Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/i5yOH4dyqFsxB9mI3rI7J7DNkVc.roa
File:                     i5yOH4dyqFsxB9mI3rI7J7DNkVc.roa (raw, json)
Hash identifier:          N1K82A1BY/XcX5l0F+p163HauvpP7QIg6iT5HWIU8uE=
Subject key identifier:   8B:9C:8E:1F:87:72:A8:5B:31:07:D9:88:DE:B2:3B:27:B0:CD:91:57
Certificate issuer:       /CN=f75d8b52815f3f2613e948992ec9fe660f6949b4
Certificate serial:       018E9F1DA7041C7EFB78D9C1B8564A6A89C8
Authority key identifier: F7:5D:8B:52:81:5F:3F:26:13:E9:48:99:2E:C9:FE:66:0F:69:49:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/912LUoFfPyYT6UiZLsn-Zg9pSbQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/i5yOH4dyqFsxB9mI3rI7J7DNkVc.roa
Signing time:             Tue 02 Apr 2024 14:01:44 +0000
ROA not before:           Tue 02 Apr 2024 14:01:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62240
IP address blocks:        62.3.1.0/24 maxlen: 24
                          80.91.211.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/912LUoFfPyYT6UiZLsn-Zg9pSbQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/912LUoFfPyYT6UiZLsn-Zg9pSbQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/912LUoFfPyYT6UiZLsn-Zg9pSbQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:9f:1d:a7:04:1c:7e:fb:78:d9:c1:b8:56:4a:6a:89:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f75d8b52815f3f2613e948992ec9fe660f6949b4
        Validity
            Not Before: Apr  2 14:01:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8b9c8e1f8772a85b3107d988deb23b27b0cd9157
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:97:58:69:ea:0c:42:26:bf:69:41:bf:7a:8c:
                    84:47:70:7d:aa:f1:c3:27:c1:80:3a:03:a2:07:e8:
                    a3:42:50:b5:c5:95:b4:13:01:65:9d:a5:2a:46:40:
                    29:49:d3:36:71:9d:0a:0e:f5:d0:3c:44:bc:8d:da:
                    89:83:fa:dd:4a:fc:29:95:af:d5:ae:b8:ce:e5:c4:
                    5c:90:31:77:1b:04:02:63:76:98:fc:3a:57:a5:68:
                    70:3e:63:99:45:7e:55:77:92:7e:bb:1f:2a:6f:39:
                    ce:9b:0b:53:ff:5b:05:ae:93:b8:aa:d3:1f:8d:ea:
                    5c:a3:95:16:f2:44:ca:16:a1:d5:11:29:4c:c2:9a:
                    0c:6e:42:b7:05:b7:d2:2f:c2:cf:f9:66:b7:68:e3:
                    50:89:a0:6d:7e:83:2a:23:65:af:40:fa:ba:3d:dd:
                    9e:e8:b2:1b:74:bd:6d:45:8c:e6:23:e8:80:32:43:
                    27:62:2d:fc:33:b4:bc:15:95:e9:8a:e9:80:23:9f:
                    63:b4:f5:f5:6e:a5:3e:73:e2:71:e6:32:7f:d7:e3:
                    bf:53:46:03:ad:50:94:50:e0:a3:73:c4:3b:e4:77:
                    f3:be:33:ed:66:21:02:0d:d8:f5:01:49:a7:b1:68:
                    36:e8:f1:96:a6:17:98:df:72:50:68:3a:d8:03:8e:
                    39:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:9C:8E:1F:87:72:A8:5B:31:07:D9:88:DE:B2:3B:27:B0:CD:91:57
            X509v3 Authority Key Identifier:
                keyid:F7:5D:8B:52:81:5F:3F:26:13:E9:48:99:2E:C9:FE:66:0F:69:49:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/912LUoFfPyYT6UiZLsn-Zg9pSbQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/i5yOH4dyqFsxB9mI3rI7J7DNkVc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/912LUoFfPyYT6UiZLsn-Zg9pSbQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.3.1.0/24
                  80.91.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ca:f8:b0:33:73:0a:44:3c:13:02:59:dc:df:bd:1d:e6:c7:01:
         18:22:14:b9:37:6b:60:cb:7a:71:51:32:6e:98:9a:bd:4a:6d:
         9c:4a:57:a8:e4:c1:94:9b:21:7d:77:15:81:c3:f9:39:b8:2a:
         a9:35:69:b0:68:20:be:9c:34:00:d3:a4:e1:b2:22:8e:68:8e:
         0f:84:36:68:da:09:c2:ef:64:0e:15:dd:4a:c1:d4:2d:c7:cd:
         53:9a:34:c4:64:93:5f:8f:0f:f5:db:19:7c:86:d5:c1:c3:84:
         b5:5f:41:a1:97:3e:02:7a:40:28:a5:bc:3f:02:5f:bb:16:a0:
         a5:2c:59:44:90:2f:3a:30:fb:65:ee:17:4d:23:89:ff:37:a7:
         b9:a4:72:90:b0:a3:29:e9:22:f1:07:18:13:aa:6d:a7:de:6f:
         aa:86:84:d9:04:33:a4:26:04:4d:0f:a4:23:6e:cd:f4:83:ac:
         62:28:b1:92:57:91:30:97:62:2b:2b:2c:ac:3e:6a:31:4b:98:
         9b:49:12:1c:57:db:79:a0:2f:fb:e7:30:5a:d6:eb:fb:43:e1:
         35:0d:4b:7e:b9:53:5c:58:fd:98:3d:8b:d3:97:48:87:39:49:
         bd:00:33:06:c6:77:80:54:26:f9:9a:c3:d1:a4:ba:20:4c:98:
         45:3d:31:72
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY6fHacEHH77eNnBuFZKaonIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NWQ4YjUyODE1ZjNmMjYxM2U5NDg5OTJlYzlmZTY2MGY2
OTQ5YjQwHhcNMjQwNDAyMTQwMTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjljOGUxZjg3NzJhODViMzEwN2Q5ODhkZWIyM2IyN2IwY2Q5MTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkZdYaeoMQia/aUG/eoyER3B9qvHD
J8GAOgOiB+ijQlC1xZW0EwFlnaUqRkApSdM2cZ0KDvXQPES8jdqJg/rdSvwpla/V
rrjO5cRckDF3GwQCY3aY/DpXpWhwPmOZRX5Vd5J+ux8qbznOmwtT/1sFrpO4qtMf
jepco5UW8kTKFqHVESlMwpoMbkK3BbfSL8LP+Wa3aONQiaBtfoMqI2WvQPq6Pd2e
6LIbdL1tRYzmI+iAMkMnYi38M7S8FZXpiumAI59jtPX1bqU+c+Jx5jJ/1+O/U0YD
rVCUUOCjc8Q75HfzvjPtZiECDdj1AUmnsWg26PGWpheY33JQaDrYA445SwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIucjh+HcqhbMQfZiN6yOyewzZFXMB8GA1UdIwQY
MBaAFPddi1KBXz8mE+lImS7J/mYPaUm0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTEyTFVvRmZQeVlUNlVpWkxzbi1aZzlwU2JRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC85NTE0ZWQtMjc2ZS00YWJhLTg5N2Ut
YTQ0MTBlMTBiNmY1LzEvaTV5T0g0ZHlxRnN4QjltSTNySTdKN0ROa1ZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC85NTE0ZWQtMjc2ZS00YWJhLTg5N2UtYTQ0MTBlMTBiNmY1
LzEvOTEyTFVvRmZQeVlUNlVpWkxzbi1aZzlwU2JRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPgMBAwQA
UFvTMA0GCSqGSIb3DQEBCwUAA4IBAQDK+LAzcwpEPBMCWdzfvR3mxwEYIhS5N2tg
y3pxUTJumJq9Sm2cSleo5MGUmyF9dxWBw/k5uCqpNWmwaCC+nDQA06ThsiKOaI4P
hDZo2gnC72QOFd1KwdQtx81TmjTEZJNfjw/12xl8htXBw4S1X0Ghlz4CekAopbw/
Al+7FqClLFlEkC86MPtl7hdNI4n/N6e5pHKQsKMp6SLxBxgTqm2n3m+qhoTZBDOk
JgRND6Qjbs30g6xiKLGSV5Ewl2IrKyysPmoxS5ibSRIcV9t5oC/75zBa1uv7Q+E1
DUt+uVNcWP2YPYvTl0iHOUm9ADMGxneAVCb5msPRpLogTJhFPTFy
-----END CERTIFICATE-----