Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/a875d3-9905-4984-b92c-e3be5568293d/1/qZ_vHsaf7XImMaocegl_tf2ymoo.roa
File:                     qZ_vHsaf7XImMaocegl_tf2ymoo.roa (raw, json)
Hash identifier:          6VsCS3AYr3AciBU2TOap7HoIXkcRPXKVEFKyknqrUso=
Subject key identifier:   A9:9F:EF:1E:C6:9F:ED:72:26:31:AA:1C:7A:09:7F:B5:FD:B2:9A:8A
Certificate issuer:       /CN=637115f728f97d16e0d124963764088120205ae0
Certificate serial:       018D1BF347BA53D7BE90CBE44708B0995B3A
Authority key identifier: 63:71:15:F7:28:F9:7D:16:E0:D1:24:96:37:64:08:81:20:20:5A:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y3EV9yj5fRbg0SSWN2QIgSAgWuA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/a875d3-9905-4984-b92c-e3be5568293d/1/qZ_vHsaf7XImMaocegl_tf2ymoo.roa
Signing time:             Thu 18 Jan 2024 09:42:24 +0000
ROA not before:           Thu 18 Jan 2024 09:42:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51088
IP address blocks:        62.68.84.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/a875d3-9905-4984-b92c-e3be5568293d/1/Y3EV9yj5fRbg0SSWN2QIgSAgWuA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/a875d3-9905-4984-b92c-e3be5568293d/1/Y3EV9yj5fRbg0SSWN2QIgSAgWuA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y3EV9yj5fRbg0SSWN2QIgSAgWuA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:1b:f3:47:ba:53:d7:be:90:cb:e4:47:08:b0:99:5b:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=637115f728f97d16e0d124963764088120205ae0
        Validity
            Not Before: Jan 18 09:42:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a99fef1ec69fed722631aa1c7a097fb5fdb29a8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:69:8e:4a:79:4d:01:63:71:1f:3b:e6:20:46:
                    19:6b:4c:7b:4f:4b:76:15:d3:dc:4b:27:86:0a:ab:
                    c3:ca:df:50:25:15:a1:d8:ac:d8:a8:20:7b:7f:c3:
                    80:b8:5b:a0:51:f5:c4:c2:6f:89:c1:06:14:55:c1:
                    b8:d8:2a:31:20:77:0e:f0:56:6d:76:f7:1f:3e:ce:
                    a4:89:92:b3:ac:61:ff:5f:02:47:d9:42:b8:17:80:
                    9d:3c:63:1b:29:19:42:41:4a:16:55:bb:2e:e8:9e:
                    05:d9:bd:91:01:06:a0:64:64:43:35:c5:4e:01:05:
                    37:f5:75:d0:72:2d:89:0f:a0:24:56:a4:99:27:b1:
                    60:56:0f:f5:98:e5:32:a4:88:95:e3:55:92:2f:ff:
                    b6:eb:a4:fa:ae:a3:bb:b9:fc:b0:38:bd:7b:07:01:
                    f3:b4:ed:c9:0e:37:ad:92:17:2c:e2:09:a0:24:88:
                    0e:7f:77:62:ef:af:43:d6:b0:5e:d4:88:13:f0:c9:
                    1d:3d:63:f4:0e:1f:d0:c6:14:37:88:ee:3b:54:44:
                    0a:34:7c:c1:a2:31:ec:73:3d:e5:6c:94:a4:52:e9:
                    c4:1e:7f:b9:04:de:1e:69:3d:20:2a:2c:a7:62:12:
                    0c:25:60:32:7e:0b:9e:17:17:a2:8c:c9:95:c9:ea:
                    b2:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:9F:EF:1E:C6:9F:ED:72:26:31:AA:1C:7A:09:7F:B5:FD:B2:9A:8A
            X509v3 Authority Key Identifier:
