Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/OsR5Xm3iO7MvaMCoVKaf5Gc99oU.roa
File:                     OsR5Xm3iO7MvaMCoVKaf5Gc99oU.roa (raw, json)
Hash identifier:          kAuge366XUeJ1ybK0hLcaDC/T5/vR3TLswOFQdjXp5s=
Subject key identifier:   3A:C4:79:5E:6D:E2:3B:B3:2F:68:C0:A8:54:A6:9F:E4:67:3D:F6:85
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       018CC8DF15D390340467A44A4BBF381C9E78
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/OsR5Xm3iO7MvaMCoVKaf5Gc99oU.roa
Signing time:             Tue 02 Jan 2024 06:31:52 +0000
ROA not before:           Tue 02 Jan 2024 06:31:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        62.233.54.0/24 maxlen: 24
                          185.226.183.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:15:d3:90:34:04:67:a4:4a:4b:bf:38:1c:9e:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Jan  2 06:31:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ac4795e6de23bb32f68c0a854a69fe4673df685
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:32:f8:35:88:43:a7:ec:18:30:00:79:10:a9:
                    dd:03:c3:6d:e3:c1:56:20:2b:00:00:0a:83:f3:af:
                    b3:10:47:4c:40:00:62:e4:d7:13:83:ea:34:95:34:
                    7d:6a:79:54:da:ce:a4:96:37:10:89:d6:75:23:66:
                    b8:53:af:47:fb:a7:4a:30:ba:e8:7b:0d:8a:50:cf:
                    d8:a4:b5:93:09:bb:49:9e:19:1b:e3:48:70:1a:7b:
                    ac:77:47:9d:08:3f:97:1b:47:6d:b9:90:3f:0a:46:
                    b5:20:2c:b9:f8:ff:59:e1:62:0d:f0:a9:d1:2d:92:
                    8c:9c:01:13:8a:5c:b3:35:25:68:9c:18:48:20:82:
                    eb:9c:51:be:1e:e5:14:db:e5:0a:17:08:9b:71:ce:
                    e1:22:03:5e:57:c5:27:17:09:55:b8:83:72:74:b9:
                    5e:b6:44:38:12:fa:93:2a:6c:12:e5:51:14:75:8e:
                    8c:42:ce:5f:ed:ff:49:0f:84:ac:da:e5:f6:77:23:
                    34:44:7f:71:d0:ca:a9:68:dd:ba:30:ba:96:98:6c:
                    5d:8e:7d:42:c0:95:27:0e:73:b7:2d:4f:0b:bb:58:
                    26:39:a1:50:19:62:ff:3b:e0:36:ef:09:58:95:ab:
                    56:d3:77:77:b5:51:42:9d:f2:31:1d:77:40:a4:44:
                    8e:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:C4:79:5E:6D:E2:3B:B3:2F:68:C0:A8:54:A6:9F:E4:67:3D:F6:85
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/OsR5Xm3iO7MvaMCoVKaf5Gc99oU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.233.54.0/24
                  185.226.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:34:a0:06:f6:40:61:18:ee:0c:9d:58:e5:f0:0a:30:80:f7:
         6d:01:2c:11:7d:23:48:be:45:13:6b:09:a2:c7:69:92:ca:10:
         54:d2:91:32:ba:7d:b4:ee:da:54:70:4b:6e:13:77:6f:c3:b9:
         b1:59:0d:6f:48:03:1e:48:ce:cd:e7:da:ab:a2:de:7a:f8:e3:
         ad:3d:5f:6c:02:f8:ab:28:bc:de:7f:74:c6:b2:03:76:67:92:
         82:db:91:5d:27:c4:be:02:9d:dd:99:00:20:da:dd:0b:df:35:
         de:e5:79:0d:59:58:00:1b:e2:10:43:bd:1b:53:56:01:4e:9a:
         53:8f:1a:ac:7a:1e:23:c3:7d:2a:b3:c0:b7:81:db:f1:d2:98:
         2c:c6:88:e7:09:9b:b4:51:87:07:ae:24:59:7c:a8:db:37:7d:
         b6:4a:b2:0e:67:8f:91:b5:89:32:a8:9e:6e:87:2a:a7:55:6b:
         a0:f8:1e:b4:1a:ef:d1:8c:a9:82:26:58:3e:25:45:01:03:fe:
         b8:db:d2:82:72:58:1e:21:58:a5:ec:d7:dd:40:6b:f2:e6:87:
         98:e9:61:9c:be:98:d3:a1:eb:ef:5b:e0:63:f5:0a:e3:1b:a2:
         61:0e:42:d5:67:79:76:12:3c:9e:e7:77:93:07:11:6a:45:0f:
         7c:32:bb:14
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3xXTkDQEZ6RKS784HJ54MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjQwMTAyMDYzMTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWM0Nzk1ZTZkZTIzYmIzMmY2OGMwYTg1NGE2OWZlNDY3M2RmNjg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAszL4NYhDp+wYMAB5EKndA8Nt48FW
ICsAAAqD86+zEEdMQABi5NcTg+o0lTR9anlU2s6kljcQidZ1I2a4U69H+6dKMLro
ew2KUM/YpLWTCbtJnhkb40hwGnusd0edCD+XG0dtuZA/Cka1ICy5+P9Z4WIN8KnR
LZKMnAETilyzNSVonBhIIILrnFG+HuUU2+UKFwibcc7hIgNeV8UnFwlVuINydLle
tkQ4EvqTKmwS5VEUdY6MQs5f7f9JD4Ss2uX2dyM0RH9x0MqpaN26MLqWmGxdjn1C
wJUnDnO3LU8Lu1gmOaFQGWL/O+A27wlYlatW03d3tVFCnfIxHXdApESO9QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDrEeV5t4juzL2jAqFSmn+RnPfaFMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvT3NSNVhtM2lPN012YU1Db1ZLYWY1R2M5OW9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPuk2AwQA
ueK3MA0GCSqGSIb3DQEBCwUAA4IBAQBbNKAG9kBhGO4MnVjl8AowgPdtASwRfSNI
vkUTawmix2mSyhBU0pEyun207tpUcEtuE3dvw7mxWQ1vSAMeSM7N59qrot56+OOt
PV9sAvirKLzef3TGsgN2Z5KC25FdJ8S+Ap3dmQAg2t0L3zXe5XkNWVgAG+IQQ70b
U1YBTppTjxqseh4jw30qs8C3gdvx0pgsxojnCZu0UYcHriRZfKjbN322SrIOZ4+R
tYkyqJ5uhyqnVWug+B60Gu/RjKmCJlg+JUUBA/6429KCclgeIVil7NfdQGvy5oeY
6WGcvpjToevvW+Bj9QrjG6JhDkLVZ3l2Ejye53eTBxFqRQ98MrsU
-----END CERTIFICATE-----