:CA:41:56:D5:2E:FA:77:CE:6E
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/X-W8Mcz2rItIgyfKQVbVLvp3zm4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         8a:db:4d:07:e6:bf:a6:cb:2f:ee:1e:ce:d0:9e:59:a6:c1:1c:
         97:ab:5e:6a:7c:a0:50:cf:bf:03:3c:fc:54:b7:e3:8e:7a:b6:
         db:09:5c:67:26:36:3d:5f:e9:f0:92:8c:22:6e:7b:c9:f2:e7:
         25:0e:cb:97:64:1f:f7:8c:be:af:f4:cc:b6:39:b5:0a:e1:4e:
         e9:bc:b8:0f:76:bd:4d:eb:57:2c:c3:7f:61:ff:c5:5f:0d:e1:
         18:4e:7c:d5:5c:dd:33:75:7c:a2:2f:7d:15:74:d0:8b:ed:18:
         af:d1:13:1d:e5:61:72:94:a6:a8:b1:41:72:b3:71:27:a5:15:
         4d:05:1e:43:ae:53:42:80:9e:d8:fe:92:66:ce:e0:42:e5:d0:
         0d:4f:dd:1a:22:3c:cf:7e:90:0b:59:05:d4:61:8d:bd:e9:da:
         26:f6:f3:5a:c1:e3:ef:57:24:46:cc:bc:60:e2:8b:4c:a9:d0:
         64:20:cb:a1:36:8d:4e:18:c8:71:77:13:e6:e8:00:ac:4e:26:
         39:39:4a:eb:93:c3:02:73:a4:9d:39:49:53:d8:23:e7:17:9e:
         98:53:7c:b3:b3:71:49:8e:f0:82:4c:e9:88:7a:4e:bf:03:54:
         80:48:d9:9b:34:44:82:7b:29:51:86:bd:71:88:03:64:d4:0d:
         b1:1a:55:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0WRnssN9csk7StjQOkYH5EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjQwMTE3MDcxNTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmU1YmMzMWNjZjZhYzhiNDg4MzI3Y2E0MTU2ZDUyZWZhNzdjZTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Kg8bSgxt3bpiukzIKi/rFOKB/F2
RqWVDAmF1RUhR0vU5QmPt3Vo3QP4MjFStJ88tXUmIA2FY45hbB5H4RKW2L7YUITK
2A9Yx28laFN9dSBuHeMfxEGwnI7S/HRHB7RxJRBjqqsVJkbfNJUN8B2PqJkf4/8k
HHirWJoSIZVilsckCLafLrvrER0AroiLdEGNqIrWaZoC8Pr/sqKhjLRDZTisD1c7
6Ue3qed/dx2mOUoJ8knbLIeLAHRtjcsrjEsU/CyJPZIYKZMVqKwSSAcpp8bjpFgi
bHWysCeZgxEziEK0jUTEDiCd9GQ7Tm5MxpsnssRTgcIlj5oXkpvAwyALBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF/lvDHM9qyLSIMnykFW1S76d85uMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvWC1XOE1jejJySXRJZ3lmS1FWYlZMdnAzem00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEPjzwMA0G
CSqGSIb3DQEBCwUAA4IBAQCK200H5r+myy/uHs7QnlmmwRyXq15qfKBQz78DPPxU
t+OOerbbCVxnJjY9X+nwkowibnvJ8uclDsuXZB/3jL6v9My2ObUK4U7pvLgPdr1N
61csw39h/8VfDeEYTnzVXN0zdXyiL30VdNCL7Riv0RMd5WFylKaosUFys3EnpRVN
BR5DrlNCgJ7Y/pJmzuBC5dANT90aIjzPfpALWQXUYY296dom9vNawePvVyRGzLxg
4otMqdBkIMuhNo1OGMhxdxPm6ACsTiY5OUrrk8MCc6SdOUlT2CPnF56YU3yzs3FJ
jvCCTOmIek6/A1SASNmbNESCeylRhr1xiANk1A2xGlV3
-----END CERTIFICATE-----