Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/2a38e6-294e-4fa3-a5a0-53046323951f/1/CcShVghWEy2Frlr3GHig6bB9XnM.roa
File:                     CcShVghWEy2Frlr3GHig6bB9XnM.roa (raw, json)
Hash identifier:          WXatT3JbI5lvP1MQfkHppTOHWeOi1x/MmY7Lf1EEJ74=
Subject key identifier:   09:C4:A1:56:08:56:13:2D:85:AE:5A:F7:18:78:A0:E9:B0:7D:5E:73
Certificate issuer:       /CN=6eab53640b0931924b73f760925845150a6ccca5
Certificate serial:       018CC4930CE631180841FCB9C954D889226F
Authority key identifier: 6E:AB:53:64:0B:09:31:92:4B:73:F7:60:92:58:45:15:0A:6C:CC:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bqtTZAsJMZJLc_dgklhFFQpszKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/2a38e6-294e-4fa3-a5a0-53046323951f/1/CcShVghWEy2Frlr3GHig6bB9XnM.roa
Signing time:             Mon 01 Jan 2024 10:30:20 +0000
ROA not before:           Mon 01 Jan 2024 10:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49163
IP address blocks:        62.93.96.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/2a38e6-294e-4fa3-a5a0-53046323951f/1/bqtTZAsJMZJLc_dgklhFFQpszKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/2a38e6-294e-4fa3-a5a0-53046323951f/1/bqtTZAsJMZJLc_dgklhFFQpszKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bqtTZAsJMZJLc_dgklhFFQpszKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 23:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:0c:e6:31:18:08:41:fc:b9:c9:54:d8:89:22:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6eab53640b0931924b73f760925845150a6ccca5
        Validity
            Not Before: Jan  1 10:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=09c4a1560856132d85ae5af71878a0e9b07d5e73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:77:20:97:60:47:d6:d3:67:f0:1b:41:cc:92:
                    5b:32:a2:1f:e7:f7:9b:51:fc:c2:3e:b2:2c:e6:e2:
                    31:83:60:35:5e:93:d9:19:7d:e1:c9:0c:64:2b:c2:
                    15:1f:f0:59:8c:bc:cc:8c:16:80:4d:9b:76:a8:f3:
                    7a:ce:9e:ca:6d:1d:b0:d0:7a:ce:d1:96:57:1b:0c:
                    fd:28:a5:24:27:a0:32:fd:43:92:5e:50:8d:09:fc:
                    73:de:20:1a:ca:ad:30:63:f5:ac:f0:df:20:5f:ed:
                    83:4c:9e:77:5f:89:5c:ab:35:05:ca:e1:36:23:c2:
                    ac:fd:1d:14:ff:5c:e0:8a:d7:9c:86:e3:cb:a9:f0:
                    30:50:34:77:83:a6:57:31:c6:06:bc:a7:9a:99:a0:
                    c8:89:40:3d:9a:04:5f:ed:d9:bd:fb:b8:ab:e1:0d:
                    31:e8:8c:30:c1:9e:e0:f8:1d:3d:7c:ec:13:1f:72:
                    57:0d:17:91:1f:bc:3d:bb:43:50:5b:3c:29:9f:23:
                    17:a0:f4:10:9c:7d:34:b5:49:c8:58:b5:17:dc:d5:
                    dd:13:c3:2e:ca:0e:6f:6f:b0:e5:82:29:35:21:e2:
                    36:a3:52:ff:8d:08:92:b7:55:70:90:44:19:c6:65:
                    0f:08:00:65:97:c7:74:2a:ba:f5:8f:e6:f5:b2:d5:
                    a9:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:C4:A1:56:08:56:13:2D:85:AE:5A:F7:18:78:A0:E9:B0:7D:5E:73
