Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/30951e-a309-45c3-ba16-134d953ca093/1/obVirRyZrpdXA4HUF4olnpZtfUE.roa
File:                     obVirRyZrpdXA4HUF4olnpZtfUE.roa (raw, json)
Hash identifier:          hlYaTsCwjkL4Zz/sgGEz6QU1pEFRvIX85PAPW2pB2Co=
Subject key identifier:   A1:B5:62:AD:1C:99:AE:97:57:03:81:D4:17:8A:25:9E:96:6D:7D:41
Certificate issuer:       /CN=c99135e587cbb38be1eb7b6de9c48029d045d273
Certificate serial:       019223939A7649DEC57E0FCB2D7384A31292
Authority key identifier: C9:91:35:E5:87:CB:B3:8B:E1:EB:7B:6D:E9:C4:80:29:D0:45:D2:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yZE15YfLs4vh63tt6cSAKdBF0nM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/30951e-a309-45c3-ba16-134d953ca093/1/obVirRyZrpdXA4HUF4olnpZtfUE.roa
Signing time:             Tue 24 Sep 2024 10:28:48 +0000
ROA not before:           Tue 24 Sep 2024 10:28:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34984
IP address blocks:        62.108.88.0/22 maxlen: 24
                          62.108.92.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/30951e-a309-45c3-ba16-134d953ca093/1/yZE15YfLs4vh63tt6cSAKdBF0nM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/30951e-a309-45c3-ba16-134d953ca093/1/yZE15YfLs4vh63tt6cSAKdBF0nM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yZE15YfLs4vh63tt6cSAKdBF0nM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:23:93:9a:76:49:de:c5:7e:0f:cb:2d:73:84:a3:12:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c99135e587cbb38be1eb7b6de9c48029d045d273
        Validity
            Not Before: Sep 24 10:28:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a1b562ad1c99ae97570381d4178a259e966d7d41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:3d:d3:48:bd:5e:1e:64:83:e3:4e:ff:98:64:
                    57:ed:fc:ab:ed:7f:b7:bd:45:e0:6c:c7:e2:cc:d6:
                    13:3f:75:f9:6d:87:70:74:6b:7c:16:ba:ee:86:b3:
                    eb:41:3d:c9:16:1a:05:cb:11:2c:cd:7f:0e:88:71:
                    f4:52:0c:65:3c:00:23:6e:07:ce:bf:6c:72:ef:06:
                    9b:ed:a2:29:2d:cb:c7:d1:1e:11:e1:03:3f:72:57:
                    94:98:68:41:df:bd:02:60:b3:ee:e2:97:ec:8c:1a:
                    a0:d2:35:d2:93:de:44:ff:bc:68:a0:03:12:9a:68:
                    10:05:a0:ed:d9:d2:ea:04:b1:c2:2d:ec:20:cf:de:
                    93:06:8f:7d:ef:5e:fc:5d:9d:7b:d8:d4:6c:50:21:
                    e2:a8:83:0d:23:69:88:dc:74:25:3e:1d:7f:1a:fd:
                    27:b6:f8:35:bf:a2:dd:33:7f:72:93:58:10:de:a1:
                    8b:9c:f3:21:92:8a:ec:94:5a:9c:28:8c:28:f3:2a:
                    4a:49:8d:10:51:a1:e4:0f:33:d8:f3:5f:da:2e:e1:
                    a6:6f:1c:c9:fb:9a:fe:a6:9f:f3:a3:66:a4:80:b1:
                    eb:b3:43:15:0a:53:2b:4b:08:ff:3b:73:8f:52:56:
                    af:07:e0:8c:db:79:03:fb:a6:08:b2:23:c7:da:f8:
                    44:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:B5:62:AD:1C:99:AE:97:57:03:81:D4:17:8A:25:9E:96:6D:7D:41
            X509v3 Authority Key Identifier:
