Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/decaeb-3f95-4f2a-af65-0c020a7e4a44/1/X-j1pFjeEwQ3XY1a-hvuxCt1fhU.roa
File:                     X-j1pFjeEwQ3XY1a-hvuxCt1fhU.roa (raw, json)
Hash identifier:          0EbdjzA6qDImB036uSe6fL4Fz/okbq7sBOhSqAlx9R0=
Subject key identifier:   5F:E8:F5:A4:58:DE:13:04:37:5D:8D:5A:FA:1B:EE:C4:2B:75:7E:15
Certificate issuer:       /CN=52ceee2d6d7a50c92499da1a21f2abb7a2a774c8
Certificate serial:       018CC794119B7C742632DE3482A1E570F806
Authority key identifier: 52:CE:EE:2D:6D:7A:50:C9:24:99:DA:1A:21:F2:AB:B7:A2:A7:74:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Us7uLW16UMkkmdoaIfKrt6KndMg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/decaeb-3f95-4f2a-af65-0c020a7e4a44/1/X-j1pFjeEwQ3XY1a-hvuxCt1fhU.roa
Signing time:             Tue 02 Jan 2024 00:30:19 +0000
ROA not before:           Tue 02 Jan 2024 00:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6786
IP address blocks:        62.169.4.0/24 maxlen: 24
                          62.169.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/decaeb-3f95-4f2a-af65-0c020a7e4a44/1/Us7uLW16UMkkmdoaIfKrt6KndMg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/decaeb-3f95-4f2a-af65-0c020a7e4a44/1/Us7uLW16UMkkmdoaIfKrt6KndMg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Us7uLW16UMkkmdoaIfKrt6KndMg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:11:9b:7c:74:26:32:de:34:82:a1:e5:70:f8:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52ceee2d6d7a50c92499da1a21f2abb7a2a774c8
        Validity
            Not Before: Jan  2 00:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5fe8f5a458de1304375d8d5afa1beec42b757e15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:85:b1:2b:37:a9:c3:3b:87:cd:38:cd:05:8f:
                    69:47:10:27:68:b5:ea:e1:3b:af:7d:a2:d4:df:14:
                    3f:64:77:f2:ec:36:a9:f0:17:41:5b:64:3c:53:06:
                    1b:94:a2:49:47:17:89:b1:a8:b8:22:4e:bc:f3:77:
                    05:60:6e:82:8c:b5:79:13:36:08:38:e0:88:cb:ff:
                    3f:ef:47:c0:f1:e9:17:2d:cb:ee:7b:8a:5d:f3:30:
                    a7:2e:4c:ad:08:76:3b:c0:cb:a0:73:d4:32:d2:ee:
                    ec:d4:ec:22:3e:87:8d:a3:e8:e6:36:b8:b8:06:7f:
                    0f:f7:5e:3b:10:f5:18:ef:15:b7:4a:63:8d:f4:56:
                    b5:45:42:80:6e:64:e1:37:fd:27:cb:2f:b4:d8:d1:
                    f1:ff:f8:88:2c:cd:50:46:84:0b:f3:b9:8f:cb:1a:
                    6c:8c:e2:79:05:33:ad:68:1f:bb:be:74:0c:6f:44:
                    e4:f6:cb:80:52:95:c7:30:64:a4:94:13:52:f2:69:
                    d5:b9:54:ca:f0:57:f8:32:48:f1:27:88:d2:3f:5a:
                    6a:9d:78:af:86:cd:00:57:f2:37:4f:ff:a2:00:ab:
                    81:4f:bd:7e:b6:f4:30:61:8c:d1:72:69:31:e4:3c:
                    d3:b1:40:7f:69:28:94:d9:a3:d6:ee:ff:1c:40:63:
                    2b:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:E8:F5:A4:58:DE:13:04:37:5D:8D:5A:FA:1B:EE:C4:2B:75:7E:15
            X509v3 Authority Key Identifier:
