Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/3gdvo-ZrJ8a9QT14D_vbgdEpQ08.roa
File:                     3gdvo-ZrJ8a9QT14D_vbgdEpQ08.roa (raw, json)
Hash identifier:          /hfOhwmxK1RHIv6nXQdCByUDcvNWev4CV8DQvipPbXs=
Subject key identifier:   DE:07:6F:A3:E6:6B:27:C6:BD:41:3D:78:0F:FB:DB:81:D1:29:43:4F
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       01931EC028B506E539A8234AD894B482886C
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/3gdvo-ZrJ8a9QT14D_vbgdEpQ08.roa
Signing time:             Tue 12 Nov 2024 05:02:09 +0000
ROA not before:           Tue 12 Nov 2024 05:02:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44947
IP address blocks:        62.60.148.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:1e:c0:28:b5:06:e5:39:a8:23:4a:d8:94:b4:82:88:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Nov 12 05:02:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de076fa3e66b27c6bd413d780ffbdb81d129434f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:42:cd:aa:80:cd:b0:bf:c0:50:1d:07:d0:22:
                    a5:01:68:b9:81:d4:ae:a6:03:0f:19:f7:1f:fc:2a:
                    8b:98:e2:b3:4c:be:ca:cc:78:65:3e:23:5e:ff:38:
                    d5:38:25:22:ed:9e:6c:6e:a8:cd:72:ea:48:d6:4f:
                    fa:47:6c:ef:1d:0d:1c:e9:62:05:ef:a0:ad:9e:4b:
                    9f:85:47:03:f7:36:d3:11:a9:33:a1:a4:32:26:9f:
                    c2:15:6e:4a:fe:2e:af:b5:57:a4:f5:28:fe:ef:1b:
                    2e:c7:39:74:4e:b2:04:83:20:7c:54:d4:d3:f5:bb:
                    41:ea:05:68:ef:83:cf:40:a6:1d:a8:ca:0a:41:eb:
                    21:06:1c:36:4b:fb:ae:c1:f5:c7:06:4e:3e:8b:af:
                    ce:ac:ae:f3:eb:11:a6:4c:c6:63:4d:03:4b:0a:47:
                    20:c6:c5:bb:ba:81:87:49:45:e6:ac:c1:ed:ce:62:
                    86:11:ac:fd:78:d2:06:68:cf:a9:21:93:20:fa:f7:
                    04:67:2e:7e:33:5a:62:da:cd:15:b7:c7:d8:f8:26:
                    86:3b:e3:4a:f7:ee:af:2c:47:c2:b2:35:08:0c:93:
                    f4:f5:01:71:6c:de:7b:86:83:51:a4:bb:12:5d:40:
                    fb:49:12:4f:13:3e:78:3f:45:83:3c:d2:b6:16:3e:
                    78:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:07:6F:A3:E6:6B:27:C6:BD:41:3D:78:0F:FB:DB:81:D1:29:43:4F
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/3gdvo-ZrJ8a9QT14D_vbgdEpQ08.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         57:25:9d:c9:9f:6c:43:93:de:8d:0c:38:fd:a7:8e:d4:9f:b1:
         9f:83:02:be:8d:b4:18:c4:7f:22:be:a4:5a:79:bc:c2:fa:d2:
         b9:70:16:16:c1:df:c9:f5:9a:c5:f8:a6:bc:09:7c:c0:2c:a1:
         2b:bf:b1:58:37:d5:d5:1f:f9:a6:54:25:d5:7a:77:b4:fd:9e:
         1c:42:dc:6b:08:7e:6b:50:13:c8:d0:0b:c0:9b:9d:d4:89:34:
         30:8d:68:06:a1:c7:8c:0c:99:61:f7:07:c6:d1:55:8d:52:a8:
         55:05:f3:a6:8e:be:15:9e:23:c2:5d:4e:7e:77:4a:ec:63:0c:
         d6:e5:5b:5f:7e:12:8d:ab:00:a7:ed:c6:bc:12:25:1c:d2:62:
         1a:c7:cd:da:11:bb:0b:5e:de:f1:ea:6b:b9:bc:f8:e8:f7:00:
         33:85:1c:56:bd:a2:24:99:67:47:2f:36:86:dc:40:9a:c1:05:
         c1:63:ff:1b:bf:04:1d:72:e3:f7:57:bb:fb:72:51:bf:7f:ea:
         a0:60:1f:c4:f4:6a:da:d1:24:c1:f8:54:78:17:f8:1e:79:b1:
         4e:c8:56:e5:14:08:2d:c2:76:52:c0:91:9c:93:b2:71:d8:ac:
         fa:11:e9:a6:d3:ef:19:55:c1:b6:b8:4e:32:61:03:ec:7c:c1:
         24:e1:ed:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMewCi1BuU5qCNK2JS0gohsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjQxMTEyMDUwMjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTA3NmZhM2U2NmIyN2M2YmQ0MTNkNzgwZmZiZGI4MWQxMjk0MzRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzkLNqoDNsL/AUB0H0CKlAWi5gdSu
pgMPGfcf/CqLmOKzTL7KzHhlPiNe/zjVOCUi7Z5sbqjNcupI1k/6R2zvHQ0c6WIF
76CtnkufhUcD9zbTEakzoaQyJp/CFW5K/i6vtVek9Sj+7xsuxzl0TrIEgyB8VNTT
9btB6gVo74PPQKYdqMoKQeshBhw2S/uuwfXHBk4+i6/OrK7z6xGmTMZjTQNLCkcg
xsW7uoGHSUXmrMHtzmKGEaz9eNIGaM+pIZMg+vcEZy5+M1pi2s0Vt8fY+CaGO+NK
9+6vLEfCsjUIDJP09QFxbN57hoNRpLsSXUD7SRJPEz54P0WDPNK2Fj542QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN4Hb6PmayfGvUE9eA/724HRKUNPMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvM2dkdm8tWnJKOGE5UVQxNERfdmJnZEVwUTA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCPjyUMA0G
CSqGSIb3DQEBCwUAA4IBAQBXJZ3Jn2xDk96NDDj9p47Un7GfgwK+jbQYxH8ivqRa
ebzC+tK5cBYWwd/J9ZrF+Ka8CXzALKErv7FYN9XVH/mmVCXVene0/Z4cQtxrCH5r
UBPI0AvAm53UiTQwjWgGoceMDJlh9wfG0VWNUqhVBfOmjr4VniPCXU5+d0rsYwzW
5VtffhKNqwCn7ca8EiUc0mIax83aEbsLXt7x6mu5vPjo9wAzhRxWvaIkmWdHLzaG
3ECawQXBY/8bvwQdcuP3V7v7clG/f+qgYB/E9Gra0STB+FR4F/geebFOyFblFAgt
wnZSwJGck7Jx2Kz6Eemm0+8ZVcG2uE4yYQPsfMEk4e2E
-----END CERTIFICATE-----