Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/q-wZr0dH6FKOwwQIDYtIS-oqvHg.roa
File:                     q-wZr0dH6FKOwwQIDYtIS-oqvHg.roa (raw, json)
Hash identifier:          ZjFbfR2g9U6Skzi5fZ101rBn94vDJWdwUKSufJcNG1A=
Subject key identifier:   AB:EC:19:AF:47:47:E8:52:8E:C3:04:08:0D:8B:48:4B:EA:2A:BC:78
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       018E0E197DB93DBE962B3506D0C78B095C6C
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/q-wZr0dH6FKOwwQIDYtIS-oqvHg.roa
Signing time:             Tue 05 Mar 2024 10:12:15 +0000
ROA not before:           Tue 05 Mar 2024 10:12:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215633
IP address blocks:        62.60.141.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 08:39:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:0e:19:7d:b9:3d:be:96:2b:35:06:d0:c7:8b:09:5c:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Mar  5 10:12:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=abec19af4747e8528ec304080d8b484bea2abc78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:52:58:f7:48:3b:40:6c:fa:b9:ae:d8:9e:c5:
                    8d:3d:90:b7:64:ad:2a:a2:34:e1:0b:97:2c:40:fc:
                    da:2a:03:4d:a5:73:ee:cc:97:e7:f6:c5:8d:a6:ae:
                    69:06:d0:ef:3c:94:ed:e9:fe:de:24:da:65:2a:be:
                    59:29:eb:d5:91:f7:af:1d:34:78:2d:fc:0b:99:6c:
                    ae:05:8c:8a:0d:a5:51:9b:ca:4c:8d:c8:50:8d:58:
                    5a:92:ad:a7:d6:b6:1d:5c:b3:5b:69:69:23:7e:65:
                    4a:fc:7f:c7:51:e4:17:d9:c4:91:03:2f:65:6f:25:
                    39:d5:17:51:a6:38:4c:36:a9:b4:2f:1e:5e:83:ec:
                    df:73:1e:11:da:a9:af:7a:f9:80:0c:f3:a8:d6:41:
                    37:fc:b1:7b:af:8c:18:b1:6a:31:1d:11:de:f5:e6:
                    e0:2f:8c:9b:58:56:91:a8:1a:6d:60:69:6f:ca:7b:
                    9b:a1:52:1c:66:73:b2:f3:66:33:9b:4c:7d:1d:9a:
                    bc:51:8e:2a:ea:20:d0:e4:cb:59:b9:0a:6d:d9:1d:
                    18:be:cf:8c:49:d5:24:f5:0b:ad:e5:22:45:6c:03:
                    c4:09:4c:35:74:7c:c3:77:c2:7f:c9:22:e8:86:db:
                    1f:83:1a:3f:94:dd:d9:23:bc:8d:d4:40:b0:19:5c:
                    66:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:EC:19:AF:47:47:E8:52:8E:C3:04:08:0D:8B:48:4B:EA:2A:BC:78
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/q-wZr0dH6FKOwwQIDYtIS-oqvHg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:71:a2:22:97:c6:d4:bd:9c:7f:60:0a:32:88:6c:9f:36:17:
         da:98:34:5e:52:ec:95:be:ff:67:3e:57:c8:67:40:c1:4c:1a:
         26:0b:b8:14:11:27:64:a0:ba:a4:11:5b:29:09:9e:fe:4a:8a:
         0d:6d:71:77:b2:e7:ac:29:0a:6a:e8:98:2d:b4:5c:4f:59:de:
         51:56:b0:b3:da:07:fc:e0:92:b4:2b:93:7b:95:b8:c9:ed:2f:
         aa:73:6b:64:ec:31:83:05:ba:3b:8c:1e:22:46:a4:a3:1d:cc:
         6f:e0:eb:c6:4f:ea:45:3e:e9:e5:2b:99:fd:d0:fb:20:a8:25:
         c3:0d:2e:56:bc:24:d5:f3:18:1c:5b:d2:19:e2:17:a7:ea:31:
         1d:c2:31:9c:4b:c5:b6:5f:f5:6e:0c:4c:09:89:3c:77:2c:cf:
         da:35:f7:f4:e7:fd:08:0e:88:c2:d5:87:78:e1:61:04:dc:be:
         28:5f:1b:2a:cc:c5:48:50:d3:c1:91:a5:03:61:4e:c1:29:c3:
         a8:c6:23:d9:44:12:7b:3d:76:bf:6a:39:da:23:83:5d:14:04:
         2c:01:ad:ed:5d:e6:90:91:ea:41:0f:6e:5c:d4:c1:3a:95:52:
         ae:96:69:8d:02:41:17:97:e4:33:84:0c:78:f4:c5:2d:36:91:
         6f:77:17:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4OGX25Pb6WKzUG0MeLCVxsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjQwMzA1MTAxMjE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmVjMTlhZjQ3NDdlODUyOGVjMzA0MDgwZDhiNDg0YmVhMmFiYzc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxlJY90g7QGz6ua7YnsWNPZC3ZK0q
ojThC5csQPzaKgNNpXPuzJfn9sWNpq5pBtDvPJTt6f7eJNplKr5ZKevVkfevHTR4
LfwLmWyuBYyKDaVRm8pMjchQjVhakq2n1rYdXLNbaWkjfmVK/H/HUeQX2cSRAy9l
byU51RdRpjhMNqm0Lx5eg+zfcx4R2qmvevmADPOo1kE3/LF7r4wYsWoxHRHe9ebg
L4ybWFaRqBptYGlvynuboVIcZnOy82Yzm0x9HZq8UY4q6iDQ5MtZuQpt2R0Yvs+M
SdUk9Qut5SJFbAPECUw1dHzDd8J/ySLohtsfgxo/lN3ZI7yN1ECwGVxm3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKvsGa9HR+hSjsMECA2LSEvqKrx4MB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvcS13WnIwZEg2RktPd3dRSURZdElTLW9xdkhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPjyNMA0G
CSqGSIb3DQEBCwUAA4IBAQB4caIil8bUvZx/YAoyiGyfNhfamDReUuyVvv9nPlfI
Z0DBTBomC7gUESdkoLqkEVspCZ7+SooNbXF3suesKQpq6JgttFxPWd5RVrCz2gf8
4JK0K5N7lbjJ7S+qc2tk7DGDBbo7jB4iRqSjHcxv4OvGT+pFPunlK5n90PsgqCXD
DS5WvCTV8xgcW9IZ4hen6jEdwjGcS8W2X/VuDEwJiTx3LM/aNff05/0IDojC1Yd4
4WEE3L4oXxsqzMVIUNPBkaUDYU7BKcOoxiPZRBJ7PXa/ajnaI4NdFAQsAa3tXeaQ
kepBD25c1ME6lVKulmmNAkEXl+QzhAx49MUtNpFvdxeY
-----END CERTIFICATE-----