                keyid:C9:91:35:E5:87:CB:B3:8B:E1:EB:7B:6D:E9:C4:80:29:D0:45:D2:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yZE15YfLs4vh63tt6cSAKdBF0nM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/30951e-a309-45c3-ba16-134d953ca093/1/obVirRyZrpdXA4HUF4olnpZtfUE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/30951e-a309-45c3-ba16-134d953ca093/1/yZE15YfLs4vh63tt6cSAKdBF0nM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.108.88.0/21

    Signature Algorithm: sha256WithRSAEncryption
         38:6a:6e:a8:59:84:42:15:8e:fb:fc:af:d5:55:8d:4c:b2:6c:
         bb:d5:d0:2d:eb:a9:5d:da:e2:6a:08:75:15:b0:41:cb:a2:d6:
         5b:23:40:32:10:46:a4:e8:5d:e9:48:2a:42:d4:59:e7:2a:04:
         70:09:35:77:dc:8c:ff:22:e9:fc:c8:9e:f9:5e:be:00:4e:e1:
         fd:29:1d:0f:95:62:1b:03:f4:5b:5d:43:d6:88:ca:9c:3e:96:
         b7:7f:f8:34:a4:bf:72:e9:72:23:51:aa:d2:19:f7:f4:27:ec:
         e9:07:6e:e2:40:ac:c2:5c:d0:4e:cf:ad:1a:c9:65:7c:bf:30:
         f7:2e:17:86:00:53:8c:24:20:ba:ff:61:8d:8c:f5:89:31:b6:
         46:31:d0:c4:18:81:77:52:01:2f:74:03:0a:0f:61:65:3e:99:
         b6:1d:d5:f9:d8:44:8e:05:ea:b1:b9:27:9b:17:46:41:7d:4c:
         1b:86:2f:df:f5:71:2b:06:95:b0:19:8d:66:78:0e:25:17:dd:
         35:f9:be:45:41:16:32:7e:86:0b:69:ed:f4:07:72:81:26:fb:
         e2:1e:d2:7d:26:cf:0b:63:3a:9e:ab:ce:de:4b:bb:44:2f:79:
         35:70:66:73:a9:ad:97:06:a0:40:d3:dc:ec:e1:58:12:ba:70:
         58:d0:bf:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIjk5p2Sd7Ffg/LLXOEoxKSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5OTEzNWU1ODdjYmIzOGJlMWViN2I2ZGU5YzQ4MDI5ZDA0
NWQyNzMwHhcNMjQwOTI0MTAyODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWI1NjJhZDFjOTlhZTk3NTcwMzgxZDQxNzhhMjU5ZTk2NmQ3ZDQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtD3TSL1eHmSD407/mGRX7fyr7X+3
vUXgbMfizNYTP3X5bYdwdGt8FrruhrPrQT3JFhoFyxEszX8OiHH0UgxlPAAjbgfO
v2xy7wab7aIpLcvH0R4R4QM/cleUmGhB370CYLPu4pfsjBqg0jXSk95E/7xooAMS
mmgQBaDt2dLqBLHCLewgz96TBo997178XZ172NRsUCHiqIMNI2mI3HQlPh1/Gv0n
tvg1v6LdM39yk1gQ3qGLnPMhkorslFqcKIwo8ypKSY0QUaHkDzPY81/aLuGmbxzJ
+5r+pp/zo2akgLHrs0MVClMrSwj/O3OPUlavB+CM23kD+6YIsiPH2vhE5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKG1Yq0cma6XVwOB1BeKJZ6WbX1BMB8GA1UdIwQY
MBaAFMmRNeWHy7OL4et7benEgCnQRdJzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVpFMTVZZkxzNHZoNjN0dDZjU0FLZEJGMG5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS8zMDk1MWUtYTMwOS00NWMzLWJhMTYt
MTM0ZDk1M2NhMDkzLzEvb2JWaXJSeVpycGRYQTRIVUY0b2xucFp0ZlVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS8zMDk1MWUtYTMwOS00NWMzLWJhMTYtMTM0ZDk1M2NhMDkz
LzEveVpFMTVZZkxzNHZoNjN0dDZjU0FLZEJGMG5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDPmxYMA0G
CSqGSIb3DQEBCwUAA4IBAQA4am6oWYRCFY77/K/VVY1Msmy71dAt66ld2uJqCHUV
sEHLotZbI0AyEEak6F3pSCpC1FnnKgRwCTV33Iz/Iun8yJ75Xr4ATuH9KR0PlWIb
A/RbXUPWiMqcPpa3f/g0pL9y6XIjUarSGff0J+zpB27iQKzCXNBOz60ayWV8vzD3
LheGAFOMJCC6/2GNjPWJMbZGMdDEGIF3UgEvdAMKD2FlPpm2HdX52ESOBeqxuSeb
F0ZBfUwbhi/f9XErBpWwGY1meA4lF901+b5FQRYyfoYLae30B3KBJvviHtJ9Js8L
Yzqeq87eS7tEL3k1cGZzqa2XBqBA09zs4VgSunBY0L9+
-----END CERTIFICATE-----