Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/30951e-a309-45c3-ba16-134d953ca093/1/X_bV88kKX2ur0Vxd43WOzt6ZW2c.roa
File:                     X_bV88kKX2ur0Vxd43WOzt6ZW2c.roa (raw, json)
Hash identifier:          UTizKIkg90FNWZlPXfaDP8HzVyEUCzaNBdzM3u5oKg4=
Subject key identifier:   5F:F6:D5:F3:C9:0A:5F:6B:AB:D1:5C:5D:E3:75:8E:CE:DE:99:5B:67
Certificate issuer:       /CN=c99135e587cbb38be1eb7b6de9c48029d045d273
Certificate serial:       0192053D2F3D2844BCE7CC4CF7BF39EB7034
Authority key identifier: C9:91:35:E5:87:CB:B3:8B:E1:EB:7B:6D:E9:C4:80:29:D0:45:D2:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yZE15YfLs4vh63tt6cSAKdBF0nM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/30951e-a309-45c3-ba16-134d953ca093/1/X_bV88kKX2ur0Vxd43WOzt6ZW2c.roa
Signing time:             Wed 18 Sep 2024 13:05:48 +0000
ROA not before:           Wed 18 Sep 2024 13:05:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214247
IP address blocks:        62.108.88.0/22 maxlen: 24
                          62.108.92.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/30951e-a309-45c3-ba16-134d953ca093/1/yZE15YfLs4vh63tt6cSAKdBF0nM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/30951e-a309-45c3-ba16-134d953ca093/1/yZE15YfLs4vh63tt6cSAKdBF0nM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yZE15YfLs4vh63tt6cSAKdBF0nM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:05:3d:2f:3d:28:44:bc:e7:cc:4c:f7:bf:39:eb:70:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c99135e587cbb38be1eb7b6de9c48029d045d273
        Validity
            Not Before: Sep 18 13:05:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5ff6d5f3c90a5f6babd15c5de3758ecede995b67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:31:26:f4:9e:0b:29:a8:63:63:af:85:66:92:
                    75:30:ea:8e:d6:0b:bb:ee:5a:d7:12:68:f3:15:5c:
                    7a:d1:c6:fb:21:bd:20:30:0a:c5:51:33:13:06:2f:
                    b2:35:56:22:06:91:6b:2a:3f:98:36:c9:40:4d:56:
                    a0:d8:a1:bb:61:96:0f:17:df:f4:3f:89:36:11:e6:
                    a9:4c:7e:f5:65:e1:4b:c3:79:fe:da:d8:d9:99:04:
                    3d:99:a3:79:19:52:ad:da:e5:8e:9d:21:03:87:20:
                    c2:22:e8:0c:ef:cc:58:09:d2:42:03:9f:f3:85:ee:
                    71:c2:23:c3:c1:44:54:3f:37:74:71:d8:71:20:7f:
                    0b:07:8f:bf:43:80:83:b5:73:f6:bc:ea:cb:e0:e2:
                    8b:95:83:5b:73:c6:96:94:f1:e4:31:06:db:29:b2:
                    db:9a:9c:08:02:9f:3d:b6:75:dd:4e:6b:86:a1:7b:
                    eb:c7:49:0c:e4:13:9a:5c:65:01:d8:c6:4b:67:0b:
                    99:44:7a:b6:ff:22:02:5f:7a:ea:e8:95:21:90:47:
                    a3:d2:19:da:25:a2:fd:21:12:ec:f4:0a:e4:4d:41:
                    85:72:94:c5:c1:ea:17:19:6e:37:4c:62:1a:cf:95:
                    51:be:a6:a9:01:f9:07:ab:9a:ec:80:9a:44:7e:3c:
                    cd:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:F6:D5:F3:C9:0A:5F:6B:AB:D1:5C:5D:E3:75:8E:CE:DE:99:5B:67
            X509v3 Authority Key Identifier:
