Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/J67T_Jr41olFdA0uHKR6Uyz75Gc.roa
File:                     J67T_Jr41olFdA0uHKR6Uyz75Gc.roa (raw, json)
Hash identifier:          NJ+9DNxkDtm2ctNxxpiE0bTIO3S2ZV4U9yIojqKDF3E=
Subject key identifier:   27:AE:D3:FC:9A:F8:D6:89:45:74:0D:2E:1C:A4:7A:53:2C:FB:E4:67
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018F772CF4680E233C8518E1C6DDE6714D88
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/J67T_Jr41olFdA0uHKR6Uyz75Gc.roa
Signing time:             Tue 14 May 2024 12:56:25 +0000
ROA not before:           Tue 14 May 2024 12:56:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29802
IP address blocks:        62.72.180.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 07:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:77:2c:f4:68:0e:23:3c:85:18:e1:c6:dd:e6:71:4d:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: May 14 12:56:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=27aed3fc9af8d68945740d2e1ca47a532cfbe467
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:98:c4:d2:41:d3:aa:0d:9c:68:bf:c8:94:32:
                    e1:c3:08:a0:ac:43:5f:a9:4a:0d:8a:ec:12:85:8c:
                    e3:d4:66:7c:24:ff:7e:3c:00:68:c2:4b:95:94:9a:
                    8b:cc:2a:84:9a:2c:93:f1:6a:6a:58:f6:7a:b2:18:
                    52:1e:cb:7d:8e:d6:0d:74:5f:f8:61:46:e7:85:61:
                    b3:57:12:39:13:8e:ce:21:c5:3e:03:77:51:72:c0:
                    fc:54:6a:37:06:02:83:f6:54:dd:92:45:87:93:93:
                    72:cd:17:c0:dc:a8:1c:4b:c5:c5:ec:4a:7f:33:dd:
                    ee:b3:c5:b1:c2:7c:8b:0b:08:14:1a:84:25:8b:35:
                    f2:c2:80:a9:05:f5:a2:40:f4:b2:48:96:9a:71:be:
                    a1:81:04:80:42:da:d6:10:b8:05:af:be:90:08:d2:
                    0f:87:99:6e:03:c8:a1:06:8a:6b:f7:26:7e:de:5b:
                    9e:3b:73:5c:8e:0e:16:6d:3c:92:40:1a:f9:00:31:
                    aa:ff:e8:7d:99:6f:0e:07:b2:3d:3f:9f:c7:a0:3e:
                    b6:2e:f5:0f:c9:e0:72:36:9b:9d:87:03:f7:de:9a:
                    01:1c:1d:15:08:b8:ff:7d:6e:0c:39:2e:73:ea:b4:
                    dc:37:fa:be:ed:80:c6:ba:d0:69:60:ca:22:ca:b7:
                    b3:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:AE:D3:FC:9A:F8:D6:89:45:74:0D:2E:1C:A4:7A:53:2C:FB:E4:67
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/J67T_Jr41olFdA0uHKR6Uyz75Gc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:51:63:a3:b0:73:c4:e4:31:cd:f8:32:ef:7b:31:d9:44:d5:
         38:20:57:6f:94:e2:f0:5c:15:bf:a2:14:94:cf:6f:98:a5:07:
         75:2a:ed:72:9f:5a:37:c5:74:32:0f:d0:f2:1c:67:50:bd:86:
         8c:60:09:d6:db:b1:20:2a:ac:37:18:bd:83:47:de:26:9c:cc:
         ba:3d:54:d5:df:c5:65:33:25:c8:82:4b:04:4c:97:3e:88:cf:
         d6:ae:58:30:b9:02:db:f3:df:55:8a:27:58:06:26:cc:16:fa:
         4f:fb:84:87:32:4c:3e:38:f4:fa:b5:cb:b7:4f:93:19:82:8b:
         0f:c1:ad:46:d5:42:31:e8:c8:89:d5:30:7d:67:8d:26:3d:7a:
         a6:e0:4d:e3:d0:e1:32:72:40:01:82:3a:a6:09:87:bf:dc:7d:
         b0:31:15:bb:88:51:c3:29:65:2b:c0:bb:05:96:7d:8d:b6:f5:
         48:8f:cb:01:66:6c:69:6f:98:6b:8b:03:91:ae:b7:ec:b7:37:
         28:0f:87:36:02:cc:59:3e:20:47:c7:e4:08:48:7e:b9:63:22:
         92:24:df:23:9f:7b:c1:65:5d:49:55:6b:7a:17:1e:5a:20:e7:
         a9:61:1b:62:9b:27:29:6a:f7:01:3c:3a:92:6c:65:7a:9d:0f:
         4a:96:57:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY93LPRoDiM8hRjhxt3mcU2IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwNTE0MTI1NjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2FlZDNmYzlhZjhkNjg5NDU3NDBkMmUxY2E0N2E1MzJjZmJlNDY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtpjE0kHTqg2caL/IlDLhwwigrENf
qUoNiuwShYzj1GZ8JP9+PABowkuVlJqLzCqEmiyT8WpqWPZ6shhSHst9jtYNdF/4
YUbnhWGzVxI5E47OIcU+A3dRcsD8VGo3BgKD9lTdkkWHk5NyzRfA3KgcS8XF7Ep/
M93us8WxwnyLCwgUGoQlizXywoCpBfWiQPSySJaacb6hgQSAQtrWELgFr76QCNIP
h5luA8ihBopr9yZ+3lueO3Ncjg4WbTySQBr5ADGq/+h9mW8OB7I9P5/HoD62LvUP
yeByNpudhwP33poBHB0VCLj/fW4MOS5z6rTcN/q+7YDGutBpYMoiyrezNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCeu0/ya+NaJRXQNLhykelMs++RnMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvSjY3VF9KcjQxb2xGZEEwdUhLUjZVeXo3NUdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPki0MA0G
CSqGSIb3DQEBCwUAA4IBAQCfUWOjsHPE5DHN+DLvezHZRNU4IFdvlOLwXBW/ohSU
z2+YpQd1Ku1yn1o3xXQyD9DyHGdQvYaMYAnW27EgKqw3GL2DR94mnMy6PVTV38Vl
MyXIgksETJc+iM/WrlgwuQLb899ViidYBibMFvpP+4SHMkw+OPT6tcu3T5MZgosP
wa1G1UIx6MiJ1TB9Z40mPXqm4E3j0OEyckABgjqmCYe/3H2wMRW7iFHDKWUrwLsF
ln2NtvVIj8sBZmxpb5hriwORrrfstzcoD4c2AsxZPiBHx+QISH65YyKSJN8jn3vB
ZV1JVWt6Fx5aIOepYRtimycpavcBPDqSbGV6nQ9Kllc8
-----END CERTIFICATE-----