Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/77d607-7d7c-4589-aff7-2fda97079c01/1/DoocsSeQkm1sRex1GU6hH-4I0mM.roa
File:                     DoocsSeQkm1sRex1GU6hH-4I0mM.roa (raw, json)
Hash identifier:          WLkyQcay0MYrSo9MAOxQ13lqTowdmWPs/tkAcU8sT4o=
Subject key identifier:   0E:8A:1C:B1:27:90:92:6D:6C:45:EC:75:19:4E:A1:1F:EE:08:D2:63
Certificate issuer:       /CN=c4d8c1985c50c7ead4cfd8d3a93d63e5611f6fb6
Certificate serial:       018CC7276E50486256FCFD3445D944E8BECA
Authority key identifier: C4:D8:C1:98:5C:50:C7:EA:D4:CF:D8:D3:A9:3D:63:E5:61:1F:6F:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xNjBmFxQx-rUz9jTqT1j5WEfb7Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/77d607-7d7c-4589-aff7-2fda97079c01/1/DoocsSeQkm1sRex1GU6hH-4I0mM.roa
Signing time:             Mon 01 Jan 2024 22:31:39 +0000
ROA not before:           Mon 01 Jan 2024 22:31:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2116
IP address blocks:        62.176.192.0/19 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/77d607-7d7c-4589-aff7-2fda97079c01/1/xNjBmFxQx-rUz9jTqT1j5WEfb7Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/77d607-7d7c-4589-aff7-2fda97079c01/1/xNjBmFxQx-rUz9jTqT1j5WEfb7Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xNjBmFxQx-rUz9jTqT1j5WEfb7Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 07:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:6e:50:48:62:56:fc:fd:34:45:d9:44:e8:be:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4d8c1985c50c7ead4cfd8d3a93d63e5611f6fb6
        Validity
            Not Before: Jan  1 22:31:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e8a1cb12790926d6c45ec75194ea11fee08d263
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:e7:01:08:07:51:ae:3c:2c:30:36:8b:40:49:
                    2c:78:72:d5:1e:05:c5:ee:95:0e:f8:c7:7e:1c:0a:
                    c3:9b:4b:7a:44:00:f0:b7:df:34:31:78:67:3e:7d:
                    91:9b:cc:b8:cc:bd:f8:27:09:60:2b:50:ac:71:7d:
                    66:9b:87:03:fd:df:0b:d4:65:98:2a:90:08:72:77:
                    5a:94:7b:87:2a:e8:76:ae:10:52:5b:ca:91:5b:e4:
                    3d:59:b9:f8:b2:be:f7:c1:cd:58:c2:58:f2:e0:43:
                    2c:6e:d0:b5:c4:39:b1:01:fd:f5:6c:96:a3:69:1a:
                    7e:bc:40:82:ad:ba:93:7e:3d:f9:af:f6:f5:2e:7f:
                    59:3d:49:30:17:99:e8:36:cd:76:6d:13:ee:16:ef:
                    7d:58:68:20:ca:5c:e8:c2:97:95:f9:0a:f5:35:2d:
                    30:59:c7:2c:61:09:ad:d1:13:d6:4a:0e:42:2f:ae:
                    86:82:12:d5:2f:79:ac:fd:ab:75:8f:02:39:aa:00:
                    40:8c:51:9e:16:88:20:92:96:d8:08:70:32:b9:12:
                    72:02:71:d5:d7:bb:5b:4a:17:28:5c:24:fb:71:8e:
                    ff:fc:17:5b:1b:e8:4f:e1:6c:c9:99:d5:f9:fd:44:
                    98:10:38:8f:ec:97:d5:86:1a:ff:80:fe:f7:a2:e4:
                    82:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:8A:1C:B1:27:90:92:6D:6C:45:EC:75:19:4E:A1:1F:EE:08:D2:63
            X509v3 Authority Key Identifier:
                keyid:C4:D8:C1:98:5C:50:C7:EA:D4:CF:D8:D3:A9:3D:63:E5:61:1F:6F:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xNjBmFxQx-rUz9jTqT1j5WEfb7Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/77d607-7d7c-4589-aff7-2fda97079c01/1/DoocsSeQkm1sRex1GU6hH-4I0mM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/77d607-7d7c-4589-aff7-2fda97079c01/1/xNjBmFxQx-rUz9jTqT1j5WEfb7Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.176.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         59:d9:52:fe:57:18:1d:c8:e7:86:14:1e:62:96:af:da:35:f7:
         86:c1:e3:76:f8:31:ab:d3:c5:e8:db:1f:64:d1:f6:13:34:6c:
         1a:ec:97:9b:49:17:56:35:47:75:30:08:59:f6:ad:ff:78:69:
         bc:db:39:65:27:fd:fb:1f:f9:3a:db:79:c5:6d:23:31:ef:ae:
         46:d7:d0:89:e0:af:be:01:02:45:f6:37:61:33:15:39:3a:8c:
         b4:00:37:10:3a:b1:30:0f:a1:83:1a:ca:bb:d0:91:65:d0:5d:
         58:8a:a2:72:a6:78:c6:7e:92:61:13:a4:3c:3e:0c:72:39:b7:
         4e:db:bf:84:e4:9d:16:65:d5:71:af:84:8d:62:20:4a:66:dc:
         2e:64:bf:26:55:a0:c6:04:ee:70:c4:55:7d:86:cf:ce:88:b1:
         65:38:af:64:7c:59:9e:54:0d:52:7f:cd:dc:69:21:ad:82:29:
         34:d7:95:f9:a5:78:10:0f:33:a9:80:a8:78:3d:c7:ae:92:91:
         6f:32:44:df:a7:0b:86:a8:62:52:ba:89:6b:59:b2:65:56:25:
         ff:d2:ac:a5:ec:b6:d3:26:03:8b:a2:65:8f:31:f5:2a:22:a1:
         2c:f8:81:c5:f3:56:cd:d6:ec:2d:9c:c0:07:2b:01:78:db:75:
         94:cd:37:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ25QSGJW/P00RdlE6L7KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0ZDhjMTk4NWM1MGM3ZWFkNGNmZDhkM2E5M2Q2M2U1NjEx
ZjZmYjYwHhcNMjQwMTAxMjIzMTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZThhMWNiMTI3OTA5MjZkNmM0NWVjNzUxOTRlYTExZmVlMDhkMjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2+cBCAdRrjwsMDaLQEkseHLVHgXF
7pUO+Md+HArDm0t6RADwt980MXhnPn2Rm8y4zL34JwlgK1CscX1mm4cD/d8L1GWY
KpAIcndalHuHKuh2rhBSW8qRW+Q9Wbn4sr73wc1Ywljy4EMsbtC1xDmxAf31bJaj
aRp+vECCrbqTfj35r/b1Ln9ZPUkwF5noNs12bRPuFu99WGggylzowpeV+Qr1NS0w
WccsYQmt0RPWSg5CL66GghLVL3ms/at1jwI5qgBAjFGeFoggkpbYCHAyuRJyAnHV
17tbShcoXCT7cY7//BdbG+hP4WzJmdX5/USYEDiP7JfVhhr/gP73ouSCDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA6KHLEnkJJtbEXsdRlOoR/uCNJjMB8GA1UdIwQY
MBaAFMTYwZhcUMfq1M/Y06k9Y+VhH2+2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveE5qQm1GeFF4LXJVejlqVHFUMWo1V0VmYjdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS83N2Q2MDctN2Q3Yy00NTg5LWFmZjct
MmZkYTk3MDc5YzAxLzEvRG9vY3NTZVFrbTFzUmV4MUdVNmhILTRJMG1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS83N2Q2MDctN2Q3Yy00NTg5LWFmZjctMmZkYTk3MDc5YzAx
LzEveE5qQm1GeFF4LXJVejlqVHFUMWo1V0VmYjdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFPrDAMA0G
CSqGSIb3DQEBCwUAA4IBAQBZ2VL+VxgdyOeGFB5ilq/aNfeGweN2+DGr08Xo2x9k
0fYTNGwa7JebSRdWNUd1MAhZ9q3/eGm82zllJ/37H/k623nFbSMx765G19CJ4K++
AQJF9jdhMxU5Ooy0ADcQOrEwD6GDGsq70JFl0F1YiqJypnjGfpJhE6Q8PgxyObdO
27+E5J0WZdVxr4SNYiBKZtwuZL8mVaDGBO5wxFV9hs/OiLFlOK9kfFmeVA1Sf83c
aSGtgik015X5pXgQDzOpgKh4PceukpFvMkTfpwuGqGJSuolrWbJlViX/0qyl7LbT
JgOLomWPMfUqIqEs+IHF81bN1uwtnMAHKwF423WUzTer
-----END CERTIFICATE-----