Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/YqX-kne_L19uSZ1jr4nfzo7luto.roa
File:                     YqX-kne_L19uSZ1jr4nfzo7luto.roa (raw, json)
Hash identifier:          UAJXM0rC/auASIFSAWTsBl7QR/JkbpLM+P9/iKgb8fM=
Subject key identifier:   62:A5:FE:92:77:BF:2F:5F:6E:49:9D:63:AF:89:DF:CE:8E:E5:BA:DA
Certificate issuer:       /CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
Certificate serial:       018CC6B92D35CB21CB20D22A5E64D9C6E24C
Authority key identifier: 56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/YqX-kne_L19uSZ1jr4nfzo7luto.roa
Signing time:             Mon 01 Jan 2024 20:31:13 +0000
ROA not before:           Mon 01 Jan 2024 20:31:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8947
IP address blocks:        62.244.223.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:2d:35:cb:21:cb:20:d2:2a:5e:64:d9:c6:e2:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
        Validity
            Not Before: Jan  1 20:31:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=62a5fe9277bf2f5f6e499d63af89dfce8ee5bada
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:a9:f5:18:09:5c:aa:29:dc:2d:75:b7:21:a2:
                    6a:6a:df:93:05:55:68:93:0b:3c:38:8c:d2:8d:52:
                    5e:bc:2c:9f:31:3f:c6:c4:16:af:29:76:1b:83:e9:
                    34:9f:b5:66:57:25:8d:c4:0a:e4:14:bd:70:a8:84:
                    ec:ac:fe:49:6c:c5:ef:63:b3:78:b1:c6:38:83:5f:
                    e7:ab:d9:10:29:8c:7a:49:99:b5:18:b5:3d:12:54:
                    9d:c0:17:0b:3e:35:a7:cc:4b:94:c4:89:5a:08:ed:
                    9d:f9:0d:3b:c2:23:90:6b:09:98:c2:1f:69:fd:f2:
                    7d:f6:1b:6f:29:cd:31:5d:3a:eb:f8:27:8c:5b:8a:
                    ee:96:5f:75:4f:90:84:95:1f:e2:fd:f1:3f:b0:cc:
                    61:c3:55:f3:6d:2e:d5:cf:7c:a7:87:cf:0e:d0:ff:
                    bd:1a:8c:87:16:20:fc:7c:e8:3a:57:a6:41:6a:f8:
                    0a:54:aa:ef:df:ca:d8:7f:09:44:69:a3:5e:5f:35:
                    f2:ad:7e:50:46:b9:67:5f:61:95:23:06:15:ab:69:
                    dc:c5:68:dd:8d:93:02:c6:bd:72:0b:35:cd:ab:a2:
                    97:a9:b5:92:8a:31:27:46:fc:8c:a9:b7:c6:13:12:
                    e3:1d:72:8d:60:8c:7d:76:27:6c:76:3a:70:be:cd:
                    e0:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:A5:FE:92:77:BF:2F:5F:6E:49:9D:63:AF:89:DF:CE:8E:E5:BA:DA
            X509v3 Authority Key Identifier:
                keyid:56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/YqX-kne_L19uSZ1jr4nfzo7luto.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.244.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:f6:4c:21:3f:03:8e:95:d2:2e:e5:21:3e:ca:bc:82:10:df:
         09:fe:7c:f6:01:63:77:a1:82:52:8e:d6:21:1d:f8:7e:94:e3:
         5a:a8:13:70:b7:e9:47:43:87:e4:4c:35:13:0c:31:0a:b9:d1:
         62:d9:d4:fe:44:8c:d3:d4:18:1b:02:f9:33:ce:63:8d:f1:94:
         88:1c:9c:ac:6e:06:ce:26:f3:44:bf:49:d9:0c:08:f2:39:bb:
         6a:03:e8:79:dd:3b:c2:8c:77:a1:60:b0:0f:18:5b:bb:1d:6d:
         d0:b9:ed:4c:3f:9f:7a:b2:9c:56:d5:20:17:d0:52:e9:4a:9e:
         f7:fa:04:3c:e3:7f:55:72:74:e6:15:c4:6f:d5:e9:94:85:8c:
         3d:ae:89:45:be:3b:f5:0c:8f:6f:a3:4f:87:bc:be:7b:86:b9:
         92:89:3a:e5:ab:a1:4d:b2:8d:2a:e8:e9:1b:36:5c:37:be:eb:
         31:b8:8b:83:7e:4e:34:ca:f9:54:3d:53:75:a0:94:be:03:6e:
         a4:a4:76:dc:04:f1:05:fd:7f:94:98:8a:4a:f6:31:7d:d6:2d:
         d0:64:ff:63:42:ce:32:00:c1:25:29:92:a2:5b:a2:45:41:ee:
         5e:a9:78:0b:2e:72:5a:9f:0e:79:68:83:83:89:af:1c:58:b0:
         7d:e8:6a:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuS01yyHLINIqXmTZxuJMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2OGZlMzVjYzk2MjYzM2EyNzU3YWYxMGEwZTZlOGFiNmQw
MWY0YzkwHhcNMjQwMTAxMjAzMTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmE1ZmU5Mjc3YmYyZjVmNmU0OTlkNjNhZjg5ZGZjZThlZTViYWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqan1GAlcqincLXW3IaJqat+TBVVo
kws8OIzSjVJevCyfMT/GxBavKXYbg+k0n7VmVyWNxArkFL1wqITsrP5JbMXvY7N4
scY4g1/nq9kQKYx6SZm1GLU9ElSdwBcLPjWnzEuUxIlaCO2d+Q07wiOQawmYwh9p
/fJ99htvKc0xXTrr+CeMW4rull91T5CElR/i/fE/sMxhw1XzbS7Vz3ynh88O0P+9
GoyHFiD8fOg6V6ZBavgKVKrv38rYfwlEaaNeXzXyrX5QRrlnX2GVIwYVq2ncxWjd
jZMCxr1yCzXNq6KXqbWSijEnRvyMqbfGExLjHXKNYIx9didsdjpwvs3gZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGKl/pJ3vy9fbkmdY6+J386O5braMB8GA1UdIwQY
MBaAFFaP41zJYmM6J1evEKDm6KttAfTJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVm9falhNbGlZem9uVjY4UW9PYm9xMjBCOU1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8zN2ViZTYtOGJmZS00YzFmLWExODMt
ODNkNjQ4Zjc5NzQ2LzEvWXFYLWtuZV9MMTl1U1oxanI0bmZ6bzdsdXRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8zN2ViZTYtOGJmZS00YzFmLWExODMtODNkNjQ4Zjc5NzQ2
LzEvVm9falhNbGlZem9uVjY4UW9PYm9xMjBCOU1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPvTfMA0G
CSqGSIb3DQEBCwUAA4IBAQBh9kwhPwOOldIu5SE+yryCEN8J/nz2AWN3oYJSjtYh
Hfh+lONaqBNwt+lHQ4fkTDUTDDEKudFi2dT+RIzT1BgbAvkzzmON8ZSIHJysbgbO
JvNEv0nZDAjyObtqA+h53TvCjHehYLAPGFu7HW3Que1MP596spxW1SAX0FLpSp73
+gQ8439VcnTmFcRv1emUhYw9rolFvjv1DI9vo0+HvL57hrmSiTrlq6FNso0q6Okb
Nlw3vusxuIuDfk40yvlUPVN1oJS+A26kpHbcBPEF/X+UmIpK9jF91i3QZP9jQs4y
AMElKZKiW6JFQe5eqXgLLnJanw55aIODia8cWLB96GqB
-----END CERTIFICATE-----