Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/4786c2-11a1-48a4-ba80-7944976599d8/1/oc4BVilD3zRP_Wj5m-wKbWFkEh4.roa
File:                     oc4BVilD3zRP_Wj5m-wKbWFkEh4.roa (raw, json)
Hash identifier:          uhIfMKwFp1HO15Zet+uFYGaPKOkddc0JEyhOtf8Mc2g=
Subject key identifier:   A1:CE:01:56:29:43:DF:34:4F:FD:68:F9:9B:EC:0A:6D:61:64:12:1E
Certificate issuer:       /CN=614ca0d09bbd05f4b8a8ac30a329f6715110758c
Certificate serial:       019340E01EF40C82A1F53C6E8B59228AEEF0
Authority key identifier: 61:4C:A0:D0:9B:BD:05:F4:B8:A8:AC:30:A3:29:F6:71:51:10:75:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YUyg0Ju9BfS4qKwwoyn2cVEQdYw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/4786c2-11a1-48a4-ba80-7944976599d8/1/oc4BVilD3zRP_Wj5m-wKbWFkEh4.roa
Signing time:             Mon 18 Nov 2024 20:04:10 +0000
ROA not before:           Mon 18 Nov 2024 20:04:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        62.3.56.0/24 maxlen: 24
                          2a12:100::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/4786c2-11a1-48a4-ba80-7944976599d8/1/YUyg0Ju9BfS4qKwwoyn2cVEQdYw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/4786c2-11a1-48a4-ba80-7944976599d8/1/YUyg0Ju9BfS4qKwwoyn2cVEQdYw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YUyg0Ju9BfS4qKwwoyn2cVEQdYw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:40:e0:1e:f4:0c:82:a1:f5:3c:6e:8b:59:22:8a:ee:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=614ca0d09bbd05f4b8a8ac30a329f6715110758c
        Validity
            Not Before: Nov 18 20:04:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a1ce01562943df344ffd68f99bec0a6d6164121e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:9e:ed:10:24:cc:2d:d0:9d:db:0b:ad:0e:0c:
                    91:28:7b:c8:3e:51:12:10:c5:6d:8a:6b:37:5e:48:
                    63:f9:a0:38:c2:55:4f:c3:18:c9:1d:01:7b:50:68:
                    4f:0a:bb:50:0c:40:63:19:5f:43:d6:86:27:45:bb:
                    c7:c4:3c:94:0d:29:4a:96:bf:3f:41:8d:1c:a9:09:
                    78:9c:5a:e8:6f:05:b4:05:af:2a:d4:f6:f0:7e:c6:
                    3f:ae:29:2b:78:8d:6e:1d:3c:23:a7:19:3b:7b:dd:
                    cc:0a:16:44:37:44:df:a2:6e:15:a8:63:8b:79:7c:
                    0d:1d:55:4f:97:92:89:46:61:a5:82:d8:44:3d:67:
                    d4:a1:a0:de:24:0c:43:34:f1:ba:4f:53:2a:6e:37:
                    63:b9:9e:11:ba:10:a6:d0:99:41:8c:f8:b2:33:bf:
                    9d:9b:76:2d:70:db:9a:11:67:78:5a:ef:ac:33:80:
                    05:8a:0c:77:9c:52:db:70:19:63:bd:58:a5:5e:40:
                    d6:5a:8c:55:95:56:d9:55:ac:7b:18:81:89:e6:94:
                    07:65:aa:da:d8:d1:c0:9b:73:fb:c2:07:f3:cb:fc:
                    91:70:2b:a2:4f:a3:b7:dd:3d:0d:37:0a:0d:34:38:
                    9d:96:e1:bb:78:e3:6c:07:41:c4:c7:54:96:38:f7:
                    23:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:CE:01:56:29:43:DF:34:4F:FD:68:F9:9B:EC:0A:6D:61:64:12:1E
            X509v3 Authority Key Identifier:
