Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/1-Nla-cE6gsE-grONlrCpzQDlbF8.roa
File:                     1-Nla-cE6gsE-grONlrCpzQDlbF8.roa (raw, json)
Hash identifier:          83+YTKnpYBKFyDM35QU9ZmyhDAv6Q//9dJ5mh7+54Qk=
Subject key identifier:   F8:D9:5A:F9:C1:3A:82:C1:3E:82:B3:8D:96:B0:A9:CD:00:E5:6C:5F
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       0192280C0384F76DCCB55523846D64D9116D
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/1-Nla-cE6gsE-grONlrCpzQDlbF8.roa
Signing time:             Wed 25 Sep 2024 07:18:48 +0000
ROA not before:           Wed 25 Sep 2024 07:18:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215540
IP address blocks:        62.60.232.0/23 maxlen: 24
                          62.60.234.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:28:0c:03:84:f7:6d:cc:b5:55:23:84:6d:64:d9:11:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Sep 25 07:18:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f8d95af9c13a82c13e82b38d96b0a9cd00e56c5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fc:dc:ea:3d:3d:a6:8e:34:3c:7e:f0:2f:27:6b:
                    dc:34:f3:80:3d:af:91:84:43:22:83:bc:e8:ba:7b:
                    bb:69:79:62:e4:74:1f:88:d8:a2:cc:40:93:e5:bc:
                    84:b1:03:6b:12:50:2d:6d:57:7c:37:b6:2d:f2:8f:
                    ee:ef:91:eb:6f:b6:bd:5c:1e:62:5e:34:b0:05:6d:
                    a0:60:13:6d:57:c4:aa:4c:4a:e2:f8:3f:29:12:e6:
                    62:10:2a:aa:54:e7:9d:88:e4:33:b6:0a:40:57:78:
                    24:be:b8:b0:47:12:ab:66:95:a9:5d:34:c2:fe:c7:
                    12:00:96:29:b1:d1:cc:38:a9:f4:fa:99:38:a4:f6:
                    f3:60:9f:8a:63:ba:b5:be:0b:70:d6:72:6b:4e:cc:
                    12:05:79:4d:88:51:e8:77:c1:0c:8f:cb:d8:48:6d:
                    6e:f1:af:76:0d:4c:c7:20:7f:c4:ee:d4:cc:26:81:
                    f8:c5:73:8a:00:8f:57:2b:38:72:f5:35:f0:15:c7:
                    53:bb:7d:d0:81:41:ba:c9:31:35:e9:65:8e:4a:25:
                    91:e7:57:9c:f7:d9:2e:8e:a3:d6:26:f4:c9:ef:51:
                    37:54:a1:6f:ad:12:a0:6d:91:39:41:04:63:fc:39:
                    ff:f7:b9:62:0b:64:95:d1:2e:3e:c9:f9:48:0d:c3:
                    1d:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:D9:5A:F9:C1:3A:82:C1:3E:82:B3:8D:96:B0:A9:CD:00:E5:6C:5F
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/1-Nla-cE6gsE-grONlrCpzQDlbF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.232.0-62.60.234.255

    Signature Algorithm: sha256WithRSAEncryption
         6f:3b:49:22:7e:28:0a:b8:5c:b3:67:8d:0d:ca:a1:1f:69:d4:
         5f:97:78:a0:b8:80:60:26:1f:04:a2:4d:18:fe:bf:e7:2a:da:
         f7:e0:ab:a7:8e:4a:03:8d:56:23:e6:aa:5d:79:30:ad:07:04:
         63:3d:c4:78:5f:0a:fc:ae:e9:3a:05:57:f5:0f:57:9e:33:3a:
         14:0f:1c:2c:85:18:82:1c:5a:51:bc:27:05:92:d6:e3:35:1e:
         99:81:0e:cd:74:c4:55:02:0f:c2:67:01:de:f2:3d:a4:51:13:
         c2:20:16:65:31:ab:f2:d2:66:ee:6b:cb:98:42:23:e7:16:00:
         4f:13:6d:11:4d:ca:08:41:90:9c:75:07:3d:fa:b0:bc:db:30:
         62:ce:f0:6a:3a:d2:60:19:f9:70:28:c9:4e:f0:7d:92:f8:75:
         ea:ad:d6:d7:01:52:9b:2e:09:2d:72:d2:59:0a:2b:72:ea:d4:
         df:a9:15:f6:f7:4b:29:12:70:b6:a5:4b:59:ae:78:44:11:3f:
         5d:3c:ed:eb:e0:a5:31:db:17:a4:05:85:b3:d3:11:0f:1a:15:
         69:cc:54:cb:bf:b6:d5:7b:95:cc:60:4a:69:f9:5f:74:69:01:
         eb:43:8b:66:54:85:da:d8:19:d8:d3:43:2f:08:5d:06:17:07:
         39:b2:0d:5e
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgISAZIoDAOE923MtVUjhG1k2RFtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjQwOTI1MDcxODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGQ5NWFmOWMxM2E4MmMxM2U4MmIzOGQ5NmIwYTljZDAwZTU2YzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/NzqPT2mjjQ8fvAvJ2vcNPOAPa+R
hEMig7zounu7aXli5HQfiNiizECT5byEsQNrElAtbVd8N7Yt8o/u75Hrb7a9XB5i
XjSwBW2gYBNtV8SqTEri+D8pEuZiECqqVOediOQztgpAV3gkvriwRxKrZpWpXTTC
/scSAJYpsdHMOKn0+pk4pPbzYJ+KY7q1vgtw1nJrTswSBXlNiFHod8EMj8vYSG1u
8a92DUzHIH/E7tTMJoH4xXOKAI9XKzhy9TXwFcdTu33QgUG6yTE16WWOSiWR51ec
99kujqPWJvTJ71E3VKFvrRKgbZE5QQRj/Dn/97liC2SV0S4+yflIDcMdeQIDAQAB
o4ICEjCCAg4wHQYDVR0OBBYEFPjZWvnBOoLBPoKzjZawqc0A5WxfMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvMS1ObGEtY0U2Z3NFLWdyT05sckNwelFEbGJGOC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTcvMTMzOWRmLThlMDYtNDFkZS05NGYzLTBjYmEzM2VmYzVi
Yi8xL3c4R0ZKLU9pQnE4b1FnS05sYTdFRXpqbzJ2Zy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAnBggrBgEFBQcBBwEB/wQYMBYwFAQCAAEwDjAMAwQDPjzo
AwQAPjzqMA0GCSqGSIb3DQEBCwUAA4IBAQBvO0kifigKuFyzZ40NyqEfadRfl3ig
uIBgJh8Eok0Y/r/nKtr34KunjkoDjVYj5qpdeTCtBwRjPcR4Xwr8ruk6BVf1D1ee
MzoUDxwshRiCHFpRvCcFktbjNR6ZgQ7NdMRVAg/CZwHe8j2kURPCIBZlMavy0mbu
a8uYQiPnFgBPE20RTcoIQZCcdQc9+rC82zBizvBqOtJgGflwKMlO8H2S+HXqrdbX
AVKbLgktctJZCity6tTfqRX290spEnC2pUtZrnhEET9dPO3r4KUx2xekBYWz0xEP
GhVpzFTLv7bVe5XMYEpp+V90aQHrQ4tmVIXa2BnY00MvCF0GFwc5sg1e
-----END CERTIFICATE-----