Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/4F2NZAR4hUsL9E6VlRrD0r_MWYo.roa
File:                     4F2NZAR4hUsL9E6VlRrD0r_MWYo.roa (raw, json)
Hash identifier:          1FUS8HV+ypbxIp35Tg7eKBlpQJrueXyjZvzFVK2UXWQ=
Subject key identifier:   E0:5D:8D:64:04:78:85:4B:0B:F4:4E:95:95:1A:C3:D2:BF:CC:59:8A
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       018F2877FB7B87078EF3B5A49816C839188A
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/4F2NZAR4hUsL9E6VlRrD0r_MWYo.roa
Signing time:             Mon 29 Apr 2024 06:08:22 +0000
ROA not before:           Mon 29 Apr 2024 06:08:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49100
IP address blocks:        62.60.192.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Apr 2024 06:08:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:28:77:fb:7b:87:07:8e:f3:b5:a4:98:16:c8:39:18:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Apr 29 06:08:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e05d8d640478854b0bf44e95951ac3d2bfcc598a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:48:14:36:25:1c:68:71:27:52:f2:47:5c:06:
                    87:e5:9e:40:1f:f1:70:82:d6:84:66:69:4c:6d:e2:
                    7e:00:3d:de:f6:a4:4f:27:0f:40:f8:fd:bc:fc:70:
                    5b:1b:ad:7f:a7:77:3a:27:ac:21:76:db:47:65:85:
                    b9:fa:ea:16:06:e8:e4:e4:08:9f:af:e7:2f:0f:da:
                    ac:10:47:ef:46:d2:b9:82:30:05:66:fd:de:eb:54:
                    9d:78:65:ae:84:1a:f5:c0:92:04:f1:82:06:9e:62:
                    3b:b3:1a:f9:ea:e4:75:e5:da:fd:88:f1:b2:12:05:
                    b2:9c:11:6f:49:da:03:c0:3f:e6:78:d4:08:37:e8:
                    d5:55:98:98:cb:7e:58:cd:66:11:2b:28:23:7b:7e:
                    28:0b:1d:e3:5e:6f:99:6c:30:18:25:20:62:a5:12:
                    b1:ba:5b:db:34:9c:26:a7:4c:51:cc:c7:9f:dd:e3:
                    d6:59:69:61:21:74:3b:72:16:43:b4:e1:8a:b5:f2:
                    a9:f7:b7:f9:a5:8d:ba:fb:aa:ae:38:84:be:e8:ed:
                    cd:e0:1f:0f:b3:4f:b8:b4:b9:12:ba:db:f9:47:19:
                    78:e0:c0:bd:c8:7a:e0:73:ed:fd:3d:d4:f4:15:98:
                    12:91:a0:4b:8b:1d:7f:8e:54:1a:b5:45:b3:3c:09:
                    84:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:5D:8D:64:04:78:85:4B:0B:F4:4E:95:95:1A:C3:D2:BF:CC:59:8A
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/4F2NZAR4hUsL9E6VlRrD0r_MWYo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8e:a6:75:0c:d1:79:03:70:6c:1f:12:e3:8b:13:67:d3:d0:c4:
         28:e5:71:6e:c6:9a:95:a0:8a:8f:9d:c7:80:78:38:7d:f7:7e:
         64:eb:77:7f:54:08:34:91:fd:67:1f:87:9d:3e:03:a3:e1:27:
         f5:cd:4b:1f:b6:97:66:0a:e7:4b:2f:e3:fc:f4:43:15:ad:91:
         30:88:06:b2:55:36:2c:2c:7d:18:8d:64:96:84:16:45:d6:cb:
         03:94:86:c1:7d:aa:55:34:82:58:37:a1:43:a2:fc:b2:dd:9c:
         8f:3e:ec:31:e6:ff:b4:ed:2a:cc:d2:3c:8e:0e:0b:0b:17:ed:
         06:b9:2b:d8:14:b0:9b:78:5a:02:1c:5f:bd:00:ea:04:1b:81:
         b0:c5:a6:cd:83:d4:12:e8:1a:d8:bb:77:2a:d0:ee:17:21:47:
         12:8d:2d:08:03:43:17:f8:00:13:49:6b:68:98:e3:9f:2b:9b:
         29:ea:82:ac:e3:43:3a:e5:89:7e:8f:f8:ca:e3:6b:fd:87:b7:
         b6:6c:46:b1:ce:8e:2c:85:f4:82:57:51:60:1d:f6:3d:e3:b4:
         7f:bf:99:11:40:d6:a1:5f:1d:78:21:f3:fd:d7:21:bb:37:69:
         de:db:b2:a7:f4:76:16:eb:43:13:6a:7b:9c:84:21:34:55:6b:
         1d:28:31:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8od/t7hweO87WkmBbIORiKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjQwNDI5MDYwODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDVkOGQ2NDA0Nzg4NTRiMGJmNDRlOTU5NTFhYzNkMmJmY2M1OThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAokgUNiUcaHEnUvJHXAaH5Z5AH/Fw
gtaEZmlMbeJ+AD3e9qRPJw9A+P28/HBbG61/p3c6J6whdttHZYW5+uoWBujk5Aif
r+cvD9qsEEfvRtK5gjAFZv3e61SdeGWuhBr1wJIE8YIGnmI7sxr56uR15dr9iPGy
EgWynBFvSdoDwD/meNQIN+jVVZiYy35YzWYRKygje34oCx3jXm+ZbDAYJSBipRKx
ulvbNJwmp0xRzMef3ePWWWlhIXQ7chZDtOGKtfKp97f5pY26+6quOIS+6O3N4B8P
s0+4tLkSutv5Rxl44MC9yHrgc+39PdT0FZgSkaBLix1/jlQatUWzPAmE8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOBdjWQEeIVLC/ROlZUaw9K/zFmKMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvNEYyTlpBUjRoVXNMOUU2VmxSckQwcl9NV1lvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCPjzAMA0G
CSqGSIb3DQEBCwUAA4IBAQCOpnUM0XkDcGwfEuOLE2fT0MQo5XFuxpqVoIqPnceA
eDh9935k63d/VAg0kf1nH4edPgOj4Sf1zUsftpdmCudLL+P89EMVrZEwiAayVTYs
LH0YjWSWhBZF1ssDlIbBfapVNIJYN6FDovyy3ZyPPuwx5v+07SrM0jyODgsLF+0G
uSvYFLCbeFoCHF+9AOoEG4GwxabNg9QS6BrYu3cq0O4XIUcSjS0IA0MX+AATSWto
mOOfK5sp6oKs40M65Yl+j/jK42v9h7e2bEaxzo4shfSCV1FgHfY947R/v5kRQNah
Xx14IfP91yG7N2ne27Kn9HYW60MTanuchCE0VWsdKDHl
-----END CERTIFICATE-----