                keyid:61:4C:A0:D0:9B:BD:05:F4:B8:A8:AC:30:A3:29:F6:71:51:10:75:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YUyg0Ju9BfS4qKwwoyn2cVEQdYw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/4786c2-11a1-48a4-ba80-7944976599d8/1/oc4BVilD3zRP_Wj5m-wKbWFkEh4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/4786c2-11a1-48a4-ba80-7944976599d8/1/YUyg0Ju9BfS4qKwwoyn2cVEQdYw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.3.56.0/24
                IPv6:
                  2a12:100::/29

    Signature Algorithm: sha256WithRSAEncryption
         0e:c4:c7:79:fc:d8:1d:72:7d:89:e5:08:73:20:88:85:70:00:
         a9:0e:4a:9d:ba:a9:62:d4:2b:c2:6c:5c:25:e5:ce:c7:31:8b:
         92:f2:e4:ec:2e:2b:15:0d:ef:00:ee:9e:2e:ac:ad:0e:b8:c5:
         8f:bd:65:0e:a9:89:61:8a:6e:56:5e:4a:d0:a7:6c:3f:e3:ad:
         cb:32:73:87:5e:a0:1c:b6:d6:55:32:7d:dd:3c:a7:10:02:22:
         f5:e1:45:cb:33:63:0d:53:0f:7d:c9:2a:6a:76:9f:1e:22:77:
         2c:b0:e9:78:b1:d5:de:0e:32:c2:12:5d:68:cb:2c:99:a3:33:
         b4:e3:f6:ea:ee:5a:8a:fa:a1:06:cf:9e:c3:3d:37:b9:ea:ac:
         13:51:b9:cc:0e:c9:4e:2e:8e:f6:1e:91:05:55:3b:2b:29:36:
         5d:12:ba:1d:fd:a9:59:0c:69:c4:80:7c:c4:62:5b:3d:14:29:
         de:bd:d2:56:fa:b3:ca:6a:f3:0b:b0:89:f1:18:4d:22:57:82:
         0f:93:21:7e:fe:85:3b:4d:93:6e:03:e1:f1:85:97:6a:1d:df:
         96:6e:e3:f3:fb:67:4c:a8:38:bb:94:03:75:a8:6e:07:f2:43:
         90:35:1a:a4:69:57:47:4e:5c:9d:41:d2:93:36:9f:08:a1:88:
         ae:57:8e:6f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZNA4B70DIKh9Txui1kiiu7wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxNGNhMGQwOWJiZDA1ZjRiOGE4YWMzMGEzMjlmNjcxNTEx
MDc1OGMwHhcNMjQxMTE4MjAwNDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWNlMDE1NjI5NDNkZjM0NGZmZDY4Zjk5YmVjMGE2ZDYxNjQxMjFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAup7tECTMLdCd2wutDgyRKHvIPlES
EMVtims3Xkhj+aA4wlVPwxjJHQF7UGhPCrtQDEBjGV9D1oYnRbvHxDyUDSlKlr8/
QY0cqQl4nFrobwW0Ba8q1PbwfsY/rikreI1uHTwjpxk7e93MChZEN0Tfom4VqGOL
eXwNHVVPl5KJRmGlgthEPWfUoaDeJAxDNPG6T1MqbjdjuZ4RuhCm0JlBjPiyM7+d
m3YtcNuaEWd4Wu+sM4AFigx3nFLbcBljvVilXkDWWoxVlVbZVax7GIGJ5pQHZara
2NHAm3P7wgfzy/yRcCuiT6O33T0NNwoNNDidluG7eONsB0HEx1SWOPcjbQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKHOAVYpQ980T/1o+ZvsCm1hZBIeMB8GA1UdIwQY
MBaAFGFMoNCbvQX0uKisMKMp9nFREHWMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVV5ZzBKdTlCZlM0cUt3d295bjJjVkVRZFl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS80Nzg2YzItMTFhMS00OGE0LWJhODAt
Nzk0NDk3NjU5OWQ4LzEvb2M0QlZpbEQzelJQX1dqNW0td0tiV0ZrRWg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS80Nzg2YzItMTFhMS00OGE0LWJhODAtNzk0NDk3NjU5OWQ4
LzEvWVV5ZzBKdTlCZlM0cUt3d295bjJjVkVRZFl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAPgM4MA0E
AgACMAcDBQMqEgEAMA0GCSqGSIb3DQEBCwUAA4IBAQAOxMd5/Ngdcn2J5QhzIIiF
cACpDkqduqli1CvCbFwl5c7HMYuS8uTsLisVDe8A7p4urK0OuMWPvWUOqYlhim5W
XkrQp2w/463LMnOHXqActtZVMn3dPKcQAiL14UXLM2MNUw99ySpqdp8eIncssOl4
sdXeDjLCEl1oyyyZozO04/bq7lqK+qEGz57DPTe56qwTUbnMDslOLo72HpEFVTsr
KTZdErod/alZDGnEgHzEYls9FCnevdJW+rPKavMLsInxGE0iV4IPkyF+/oU7TZNu
A+HxhZdqHd+WbuPz+2dMqDi7lAN1qG4H8kOQNRqkaVdHTlydQdKTNp8IoYiuV45v
-----END CERTIFICATE-----