Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/758467-6818-4e84-87ba-5d838668bebe/1/bIDmk3x0i1QkM_KacacgH75P1ac.roa
File:                     bIDmk3x0i1QkM_KacacgH75P1ac.roa (raw, json)
Hash identifier:          SYYKej9n1crqgfF0Cgn32ubFTOGUc2VbuorTTWWE4/0=
Subject key identifier:   6C:80:E6:93:7C:74:8B:54:24:33:F2:9A:71:A7:20:1F:BE:4F:D5:A7
Certificate issuer:       /CN=bf2805992e6531d3da31ee1af6bcd5c06d02b6ca
Certificate serial:       018CC9BC5371E8D53C05BA8CD62C217EC378
Authority key identifier: BF:28:05:99:2E:65:31:D3:DA:31:EE:1A:F6:BC:D5:C0:6D:02:B6:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vygFmS5lMdPaMe4a9rzVwG0Ctso.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/758467-6818-4e84-87ba-5d838668bebe/1/bIDmk3x0i1QkM_KacacgH75P1ac.roa
Signing time:             Tue 02 Jan 2024 10:33:31 +0000
ROA not before:           Tue 02 Jan 2024 10:33:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25466
IP address blocks:        62.101.52.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/758467-6818-4e84-87ba-5d838668bebe/1/vygFmS5lMdPaMe4a9rzVwG0Ctso.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/758467-6818-4e84-87ba-5d838668bebe/1/vygFmS5lMdPaMe4a9rzVwG0Ctso.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vygFmS5lMdPaMe4a9rzVwG0Ctso.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 22:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:53:71:e8:d5:3c:05:ba:8c:d6:2c:21:7e:c3:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf2805992e6531d3da31ee1af6bcd5c06d02b6ca
        Validity
            Not Before: Jan  2 10:33:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6c80e6937c748b542433f29a71a7201fbe4fd5a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:94:a0:3b:5e:6b:78:54:bf:80:1e:28:7d:df:
                    fb:01:37:80:df:e5:a2:20:c6:db:78:f8:93:5d:c1:
                    ad:b7:77:f6:39:a9:2d:f9:aa:17:2c:33:50:8e:f8:
                    ad:0d:bc:f7:c0:52:e5:31:1d:aa:e5:e1:7c:70:40:
                    28:6b:d3:fe:91:86:c3:79:a5:67:b7:3d:aa:33:7a:
                    c1:06:c9:83:5f:c8:58:a2:7e:91:e5:45:f6:d3:93:
                    04:8e:32:58:a8:5f:f3:df:05:d1:cf:40:3e:66:d1:
                    01:69:4b:46:38:42:0c:02:75:fe:c3:44:47:eb:da:
                    15:20:7f:29:b3:8c:23:4d:c8:74:ae:58:4f:16:85:
                    2a:b8:b9:e4:67:ff:10:28:86:16:77:1b:ff:3b:f9:
                    df:b7:cb:25:60:2d:35:65:b4:a4:de:b5:45:86:98:
                    d6:27:1e:89:59:5f:9d:16:d5:be:89:bd:55:ef:0f:
                    a8:c6:69:f9:4d:58:f3:c9:a1:46:a6:cd:ae:49:b8:
                    84:82:49:63:cd:d2:16:ef:ba:79:11:4d:d6:53:5f:
                    c9:32:86:98:52:8d:56:4b:ee:f3:e9:27:b2:47:6c:
                    a3:5a:9d:98:ee:fb:9b:9f:78:0c:39:23:67:03:99:
                    07:bc:13:ba:e0:fe:a9:40:1d:65:bf:8e:07:ec:ef:
                    32:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:80:E6:93:7C:74:8B:54:24:33:F2:9A:71:A7:20:1F:BE:4F:D5:A7
            X509v3 Authority Key Identifier:
