Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/gmvmA7H62Own2BL02gMRL_uswnk.roa
File:                     gmvmA7H62Own2BL02gMRL_uswnk.roa (raw, json)
Hash identifier:          ijv569/Dn7iMs6KueReqTl608i8TpNaW8v7TuFaYac8=
Subject key identifier:   82:6B:E6:03:B1:FA:D8:EC:27:D8:12:F4:DA:03:11:2F:FB:AC:C2:79
Certificate issuer:       /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial:       0191124A002E1A415B7BE46E4EB8A4AD5D4F
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/gmvmA7H62Own2BL02gMRL_uswnk.roa
Signing time:             Fri 02 Aug 2024 08:52:05 +0000
ROA not before:           Fri 02 Aug 2024 08:52:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58061
IP address blocks:        62.112.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:12:4a:00:2e:1a:41:5b:7b:e4:6e:4e:b8:a4:ad:5d:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
        Validity
            Not Before: Aug  2 08:52:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=826be603b1fad8ec27d812f4da03112ffbacc279
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:f4:e1:73:15:02:cb:21:17:ac:01:7e:39:85:
                    3d:ea:95:dd:e6:77:df:0a:b0:37:50:3f:c1:ab:aa:
                    0f:ec:00:2c:40:30:38:9c:fe:9e:30:47:22:a2:f5:
                    ba:aa:23:e2:23:f0:03:cc:89:cf:7d:c4:71:a3:fb:
                    ae:8f:a9:b1:d9:31:ce:db:b1:ff:b6:ad:bd:56:4a:
                    c1:19:5e:f5:ea:d4:82:04:e0:d4:10:f3:1c:cc:df:
                    91:7c:2a:f0:29:5a:0c:73:78:e6:ab:af:bc:03:04:
                    db:fe:e4:df:b8:5b:19:52:6c:d7:7f:1b:07:c2:24:
                    c1:4c:a0:89:d8:22:06:12:3e:07:23:20:c1:03:c9:
                    3c:f1:57:6e:ae:d8:1a:ee:0c:5d:97:e5:29:1f:9e:
                    41:9f:67:27:7c:a6:e1:e3:5f:fa:17:ab:c7:bb:83:
                    bb:d7:7a:73:bd:c7:bc:03:52:5c:20:49:99:73:f9:
                    a7:27:7d:78:db:9d:49:42:57:8b:09:73:83:7a:f7:
                    44:94:d2:7f:33:e7:26:81:e0:53:6f:df:a5:1c:ea:
                    7b:c2:5b:ad:3e:c3:39:33:fa:2d:e9:b6:59:c8:5a:
                    14:da:e1:e0:52:16:82:79:a5:e6:df:a2:79:8e:cf:
                    40:db:86:16:91:cb:bc:43:d3:95:21:40:16:c9:31:
                    51:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:6B:E6:03:B1:FA:D8:EC:27:D8:12:F4:DA:03:11:2F:FB:AC:C2:79
            X509v3 Authority Key Identifier:
                keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/gmvmA7H62Own2BL02gMRL_uswnk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.112.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:81:a7:df:7f:10:f3:b4:61:63:cd:09:9c:6d:f4:43:d2:6f:
         b5:cd:9c:a7:45:e3:89:2a:72:d9:d6:69:7f:a2:89:e1:85:67:
         53:6f:58:2a:e9:85:e3:86:d9:bd:ae:1e:52:2a:ea:c4:a8:cc:
         85:92:7e:0a:68:ef:2f:33:dd:fb:dd:1b:bd:4c:cb:11:09:01:
         6e:d3:33:8a:1e:36:53:51:d5:57:07:0f:0b:5f:ae:4c:a2:33:
         a1:4e:a9:86:0e:01:de:94:83:33:58:4f:60:a6:b2:47:0e:cc:
         34:aa:36:a4:0f:29:8f:d1:43:85:4b:5c:d9:4e:12:92:02:2a:
         d0:51:38:44:34:0b:88:2e:1b:57:f9:47:30:7a:cb:90:69:5a:
         a4:03:a1:5c:2c:7a:cb:ba:4f:dd:db:91:c5:ae:30:19:a4:72:
         10:36:36:6d:d9:85:07:70:9f:2f:60:4a:f0:00:4d:3b:ef:08:
         bb:b4:b0:d2:88:88:71:45:19:b1:29:d1:70:e4:f9:a2:f6:8c:
         e7:33:80:fe:65:c5:c0:ca:3a:ca:78:9b:52:53:49:46:55:65:
         c5:d9:bc:dd:40:da:03:21:e4:7a:a1:41:57:a2:71:01:1b:b6:
         6e:5e:ef:fc:a7:c5:4d:63:67:4a:38:b2:7e:b6:d6:3e:cd:7a:
         25:73:d8:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZESSgAuGkFbe+RuTrikrV1PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjQwODAyMDg1MjA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjZiZTYwM2IxZmFkOGVjMjdkODEyZjRkYTAzMTEyZmZiYWNjMjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvPThcxUCyyEXrAF+OYU96pXd5nff
CrA3UD/Bq6oP7AAsQDA4nP6eMEciovW6qiPiI/ADzInPfcRxo/uuj6mx2THO27H/
tq29VkrBGV716tSCBODUEPMczN+RfCrwKVoMc3jmq6+8AwTb/uTfuFsZUmzXfxsH
wiTBTKCJ2CIGEj4HIyDBA8k88Vdurtga7gxdl+UpH55Bn2cnfKbh41/6F6vHu4O7
13pzvce8A1JcIEmZc/mnJ314251JQleLCXODevdElNJ/M+cmgeBTb9+lHOp7wlut
PsM5M/ot6bZZyFoU2uHgUhaCeaXm36J5js9A24YWkcu8Q9OVIUAWyTFRJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIJr5gOx+tjsJ9gS9NoDES/7rMJ5MB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvZ212bUE3SDYyT3duMkJMMDJnTVJMX3Vzd25rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPnAeMA0G
CSqGSIb3DQEBCwUAA4IBAQCHgafffxDztGFjzQmcbfRD0m+1zZynReOJKnLZ1ml/
oonhhWdTb1gq6YXjhtm9rh5SKurEqMyFkn4KaO8vM9373Ru9TMsRCQFu0zOKHjZT
UdVXBw8LX65MojOhTqmGDgHelIMzWE9gprJHDsw0qjakDymP0UOFS1zZThKSAirQ
UThENAuILhtX+UcwesuQaVqkA6FcLHrLuk/d25HFrjAZpHIQNjZt2YUHcJ8vYErw
AE077wi7tLDSiIhxRRmxKdFw5Pmi9oznM4D+ZcXAyjrKeJtSU0lGVWXF2bzdQNoD
IeR6oUFXonEBG7ZuXu/8p8VNY2dKOLJ+ttY+zXolc9jc
-----END CERTIFICATE-----