                keyid:63:71:15:F7:28:F9:7D:16:E0:D1:24:96:37:64:08:81:20:20:5A:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y3EV9yj5fRbg0SSWN2QIgSAgWuA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/a875d3-9905-4984-b92c-e3be5568293d/1/qZ_vHsaf7XImMaocegl_tf2ymoo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/a875d3-9905-4984-b92c-e3be5568293d/1/Y3EV9yj5fRbg0SSWN2QIgSAgWuA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.68.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:b8:02:59:7d:88:44:65:a7:b0:3a:9a:cb:ab:eb:25:b7:98:
         0b:c3:68:6b:06:18:bd:60:2c:26:de:21:26:f6:b7:50:99:35:
         0f:bf:ff:b9:d1:51:8c:78:28:3a:f4:ac:e4:8c:1e:6d:59:ea:
         88:63:03:4e:7d:2e:2b:ae:52:a5:81:4f:6a:81:e8:ab:32:d7:
         cc:3c:2f:c8:78:71:1b:78:4e:93:35:e6:7b:20:07:01:2f:2b:
         e4:b3:e0:3e:95:2d:f6:b0:cd:5b:ba:ec:c4:6d:32:43:50:d0:
         67:e6:54:79:84:cb:94:79:bf:4a:09:ff:26:9c:69:33:a0:07:
         60:40:6f:66:ec:bf:8b:14:e1:68:e3:54:2c:1e:10:1c:29:6d:
         8f:cc:bf:32:fc:19:37:9a:8f:81:d8:6d:98:7a:5d:bb:f3:dd:
         06:cb:b1:b2:a0:5d:37:e8:58:bc:d1:33:2d:ba:20:4c:b3:e1:
         f6:8f:22:c0:6d:b2:0f:94:e4:28:c1:e3:42:a6:b1:cb:7e:13:
         3c:e2:33:96:f6:0c:67:62:23:23:d8:aa:40:77:33:bf:27:76:
         f0:4c:15:a1:b7:f6:d8:ac:f5:f6:3a:a8:67:36:da:e4:7d:5b:
         e6:a3:4e:4f:bc:87:ca:7f:e8:91:a1:b3:91:0f:54:51:bd:db:
         26:66:bd:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0b80e6U9e+kMvkRwiwmVs6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNzExNWY3MjhmOTdkMTZlMGQxMjQ5NjM3NjQwODgxMjAy
MDVhZTAwHhcNMjQwMTE4MDk0MjI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTlmZWYxZWM2OWZlZDcyMjYzMWFhMWM3YTA5N2ZiNWZkYjI5YThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqGmOSnlNAWNxHzvmIEYZa0x7T0t2
FdPcSyeGCqvDyt9QJRWh2KzYqCB7f8OAuFugUfXEwm+JwQYUVcG42CoxIHcO8FZt
dvcfPs6kiZKzrGH/XwJH2UK4F4CdPGMbKRlCQUoWVbsu6J4F2b2RAQagZGRDNcVO
AQU39XXQci2JD6AkVqSZJ7FgVg/1mOUypIiV41WSL/+266T6rqO7ufywOL17BwHz
tO3JDjetkhcs4gmgJIgOf3di769D1rBe1IgT8MkdPWP0Dh/QxhQ3iO47VEQKNHzB
ojHscz3lbJSkUunEHn+5BN4eaT0gKiynYhIMJWAyfgueFxeijMmVyeqyIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKmf7x7Gn+1yJjGqHHoJf7X9spqKMB8GA1UdIwQY
MBaAFGNxFfco+X0W4NEkljdkCIEgIFrgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTNFVjl5ajVmUmJnMFNTV04yUUlnU0FnV3VBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9hODc1ZDMtOTkwNS00OTg0LWI5MmMt
ZTNiZTU1NjgyOTNkLzEvcVpfdkhzYWY3WEltTWFvY2VnbF90ZjJ5bW9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9hODc1ZDMtOTkwNS00OTg0LWI5MmMtZTNiZTU1NjgyOTNk
LzEvWTNFVjl5ajVmUmJnMFNTV04yUUlnU0FnV3VBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPkRUMA0G
CSqGSIb3DQEBCwUAA4IBAQCluAJZfYhEZaewOprLq+slt5gLw2hrBhi9YCwm3iEm
9rdQmTUPv/+50VGMeCg69KzkjB5tWeqIYwNOfS4rrlKlgU9qgeirMtfMPC/IeHEb
eE6TNeZ7IAcBLyvks+A+lS32sM1buuzEbTJDUNBn5lR5hMuUeb9KCf8mnGkzoAdg
QG9m7L+LFOFo41QsHhAcKW2PzL8y/Bk3mo+B2G2Yel27890Gy7GyoF036Fi80TMt
uiBMs+H2jyLAbbIPlOQoweNCprHLfhM84jOW9gxnYiMj2KpAdzO/J3bwTBWht/bY
rPX2OqhnNtrkfVvmo05PvIfKf+iRobORD1RRvdsmZr1k
-----END CERTIFICATE-----