                keyid:BF:28:05:99:2E:65:31:D3:DA:31:EE:1A:F6:BC:D5:C0:6D:02:B6:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vygFmS5lMdPaMe4a9rzVwG0Ctso.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/758467-6818-4e84-87ba-5d838668bebe/1/bIDmk3x0i1QkM_KacacgH75P1ac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/758467-6818-4e84-87ba-5d838668bebe/1/vygFmS5lMdPaMe4a9rzVwG0Ctso.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.101.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         33:2e:c7:78:7b:7f:45:85:c4:88:d0:23:36:8b:9c:66:d7:8f:
         e4:73:24:d7:35:0f:fd:c0:a2:b2:4a:40:0c:42:d0:10:2b:d6:
         60:77:f9:a8:43:8e:ec:9e:4a:02:2e:90:ad:01:b9:29:2c:0e:
         4e:35:40:98:79:2b:af:bb:9f:64:89:1e:42:f9:d6:46:55:cf:
         2e:00:b9:d8:61:8c:a9:7f:2a:b5:c7:49:8b:9d:0d:5e:21:2f:
         50:f9:54:c8:b2:8f:a4:2a:1b:fe:98:e4:4c:c6:19:42:55:7c:
         3f:cc:74:11:82:a1:97:b9:70:b8:a4:59:45:71:0e:5d:cf:fc:
         d9:11:a0:ee:81:d3:80:e8:fc:75:4f:1d:47:d2:63:25:21:7e:
         cc:36:b8:f6:f0:f9:f9:64:12:91:6e:e9:64:c7:42:09:99:c5:
         95:44:70:88:ca:3a:cc:b2:03:75:ed:93:fb:32:95:a3:42:00:
         32:f7:cb:0d:57:85:bd:8d:4a:91:94:17:56:c0:5e:61:14:f9:
         3f:6a:b3:a9:ce:a6:75:ce:4b:ed:d4:5d:2b:ce:f9:25:fc:be:
         d6:04:34:b4:18:5c:74:42:bd:c9:45:f5:e5:96:98:4e:41:f6:
         eb:74:2b:58:87:5a:65:a3:3a:ff:86:78:82:fc:15:ee:53:67:
         7f:73:20:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvFNx6NU8BbqM1iwhfsN4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmMjgwNTk5MmU2NTMxZDNkYTMxZWUxYWY2YmNkNWMwNmQw
MmI2Y2EwHhcNMjQwMTAyMTAzMzMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzgwZTY5MzdjNzQ4YjU0MjQzM2YyOWE3MWE3MjAxZmJlNGZkNWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhZSgO15reFS/gB4ofd/7ATeA3+Wi
IMbbePiTXcGtt3f2Oakt+aoXLDNQjvitDbz3wFLlMR2q5eF8cEAoa9P+kYbDeaVn
tz2qM3rBBsmDX8hYon6R5UX205MEjjJYqF/z3wXRz0A+ZtEBaUtGOEIMAnX+w0RH
69oVIH8ps4wjTch0rlhPFoUquLnkZ/8QKIYWdxv/O/nft8slYC01ZbSk3rVFhpjW
Jx6JWV+dFtW+ib1V7w+oxmn5TVjzyaFGps2uSbiEgkljzdIW77p5EU3WU1/JMoaY
Uo1WS+7z6SeyR2yjWp2Y7vubn3gMOSNnA5kHvBO64P6pQB1lv44H7O8ypQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGyA5pN8dItUJDPymnGnIB++T9WnMB8GA1UdIwQY
MBaAFL8oBZkuZTHT2jHuGva81cBtArbKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnlnRm1TNWxNZFBhTWU0YTlyelZ3RzBDdHNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi83NTg0NjctNjgxOC00ZTg0LTg3YmEt
NWQ4Mzg2NjhiZWJlLzEvYklEbWszeDBpMVFrTV9LYWNhY2dINzVQMWFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi83NTg0NjctNjgxOC00ZTg0LTg3YmEtNWQ4Mzg2NjhiZWJl
LzEvdnlnRm1TNWxNZFBhTWU0YTlyelZ3RzBDdHNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCPmU0MA0G
CSqGSIb3DQEBCwUAA4IBAQAzLsd4e39FhcSI0CM2i5xm14/kcyTXNQ/9wKKySkAM
QtAQK9Zgd/moQ47snkoCLpCtAbkpLA5ONUCYeSuvu59kiR5C+dZGVc8uALnYYYyp
fyq1x0mLnQ1eIS9Q+VTIso+kKhv+mORMxhlCVXw/zHQRgqGXuXC4pFlFcQ5dz/zZ
EaDugdOA6Px1Tx1H0mMlIX7MNrj28Pn5ZBKRbulkx0IJmcWVRHCIyjrMsgN17ZP7
MpWjQgAy98sNV4W9jUqRlBdWwF5hFPk/arOpzqZ1zkvt1F0rzvkl/L7WBDS0GFx0
Qr3JRfXllphOQfbrdCtYh1plozr/hniC/BXuU2d/cyD3
-----END CERTIFICATE-----