Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/5b8301-9391-4384-b951-5eee123b38dc/1/cZDJ0tg7E7zfW2kAPW7a9MLEwOs.roa
File:                     cZDJ0tg7E7zfW2kAPW7a9MLEwOs.roa (raw, json)
Hash identifier:          FP5DF5mwbgabPSmCCshKZeehn/mD14DG5iUOIotN2Is=
Subject key identifier:   71:90:C9:D2:D8:3B:13:BC:DF:5B:69:00:3D:6E:DA:F4:C2:C4:C0:EB
Certificate issuer:       /CN=99f95c37d71aa2f49695e13f417e30a97304aaf4
Certificate serial:       018CC8DF8E46807DBAED917F25F16050F95B
Authority key identifier: 99:F9:5C:37:D7:1A:A2:F4:96:95:E1:3F:41:7E:30:A9:73:04:AA:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mflcN9caovSWleE_QX4wqXMEqvQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/5b8301-9391-4384-b951-5eee123b38dc/1/cZDJ0tg7E7zfW2kAPW7a9MLEwOs.roa
Signing time:             Tue 02 Jan 2024 06:32:23 +0000
ROA not before:           Tue 02 Jan 2024 06:32:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212097
IP address blocks:        62.133.38.0/24 maxlen: 24
                          62.133.36.0/22 maxlen: 22
                          62.133.36.0/24 maxlen: 24
                          62.133.37.0/24 maxlen: 24
                          62.133.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/5b8301-9391-4384-b951-5eee123b38dc/1/mflcN9caovSWleE_QX4wqXMEqvQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/5b8301-9391-4384-b951-5eee123b38dc/1/mflcN9caovSWleE_QX4wqXMEqvQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mflcN9caovSWleE_QX4wqXMEqvQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:8e:46:80:7d:ba:ed:91:7f:25:f1:60:50:f9:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99f95c37d71aa2f49695e13f417e30a97304aaf4
        Validity
            Not Before: Jan  2 06:32:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7190c9d2d83b13bcdf5b69003d6edaf4c2c4c0eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:f1:f8:20:63:4f:4e:5e:6f:db:06:b6:cc:bb:
                    40:61:40:77:22:c4:cd:aa:f8:b6:15:b4:d2:0f:78:
                    c0:80:04:01:2a:2c:e4:5a:ac:c1:0e:c5:81:b6:aa:
                    8d:2d:da:a9:91:67:b7:a4:d7:19:9c:5c:8e:0a:70:
                    52:d0:f7:5a:df:c0:c4:7b:b9:f2:e2:23:35:a7:65:
                    bb:68:12:5f:d0:45:13:a4:87:9c:ec:69:99:9c:fc:
                    82:65:62:58:ea:4f:7a:88:d7:c5:12:d8:3c:3b:7f:
                    a9:f4:f4:ae:e5:d2:a9:a6:17:8f:96:3a:12:e9:0f:
                    61:bc:d1:93:da:2d:e5:a4:d6:f1:db:09:63:e8:af:
                    be:97:bc:29:8a:e1:d7:a3:98:00:3f:e9:2c:52:5c:
                    cb:68:2a:45:5d:3b:dd:a0:0f:b1:8c:6c:a7:f8:cc:
                    45:7a:bd:be:b2:57:ef:91:4b:ce:fe:ec:0b:6b:61:
                    a0:a1:95:ae:a4:87:23:b5:8e:6c:a5:57:0d:89:b3:
                    42:aa:c9:60:92:77:95:00:54:1a:8a:72:ca:8a:db:
                    32:0a:a9:7a:c8:77:38:9d:75:58:a1:fc:a1:8c:9d:
                    5e:44:83:30:bc:2c:85:27:f6:53:b8:d5:21:f4:2b:
                    1c:2d:d3:85:0a:7f:a3:d9:f8:64:68:c4:83:f6:13:
                    15:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:90:C9:D2:D8:3B:13:BC:DF:5B:69:00:3D:6E:DA:F4:C2:C4:C0:EB
