Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/4hDgo6kDNRIyWFeOEB2sjTEQKI8.roa
File:                     4hDgo6kDNRIyWFeOEB2sjTEQKI8.roa (raw, json)
Hash identifier:          scNBKD4VEKwDgsFlo1uNv8nJiadRsCrSjG+3XW7K0rs=
Subject key identifier:   E2:10:E0:A3:A9:03:35:12:32:58:57:8E:10:1D:AC:8D:31:10:28:8F
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       018CCA29C70EB841E155E482163254FF44D6
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/4hDgo6kDNRIyWFeOEB2sjTEQKI8.roa
Signing time:             Tue 02 Jan 2024 12:33:04 +0000
ROA not before:           Tue 02 Jan 2024 12:33:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201691
IP address blocks:        62.60.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:c7:0e:b8:41:e1:55:e4:82:16:32:54:ff:44:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Jan  2 12:33:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e210e0a3a90335123258578e101dac8d3110288f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:97:dd:d4:a3:d2:32:3f:68:9f:ab:67:d3:07:
                    a9:18:66:ca:e7:92:67:f1:25:0a:58:af:f8:a5:eb:
                    67:55:c9:79:6a:4f:5a:57:db:55:1a:17:a6:fb:57:
                    fb:e6:72:f5:43:08:1c:60:ff:8c:97:0a:f6:79:05:
                    21:83:57:f9:fc:ab:3b:2f:ca:66:82:2a:4c:5d:19:
                    58:f3:8d:f1:c2:54:17:d2:49:f3:a4:45:b7:bd:66:
                    4a:2a:c7:53:94:49:da:90:b4:d1:a1:dc:c3:40:52:
                    a2:4a:d8:71:e4:e0:47:1b:67:ae:21:1d:bc:8c:28:
                    47:ef:bd:c8:a7:35:b7:09:72:60:d1:ca:af:69:55:
                    2d:83:3f:c0:7b:1c:5a:97:3c:f0:a1:b0:37:09:a6:
                    35:6e:ba:4e:c3:38:c3:64:0e:8f:d8:e9:80:96:ba:
                    15:d8:d3:0f:91:4a:7c:34:67:3d:42:a0:57:31:ee:
                    f7:86:26:77:95:c4:84:16:c3:45:e9:0d:33:4d:66:
                    42:9c:68:59:f8:eb:a7:e3:8c:d7:ad:7e:ac:4d:d5:
                    ae:b9:1e:9f:d9:db:9f:e0:f8:8d:53:bd:54:21:d7:
                    7e:76:51:ac:73:c2:45:82:80:c1:94:e7:c7:1e:cc:
                    6b:52:c2:d9:88:35:15:e0:78:74:68:bc:f1:b7:ce:
                    e3:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:10:E0:A3:A9:03:35:12:32:58:57:8E:10:1D:AC:8D:31:10:28:8F
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/4hDgo6kDNRIyWFeOEB2sjTEQKI8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:37:f3:eb:66:16:de:9b:ed:ed:ab:4f:13:9d:c8:1b:08:08:
         c7:4b:cd:61:74:7c:15:de:ed:67:54:3e:40:9d:8a:00:5d:68:
         4c:b7:13:80:50:27:28:de:8d:e8:cf:43:a3:f8:9b:f0:af:9d:
         7b:e1:60:18:74:53:4e:b6:41:1c:77:1c:87:f7:a8:ad:34:97:
         57:9a:e7:ec:d7:9c:f6:f0:ad:81:b8:ad:32:ce:3b:2f:ff:2f:
         7f:0c:77:02:2a:7e:1b:c1:c4:ba:f7:a2:a4:14:a0:2e:46:50:
         80:73:37:b7:58:e4:8c:d0:cb:77:6e:be:69:2f:99:56:3c:64:
         2d:65:5e:c1:69:55:89:0b:4b:1f:60:24:f8:3e:95:de:d7:0e:
         28:68:9c:00:f7:a0:01:93:c0:bd:f7:8b:a5:26:44:73:0a:a6:
         4d:56:cf:94:6a:bc:4f:16:62:e8:d4:b0:ea:ae:08:38:8e:3a:
         ec:21:02:9d:8b:01:9b:a9:aa:fd:3f:67:cf:41:18:e0:c6:e3:
         31:1a:e1:18:e8:b4:d4:fb:13:ae:5c:23:18:2a:a4:6f:ce:cf:
         1f:a2:8e:2c:dc:9b:25:8e:a9:f1:db:19:f4:aa:47:49:c5:e7:
         a9:47:d2:fa:a7:fb:c6:c7:01:f9:03:a6:ba:03:b3:f0:06:4f:
         d4:61:3b:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKccOuEHhVeSCFjJU/0TWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjQwMTAyMTIzMzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjEwZTBhM2E5MDMzNTEyMzI1ODU3OGUxMDFkYWM4ZDMxMTAyODhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApZfd1KPSMj9on6tn0wepGGbK55Jn
8SUKWK/4petnVcl5ak9aV9tVGhem+1f75nL1QwgcYP+Mlwr2eQUhg1f5/Ks7L8pm
gipMXRlY843xwlQX0knzpEW3vWZKKsdTlEnakLTRodzDQFKiSthx5OBHG2euIR28
jChH773IpzW3CXJg0cqvaVUtgz/AexxalzzwobA3CaY1brpOwzjDZA6P2OmAlroV
2NMPkUp8NGc9QqBXMe73hiZ3lcSEFsNF6Q0zTWZCnGhZ+Oun44zXrX6sTdWuuR6f
2duf4PiNU71UIdd+dlGsc8JFgoDBlOfHHsxrUsLZiDUV4Hh0aLzxt87jhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOIQ4KOpAzUSMlhXjhAdrI0xECiPMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvNGhEZ282a0ROUkl5V0ZlT0VCMnNqVEVRS0k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPjymMA0G
CSqGSIb3DQEBCwUAA4IBAQC3N/PrZhbem+3tq08TncgbCAjHS81hdHwV3u1nVD5A
nYoAXWhMtxOAUCco3o3oz0Oj+Jvwr5174WAYdFNOtkEcdxyH96itNJdXmufs15z2
8K2BuK0yzjsv/y9/DHcCKn4bwcS696KkFKAuRlCAcze3WOSM0Mt3br5pL5lWPGQt
ZV7BaVWJC0sfYCT4PpXe1w4oaJwA96ABk8C994ulJkRzCqZNVs+UarxPFmLo1LDq
rgg4jjrsIQKdiwGbqar9P2fPQRjgxuMxGuEY6LTU+xOuXCMYKqRvzs8foo4s3Jsl
jqnx2xn0qkdJxeepR9L6p/vGxwH5A6a6A7PwBk/UYTss
-----END CERTIFICATE-----