                keyid:C9:91:35:E5:87:CB:B3:8B:E1:EB:7B:6D:E9:C4:80:29:D0:45:D2:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yZE15YfLs4vh63tt6cSAKdBF0nM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/30951e-a309-45c3-ba16-134d953ca093/1/X_bV88kKX2ur0Vxd43WOzt6ZW2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/30951e-a309-45c3-ba16-134d953ca093/1/yZE15YfLs4vh63tt6cSAKdBF0nM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.108.88.0/21

    Signature Algorithm: sha256WithRSAEncryption
         32:26:82:fb:39:26:1a:d3:39:a2:89:20:a0:1e:2e:49:07:d0:
         e9:3b:23:f6:4b:e9:82:b2:1b:05:76:93:6a:19:8a:99:f0:9b:
         fd:07:cf:ff:d4:2a:db:82:ce:9d:ce:ac:13:fc:d0:7d:e2:2b:
         77:8b:fc:f5:61:b7:a2:38:a0:9d:04:02:4f:aa:9f:6e:e1:56:
         ca:d6:3a:59:8d:39:bc:65:f0:47:8f:00:29:93:a9:9b:8f:f8:
         4f:73:f2:27:82:34:59:e4:d2:0f:e4:56:fa:21:6c:6b:c3:1d:
         69:1a:9b:da:d0:35:92:8a:9e:01:8b:8c:1c:56:59:24:da:13:
         3f:2c:f0:f5:e2:e1:f4:20:56:01:fd:0f:9c:ca:e6:36:c3:77:
         21:59:9a:f7:e8:7f:b5:8d:17:f7:e0:a1:8f:c0:77:99:e9:be:
         43:ce:31:70:1f:83:3f:05:56:bf:47:66:c6:6c:d1:37:af:0b:
         4f:4a:3e:bb:0a:c7:a4:2c:c4:05:dc:87:93:7a:44:b1:f5:7f:
         48:0a:9f:4e:f3:cc:58:df:0a:81:71:ae:0d:1c:f9:10:9f:21:
         81:f6:df:1f:18:71:12:14:af:17:f4:a3:73:03:2c:da:45:8b:
         e7:ae:c3:e9:4f:51:45:3f:88:a2:31:d6:2d:00:ed:e4:e4:1d:
         e4:18:70:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIFPS89KES858xM978563A0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5OTEzNWU1ODdjYmIzOGJlMWViN2I2ZGU5YzQ4MDI5ZDA0
NWQyNzMwHhcNMjQwOTE4MTMwNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmY2ZDVmM2M5MGE1ZjZiYWJkMTVjNWRlMzc1OGVjZWRlOTk1YjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2DEm9J4LKahjY6+FZpJ1MOqO1gu7
7lrXEmjzFVx60cb7Ib0gMArFUTMTBi+yNVYiBpFrKj+YNslATVag2KG7YZYPF9/0
P4k2EeapTH71ZeFLw3n+2tjZmQQ9maN5GVKt2uWOnSEDhyDCIugM78xYCdJCA5/z
he5xwiPDwURUPzd0cdhxIH8LB4+/Q4CDtXP2vOrL4OKLlYNbc8aWlPHkMQbbKbLb
mpwIAp89tnXdTmuGoXvrx0kM5BOaXGUB2MZLZwuZRHq2/yICX3rq6JUhkEej0hna
JaL9IRLs9ArkTUGFcpTFweoXGW43TGIaz5VRvqapAfkHq5rsgJpEfjzNGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF/21fPJCl9rq9FcXeN1js7emVtnMB8GA1UdIwQY
MBaAFMmRNeWHy7OL4et7benEgCnQRdJzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVpFMTVZZkxzNHZoNjN0dDZjU0FLZEJGMG5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS8zMDk1MWUtYTMwOS00NWMzLWJhMTYt
MTM0ZDk1M2NhMDkzLzEvWF9iVjg4a0tYMnVyMFZ4ZDQzV096dDZaVzJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS8zMDk1MWUtYTMwOS00NWMzLWJhMTYtMTM0ZDk1M2NhMDkz
LzEveVpFMTVZZkxzNHZoNjN0dDZjU0FLZEJGMG5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDPmxYMA0G
CSqGSIb3DQEBCwUAA4IBAQAyJoL7OSYa0zmiiSCgHi5JB9DpOyP2S+mCshsFdpNq
GYqZ8Jv9B8//1Crbgs6dzqwT/NB94it3i/z1YbeiOKCdBAJPqp9u4VbK1jpZjTm8
ZfBHjwApk6mbj/hPc/IngjRZ5NIP5Fb6IWxrwx1pGpva0DWSip4Bi4wcVlkk2hM/
LPD14uH0IFYB/Q+cyuY2w3chWZr36H+1jRf34KGPwHeZ6b5DzjFwH4M/BVa/R2bG
bNE3rwtPSj67CsekLMQF3IeTekSx9X9ICp9O88xY3wqBca4NHPkQnyGB9t8fGHES
FK8X9KNzAyzaRYvnrsPpT1FFP4iiMdYtAO3k5B3kGHBa
-----END CERTIFICATE-----