Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/eQKKBlKYZbKXGx-yEGwqzHAoGnA.roa
File:                     eQKKBlKYZbKXGx-yEGwqzHAoGnA.roa (raw, json)
Hash identifier:          geAlSQk9io/8zzn4mV3dUUxFQFE5lbGUW5zFf62gd0Y=
Subject key identifier:   79:02:8A:06:52:98:65:B2:97:1B:1F:B2:10:6C:2A:CC:70:28:1A:70
Certificate issuer:       /CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
Certificate serial:       018CC6B932BCB3061BB68EFA03ABD1FABFA8
Authority key identifier: 56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/eQKKBlKYZbKXGx-yEGwqzHAoGnA.roa
Signing time:             Mon 01 Jan 2024 20:31:15 +0000
ROA not before:           Mon 01 Jan 2024 20:31:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39253
IP address blocks:        62.244.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 08:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:32:bc:b3:06:1b:b6:8e:fa:03:ab:d1:fa:bf:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
        Validity
            Not Before: Jan  1 20:31:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=79028a06529865b2971b1fb2106c2acc70281a70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:01:d2:da:eb:ed:85:26:a7:2e:85:a9:e0:e3:
                    54:92:e4:9d:3e:de:6c:8f:73:7b:a6:c9:a6:da:90:
                    b8:1e:49:36:19:39:b7:18:6f:0a:6f:2f:db:d8:d6:
                    9e:e6:3c:6c:3e:82:4a:97:b7:99:3a:c7:6c:77:6b:
                    b5:14:73:0b:94:23:e5:95:2b:ac:0b:b2:9f:a9:8b:
                    17:4a:90:ff:c8:14:9f:92:c7:74:63:59:15:a6:fc:
                    08:35:3d:6c:f9:2a:1d:04:af:c8:7b:cb:bc:f8:65:
                    07:f5:9f:57:5e:a2:6d:8a:fd:14:1d:a1:9b:5e:c0:
                    a5:84:eb:6f:55:ec:56:5e:88:44:52:16:d0:24:a8:
                    42:e4:94:3e:9f:16:8e:43:cf:f0:8f:cc:09:fc:ab:
                    9c:73:b8:3a:71:61:81:f5:99:6d:60:73:69:40:91:
                    81:d1:30:93:72:dc:01:81:a5:fb:fa:f1:89:a5:90:
                    53:3c:7c:a9:1d:7e:60:52:58:a2:09:58:e6:c1:f0:
                    24:d7:05:1a:50:e6:ea:8a:10:0b:c3:c3:60:1d:fa:
                    38:6c:db:cc:b6:6f:76:29:5d:47:d8:80:99:4c:77:
                    fc:8d:ed:36:4c:23:83:26:78:8b:d8:4b:45:56:74:
                    59:fb:3c:65:78:9a:89:c0:51:7d:46:93:ed:73:ea:
                    21:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:02:8A:06:52:98:65:B2:97:1B:1F:B2:10:6C:2A:CC:70:28:1A:70
            X509v3 Authority Key Identifier:
                keyid:56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/eQKKBlKYZbKXGx-yEGwqzHAoGnA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.244.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:79:ef:1f:fc:19:82:03:7f:c7:d2:d2:09:99:3f:4d:88:ca:
         cc:f5:d0:d0:a2:ac:e1:45:0c:ea:3b:d0:e9:44:12:1d:b7:69:
         14:fc:ab:3a:fc:11:78:74:3f:83:2c:8e:2c:db:b3:19:63:15:
         3f:d0:f6:a0:e2:32:f6:3f:e5:4e:77:71:e2:f8:fe:8d:e4:1f:
         e9:f5:cc:de:94:d2:ee:ac:bb:09:89:b7:6f:4d:31:50:b2:b2:
         25:dc:5f:f8:cf:83:7b:08:3c:95:de:e9:3b:1b:7b:a1:d1:e3:
         4b:4a:4b:c2:f7:85:42:91:5a:2a:db:7f:5c:3e:53:f9:64:01:
         8b:56:d7:3a:f8:4a:a0:e9:81:c7:3c:fd:97:96:5c:36:54:17:
         51:b8:ce:b5:a3:4c:ea:1a:13:97:26:01:fd:71:4d:00:da:54:
         9d:c0:78:d6:cc:0b:a4:1f:d7:a3:20:38:9b:0b:bd:85:b0:f1:
         28:86:01:b7:00:9b:82:38:42:de:91:a3:27:18:ee:04:ea:d6:
         52:77:ad:e4:a9:6f:a4:3a:9e:0c:50:06:cf:58:33:20:04:bd:
         cf:8c:33:b8:b9:d7:a5:4b:f2:fa:63:f5:b9:6e:61:9f:86:b9:
         ac:51:cc:c8:3d:b5:d2:aa:0d:b9:df:27:1c:6e:ec:99:5c:90:
         36:b5:4c:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuTK8swYbto76A6vR+r+oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2OGZlMzVjYzk2MjYzM2EyNzU3YWYxMGEwZTZlOGFiNmQw
MWY0YzkwHhcNMjQwMTAxMjAzMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTAyOGEwNjUyOTg2NWIyOTcxYjFmYjIxMDZjMmFjYzcwMjgxYTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuAHS2uvthSanLoWp4ONUkuSdPt5s
j3N7psmm2pC4Hkk2GTm3GG8Kby/b2Nae5jxsPoJKl7eZOsdsd2u1FHMLlCPllSus
C7KfqYsXSpD/yBSfksd0Y1kVpvwINT1s+SodBK/Ie8u8+GUH9Z9XXqJtiv0UHaGb
XsClhOtvVexWXohEUhbQJKhC5JQ+nxaOQ8/wj8wJ/Kucc7g6cWGB9ZltYHNpQJGB
0TCTctwBgaX7+vGJpZBTPHypHX5gUliiCVjmwfAk1wUaUObqihALw8NgHfo4bNvM
tm92KV1H2ICZTHf8je02TCODJniL2EtFVnRZ+zxleJqJwFF9RpPtc+ohTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHkCigZSmGWylxsfshBsKsxwKBpwMB8GA1UdIwQY
MBaAFFaP41zJYmM6J1evEKDm6KttAfTJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVm9falhNbGlZem9uVjY4UW9PYm9xMjBCOU1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8zN2ViZTYtOGJmZS00YzFmLWExODMt
ODNkNjQ4Zjc5NzQ2LzEvZVFLS0JsS1laYktYR3gteUVHd3F6SEFvR25BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8zN2ViZTYtOGJmZS00YzFmLWExODMtODNkNjQ4Zjc5NzQ2
LzEvVm9falhNbGlZem9uVjY4UW9PYm9xMjBCOU1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPvTzMA0G
CSqGSIb3DQEBCwUAA4IBAQBzee8f/BmCA3/H0tIJmT9NiMrM9dDQoqzhRQzqO9Dp
RBIdt2kU/Ks6/BF4dD+DLI4s27MZYxU/0Pag4jL2P+VOd3Hi+P6N5B/p9czelNLu
rLsJibdvTTFQsrIl3F/4z4N7CDyV3uk7G3uh0eNLSkvC94VCkVoq239cPlP5ZAGL
Vtc6+Eqg6YHHPP2Xllw2VBdRuM61o0zqGhOXJgH9cU0A2lSdwHjWzAukH9ejIDib
C72FsPEohgG3AJuCOELekaMnGO4E6tZSd63kqW+kOp4MUAbPWDMgBL3PjDO4udel
S/L6Y/W5bmGfhrmsUczIPbXSqg253yccbuyZXJA2tUym
-----END CERTIFICATE-----