Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/A2yCegDJJYkKr-fvKULtnLFaaHA.roa
File:                     A2yCegDJJYkKr-fvKULtnLFaaHA.roa (raw, json)
Hash identifier:          kdcB6NysY/wH/ozb0ibji9cXckznga+MzbIFYos6NAk=
Subject key identifier:   03:6C:82:7A:00:C9:25:89:0A:AF:E7:EF:29:42:ED:9C:B1:5A:68:70
Certificate issuer:       /CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Certificate serial:       01933E7364DCFE7AC56B55D181E2C2F61692
Authority key identifier: 6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/A2yCegDJJYkKr-fvKULtnLFaaHA.roa
Signing time:             Mon 18 Nov 2024 08:46:10 +0000
ROA not before:           Mon 18 Nov 2024 08:46:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197537
IP address blocks:        62.171.244.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:3e:73:64:dc:fe:7a:c5:6b:55:d1:81:e2:c2:f6:16:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
        Validity
            Not Before: Nov 18 08:46:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=036c827a00c925890aafe7ef2942ed9cb15a6870
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:90:67:b4:73:38:9d:2f:39:79:79:b4:6d:ea:
                    6c:d0:27:b3:6c:ae:35:d5:a4:ce:58:63:00:59:99:
                    1f:bf:02:1e:1d:59:12:86:4f:79:58:a4:34:54:a2:
                    da:f5:e9:07:80:4d:ce:96:0c:22:81:af:82:14:74:
                    83:89:ce:e3:af:aa:40:37:1d:b0:f1:02:7b:49:6f:
                    b7:52:c0:79:f2:97:93:d0:bf:b1:f2:c4:08:d1:e7:
                    15:46:c7:70:d0:7f:45:35:83:49:63:0d:63:a9:f4:
                    85:02:a5:69:18:0f:00:75:45:36:1d:f2:1c:5c:01:
                    be:18:11:76:b0:29:74:d8:d6:1e:e3:6e:3f:78:92:
                    51:16:dd:d9:04:9c:c5:e3:ae:94:60:03:65:b6:86:
                    27:7c:92:79:af:20:06:2a:02:f6:36:63:f9:df:58:
                    ed:f2:31:d4:9e:ea:a9:32:56:4e:84:8c:6f:05:18:
                    8e:08:aa:ff:1a:a6:aa:6c:e2:66:50:a4:74:6f:63:
                    53:48:f0:53:6c:ba:70:25:a6:60:42:80:5d:35:ce:
                    f4:a5:91:c5:4b:9e:db:f9:48:fc:99:54:bd:f4:15:
                    11:72:03:42:c5:b5:80:b9:02:d9:45:59:e8:cd:e6:
                    18:2d:04:b4:c5:b3:77:97:4c:54:3c:93:06:e1:6f:
                    1a:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:6C:82:7A:00:C9:25:89:0A:AF:E7:EF:29:42:ED:9C:B1:5A:68:70
            X509v3 Authority Key Identifier:
                keyid:6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/A2yCegDJJYkKr-fvKULtnLFaaHA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.171.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         72:48:c4:fd:23:50:df:f4:77:58:95:ad:c9:05:7c:79:0e:b9:
         c2:14:58:6c:df:e2:a2:69:48:36:ed:72:a0:65:5d:1b:25:7f:
         c9:cb:68:f4:ab:c3:8b:29:1a:e3:e8:08:ea:a3:42:dd:1c:b9:
         43:b2:bf:03:6c:92:5c:6d:d2:70:67:d7:61:05:ce:9a:7a:fa:
         3e:c1:dc:43:20:f0:6e:26:af:0e:29:4e:e5:34:d5:1f:d0:23:
         b7:de:5b:1c:74:f9:11:43:1b:77:ab:da:72:35:08:8d:d9:51:
         85:b2:51:00:d1:18:15:c0:65:4b:9e:e0:17:50:02:e1:e8:ae:
         63:9c:ab:5b:1c:dc:ea:9f:e7:a6:b9:c2:48:76:65:74:22:36:
         cf:a2:0c:42:3b:0c:97:8b:ea:1c:8c:3e:69:9e:b7:76:92:17:
         fc:ab:7e:fc:f6:ba:c5:33:24:23:51:e6:a4:97:cd:a4:e5:dc:
         99:b5:b1:79:20:d8:5c:6b:35:96:f3:ca:27:a0:3c:6c:4e:69:
         db:c4:ea:ff:1a:18:b5:79:4e:f6:43:d6:cf:c7:ee:80:7d:b0:
         01:06:8d:23:35:9d:4e:55:6f:a3:60:7a:58:c6:25:9a:59:b0:
         78:ce:c9:b3:f0:85:22:af:c8:da:92:d5:8b:b3:2c:29:0d:19:
         87:9f:10:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZM+c2Tc/nrFa1XRgeLC9haSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTgzNmRkZTliOWRhZWYzNWE4YTdmNzRkNjMyNmY2YjQy
ZGE3NGQwHhcNMjQxMTE4MDg0NjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzZjODI3YTAwYzkyNTg5MGFhZmU3ZWYyOTQyZWQ5Y2IxNWE2ODcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjZBntHM4nS85eXm0beps0CezbK41
1aTOWGMAWZkfvwIeHVkShk95WKQ0VKLa9ekHgE3Olgwiga+CFHSDic7jr6pANx2w
8QJ7SW+3UsB58peT0L+x8sQI0ecVRsdw0H9FNYNJYw1jqfSFAqVpGA8AdUU2HfIc
XAG+GBF2sCl02NYe424/eJJRFt3ZBJzF466UYANltoYnfJJ5ryAGKgL2NmP531jt
8jHUnuqpMlZOhIxvBRiOCKr/GqaqbOJmUKR0b2NTSPBTbLpwJaZgQoBdNc70pZHF
S57b+Uj8mVS99BURcgNCxbWAuQLZRVnozeYYLQS0xbN3l0xUPJMG4W8azwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFANsgnoAySWJCq/n7ylC7ZyxWmhwMB8GA1UdIwQY
MBaAFGpYNt3pudrvNain901jJva0LadNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUt
YzE5OTQyNzM3ZTZkLzEvQTJ5Q2VnREpKWWtLci1mdktVTHRuTEZhYUhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUtYzE5OTQyNzM3ZTZk
LzEvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCPqv0MA0G
CSqGSIb3DQEBCwUAA4IBAQBySMT9I1Df9HdYla3JBXx5DrnCFFhs3+KiaUg27XKg
ZV0bJX/Jy2j0q8OLKRrj6Ajqo0LdHLlDsr8DbJJcbdJwZ9dhBc6aevo+wdxDIPBu
Jq8OKU7lNNUf0CO33lscdPkRQxt3q9pyNQiN2VGFslEA0RgVwGVLnuAXUALh6K5j
nKtbHNzqn+emucJIdmV0IjbPogxCOwyXi+ocjD5pnrd2khf8q3789rrFMyQjUeak
l82k5dyZtbF5INhcazWW88onoDxsTmnbxOr/Ghi1eU72Q9bPx+6AfbABBo0jNZ1O
VW+jYHpYxiWaWbB4zsmz8IUir8jaktWLsywpDRmHnxBa
-----END CERTIFICATE-----