Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/HIuD97uQOmxyCat6Sq8a1aqugSc.roa
File:                     HIuD97uQOmxyCat6Sq8a1aqugSc.roa (raw, json)
Hash identifier:          5M/+SxoDgwZfoL6PN6x6oFkAfUM3c4XoeO+pUPHXQ5o=
Subject key identifier:   1C:8B:83:F7:BB:90:3A:6C:72:09:AB:7A:4A:AF:1A:D5:AA:AE:81:27
Certificate issuer:       /CN=6278a768c910badcd5c4aef7c172a9f061547e8c
Certificate serial:       018CC8DF7A4578B48D80F0B5F7DB9B0FD0F6
Authority key identifier: 62:78:A7:68:C9:10:BA:DC:D5:C4:AE:F7:C1:72:A9:F0:61:54:7E:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/HIuD97uQOmxyCat6Sq8a1aqugSc.roa
Signing time:             Tue 02 Jan 2024 06:32:18 +0000
ROA not before:           Tue 02 Jan 2024 06:32:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216468
IP address blocks:        62.108.104.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/YninaMkQutzVxK73wXKp8GFUfow.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/YninaMkQutzVxK73wXKp8GFUfow.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:7a:45:78:b4:8d:80:f0:b5:f7:db:9b:0f:d0:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6278a768c910badcd5c4aef7c172a9f061547e8c
        Validity
            Not Before: Jan  2 06:32:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1c8b83f7bb903a6c7209ab7a4aaf1ad5aaae8127
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:8f:e0:56:e0:25:74:6b:82:af:92:cf:a1:97:
                    73:cc:a6:25:80:34:28:dc:08:0b:09:8b:ff:3b:ea:
                    5b:e6:b7:95:7b:b1:ca:5f:8d:a1:0f:4e:ed:a6:09:
                    b2:91:d6:2d:21:91:3c:04:f4:b1:3f:a7:8b:56:31:
                    09:59:d0:1e:83:0c:de:67:6e:f4:42:c1:af:bf:f9:
                    cc:ee:66:99:5a:a6:fc:91:1f:fa:fd:c5:64:5a:b9:
                    89:eb:cf:bb:a7:f8:25:97:7c:97:1f:39:da:0d:99:
                    27:47:89:1d:2f:77:17:10:59:1d:97:a3:38:b5:06:
                    53:e8:10:2e:5a:ea:c5:ab:f9:55:43:37:34:41:57:
                    ef:38:d1:ca:46:58:cd:f0:3e:3c:3a:ff:e5:14:38:
                    18:99:1e:9c:36:3b:be:c0:87:96:86:48:22:fe:8a:
                    14:a7:9c:42:44:37:fd:ff:b5:36:b5:cb:54:2b:6b:
                    89:31:5f:49:8a:2e:a7:16:14:b8:78:64:71:ff:49:
                    ed:8d:93:b6:47:b0:fc:3b:5b:e7:d7:53:0a:e6:bf:
                    ce:e4:e9:6f:5a:29:d3:18:67:2a:e5:8b:53:d7:f3:
                    3e:9f:80:d6:98:d2:85:05:fe:c9:9e:de:1c:e6:de:
                    1b:1e:2b:ff:f6:a3:67:87:9e:7f:ce:0e:90:ab:85:
                    95:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:8B:83:F7:BB:90:3A:6C:72:09:AB:7A:4A:AF:1A:D5:AA:AE:81:27
            X509v3 Authority Key Identifier:
