Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/Sixta9j2H0jm7Aw3_56X3HpN5K8.roa
File:                     Sixta9j2H0jm7Aw3_56X3HpN5K8.roa (raw, json)
Hash identifier:          +lm8gRfBhnxsl9B2YVBRUe77m02+8dkR37FysfJLR/s=
Subject key identifier:   4A:2C:6D:6B:D8:F6:1F:48:E6:EC:0C:37:FF:9E:97:DC:7A:4D:E4:AF
Certificate issuer:       /CN=88b213bf1627548efdfb1b2e2645baaf1d983aa0
Certificate serial:       01919A33F937DACEF5BF7D18752860CD30B9
Authority key identifier: 88:B2:13:BF:16:27:54:8E:FD:FB:1B:2E:26:45:BA:AF:1D:98:3A:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/Sixta9j2H0jm7Aw3_56X3HpN5K8.roa
Signing time:             Wed 28 Aug 2024 18:16:22 +0000
ROA not before:           Wed 28 Aug 2024 18:16:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198231
IP address blocks:        62.204.37.0/24 maxlen: 24
                          2a13:9300::/31 maxlen: 31
                          2a13:fe00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iLITvxYnVI79-xsuJkW6rx2YOqA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iLITvxYnVI79-xsuJkW6rx2YOqA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:9a:33:f9:37:da:ce:f5:bf:7d:18:75:28:60:cd:30:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88b213bf1627548efdfb1b2e2645baaf1d983aa0
        Validity
            Not Before: Aug 28 18:16:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4a2c6d6bd8f61f48e6ec0c37ff9e97dc7a4de4af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:b0:b7:e9:e7:84:64:df:6e:22:eb:09:08:09:
                    4a:05:49:a5:10:ff:84:97:a9:2f:92:b4:2d:e5:44:
                    3c:ee:3d:b5:db:3c:ae:e6:40:04:0d:65:0b:1a:8a:
                    27:4b:3b:65:7a:1e:99:fb:27:a6:93:25:dd:a0:2b:
                    1d:5e:41:68:74:f7:4f:23:4a:4f:81:4a:75:57:cd:
                    52:44:80:b5:b6:76:50:4b:93:30:59:f1:4f:c9:23:
                    f9:7a:db:97:b1:e7:39:dd:f3:f0:f1:09:d5:2a:f5:
                    b7:ac:0e:f2:bd:b1:3a:99:eb:a6:aa:13:df:8b:87:
                    80:15:5f:a6:1c:36:94:6e:15:dc:4c:44:ed:0e:62:
                    12:19:1f:43:88:be:fb:b7:25:6e:7d:8b:fc:7d:e3:
                    48:39:85:2e:ca:39:23:ec:2c:e3:8e:d3:df:c0:8e:
                    0f:ab:ab:69:52:79:e8:89:46:4a:f5:04:92:e4:9a:
                    0d:37:6f:12:b8:e9:bd:e8:b0:2c:72:db:2e:12:b0:
                    e9:af:05:3a:3d:f1:54:43:25:b0:81:4d:7b:66:89:
                    e1:ac:b9:39:66:d5:04:9f:55:c8:dd:a8:dd:63:76:
                    9f:76:ab:33:c9:5b:47:16:1d:c3:25:99:16:bb:8b:
                    94:10:4b:c3:93:48:0d:9a:1f:ba:1a:29:9e:f9:b1:
                    10:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:2C:6D:6B:D8:F6:1F:48:E6:EC:0C:37:FF:9E:97:DC:7A:4D:E4:AF
            X509v3 Authority Key Identifier:
                keyid:88:B2:13:BF:16:27:54:8E:FD:FB:1B:2E:26:45:BA:AF:1D:98:3A:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/Sixta9j2H0jm7Aw3_56X3HpN5K8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iLITvxYnVI79-xsuJkW6rx2YOqA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.204.37.0/24