                keyid:52:CE:EE:2D:6D:7A:50:C9:24:99:DA:1A:21:F2:AB:B7:A2:A7:74:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Us7uLW16UMkkmdoaIfKrt6KndMg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/decaeb-3f95-4f2a-af65-0c020a7e4a44/1/X-j1pFjeEwQ3XY1a-hvuxCt1fhU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/decaeb-3f95-4f2a-af65-0c020a7e4a44/1/Us7uLW16UMkkmdoaIfKrt6KndMg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.169.4.0/24
                  62.169.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:8d:a1:b7:74:4e:1e:f9:b5:ad:7c:c3:aa:32:26:8e:c1:27:
         58:61:5e:4d:27:ef:02:54:b1:e7:f5:b9:26:f8:31:3b:ba:c1:
         1f:58:ec:54:0f:b4:3b:c9:f3:f6:98:69:06:f0:ba:1b:3e:a3:
         64:01:fe:fc:6f:48:49:46:67:94:dc:2a:e1:cb:0e:0d:7e:f4:
         12:66:1c:e8:e8:4e:86:60:3d:2e:1a:1b:9d:a7:d2:82:c6:22:
         6e:df:27:8e:cd:76:0b:38:a5:c4:7f:5a:73:11:c4:76:02:59:
         c6:cc:05:00:7c:47:b5:be:ae:43:73:33:a5:8a:7e:8b:f1:29:
         05:4a:e4:bc:5d:f3:38:96:45:9e:9f:52:8d:74:8e:4f:4b:c6:
         11:3c:a9:a4:9c:dd:19:0c:2c:12:ff:bd:80:c8:7d:fe:53:10:
         d4:42:7f:58:4c:d3:28:17:a1:7f:49:3a:7f:90:19:1c:2b:16:
         a2:a8:7a:92:d4:21:89:aa:ba:1f:c3:b8:fa:d9:cc:20:b1:3f:
         7c:5d:f4:53:4a:90:c6:af:83:7f:bc:67:44:88:1f:5e:19:00:
         f8:e5:ce:bd:46:69:b8:17:96:20:5b:1d:cb:6d:ed:c7:de:f9:
         da:8f:6d:88:3d:49:e5:3d:84:27:12:67:3d:ee:10:f0:85:b8:
         96:71:e9:14
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlBGbfHQmMt40gqHlcPgGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyY2VlZTJkNmQ3YTUwYzkyNDk5ZGExYTIxZjJhYmI3YTJh
Nzc0YzgwHhcNMjQwMTAyMDAzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmU4ZjVhNDU4ZGUxMzA0Mzc1ZDhkNWFmYTFiZWVjNDJiNzU3ZTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0oWxKzepwzuHzTjNBY9pRxAnaLXq
4TuvfaLU3xQ/ZHfy7Dap8BdBW2Q8UwYblKJJRxeJsai4Ik6883cFYG6CjLV5EzYI
OOCIy/8/70fA8ekXLcvue4pd8zCnLkytCHY7wMugc9Qy0u7s1OwiPoeNo+jmNri4
Bn8P9147EPUY7xW3SmON9Fa1RUKAbmThN/0nyy+02NHx//iILM1QRoQL87mPyxps
jOJ5BTOtaB+7vnQMb0Tk9suAUpXHMGSklBNS8mnVuVTK8Ff4MkjxJ4jSP1pqnXiv
hs0AV/I3T/+iAKuBT71+tvQwYYzRcmkx5DzTsUB/aSiU2aPW7v8cQGMrDQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF/o9aRY3hMEN12NWvob7sQrdX4VMB8GA1UdIwQY
MBaAFFLO7i1telDJJJnaGiHyq7eip3TIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXM3dUxXMTZVTWtrbWRvYUlmS3J0NktuZE1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS9kZWNhZWItM2Y5NS00ZjJhLWFmNjUt
MGMwMjBhN2U0YTQ0LzEvWC1qMXBGamVFd1EzWFkxYS1odnV4Q3QxZmhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS9kZWNhZWItM2Y5NS00ZjJhLWFmNjUtMGMwMjBhN2U0YTQ0
LzEvVXM3dUxXMTZVTWtrbWRvYUlmS3J0NktuZE1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPqkEAwQA
PqkHMA0GCSqGSIb3DQEBCwUAA4IBAQC1jaG3dE4e+bWtfMOqMiaOwSdYYV5NJ+8C
VLHn9bkm+DE7usEfWOxUD7Q7yfP2mGkG8LobPqNkAf78b0hJRmeU3Crhyw4NfvQS
Zhzo6E6GYD0uGhudp9KCxiJu3yeOzXYLOKXEf1pzEcR2AlnGzAUAfEe1vq5DczOl
in6L8SkFSuS8XfM4lkWen1KNdI5PS8YRPKmknN0ZDCwS/72AyH3+UxDUQn9YTNMo
F6F/STp/kBkcKxaiqHqS1CGJqrofw7j62cwgsT98XfRTSpDGr4N/vGdEiB9eGQD4
5c69Rmm4F5YgWx3Lbe3H3vnaj22IPUnlPYQnEmc97hDwhbiWcekU
-----END CERTIFICATE-----