Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/ipmQaYpXVbjCpKeDxUXGqzzY3ME.roa
File:                     ipmQaYpXVbjCpKeDxUXGqzzY3ME.roa (raw, json)
Hash identifier:          xkIMUZD3/dMeeUDkHf32xTTV1Q0bOjRSEocwBTiVm50=
Subject key identifier:   8A:99:90:69:8A:57:55:B8:C2:A4:A7:83:C5:45:C6:AB:3C:D8:DC:C1
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       018CE51FB14DAD5AFC3E12C1AB0BFCCAF02A
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/ipmQaYpXVbjCpKeDxUXGqzzY3ME.roa
Signing time:             Sun 07 Jan 2024 18:11:48 +0000
ROA not before:           Sun 07 Jan 2024 18:11:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211975
IP address blocks:        62.106.84.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e5:1f:b1:4d:ad:5a:fc:3e:12:c1:ab:0b:fc:ca:f0:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Jan  7 18:11:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a9990698a5755b8c2a4a783c545c6ab3cd8dcc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:12:24:16:fc:db:82:a0:57:a3:f9:f5:cd:e1:
                    e7:f5:d3:2d:d4:73:9d:55:9d:d0:2f:e0:b3:9f:ff:
                    16:97:6f:e7:49:84:90:c9:14:d2:73:9a:df:a6:82:
                    1c:a2:ea:fc:b5:97:06:c2:cf:cb:45:a6:9a:9c:cf:
                    37:be:b7:a8:01:fb:f0:2a:8b:b2:8c:6f:bc:85:28:
                    83:8a:4b:9e:a7:3f:ba:7a:ca:4d:a8:d4:da:b7:9a:
                    6b:f7:d6:63:e7:83:d7:85:c2:d6:0e:ab:98:4f:b9:
                    89:50:f7:de:43:ac:57:d3:0e:97:6e:b3:61:39:28:
                    a2:01:05:83:2c:02:6b:ee:33:ca:b9:74:24:c1:73:
                    58:f3:81:c3:40:e0:48:5b:12:be:53:08:de:e2:72:
                    ef:21:bb:59:27:4f:05:45:ef:56:47:6e:53:80:6c:
                    be:78:3b:a5:a2:99:11:b7:86:c1:c0:b9:96:f6:0f:
                    1d:26:7e:17:ab:18:ff:c8:3f:d0:7e:dc:e7:42:b0:
                    6b:a9:7c:09:4b:93:fa:97:9f:6f:be:88:16:8e:8e:
                    85:6b:05:b3:c6:58:79:1b:37:a3:ce:b3:3e:f1:ff:
                    bf:b0:30:83:3f:96:a4:e9:ea:d2:ec:4a:a5:e8:5e:
                    bd:4b:5d:b8:47:d8:d3:17:b3:0d:60:f0:25:9a:e7:
                    c4:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:99:90:69:8A:57:55:B8:C2:A4:A7:83:C5:45:C6:AB:3C:D8:DC:C1
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/ipmQaYpXVbjCpKeDxUXGqzzY3ME.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.106.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:45:42:1a:88:16:34:e4:72:22:8a:da:43:b4:9d:b3:fd:9c:
         9f:c1:e5:0b:12:65:38:2b:24:5c:50:47:a3:4d:9c:aa:cf:3a:
         65:e4:39:21:fa:94:17:d9:98:25:b6:e6:ec:17:d8:21:d7:df:
         95:f5:67:18:93:c5:65:f5:82:52:97:a6:32:00:d8:91:34:c2:
         06:c8:9a:c1:eb:44:05:ea:95:e6:88:04:ff:79:0c:ed:d8:bc:
         44:bb:b0:53:14:b1:c7:22:15:50:f4:7a:40:e1:c5:d9:de:e9:
         29:95:b6:b4:20:3d:e3:0c:dd:45:3d:38:ea:53:21:e1:95:9c:
         f0:41:dd:52:27:51:78:95:1f:eb:0c:ce:23:d2:79:11:22:5a:
         62:5d:91:c6:c5:0f:f0:59:0d:2b:4f:e7:57:2b:79:e5:a4:b7:
         13:23:96:41:81:ed:89:fe:42:37:e9:96:83:57:63:df:d9:b5:
         87:a3:b8:ba:97:90:18:05:49:41:97:8b:1e:2b:30:b9:a2:ae:
         dc:62:38:29:64:f7:f7:d6:ff:9c:a7:84:cc:fd:e5:b6:55:9b:
         7a:65:80:22:d3:9b:ae:54:e7:ab:9e:a9:8a:17:1d:30:9b:29:
         49:b7:f9:81:f0:6f:30:e1:79:ca:de:de:03:d2:1b:b7:27:73:
         d0:e6:4d:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzlH7FNrVr8PhLBqwv8yvAqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjQwMTA3MTgxMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTk5OTA2OThhNTc1NWI4YzJhNGE3ODNjNTQ1YzZhYjNjZDhkY2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAihIkFvzbgqBXo/n1zeHn9dMt1HOd
VZ3QL+Czn/8Wl2/nSYSQyRTSc5rfpoIcour8tZcGws/LRaaanM83vreoAfvwKouy
jG+8hSiDikuepz+6espNqNTat5pr99Zj54PXhcLWDquYT7mJUPfeQ6xX0w6XbrNh
OSiiAQWDLAJr7jPKuXQkwXNY84HDQOBIWxK+Uwje4nLvIbtZJ08FRe9WR25TgGy+
eDulopkRt4bBwLmW9g8dJn4Xqxj/yD/QftznQrBrqXwJS5P6l59vvogWjo6FawWz
xlh5GzejzrM+8f+/sDCDP5ak6erS7Eql6F69S124R9jTF7MNYPAlmufEsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIqZkGmKV1W4wqSng8VFxqs82NzBMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvaXBtUWFZcFhWYmpDcEtlRHhVWEdxenpZM01FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPmpUMA0G
CSqGSIb3DQEBCwUAA4IBAQAHRUIaiBY05HIiitpDtJ2z/ZyfweULEmU4KyRcUEej
TZyqzzpl5Dkh+pQX2ZgltubsF9gh19+V9WcYk8Vl9YJSl6YyANiRNMIGyJrB60QF
6pXmiAT/eQzt2LxEu7BTFLHHIhVQ9HpA4cXZ3ukplba0ID3jDN1FPTjqUyHhlZzw
Qd1SJ1F4lR/rDM4j0nkRIlpiXZHGxQ/wWQ0rT+dXK3nlpLcTI5ZBge2J/kI36ZaD
V2Pf2bWHo7i6l5AYBUlBl4seKzC5oq7cYjgpZPf31v+cp4TM/eW2VZt6ZYAi05uu
VOernqmKFx0wmylJt/mB8G8w4XnK3t4D0hu3J3PQ5k3O
-----END CERTIFICATE-----