Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/qopmdC4Cx7B537cZ-zH_YJ7KUEA.roa
File:                     qopmdC4Cx7B537cZ-zH_YJ7KUEA.roa (raw, json)
Hash identifier:          H8KU5hGmYkRHHmsHXn1tohJ56Nod1uija4KS5ysuazI=
Subject key identifier:   AA:8A:66:74:2E:02:C7:B0:79:DF:B7:19:FB:31:FF:60:9E:CA:50:40
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       0190632615DDF147295DBE7CAFE8CDD3AA82
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/qopmdC4Cx7B537cZ-zH_YJ7KUEA.roa
Signing time:             Sat 29 Jun 2024 08:39:18 +0000
ROA not before:           Sat 29 Jun 2024 08:39:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210392
IP address blocks:        62.60.163.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:63:26:15:dd:f1:47:29:5d:be:7c:af:e8:cd:d3:aa:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Jun 29 08:39:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa8a66742e02c7b079dfb719fb31ff609eca5040
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:ae:7d:93:3b:0f:57:6d:f9:d6:bf:5a:48:de:
                    ed:44:43:92:65:e2:60:27:60:39:c2:1b:d7:f6:c3:
                    79:32:60:85:90:e9:f9:16:18:12:c8:60:46:4f:be:
                    19:da:a9:cc:e9:e4:04:c5:f0:c6:80:f2:bc:bd:76:
                    55:0d:56:11:75:57:1a:ec:30:c3:74:75:1c:8f:e6:
                    2c:78:81:eb:4e:71:08:ec:d5:72:c7:04:51:df:65:
                    fd:b1:da:46:70:12:c2:15:19:cd:ba:b2:41:ba:b6:
                    57:9e:e5:5c:0f:65:5c:8f:8d:2b:4c:69:40:b5:82:
                    b3:ef:6e:37:12:4b:fe:72:e8:66:1d:49:1f:46:a1:
                    39:ac:fe:26:e6:2f:f2:83:cb:43:f0:ca:0d:50:10:
                    8a:68:92:15:7f:9f:a8:14:26:ab:49:a2:58:4f:f6:
                    e7:b5:58:9d:2d:c3:62:38:f3:a9:51:dd:74:00:d4:
                    8c:d8:35:78:0a:08:22:dc:6f:37:85:e4:e3:35:c8:
                    11:3f:a5:35:27:0e:f0:f9:55:02:de:19:bb:01:d8:
                    89:21:1f:12:34:0c:80:4a:fd:60:d8:59:f9:1a:89:
                    0a:bc:23:90:b3:85:8e:c6:5c:2d:93:d2:09:6a:c2:
                    e3:36:ae:cc:54:88:d7:f7:25:be:29:9a:c0:89:c1:
                    47:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:8A:66:74:2E:02:C7:B0:79:DF:B7:19:FB:31:FF:60:9E:CA:50:40
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/qopmdC4Cx7B537cZ-zH_YJ7KUEA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:f5:0d:5b:05:32:0e:a3:40:ea:0e:eb:f9:23:95:a7:75:9c:
         e2:e6:cf:93:08:e0:3b:a3:1c:bb:95:fc:c9:43:ff:ef:15:0c:
         d3:77:28:0c:82:fb:c9:72:70:85:ac:65:4c:21:8b:27:dd:d8:
         cb:b9:f0:60:d7:b2:ae:14:c2:79:74:2e:b6:6b:a2:01:ec:2a:
         5a:a1:41:12:96:d8:be:a4:60:74:ac:36:5e:06:d0:71:16:55:
         21:07:f3:28:2a:08:f0:95:0c:6b:df:22:8f:56:32:16:6a:2a:
         b9:4e:40:70:01:b6:a3:fc:2f:eb:c8:af:11:c2:48:c1:6f:4c:
         39:70:b2:2e:83:63:60:be:48:b5:e3:08:bc:a7:71:a4:cf:0d:
         f6:c1:8e:c1:9e:c7:fd:5a:f3:c9:65:22:0f:a1:be:45:bc:fb:
         f2:c5:b3:c3:75:ae:a3:fb:ad:35:a2:45:d5:e1:d2:f8:34:11:
         44:18:3f:66:9b:ba:94:64:76:38:f9:28:68:8d:60:96:60:e9:
         08:4f:ca:47:3c:39:e5:0a:18:2f:3a:47:21:2c:3f:e7:ca:64:
         a1:c5:0e:af:76:37:b6:1e:f0:a7:4d:00:0f:5d:01:77:83:02:
         79:d8:2b:00:61:e6:37:d2:ae:68:24:04:76:1e:24:b9:54:0a:
         a3:8a:a3:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBjJhXd8UcpXb58r+jN06qCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjQwNjI5MDgzOTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYThhNjY3NDJlMDJjN2IwNzlkZmI3MTlmYjMxZmY2MDllY2E1MDQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjK59kzsPV2351r9aSN7tREOSZeJg
J2A5whvX9sN5MmCFkOn5FhgSyGBGT74Z2qnM6eQExfDGgPK8vXZVDVYRdVca7DDD
dHUcj+YseIHrTnEI7NVyxwRR32X9sdpGcBLCFRnNurJBurZXnuVcD2Vcj40rTGlA
tYKz7243Ekv+cuhmHUkfRqE5rP4m5i/yg8tD8MoNUBCKaJIVf5+oFCarSaJYT/bn
tVidLcNiOPOpUd10ANSM2DV4Cggi3G83heTjNcgRP6U1Jw7w+VUC3hm7AdiJIR8S
NAyASv1g2Fn5GokKvCOQs4WOxlwtk9IJasLjNq7MVIjX9yW+KZrAicFHcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKqKZnQuAsewed+3Gfsx/2CeylBAMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvcW9wbWRDNEN4N0I1MzdjWi16SF9ZSjdLVUVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPjyjMA0G
CSqGSIb3DQEBCwUAA4IBAQB/9Q1bBTIOo0DqDuv5I5WndZzi5s+TCOA7oxy7lfzJ
Q//vFQzTdygMgvvJcnCFrGVMIYsn3djLufBg17KuFMJ5dC62a6IB7CpaoUESlti+
pGB0rDZeBtBxFlUhB/MoKgjwlQxr3yKPVjIWaiq5TkBwAbaj/C/ryK8RwkjBb0w5
cLIug2Ngvki14wi8p3Gkzw32wY7Bnsf9WvPJZSIPob5FvPvyxbPDda6j+601okXV
4dL4NBFEGD9mm7qUZHY4+ShojWCWYOkIT8pHPDnlChgvOkchLD/nymShxQ6vdje2
HvCnTQAPXQF3gwJ52CsAYeY30q5oJAR2HiS5VAqjiqO7
-----END CERTIFICATE-----