Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/PG7oPkEMZMiC5yj1sbtiqOMPnWo.roa
File:                     PG7oPkEMZMiC5yj1sbtiqOMPnWo.roa (raw, json)
Hash identifier:          RzhSt20UHcMvc7BDfNUSVP+kgyF+xhSltXrM0/FfmzE=
Subject key identifier:   3C:6E:E8:3E:41:0C:64:C8:82:E7:28:F5:B1:BB:62:A8:E3:0F:9D:6A
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       018F06475561071A3AAD6BD545ABCCCCA74E
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/PG7oPkEMZMiC5yj1sbtiqOMPnWo.roa
Signing time:             Mon 22 Apr 2024 14:48:09 +0000
ROA not before:           Mon 22 Apr 2024 14:48:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8764
IP address blocks:        62.122.76.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:06:47:55:61:07:1a:3a:ad:6b:d5:45:ab:cc:cc:a7:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Apr 22 14:48:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3c6ee83e410c64c882e728f5b1bb62a8e30f9d6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:a7:2b:4f:16:6c:27:c8:8f:c0:88:5c:30:1e:
                    40:22:a7:b3:37:46:11:e4:7e:db:23:fb:3c:58:15:
                    3c:f0:00:29:fd:6a:7b:9e:5e:15:6b:d6:fc:5f:dc:
                    b8:e2:d8:ae:42:fb:69:43:fd:88:ef:c1:c5:3b:04:
                    17:f0:2c:5a:cb:8b:32:b0:16:7d:6c:7f:2d:9d:6d:
                    03:df:5b:9e:9b:d4:6c:43:07:43:03:77:30:ad:b8:
                    98:cc:25:50:36:87:40:c0:a1:a8:bd:4d:3d:52:c2:
                    06:de:d5:1d:dc:e6:4f:79:ea:5d:a6:eb:28:6b:6d:
                    e2:7a:77:97:c6:9f:d2:c2:a4:cd:e7:03:04:31:9b:
                    a8:92:97:85:e5:6c:8a:16:09:ce:4f:db:72:a0:24:
                    90:f7:89:f2:23:e3:37:08:f4:f4:be:51:61:6e:bf:
                    6f:b0:23:8e:d5:63:a9:ce:5a:29:ca:41:cc:6b:aa:
                    8e:6d:33:3e:9e:05:86:22:56:04:0d:49:93:03:4c:
                    f9:33:4d:21:14:49:7d:f5:0b:6f:2a:de:31:24:0c:
                    a9:e6:38:bb:e0:fc:1b:90:19:1c:8b:c9:78:7a:01:
                    27:07:6c:d4:ab:11:df:71:af:8a:00:04:f2:5e:7a:
                    66:51:8a:83:cb:1e:2e:81:67:7e:d2:a5:5b:5c:82:
                    bd:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:6E:E8:3E:41:0C:64:C8:82:E7:28:F5:B1:BB:62:A8:E3:0F:9D:6A
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/PG7oPkEMZMiC5yj1sbtiqOMPnWo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.122.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5e:2e:fe:f9:e9:13:ef:66:18:f2:25:2c:ee:b4:99:54:a2:5f:
         db:75:8a:37:0e:58:db:fb:5d:25:65:12:c5:e5:95:16:86:af:
         68:e0:d8:31:43:42:ac:e7:05:6f:e6:1e:51:b5:85:8e:af:f7:
         04:d3:fe:b9:b2:73:db:6e:dd:32:79:99:7d:70:e9:db:07:61:
         fa:fa:66:bc:62:c5:20:f8:1d:28:63:1f:56:7d:6e:17:6d:f6:
         57:a6:a9:8c:17:75:9c:fd:92:b0:4a:77:be:91:3a:76:4c:04:
         b4:3a:45:e6:71:5d:44:f8:58:b4:3d:12:7f:2f:7c:8d:d1:b9:
         bf:b7:f8:46:e6:32:6a:ef:f9:22:d8:a0:ec:5b:e7:eb:ec:b4:
         cc:55:31:f2:68:e2:66:c9:b7:6b:51:31:45:20:89:69:6c:7c:
         29:9b:16:eb:9a:76:6b:03:23:68:61:5b:e2:ca:78:27:ca:2f:
         1c:18:76:24:52:ab:72:ee:71:bc:d4:c1:3f:6c:fb:42:a3:7f:
         86:56:fa:09:12:25:f2:82:0d:f9:c4:31:ea:6e:fc:e8:f4:53:
         f1:14:22:ec:00:d8:ea:d9:10:99:ee:26:7c:8a:7f:6f:00:f5:
         c4:c9:a8:e9:0b:45:34:4e:43:df:45:66:ca:ac:f8:8d:11:d8:
         ad:41:d8:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8GR1VhBxo6rWvVRavMzKdOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjQwNDIyMTQ0ODA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzZlZTgzZTQxMGM2NGM4ODJlNzI4ZjViMWJiNjJhOGUzMGY5ZDZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiqcrTxZsJ8iPwIhcMB5AIqezN0YR
5H7bI/s8WBU88AAp/Wp7nl4Va9b8X9y44tiuQvtpQ/2I78HFOwQX8Cxay4sysBZ9
bH8tnW0D31uem9RsQwdDA3cwrbiYzCVQNodAwKGovU09UsIG3tUd3OZPeepdpuso
a23ieneXxp/SwqTN5wMEMZuokpeF5WyKFgnOT9tyoCSQ94nyI+M3CPT0vlFhbr9v
sCOO1WOpzlopykHMa6qObTM+ngWGIlYEDUmTA0z5M00hFEl99QtvKt4xJAyp5ji7
4PwbkBkci8l4egEnB2zUqxHfca+KAATyXnpmUYqDyx4ugWd+0qVbXIK9kwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDxu6D5BDGTIguco9bG7YqjjD51qMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvUEc3b1BrRU1aTWlDNXlqMXNidGlxT01QbldvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCPnpMMA0G
CSqGSIb3DQEBCwUAA4IBAQBeLv756RPvZhjyJSzutJlUol/bdYo3Dljb+10lZRLF
5ZUWhq9o4NgxQ0Ks5wVv5h5RtYWOr/cE0/65snPbbt0yeZl9cOnbB2H6+ma8YsUg
+B0oYx9WfW4XbfZXpqmMF3Wc/ZKwSne+kTp2TAS0OkXmcV1E+Fi0PRJ/L3yN0bm/
t/hG5jJq7/ki2KDsW+fr7LTMVTHyaOJmybdrUTFFIIlpbHwpmxbrmnZrAyNoYVvi
yngnyi8cGHYkUqty7nG81ME/bPtCo3+GVvoJEiXygg35xDHqbvzo9FPxFCLsANjq
2RCZ7iZ8in9vAPXEyajpC0U0TkPfRWbKrPiNEditQdjp
-----END CERTIFICATE-----