                IPv6:
                  2a13:9300::/31
                  2a13:fe00::/29

    Signature Algorithm: sha256WithRSAEncryption
         6d:4c:7c:83:d7:19:72:0f:04:d2:2d:47:6b:30:74:ed:5e:9f:
         e4:53:72:fb:92:83:f8:ca:e2:39:fb:ca:8b:8c:0b:1d:a8:66:
         39:02:44:14:48:04:95:2b:0c:6d:e5:e6:fc:5c:8f:88:87:17:
         36:1c:4a:85:bf:f1:c9:65:55:09:2b:33:f2:ed:86:b5:8d:a1:
         45:fb:69:77:3c:ae:17:9a:7f:e8:4a:35:8c:aa:f0:70:4c:bc:
         09:59:b5:1b:bf:19:55:17:85:43:44:2e:fc:94:2e:8c:94:a7:
         54:2d:17:1c:cb:03:ae:c4:24:48:26:f7:5d:1a:ca:67:3c:ba:
         1f:1f:66:30:87:87:6b:1d:49:f1:69:01:d6:79:93:c5:c7:28:
         61:c8:e4:4e:2d:d4:9b:d7:cf:63:2c:1d:1a:c8:f2:08:7d:d6:
         99:b8:ef:fc:04:34:22:da:92:f5:21:21:eb:4c:45:1d:a7:a9:
         ed:6e:5a:30:bf:da:68:2d:35:13:b3:86:02:8f:86:67:32:24:
         6e:07:e6:43:df:1a:78:39:4e:99:df:1d:68:33:0c:6f:68:08:
         fb:af:da:34:78:e9:dc:31:9a:e2:ba:be:94:cd:bc:7c:49:af:
         5f:87:bd:63:c2:b1:47:34:2e:f0:2c:33:34:f9:f1:e3:5e:6d:
         34:60:3f:93
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZGaM/k32s71v30YdShgzTC5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YjIxM2JmMTYyNzU0OGVmZGZiMWIyZTI2NDViYWFmMWQ5
ODNhYTAwHhcNMjQwODI4MTgxNjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTJjNmQ2YmQ4ZjYxZjQ4ZTZlYzBjMzdmZjllOTdkYzdhNGRlNGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAibC36eeEZN9uIusJCAlKBUmlEP+E
l6kvkrQt5UQ87j212zyu5kAEDWULGoonSztleh6Z+yemkyXdoCsdXkFodPdPI0pP
gUp1V81SRIC1tnZQS5MwWfFPySP5etuXsec53fPw8QnVKvW3rA7yvbE6meumqhPf
i4eAFV+mHDaUbhXcTETtDmISGR9DiL77tyVufYv8feNIOYUuyjkj7CzjjtPfwI4P
q6tpUnnoiUZK9QSS5JoNN28SuOm96LAsctsuErDprwU6PfFUQyWwgU17ZonhrLk5
ZtUEn1XI3ajdY3afdqszyVtHFh3DJZkWu4uUEEvDk0gNmh+6Gime+bEQuwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFEosbWvY9h9I5uwMN/+el9x6TeSvMB8GA1UdIwQY
MBaAFIiyE78WJ1SO/fsbLiZFuq8dmDqgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUxJVHZ4WW5WSTc5LXhzdUprVzZyeDJZT3FBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8zYzAyNjktYzE5NC00ZTZkLWFiY2Ut
NzI3MzVlMTE4ZDUxLzEvU2l4dGE5ajJIMGptN0F3M181NlgzSHBONUs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8zYzAyNjktYzE5NC00ZTZkLWFiY2UtNzI3MzVlMTE4ZDUx
LzEvaUxJVHZ4WW5WSTc5LXhzdUprVzZyeDJZT3FBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAMBAIAATAGAwQAPswlMBQE
AgACMA4DBQEqE5MAAwUDKhP+ADANBgkqhkiG9w0BAQsFAAOCAQEAbUx8g9cZcg8E
0i1HazB07V6f5FNy+5KD+MriOfvKi4wLHahmOQJEFEgElSsMbeXm/FyPiIcXNhxK
hb/xyWVVCSsz8u2GtY2hRftpdzyuF5p/6Eo1jKrwcEy8CVm1G78ZVReFQ0Qu/JQu
jJSnVC0XHMsDrsQkSCb3XRrKZzy6Hx9mMIeHax1J8WkB1nmTxccoYcjkTi3Um9fP
YywdGsjyCH3Wmbjv/AQ0ItqS9SEh60xFHaep7W5aML/aaC01E7OGAo+GZzIkbgfm
Q98aeDlOmd8daDMMb2gI+6/aNHjp3DGa4rq+lM28fEmvX4e9Y8KxRzQu8CwzNPnx
415tNGA/kw==
-----END CERTIFICATE-----