Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/653c24-68e5-4ad8-b763-30c9de205afc/1/HgCS1Qcnf-aNK0PfXIRQw0YFyuA.roa
File:                     HgCS1Qcnf-aNK0PfXIRQw0YFyuA.roa (raw, json)
Hash identifier:          IXTTQE5G2/9nj3XejZG9nGw/GwdrichVbP2HsC49sFQ=
Subject key identifier:   1E:00:92:D5:07:27:7F:E6:8D:2B:43:DF:5C:84:50:C3:46:05:CA:E0
Certificate issuer:       /CN=6b104f1e4abaec1eff80f262c62f96c25438c8e1
Certificate serial:       018CC493461BAD581F30516367B19743DFAE
Authority key identifier: 6B:10:4F:1E:4A:BA:EC:1E:FF:80:F2:62:C6:2F:96:C2:54:38:C8:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/axBPHkq67B7_gPJixi-WwlQ4yOE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/653c24-68e5-4ad8-b763-30c9de205afc/1/HgCS1Qcnf-aNK0PfXIRQw0YFyuA.roa
Signing time:             Mon 01 Jan 2024 10:30:35 +0000
ROA not before:           Mon 01 Jan 2024 10:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7029
IP address blocks:        62.68.73.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/653c24-68e5-4ad8-b763-30c9de205afc/1/axBPHkq67B7_gPJixi-WwlQ4yOE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/653c24-68e5-4ad8-b763-30c9de205afc/1/axBPHkq67B7_gPJixi-WwlQ4yOE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/axBPHkq67B7_gPJixi-WwlQ4yOE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:46:1b:ad:58:1f:30:51:63:67:b1:97:43:df:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b104f1e4abaec1eff80f262c62f96c25438c8e1
        Validity
            Not Before: Jan  1 10:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1e0092d507277fe68d2b43df5c8450c34605cae0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:ae:2f:79:64:f4:ae:af:c7:4b:c6:bb:69:a8:
                    a5:cc:52:3b:9d:a3:2e:93:fe:d8:a3:9e:f9:72:d8:
                    1d:a5:ee:03:e1:0e:87:b6:b9:1e:c1:3d:01:90:24:
                    45:6f:bf:b1:5a:2b:13:68:51:24:cc:d8:b9:6e:e7:
                    96:b3:90:97:c1:72:9b:96:6f:ec:67:52:d0:3b:63:
                    a5:91:0a:f9:78:d0:d4:de:2f:59:2c:12:81:aa:f0:
                    2c:03:03:65:d6:bc:59:d4:c5:ab:e7:f4:28:f9:8b:
                    d9:db:a9:ae:e3:29:80:2d:e9:a3:7d:c0:6d:50:0c:
                    67:f4:ed:10:00:8d:08:a0:91:48:fe:70:95:6b:4f:
                    bc:6c:0e:01:ae:c2:47:d5:50:d5:f1:b6:0d:07:58:
                    bf:30:92:97:61:e8:26:4b:8d:b7:67:10:bc:79:c0:
                    8d:05:ae:76:0d:ae:dd:89:62:9b:6c:21:a1:14:2c:
                    9f:0c:d7:42:16:86:84:7c:48:88:54:79:a9:8f:ac:
                    d5:88:ff:cc:b2:d5:54:89:66:65:43:ff:44:97:56:
                    e9:2a:2d:f2:1e:52:f9:19:2b:58:94:36:4a:ff:d2:
                    f5:dd:9e:1c:fb:75:fb:f8:12:86:e2:0e:98:b2:a4:
                    cf:5d:13:c6:53:b0:28:da:ab:15:27:d4:76:92:e5:
                    c2:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:00:92:D5:07:27:7F:E6:8D:2B:43:DF:5C:84:50:C3:46:05:CA:E0
            X509v3 Authority Key Identifier:
