Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/fUXtNvBdAArjI8jciJ2jNK0w7i4.roa
File:                     fUXtNvBdAArjI8jciJ2jNK0w7i4.roa (raw, json)
Hash identifier:          h66wz9JK9kxTKFkdWMVSSu9K3ezgxx10iUfh96d7G+M=
Subject key identifier:   7D:45:ED:36:F0:5D:00:0A:E3:23:C8:DC:88:9D:A3:34:AD:30:EE:2E
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018F4C8E2CDEF40123230BC415BD7ED3D66C
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/fUXtNvBdAArjI8jciJ2jNK0w7i4.roa
Signing time:             Mon 06 May 2024 06:18:57 +0000
ROA not before:           Mon 06 May 2024 06:18:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398465
IP address blocks:        62.72.172.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 05:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:4c:8e:2c:de:f4:01:23:23:0b:c4:15:bd:7e:d3:d6:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: May  6 06:18:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d45ed36f05d000ae323c8dc889da334ad30ee2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:5b:4d:45:2c:44:61:8b:50:90:89:32:a5:c6:
                    cd:c3:4f:53:e8:fd:e8:28:bd:94:8f:da:68:25:e6:
                    b1:81:51:a4:23:fa:74:c1:2a:2b:75:dc:ba:83:15:
                    2a:40:57:43:9e:30:2d:a2:7d:c7:7b:d9:3c:f9:85:
                    9f:e0:be:47:5b:3a:e7:f2:a5:14:a6:42:54:49:08:
                    39:6b:4c:e8:ad:77:da:c4:27:67:c3:1d:3e:41:48:
                    10:18:4a:5c:4d:2c:53:ad:8c:81:bf:5c:37:ec:48:
                    24:7d:94:92:1f:2a:83:ac:a8:35:3f:26:47:a0:09:
                    c3:c2:1f:1c:d4:7a:ac:b3:60:e6:4e:19:bd:ba:51:
                    25:67:2a:e1:1b:6b:2d:3c:35:23:02:be:16:09:c2:
                    6d:da:7e:b3:63:e9:8e:b1:0d:04:cc:0a:99:96:26:
                    04:cc:c7:a7:14:d6:68:00:9f:ed:12:b7:53:e9:8a:
                    cf:0c:af:5c:83:24:9e:69:b6:df:83:d5:bf:3f:47:
                    0d:8b:0c:fd:62:b2:e8:10:89:a0:a9:b6:2d:cb:fd:
                    80:18:2b:c5:10:9a:04:7c:0f:ef:d1:e8:56:c5:93:
                    41:82:22:dc:52:38:67:05:8d:59:14:68:37:d8:88:
                    11:dd:75:5b:0d:11:d0:d0:a2:51:26:d0:0d:0a:68:
                    34:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:45:ED:36:F0:5D:00:0A:E3:23:C8:DC:88:9D:A3:34:AD:30:EE:2E
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/fUXtNvBdAArjI8jciJ2jNK0w7i4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:37:18:3e:91:c5:2e:43:b7:ea:66:c4:fd:62:d1:ed:0b:71:
         78:e5:36:94:0f:d6:b0:8b:eb:eb:26:f1:33:00:1b:fc:e7:06:
         45:45:8d:4e:dd:b4:8c:bc:8e:57:4b:c7:fc:41:81:a7:a5:f7:
         bd:98:83:0d:7a:c5:71:5f:2b:d8:8a:e7:cd:9f:2b:6a:1c:23:
         92:bd:76:1c:08:a7:a2:39:ba:86:5c:35:0c:50:1a:ea:f3:45:
         74:a2:ab:77:e9:eb:e6:6c:29:da:0b:5a:50:c5:a3:a3:90:25:
         11:9f:37:93:14:2b:dd:ef:92:fc:29:08:3d:a6:aa:51:4b:a1:
         f4:d2:e5:66:a9:d7:4c:f9:ad:c9:90:17:e6:3e:07:6d:9d:34:
         15:eb:95:0c:82:a3:01:68:a3:0d:e6:26:35:6f:ba:9d:fa:a6:
         7c:ae:f6:4b:a0:ea:95:03:f4:b7:7c:e5:0c:b7:da:eb:44:9e:
         0f:5d:fb:c3:e6:68:56:51:b0:d1:c1:9b:5f:28:28:77:63:0d:
         5e:ac:40:f4:25:1b:47:f9:4f:b6:b5:ca:29:71:01:d9:cd:4b:
         ab:49:76:2a:42:83:8b:da:fb:2c:49:1c:77:25:f2:e2:c0:ea:
         43:43:1c:b0:99:2b:c8:71:9e:18:7c:3f:ca:40:96:88:d6:95:
         f5:45:2c:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9Mjize9AEjIwvEFb1+09ZsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwNTA2MDYxODU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDQ1ZWQzNmYwNWQwMDBhZTMyM2M4ZGM4ODlkYTMzNGFkMzBlZTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2VtNRSxEYYtQkIkypcbNw09T6P3o
KL2Uj9poJeaxgVGkI/p0wSorddy6gxUqQFdDnjAton3He9k8+YWf4L5HWzrn8qUU
pkJUSQg5a0zorXfaxCdnwx0+QUgQGEpcTSxTrYyBv1w37EgkfZSSHyqDrKg1PyZH
oAnDwh8c1Hqss2DmThm9ulElZyrhG2stPDUjAr4WCcJt2n6zY+mOsQ0EzAqZliYE
zMenFNZoAJ/tErdT6YrPDK9cgySeabbfg9W/P0cNiwz9YrLoEImgqbYty/2AGCvF
EJoEfA/v0ehWxZNBgiLcUjhnBY1ZFGg32IgR3XVbDRHQ0KJRJtANCmg0yQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH1F7TbwXQAK4yPI3IidozStMO4uMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvZlVYdE52QmRBQXJqSThqY2lKMmpOSzB3N2k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPkisMA0G
CSqGSIb3DQEBCwUAA4IBAQA3Nxg+kcUuQ7fqZsT9YtHtC3F45TaUD9awi+vrJvEz
ABv85wZFRY1O3bSMvI5XS8f8QYGnpfe9mIMNesVxXyvYiufNnytqHCOSvXYcCKei
ObqGXDUMUBrq80V0oqt36evmbCnaC1pQxaOjkCURnzeTFCvd75L8KQg9pqpRS6H0
0uVmqddM+a3JkBfmPgdtnTQV65UMgqMBaKMN5iY1b7qd+qZ8rvZLoOqVA/S3fOUM
t9rrRJ4PXfvD5mhWUbDRwZtfKCh3Yw1erED0JRtH+U+2tcopcQHZzUurSXYqQoOL
2vssSRx3JfLiwOpDQxywmSvIcZ4YfD/KQJaI1pX1RSw7
-----END CERTIFICATE-----