Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/18b52b-5011-4309-bfbf-6eaa1c89824a/1/1o2xV0vzC4_QhtkkQxeyqKWhyA0.roa
File:                     1o2xV0vzC4_QhtkkQxeyqKWhyA0.roa (raw, json)
Hash identifier:          YUpjZ1gzKIc+MrzDw17On/btdMBC1SU0S1rZeCmQjYQ=
Subject key identifier:   D6:8D:B1:57:4B:F3:0B:8F:D0:86:D9:24:43:17:B2:A8:A5:A1:C8:0D
Certificate issuer:       /CN=b236f2e42522e98d376be38a89e5dd51abbf7996
Certificate serial:       018CC500D172E356274CD8DEC5A5E9DB21A0
Authority key identifier: B2:36:F2:E4:25:22:E9:8D:37:6B:E3:8A:89:E5:DD:51:AB:BF:79:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sjby5CUi6Y03a-OKieXdUau_eZY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/18b52b-5011-4309-bfbf-6eaa1c89824a/1/1o2xV0vzC4_QhtkkQxeyqKWhyA0.roa
Signing time:             Mon 01 Jan 2024 12:30:14 +0000
ROA not before:           Mon 01 Jan 2024 12:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28717
IP address blocks:        62.122.160.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/18b52b-5011-4309-bfbf-6eaa1c89824a/1/sjby5CUi6Y03a-OKieXdUau_eZY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/18b52b-5011-4309-bfbf-6eaa1c89824a/1/sjby5CUi6Y03a-OKieXdUau_eZY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sjby5CUi6Y03a-OKieXdUau_eZY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:d1:72:e3:56:27:4c:d8:de:c5:a5:e9:db:21:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b236f2e42522e98d376be38a89e5dd51abbf7996
        Validity
            Not Before: Jan  1 12:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d68db1574bf30b8fd086d9244317b2a8a5a1c80d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:70:15:6c:14:34:9a:dc:a5:f6:f4:f3:c3:59:
                    ae:84:60:aa:be:47:20:64:69:f9:23:ce:1d:2e:c9:
                    c2:68:d9:c8:fa:40:7d:0f:ba:ab:15:db:c3:db:54:
                    cb:96:21:f0:9f:05:0c:5f:0f:c5:d8:8f:e5:c7:26:
                    cd:d2:2c:55:ed:20:e4:bb:d9:b0:9e:1a:58:b6:e8:
                    9d:9b:1e:10:1f:bc:c7:b5:22:fc:c8:ad:ef:fb:19:
                    21:bc:56:9f:8c:e0:49:ec:43:50:8d:e1:22:76:5c:
                    3c:84:a8:c2:62:86:7c:6a:ff:da:ef:13:22:23:99:
                    b3:42:90:2a:60:57:75:64:2b:93:4d:83:e7:d9:fb:
                    55:b4:2d:a2:56:4b:eb:06:87:b4:ef:dc:52:b6:02:
                    78:ca:cc:9d:67:0d:47:29:a4:40:7a:69:cb:0e:0b:
                    ba:cf:b6:e6:d8:86:36:fe:02:45:19:28:a8:49:27:
                    81:9f:2e:1c:01:ed:9b:b6:f0:d3:77:ea:92:b9:68:
                    6b:62:14:7a:40:8f:ab:80:ab:ed:98:1e:6b:7f:2f:
                    cc:ca:b6:2e:1a:92:11:53:a6:b2:34:1e:ba:d3:a2:
                    94:94:7d:51:68:2b:67:7b:5f:72:b7:f9:05:d4:8e:
                    ba:ac:8a:67:7c:11:c5:00:71:ba:c5:e6:76:ce:4c:
                    45:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:8D:B1:57:4B:F3:0B:8F:D0:86:D9:24:43:17:B2:A8:A5:A1:C8:0D
            X509v3 Authority Key Identifier:
                keyid:B2:36:F2:E4:25:22:E9:8D:37:6B:E3:8A:89:E5:DD:51:AB:BF:79:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sjby5CUi6Y03a-OKieXdUau_eZY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/18b52b-5011-4309-bfbf-6eaa1c89824a/1/1o2xV0vzC4_QhtkkQxeyqKWhyA0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/18b52b-5011-4309-bfbf-6eaa1c89824a/1/sjby5CUi6Y03a-OKieXdUau_eZY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.122.160.0/21

    Signature Algorithm: sha256WithRSAEncryption
         25:b6:45:50:1f:8b:f4:32:f3:52:05:bf:be:f0:81:98:b1:9f:
         2a:4d:4d:08:61:fb:09:00:dd:6f:94:dd:b1:7c:ab:98:c8:75:
         2f:9b:1e:b4:1e:6c:d7:b9:4b:df:2b:85:77:86:49:cc:f9:f1:
         dc:3d:ff:52:dc:88:f9:09:5c:f5:d7:de:c8:68:ec:ea:3f:53:
         42:6f:8d:6c:b0:56:63:0b:59:10:44:49:4e:59:d4:7e:8a:65:
         bf:a4:29:72:00:32:b8:cb:45:06:ff:b4:27:1b:50:c2:df:f4:
         12:ee:17:f1:62:2e:24:9f:32:d0:48:85:b9:7a:2d:04:eb:27:
         e4:b3:35:86:eb:ad:e5:d8:db:45:7e:ad:0d:4e:a8:27:ac:e7:
         9e:05:c8:df:57:f5:53:60:63:a8:37:8d:ad:13:28:a3:0f:c8:
         50:fb:3f:24:34:c1:89:22:bf:7f:6f:c4:00:f6:ea:59:3a:2e:
         af:3d:9a:89:fd:37:36:96:5b:82:cc:d9:8a:d1:76:0b:27:b9:
         92:e5:ff:32:c8:14:7d:64:e8:79:ba:58:05:21:41:63:2d:94:
         45:b1:15:93:51:ad:42:bf:44:ef:54:51:b6:65:d1:31:7d:59:
         bc:ca:35:76:03:bb:89:3a:8f:f6:fc:94:57:2c:ff:5e:88:fa:
         5f:c4:a8:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFANFy41YnTNjexaXp2yGgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyMzZmMmU0MjUyMmU5OGQzNzZiZTM4YTg5ZTVkZDUxYWJi
Zjc5OTYwHhcNMjQwMTAxMTIzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjhkYjE1NzRiZjMwYjhmZDA4NmQ5MjQ0MzE3YjJhOGE1YTFjODBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmHAVbBQ0mtyl9vTzw1muhGCqvkcg
ZGn5I84dLsnCaNnI+kB9D7qrFdvD21TLliHwnwUMXw/F2I/lxybN0ixV7SDku9mw
nhpYtuidmx4QH7zHtSL8yK3v+xkhvFafjOBJ7ENQjeEidlw8hKjCYoZ8av/a7xMi
I5mzQpAqYFd1ZCuTTYPn2ftVtC2iVkvrBoe079xStgJ4ysydZw1HKaRAemnLDgu6
z7bm2IY2/gJFGSioSSeBny4cAe2btvDTd+qSuWhrYhR6QI+rgKvtmB5rfy/MyrYu
GpIRU6ayNB6606KUlH1RaCtne19yt/kF1I66rIpnfBHFAHG6xeZ2zkxFzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNaNsVdL8wuP0IbZJEMXsqilocgNMB8GA1UdIwQY
MBaAFLI28uQlIumNN2vjionl3VGrv3mWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2pieTVDVWk2WTAzYS1PS2llWGRVYXVfZVpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy8xOGI1MmItNTAxMS00MzA5LWJmYmYt
NmVhYTFjODk4MjRhLzEvMW8yeFYwdnpDNF9RaHRra1F4ZXlxS1doeUEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy8xOGI1MmItNTAxMS00MzA5LWJmYmYtNmVhYTFjODk4MjRh
LzEvc2pieTVDVWk2WTAzYS1PS2llWGRVYXVfZVpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDPnqgMA0G
CSqGSIb3DQEBCwUAA4IBAQAltkVQH4v0MvNSBb++8IGYsZ8qTU0IYfsJAN1vlN2x
fKuYyHUvmx60HmzXuUvfK4V3hknM+fHcPf9S3Ij5CVz1197IaOzqP1NCb41ssFZj
C1kQRElOWdR+imW/pClyADK4y0UG/7QnG1DC3/QS7hfxYi4knzLQSIW5ei0E6yfk
szWG663l2NtFfq0NTqgnrOeeBcjfV/VTYGOoN42tEyijD8hQ+z8kNMGJIr9/b8QA
9upZOi6vPZqJ/Tc2lluCzNmK0XYLJ7mS5f8yyBR9ZOh5ulgFIUFjLZRFsRWTUa1C
v0TvVFG2ZdExfVm8yjV2A7uJOo/2/JRXLP9eiPpfxKgo
-----END CERTIFICATE-----