Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/0VoBs0BdA3r_EWU04UNWj7WxRxY.roa
File:                     0VoBs0BdA3r_EWU04UNWj7WxRxY.roa (raw, json)
Hash identifier:          b8YbcgmZUVEMiwW8a1qDE0PSNLhksO1l5mtKxtTapfc=
Subject key identifier:   D1:5A:01:B3:40:5D:03:7A:FF:11:65:34:E1:43:56:8F:B5:B1:47:16
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       01916EE982F59645587BF27EC15096A7BA65
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/0VoBs0BdA3r_EWU04UNWj7WxRxY.roa
Signing time:             Tue 20 Aug 2024 08:31:22 +0000
ROA not before:           Tue 20 Aug 2024 08:31:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215633
IP address blocks:        62.60.141.0/24 maxlen: 24
                          62.60.146.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:6e:e9:82:f5:96:45:58:7b:f2:7e:c1:50:96:a7:ba:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Aug 20 08:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d15a01b3405d037aff116534e143568fb5b14716
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:54:2f:b5:ae:f1:fa:f3:c9:fc:40:ce:5d:f0:
                    38:4c:2a:6d:00:d9:42:5c:bb:4f:f8:05:81:2e:4d:
                    9f:ff:eb:9f:57:38:7f:45:61:03:84:89:16:e7:3f:
                    2d:6c:cb:a8:39:74:fb:3d:04:34:ad:3d:74:c3:bd:
                    67:21:bf:73:e9:07:60:5b:a1:40:4d:30:b0:6e:3a:
                    19:ca:4d:0b:a5:51:cf:b3:39:6a:ee:a3:c8:83:e6:
                    d5:6d:f2:24:f8:cd:56:b6:ed:f6:66:0c:d1:11:67:
                    49:93:3b:4f:9a:e7:03:dc:65:41:d8:d0:8c:5a:eb:
                    af:bf:f6:6f:b1:95:22:19:f8:88:34:d9:48:50:52:
                    60:ba:3a:21:3e:b2:f1:4d:66:12:43:25:a5:07:5a:
                    69:93:b8:59:ec:30:80:38:02:e6:4c:95:2f:45:0d:
                    3d:d3:b7:d0:8c:ba:96:02:c7:c5:db:cc:3a:d7:8c:
                    ab:11:1e:25:aa:a1:19:2a:e2:96:7f:0c:66:9e:35:
                    09:49:96:2a:40:26:79:84:63:dc:46:42:35:f8:c4:
                    f6:38:ca:29:56:a8:06:f7:99:05:c4:c9:10:06:f0:
                    85:93:c6:ed:ce:9e:63:d1:89:c4:d4:ca:e0:40:97:
                    b9:a7:63:73:de:20:7b:d1:fa:11:22:b6:9c:cf:83:
                    c4:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:5A:01:B3:40:5D:03:7A:FF:11:65:34:E1:43:56:8F:B5:B1:47:16
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/0VoBs0BdA3r_EWU04UNWj7WxRxY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.141.0/24
                  62.60.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:66:6b:c8:77:04:28:16:fb:6d:41:d3:54:f3:0c:06:96:eb:
         4e:fb:fe:bf:21:c6:28:90:4a:ad:c2:05:8b:dd:a1:70:8d:aa:
         ef:14:4a:70:d8:8e:21:12:b9:c8:a6:8b:92:41:2e:11:ca:fd:
         63:32:ca:af:47:90:23:e8:28:cf:e8:2b:0f:e9:14:5c:86:1d:
         6b:fb:3f:42:a6:c0:53:88:29:75:13:e7:73:8c:61:cb:4b:29:
         cd:ed:16:24:93:78:d8:94:7a:4f:77:49:f0:15:f2:83:48:49:
         5b:4e:62:8e:bd:ce:49:7f:e8:72:81:6c:42:81:72:c5:72:7d:
         2c:8b:cd:a7:69:d2:da:42:3c:db:cb:c5:d3:8f:e2:8b:94:bb:
         2e:06:41:cb:e5:b1:f1:4f:3a:b7:82:82:1d:b5:36:59:c8:a0:
         3f:0a:7c:67:70:0e:5c:cd:86:89:a9:50:48:de:97:46:42:da:
         a6:75:b1:db:1c:22:98:da:a8:38:60:c6:1b:f3:53:6c:b4:ec:
         23:07:1f:aa:31:47:54:f8:00:e1:c3:35:ea:15:e7:a6:ab:64:
         88:88:4e:cc:fc:31:bd:90:02:fa:9c:fc:10:f2:69:26:fb:31:
         02:0d:58:8b:59:8e:1d:2e:c6:66:82:bb:1c:2c:5b:fe:0d:00:
         a7:a3:bf:86
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZFu6YL1lkVYe/J+wVCWp7plMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjQwODIwMDgzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTVhMDFiMzQwNWQwMzdhZmYxMTY1MzRlMTQzNTY4ZmI1YjE0NzE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAulQvta7x+vPJ/EDOXfA4TCptANlC
XLtP+AWBLk2f/+ufVzh/RWEDhIkW5z8tbMuoOXT7PQQ0rT10w71nIb9z6QdgW6FA
TTCwbjoZyk0LpVHPszlq7qPIg+bVbfIk+M1Wtu32ZgzREWdJkztPmucD3GVB2NCM
Wuuvv/ZvsZUiGfiINNlIUFJgujohPrLxTWYSQyWlB1ppk7hZ7DCAOALmTJUvRQ09
07fQjLqWAsfF28w614yrER4lqqEZKuKWfwxmnjUJSZYqQCZ5hGPcRkI1+MT2OMop
VqgG95kFxMkQBvCFk8btzp5j0YnE1MrgQJe5p2Nz3iB70foRIracz4PEfQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNFaAbNAXQN6/xFlNOFDVo+1sUcWMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvMFZvQnMwQmRBM3JfRVdVMDRVTldqN1d4UnhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPjyNAwQA
PjySMA0GCSqGSIb3DQEBCwUAA4IBAQCmZmvIdwQoFvttQdNU8wwGlutO+/6/IcYo
kEqtwgWL3aFwjarvFEpw2I4hErnIpouSQS4Ryv1jMsqvR5Aj6CjP6CsP6RRchh1r
+z9CpsBTiCl1E+dzjGHLSynN7RYkk3jYlHpPd0nwFfKDSElbTmKOvc5Jf+hygWxC
gXLFcn0si82nadLaQjzby8XTj+KLlLsuBkHL5bHxTzq3goIdtTZZyKA/CnxncA5c
zYaJqVBI3pdGQtqmdbHbHCKY2qg4YMYb81NstOwjBx+qMUdU+ADhwzXqFeemq2SI
iE7M/DG9kAL6nPwQ8mkm+zECDViLWY4dLsZmgrscLFv+DQCno7+G
-----END CERTIFICATE-----