Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/QnXSufHK79IWNNZuzuJtpKyWOD0.roa
File:                     QnXSufHK79IWNNZuzuJtpKyWOD0.roa (raw, json)
Hash identifier:          lYUxZwJzFJOz4E63WDoxn1FRjZzwL5s8saKZP975QPw=
Subject key identifier:   42:75:D2:B9:F1:CA:EF:D2:16:34:D6:6E:CE:E2:6D:A4:AC:96:38:3D
Certificate issuer:       /CN=88b213bf1627548efdfb1b2e2645baaf1d983aa0
Certificate serial:       018E9507DFDB8A5E403577ABA8E8D0B43437
Authority key identifier: 88:B2:13:BF:16:27:54:8E:FD:FB:1B:2E:26:45:BA:AF:1D:98:3A:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/QnXSufHK79IWNNZuzuJtpKyWOD0.roa
Signing time:             Sun 31 Mar 2024 15:01:44 +0000
ROA not before:           Sun 31 Mar 2024 15:01:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198231
IP address blocks:        62.204.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iLITvxYnVI79-xsuJkW6rx2YOqA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iLITvxYnVI79-xsuJkW6rx2YOqA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:95:07:df:db:8a:5e:40:35:77:ab:a8:e8:d0:b4:34:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88b213bf1627548efdfb1b2e2645baaf1d983aa0
        Validity
            Not Before: Mar 31 15:01:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4275d2b9f1caefd21634d66ecee26da4ac96383d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:db:a6:8f:2b:34:c7:bc:86:b2:d0:36:2f:ec:
                    2c:b1:15:3e:0c:4d:75:fe:cb:fe:4f:6b:31:b6:f3:
                    53:d8:cd:7d:0a:9c:42:49:8e:12:b5:53:96:2d:3d:
                    79:34:7c:ee:08:71:ff:0e:f7:83:98:1e:37:6c:99:
                    09:75:c0:7a:36:86:c7:0d:08:e2:7c:62:4f:9a:61:
                    65:8a:33:a2:1a:cd:f8:b2:0f:62:03:46:c9:c2:b4:
                    d2:7e:6c:65:df:a2:ce:58:f9:59:a6:64:ca:50:8b:
                    e6:4a:5b:de:bc:84:9e:33:29:ea:ac:1c:91:6b:9f:
                    16:40:67:25:96:6b:2c:da:93:15:f1:d8:e7:21:c1:
                    91:c3:53:54:18:82:bf:e3:3e:ec:11:4d:db:69:bf:
                    1c:fb:15:d0:f8:34:75:ef:ac:4c:e9:c3:f3:b4:89:
                    72:e6:9c:65:cd:30:20:4f:48:1a:4f:44:5c:d9:7c:
                    fd:f9:df:07:0c:1b:e6:a5:70:b9:7c:9b:36:b9:dc:
                    6c:60:bb:60:d7:7f:34:e6:27:69:f2:3e:01:4d:f2:
                    8b:5e:79:3f:14:e5:9c:4f:fd:38:14:6d:33:7f:f4:
                    4e:c3:8e:a9:3f:f0:67:79:1e:a6:3b:42:d8:5e:01:
                    2c:20:df:27:8d:ae:26:90:fa:52:94:f9:77:df:09:
                    37:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:75:D2:B9:F1:CA:EF:D2:16:34:D6:6E:CE:E2:6D:A4:AC:96:38:3D
            X509v3 Authority Key Identifier:
