Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/j4jXtYC4tD9Ko15sjrzLzdk4mEI.roa
File:                     j4jXtYC4tD9Ko15sjrzLzdk4mEI.roa (raw, json)
Hash identifier:          CmDV7ALNGavbSgunYLlU14YNxttrZ9vfzbbaf1PmhqQ=
Subject key identifier:   8F:88:D7:B5:80:B8:B4:3F:4A:A3:5E:6C:8E:BC:CB:CD:D9:38:98:42
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       018DE4009821D65EA0CF08D7CCE7C3E4CD9B
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/j4jXtYC4tD9Ko15sjrzLzdk4mEI.roa
Signing time:             Mon 26 Feb 2024 06:01:00 +0000
ROA not before:           Mon 26 Feb 2024 06:01:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13213
IP address blocks:        62.60.148.0/22 maxlen: 24
                          62.60.188.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 03:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:e4:00:98:21:d6:5e:a0:cf:08:d7:cc:e7:c3:e4:cd:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Feb 26 06:01:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f88d7b580b8b43f4aa35e6c8ebccbcdd9389842
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:40:b7:9d:49:68:1a:03:f4:63:84:15:2f:3e:
                    d4:8f:38:bc:44:b2:f5:ea:a3:2f:5d:ea:96:a5:37:
                    1b:62:1b:35:8c:05:53:d7:80:13:f2:4d:3b:4e:c9:
                    d8:d2:a8:39:d3:b2:03:47:f2:16:66:f1:51:35:83:
                    17:35:1b:05:37:67:1c:e6:81:1b:60:87:a4:b9:e1:
                    22:bb:0d:de:b3:a8:cc:52:fe:0d:ce:cf:1d:00:e6:
                    30:bc:46:7a:7d:26:85:98:5b:70:9b:9d:8c:f5:21:
                    b2:a7:25:2b:0d:8d:9a:8e:df:2d:0c:b2:37:9b:c2:
                    94:b5:99:67:f9:78:61:46:f0:ff:23:63:e3:bf:de:
                    5c:91:0d:14:57:89:ec:c5:20:38:dd:3a:81:79:60:
                    ba:c1:15:39:3a:e8:3c:26:1d:16:e4:d8:89:ea:c6:
                    d3:06:ee:17:26:38:b6:da:7a:d0:d9:c1:3d:03:82:
                    48:f4:78:6c:fe:ea:21:a1:14:01:26:66:76:e5:78:
                    41:d9:54:2a:ac:6d:2a:de:a6:d3:49:98:9b:2f:b9:
                    0a:87:52:71:58:f8:19:c7:a7:e6:cc:e3:56:a1:3e:
                    fb:68:15:93:4e:e4:a0:19:f4:d6:12:e8:56:db:ab:
                    95:19:5c:41:c4:8a:2c:40:00:6e:e7:84:59:27:8f:
                    8f:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:88:D7:B5:80:B8:B4:3F:4A:A3:5E:6C:8E:BC:CB:CD:D9:38:98:42
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/j4jXtYC4tD9Ko15sjrzLzdk4mEI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.148.0/22
                  62.60.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         bd:a1:fb:7f:8f:dd:05:49:b9:6d:fc:8c:f0:cb:8d:cf:02:07:
         0f:30:e3:b0:ed:2e:1c:d1:44:3a:66:14:c2:b5:1c:17:08:7e:
         23:a0:17:ae:3d:fd:b8:51:08:7e:02:5d:29:0f:6c:f4:58:5d:
         ed:d9:a9:3d:f4:8e:e0:59:4d:cb:b2:a3:74:61:9a:28:75:e5:
         36:51:88:64:1c:66:bb:9f:14:c3:38:5d:cb:9d:d5:0f:70:ff:
         0e:1e:e3:0a:ef:61:15:2e:ed:27:a3:f6:66:7e:14:fb:f4:48:
         8a:6c:79:e0:c3:f1:c0:8c:e1:a5:4a:8f:1b:87:4d:51:81:e2:
         0b:02:fc:63:6d:8c:0a:f5:0d:25:84:c9:49:f2:82:8e:fc:5a:
         a3:f4:9a:a2:f8:03:58:aa:f5:ee:c8:6a:75:01:26:40:28:da:
         4c:b3:97:c1:2a:90:1f:bc:99:87:22:d9:66:e4:2e:d2:f4:91:
         8b:1a:ef:2e:49:b5:a0:7e:3c:4a:49:a6:d5:00:c3:2c:97:1b:
         70:08:5f:9a:02:b3:64:74:f7:c0:88:b4:e3:c3:3d:8b:78:23:
         04:de:5a:88:e3:aa:55:80:ed:0f:f2:a6:b2:83:92:47:bf:2b:
         fa:a0:13:7b:f8:fc:8b:35:d1:23:e1:a1:d2:1f:4a:84:f2:18:
         ca:66:ca:47
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY3kAJgh1l6gzwjXzOfD5M2bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjQwMjI2MDYwMTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Zjg4ZDdiNTgwYjhiNDNmNGFhMzVlNmM4ZWJjY2JjZGQ5Mzg5ODQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkEC3nUloGgP0Y4QVLz7Ujzi8RLL1
6qMvXeqWpTcbYhs1jAVT14AT8k07TsnY0qg507IDR/IWZvFRNYMXNRsFN2cc5oEb
YIekueEiuw3es6jMUv4Nzs8dAOYwvEZ6fSaFmFtwm52M9SGypyUrDY2ajt8tDLI3
m8KUtZln+XhhRvD/I2Pjv95ckQ0UV4nsxSA43TqBeWC6wRU5Oug8Jh0W5NiJ6sbT
Bu4XJji22nrQ2cE9A4JI9Hhs/uohoRQBJmZ25XhB2VQqrG0q3qbTSZibL7kKh1Jx
WPgZx6fmzONWoT77aBWTTuSgGfTWEuhW26uVGVxBxIosQABu54RZJ4+PcwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI+I17WAuLQ/SqNebI68y83ZOJhCMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvajRqWHRZQzR0RDlLbzE1c2pyekx6ZGs0bUVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCPjyUAwQC
Pjy8MA0GCSqGSIb3DQEBCwUAA4IBAQC9oft/j90FSblt/Izwy43PAgcPMOOw7S4c
0UQ6ZhTCtRwXCH4joBeuPf24UQh+Al0pD2z0WF3t2ak99I7gWU3LsqN0YZoodeU2
UYhkHGa7nxTDOF3LndUPcP8OHuMK72EVLu0no/ZmfhT79EiKbHngw/HAjOGlSo8b
h01RgeILAvxjbYwK9Q0lhMlJ8oKO/Fqj9Jqi+ANYqvXuyGp1ASZAKNpMs5fBKpAf
vJmHItlm5C7S9JGLGu8uSbWgfjxKSabVAMMslxtwCF+aArNkdPfAiLTjwz2LeCME
3lqI46pVgO0P8qayg5JHvyv6oBN7+PyLNdEj4aHSH0qE8hjKZspH
-----END CERTIFICATE-----