                keyid:6B:10:4F:1E:4A:BA:EC:1E:FF:80:F2:62:C6:2F:96:C2:54:38:C8:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/axBPHkq67B7_gPJixi-WwlQ4yOE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/653c24-68e5-4ad8-b763-30c9de205afc/1/HgCS1Qcnf-aNK0PfXIRQw0YFyuA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/653c24-68e5-4ad8-b763-30c9de205afc/1/axBPHkq67B7_gPJixi-WwlQ4yOE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.68.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:f3:d4:9b:6a:2a:86:ab:2b:3e:dd:fc:61:84:70:29:bc:97:
         7c:84:18:cc:58:23:ea:5b:e3:7a:47:0f:d8:da:3d:c9:c6:9d:
         40:4d:6e:df:05:18:65:20:f0:47:54:c4:78:8e:65:43:c9:8e:
         6c:02:cb:50:0a:7f:ef:5c:00:85:6d:be:37:92:08:5b:4f:54:
         f6:85:22:99:e7:e3:1f:a9:e8:5a:31:b6:b5:ca:c7:67:9b:36:
         33:1a:e7:93:13:5b:08:df:5a:e6:65:b2:bd:2c:b8:8f:a0:ec:
         b6:af:6e:05:e9:93:aa:78:85:c4:10:dc:05:67:a7:22:e7:21:
         f6:8f:d3:b6:5b:25:6c:a9:86:1e:a8:fd:ed:a6:69:af:1f:32:
         6a:4c:68:28:4d:10:b4:24:e1:2c:cd:6f:ba:ac:77:14:41:10:
         9a:70:b4:7d:c4:1b:66:d3:a0:0e:b8:d2:9f:dd:18:b5:80:f8:
         52:8e:72:5d:38:5d:21:86:a1:ed:bb:93:9d:03:cb:08:34:70:
         70:e2:ea:d1:99:e3:ce:8f:b5:cd:82:f0:11:fb:50:61:67:a8:
         c5:39:e3:e5:5a:e7:40:d5:37:36:55:ad:24:19:25:7a:a6:9e:
         d7:2d:d5:81:4b:6f:66:9f:e6:99:0e:a1:48:4a:00:ee:45:eb:
         a4:6b:c1:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk0YbrVgfMFFjZ7GXQ9+uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiMTA0ZjFlNGFiYWVjMWVmZjgwZjI2MmM2MmY5NmMyNTQz
OGM4ZTEwHhcNMjQwMTAxMTAzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTAwOTJkNTA3Mjc3ZmU2OGQyYjQzZGY1Yzg0NTBjMzQ2MDVjYWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiq4veWT0rq/HS8a7aailzFI7naMu
k/7Yo575ctgdpe4D4Q6HtrkewT0BkCRFb7+xWisTaFEkzNi5bueWs5CXwXKblm/s
Z1LQO2OlkQr5eNDU3i9ZLBKBqvAsAwNl1rxZ1MWr5/Qo+YvZ26mu4ymALemjfcBt
UAxn9O0QAI0IoJFI/nCVa0+8bA4BrsJH1VDV8bYNB1i/MJKXYegmS423ZxC8ecCN
Ba52Da7diWKbbCGhFCyfDNdCFoaEfEiIVHmpj6zViP/MstVUiWZlQ/9El1bpKi3y
HlL5GStYlDZK/9L13Z4c+3X7+BKG4g6YsqTPXRPGU7Ao2qsVJ9R2kuXCeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB4AktUHJ3/mjStD31yEUMNGBcrgMB8GA1UdIwQY
MBaAFGsQTx5Kuuwe/4DyYsYvlsJUOMjhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXhCUEhrcTY3QjdfZ1BKaXhpLVd3bFE0eU9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS82NTNjMjQtNjhlNS00YWQ4LWI3NjMt
MzBjOWRlMjA1YWZjLzEvSGdDUzFRY25mLWFOSzBQZlhJUlF3MFlGeXVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS82NTNjMjQtNjhlNS00YWQ4LWI3NjMtMzBjOWRlMjA1YWZj
LzEvYXhCUEhrcTY3QjdfZ1BKaXhpLVd3bFE0eU9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPkRJMA0G
CSqGSIb3DQEBCwUAA4IBAQAH89SbaiqGqys+3fxhhHApvJd8hBjMWCPqW+N6Rw/Y
2j3Jxp1ATW7fBRhlIPBHVMR4jmVDyY5sAstQCn/vXACFbb43kghbT1T2hSKZ5+Mf
qehaMba1ysdnmzYzGueTE1sI31rmZbK9LLiPoOy2r24F6ZOqeIXEENwFZ6ci5yH2
j9O2WyVsqYYeqP3tpmmvHzJqTGgoTRC0JOEszW+6rHcUQRCacLR9xBtm06AOuNKf
3Ri1gPhSjnJdOF0hhqHtu5OdA8sINHBw4urRmePOj7XNgvAR+1BhZ6jFOePlWudA
1Tc2Va0kGSV6pp7XLdWBS29mn+aZDqFISgDuReuka8Fs
-----END CERTIFICATE-----