            X509v3 Authority Key Identifier:
                keyid:99:F9:5C:37:D7:1A:A2:F4:96:95:E1:3F:41:7E:30:A9:73:04:AA:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mflcN9caovSWleE_QX4wqXMEqvQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/5b8301-9391-4384-b951-5eee123b38dc/1/cZDJ0tg7E7zfW2kAPW7a9MLEwOs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/5b8301-9391-4384-b951-5eee123b38dc/1/mflcN9caovSWleE_QX4wqXMEqvQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.133.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         35:99:22:eb:e5:40:74:73:83:ee:90:66:c3:1b:a4:51:0c:41:
         8b:68:ea:58:a6:98:db:bc:da:8e:37:22:a5:4d:3a:20:83:35:
         13:37:61:09:50:f2:c5:d0:62:be:ee:6a:b5:cc:a0:d2:c6:b1:
         95:b2:b8:70:7b:1e:bb:6f:13:cc:a1:df:54:b0:83:71:00:2e:
         ab:d1:45:5f:fe:73:ec:a9:bd:64:02:13:f6:bc:0f:a8:b7:80:
         68:3d:c4:95:0b:8c:c8:33:1d:57:0b:97:fe:af:08:16:9e:56:
         94:48:fa:31:e1:3e:63:34:15:80:ad:c6:e3:b5:21:8c:48:cc:
         f0:ea:70:ad:39:28:8f:63:a3:03:7b:91:87:13:12:7e:45:57:
         6a:7e:5b:b3:ec:56:84:98:70:a6:70:1e:3b:e2:6f:32:4b:a9:
         c8:c8:09:b0:e9:52:47:f5:91:b2:76:18:c8:6e:e7:cf:86:fc:
         ce:4b:82:24:76:11:6f:28:cb:ce:4d:24:6f:9f:a0:c1:55:e1:
         c6:bf:ae:20:f0:5b:e7:c3:e2:38:e4:58:69:6a:7d:fd:c4:f5:
         ee:9a:b5:e5:08:e2:12:1f:0c:b3:88:bd:f4:76:f2:e4:5d:88:
         8b:f1:c4:e7:05:8f:89:02:bf:0f:0d:a1:c2:35:6d:ff:b8:31:
         ef:82:d2:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI345GgH267ZF/JfFgUPlbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5Zjk1YzM3ZDcxYWEyZjQ5Njk1ZTEzZjQxN2UzMGE5NzMw
NGFhZjQwHhcNMjQwMTAyMDYzMjIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTkwYzlkMmQ4M2IxM2JjZGY1YjY5MDAzZDZlZGFmNGMyYzRjMGViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn/H4IGNPTl5v2wa2zLtAYUB3IsTN
qvi2FbTSD3jAgAQBKizkWqzBDsWBtqqNLdqpkWe3pNcZnFyOCnBS0Pda38DEe7ny
4iM1p2W7aBJf0EUTpIec7GmZnPyCZWJY6k96iNfFEtg8O3+p9PSu5dKpphePljoS
6Q9hvNGT2i3lpNbx2wlj6K++l7wpiuHXo5gAP+ksUlzLaCpFXTvdoA+xjGyn+MxF
er2+slfvkUvO/uwLa2GgoZWupIcjtY5spVcNibNCqslgkneVAFQainLKitsyCql6
yHc4nXVYofyhjJ1eRIMwvCyFJ/ZTuNUh9CscLdOFCn+j2fhkaMSD9hMVqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHGQydLYOxO831tpAD1u2vTCxMDrMB8GA1UdIwQY
MBaAFJn5XDfXGqL0lpXhP0F+MKlzBKr0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWZsY045Y2FvdlNXbGVFX1FYNHdxWE1FcXZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi81YjgzMDEtOTM5MS00Mzg0LWI5NTEt
NWVlZTEyM2IzOGRjLzEvY1pESjB0ZzdFN3pmVzJrQVBXN2E5TUxFd09zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi81YjgzMDEtOTM5MS00Mzg0LWI5NTEtNWVlZTEyM2IzOGRj
LzEvbWZsY045Y2FvdlNXbGVFX1FYNHdxWE1FcXZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCPoUkMA0G
CSqGSIb3DQEBCwUAA4IBAQA1mSLr5UB0c4PukGbDG6RRDEGLaOpYppjbvNqONyKl
TToggzUTN2EJUPLF0GK+7mq1zKDSxrGVsrhwex67bxPMod9UsINxAC6r0UVf/nPs
qb1kAhP2vA+ot4BoPcSVC4zIMx1XC5f+rwgWnlaUSPox4T5jNBWArcbjtSGMSMzw
6nCtOSiPY6MDe5GHExJ+RVdqfluz7FaEmHCmcB474m8yS6nIyAmw6VJH9ZGydhjI
bufPhvzOS4IkdhFvKMvOTSRvn6DBVeHGv64g8Fvnw+I45Fhpan39xPXumrXlCOIS
HwyziL30dvLkXYiL8cTnBY+JAr8PDaHCNW3/uDHvgtKQ
-----END CERTIFICATE-----