                keyid:88:B2:13:BF:16:27:54:8E:FD:FB:1B:2E:26:45:BA:AF:1D:98:3A:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/QnXSufHK79IWNNZuzuJtpKyWOD0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iLITvxYnVI79-xsuJkW6rx2YOqA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.204.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:96:3d:b4:38:6b:6a:fa:72:d1:9d:b4:4f:96:80:0c:df:f6:
         78:71:d0:a4:98:38:1c:b7:61:7c:c7:8d:50:89:74:44:47:82:
         cd:ae:62:c4:8e:b1:25:eb:b2:45:72:c5:f8:68:18:aa:49:92:
         e2:e7:3f:ff:01:f3:fe:4f:d3:dd:78:1e:6f:31:b7:1f:80:58:
         db:64:aa:15:73:5e:76:e9:99:f7:fc:7f:8e:01:be:e2:95:f1:
         5b:21:1d:68:02:0f:e2:a3:f0:d2:16:24:c0:8c:2a:9c:bf:d4:
         4f:d2:04:6e:2c:f0:cd:0d:da:7d:00:4c:fd:62:71:62:1c:25:
         38:bf:ff:c3:82:d3:c1:e7:b1:6f:86:a7:3b:d8:bd:5f:e4:97:
         da:29:a4:54:58:57:82:59:3e:85:6f:1b:cb:87:6c:60:bf:ba:
         ea:30:6c:8e:b0:54:98:2f:dc:18:42:5d:e0:c7:41:51:ac:12:
         52:8b:c6:3c:df:a0:c4:5c:19:c4:af:97:e8:c7:04:25:33:f1:
         e9:07:d0:95:aa:18:a8:9c:40:e0:ef:f2:37:25:59:36:96:5b:
         ff:b7:51:bd:4e:2c:80:f2:11:3b:22:12:e2:f9:9f:1b:0f:e2:
         14:c2:a4:8a:70:70:d5:ac:b4:31:14:ee:d5:64:df:57:ba:9d:
         a6:d8:90:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6VB9/bil5ANXerqOjQtDQ3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YjIxM2JmMTYyNzU0OGVmZGZiMWIyZTI2NDViYWFmMWQ5
ODNhYTAwHhcNMjQwMzMxMTUwMTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Mjc1ZDJiOWYxY2FlZmQyMTYzNGQ2NmVjZWUyNmRhNGFjOTYzODNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAotumjys0x7yGstA2L+wssRU+DE11
/sv+T2sxtvNT2M19CpxCSY4StVOWLT15NHzuCHH/DveDmB43bJkJdcB6NobHDQji
fGJPmmFlijOiGs34sg9iA0bJwrTSfmxl36LOWPlZpmTKUIvmSlvevISeMynqrByR
a58WQGcllmss2pMV8djnIcGRw1NUGIK/4z7sEU3bab8c+xXQ+DR176xM6cPztIly
5pxlzTAgT0gaT0Rc2Xz9+d8HDBvmpXC5fJs2udxsYLtg13805idp8j4BTfKLXnk/
FOWcT/04FG0zf/ROw46pP/BneR6mO0LYXgEsIN8nja4mkPpSlPl33wk3GQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEJ10rnxyu/SFjTWbs7ibaSsljg9MB8GA1UdIwQY
MBaAFIiyE78WJ1SO/fsbLiZFuq8dmDqgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUxJVHZ4WW5WSTc5LXhzdUprVzZyeDJZT3FBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8zYzAyNjktYzE5NC00ZTZkLWFiY2Ut
NzI3MzVlMTE4ZDUxLzEvUW5YU3VmSEs3OUlXTk5adXp1SnRwS3lXT0QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8zYzAyNjktYzE5NC00ZTZkLWFiY2UtNzI3MzVlMTE4ZDUx
LzEvaUxJVHZ4WW5WSTc5LXhzdUprVzZyeDJZT3FBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPswlMA0G
CSqGSIb3DQEBCwUAA4IBAQA6lj20OGtq+nLRnbRPloAM3/Z4cdCkmDgct2F8x41Q
iXRER4LNrmLEjrEl67JFcsX4aBiqSZLi5z//AfP+T9PdeB5vMbcfgFjbZKoVc152
6Zn3/H+OAb7ilfFbIR1oAg/io/DSFiTAjCqcv9RP0gRuLPDNDdp9AEz9YnFiHCU4
v//DgtPB57Fvhqc72L1f5JfaKaRUWFeCWT6FbxvLh2xgv7rqMGyOsFSYL9wYQl3g
x0FRrBJSi8Y836DEXBnEr5foxwQlM/HpB9CVqhionEDg7/I3JVk2llv/t1G9TiyA
8hE7IhLi+Z8bD+IUwqSKcHDVrLQxFO7VZN9Xup2m2JDz
-----END CERTIFICATE-----