                keyid:62:78:A7:68:C9:10:BA:DC:D5:C4:AE:F7:C1:72:A9:F0:61:54:7E:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/HIuD97uQOmxyCat6Sq8a1aqugSc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/YninaMkQutzVxK73wXKp8GFUfow.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.108.104.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1b:7a:45:db:d0:f1:d0:19:24:d5:aa:dc:79:e0:59:f6:a3:a2:
         fb:46:fe:a1:72:09:fe:14:c9:2c:98:6a:07:23:8c:d0:ae:0f:
         45:61:04:a5:d4:b7:b7:67:03:eb:31:a6:84:0f:34:58:03:37:
         ed:fd:29:d0:9d:9c:88:26:d0:d1:b3:6d:fc:7d:23:44:02:44:
         c1:60:70:26:b2:62:6d:c6:d2:cd:27:86:43:97:1a:67:5b:c2:
         6b:51:cb:f9:ef:41:ad:77:5c:d7:03:39:96:09:d5:43:23:5a:
         e0:e0:d0:c5:87:7d:20:17:99:08:eb:8d:b2:75:0c:ee:cd:ec:
         59:b0:94:3f:f0:36:f7:19:69:83:f5:51:60:a3:60:37:1f:ff:
         b8:37:e4:ae:83:55:7b:5a:76:df:72:0b:db:51:f8:b6:67:6a:
         23:78:59:ef:c4:40:03:aa:6f:b9:c2:a1:8a:93:25:c4:1c:09:
         05:1f:97:9a:6a:59:a5:33:b2:a3:31:bb:58:1b:35:8c:de:80:
         57:ec:12:8e:16:af:fa:3d:88:0c:94:9f:0e:90:02:41:82:2a:
         9b:51:82:90:90:d6:d6:ee:7b:7f:aa:b4:cb:66:4d:8e:e7:70:
         e4:2f:0b:a3:b3:79:21:c1:4f:68:ee:f4:cc:58:fc:6b:d0:77:
         b8:63:f9:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI33pFeLSNgPC199ubD9D2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNzhhNzY4YzkxMGJhZGNkNWM0YWVmN2MxNzJhOWYwNjE1
NDdlOGMwHhcNMjQwMTAyMDYzMjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzhiODNmN2JiOTAzYTZjNzIwOWFiN2E0YWFmMWFkNWFhYWU4MTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoo/gVuAldGuCr5LPoZdzzKYlgDQo
3AgLCYv/O+pb5reVe7HKX42hD07tpgmykdYtIZE8BPSxP6eLVjEJWdAegwzeZ270
QsGvv/nM7maZWqb8kR/6/cVkWrmJ68+7p/gll3yXHznaDZknR4kdL3cXEFkdl6M4
tQZT6BAuWurFq/lVQzc0QVfvONHKRljN8D48Ov/lFDgYmR6cNju+wIeWhkgi/ooU
p5xCRDf9/7U2tctUK2uJMV9Jii6nFhS4eGRx/0ntjZO2R7D8O1vn11MK5r/O5Olv
WinTGGcq5YtT1/M+n4DWmNKFBf7Jnt4c5t4bHiv/9qNnh55/zg6Qq4WVPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFByLg/e7kDpscgmrekqvGtWqroEnMB8GA1UdIwQY
MBaAFGJ4p2jJELrc1cSu98FyqfBhVH6MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW5pbmFNa1F1dHpWeEs3M3dYS3A4R0ZVZm93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi80MmRmYzAtYTc2NC00ZDVkLWE2MzQt
MzQ1NGY0OTBmZDk2LzEvSEl1RDk3dVFPbXh5Q2F0NlNxOGExYXF1Z1NjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi80MmRmYzAtYTc2NC00ZDVkLWE2MzQtMzQ1NGY0OTBmZDk2
LzEvWW5pbmFNa1F1dHpWeEs3M3dYS3A4R0ZVZm93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBPmxoMA0G
CSqGSIb3DQEBCwUAA4IBAQAbekXb0PHQGSTVqtx54Fn2o6L7Rv6hcgn+FMksmGoH
I4zQrg9FYQSl1Le3ZwPrMaaEDzRYAzft/SnQnZyIJtDRs238fSNEAkTBYHAmsmJt
xtLNJ4ZDlxpnW8JrUcv570Gtd1zXAzmWCdVDI1rg4NDFh30gF5kI642ydQzuzexZ
sJQ/8Db3GWmD9VFgo2A3H/+4N+Sug1V7WnbfcgvbUfi2Z2ojeFnvxEADqm+5wqGK
kyXEHAkFH5eaalmlM7KjMbtYGzWM3oBX7BKOFq/6PYgMlJ8OkAJBgiqbUYKQkNbW
7nt/qrTLZk2O53DkLwujs3khwU9o7vTMWPxr0He4Y/ks
-----END CERTIFICATE-----