            X509v3 Authority Key Identifier:
                keyid:6E:AB:53:64:0B:09:31:92:4B:73:F7:60:92:58:45:15:0A:6C:CC:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bqtTZAsJMZJLc_dgklhFFQpszKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/2a38e6-294e-4fa3-a5a0-53046323951f/1/CcShVghWEy2Frlr3GHig6bB9XnM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/2a38e6-294e-4fa3-a5a0-53046323951f/1/bqtTZAsJMZJLc_dgklhFFQpszKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.93.96.0/21

    Signature Algorithm: sha256WithRSAEncryption
         ae:8d:b7:d7:e0:61:54:29:c8:f5:2f:7c:9a:66:dd:49:44:70:
         a1:b3:6f:a7:ec:0b:26:94:01:97:6c:40:11:1a:25:78:34:2b:
         57:1a:e3:4b:6f:ee:d5:44:f7:1e:1e:6f:21:d0:bc:1c:7e:d0:
         34:a2:44:8e:56:71:3e:07:f2:3b:73:16:bc:44:78:3c:01:9f:
         61:5e:bf:d4:40:75:b5:27:92:1c:9e:57:30:60:b5:59:5e:01:
         6a:9e:e0:55:bb:85:fa:42:b0:ae:a9:6a:cd:11:6c:93:1d:a7:
         b8:a2:e4:2b:7a:0b:8e:40:cb:53:77:1f:6a:81:71:6c:89:6f:
         05:89:b1:79:6d:3d:5d:55:ee:d8:76:aa:46:57:2b:cc:4f:e5:
         9c:8e:26:d1:35:cf:9b:68:73:38:96:91:48:c8:b5:38:86:6c:
         25:aa:0a:ea:84:e9:08:1e:7d:c0:3f:77:64:b5:46:69:c3:e1:
         cc:42:84:cb:44:33:cb:c1:c2:93:df:74:34:ff:84:75:aa:80:
         7c:95:45:1c:e0:8d:a1:00:e4:fc:17:44:7d:50:e6:5e:4e:f2:
         31:69:da:f4:59:a6:33:29:eb:87:1c:07:d3:b3:c1:51:76:35:
         a7:0e:89:3b:c0:f1:fa:e8:9c:6c:23:99:59:bb:8d:6c:11:bc:
         1a:77:1f:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkwzmMRgIQfy5yVTYiSJvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlYWI1MzY0MGIwOTMxOTI0YjczZjc2MDkyNTg0NTE1MGE2
Y2NjYTUwHhcNMjQwMTAxMTAzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWM0YTE1NjA4NTYxMzJkODVhZTVhZjcxODc4YTBlOWIwN2Q1ZTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo3cgl2BH1tNn8BtBzJJbMqIf5/eb
UfzCPrIs5uIxg2A1XpPZGX3hyQxkK8IVH/BZjLzMjBaATZt2qPN6zp7KbR2w0HrO
0ZZXGwz9KKUkJ6Ay/UOSXlCNCfxz3iAayq0wY/Ws8N8gX+2DTJ53X4lcqzUFyuE2
I8Ks/R0U/1zgitechuPLqfAwUDR3g6ZXMcYGvKeamaDIiUA9mgRf7dm9+7ir4Q0x
6IwwwZ7g+B09fOwTH3JXDReRH7w9u0NQWzwpnyMXoPQQnH00tUnIWLUX3NXdE8Mu
yg5vb7Dlgik1IeI2o1L/jQiSt1VwkEQZxmUPCABll8d0Krr1j+b1stWp/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAnEoVYIVhMtha5a9xh4oOmwfV5zMB8GA1UdIwQY
MBaAFG6rU2QLCTGSS3P3YJJYRRUKbMylMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnF0VFpBc0pNWkpMY19kZ2tsaEZGUXBzektVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC8yYTM4ZTYtMjk0ZS00ZmEzLWE1YTAt
NTMwNDYzMjM5NTFmLzEvQ2NTaFZnaFdFeTJGcmxyM0dIaWc2YkI5WG5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC8yYTM4ZTYtMjk0ZS00ZmEzLWE1YTAtNTMwNDYzMjM5NTFm
LzEvYnF0VFpBc0pNWkpMY19kZ2tsaEZGUXBzektVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDPl1gMA0G
CSqGSIb3DQEBCwUAA4IBAQCujbfX4GFUKcj1L3yaZt1JRHChs2+n7AsmlAGXbEAR
GiV4NCtXGuNLb+7VRPceHm8h0LwcftA0okSOVnE+B/I7cxa8RHg8AZ9hXr/UQHW1
J5IcnlcwYLVZXgFqnuBVu4X6QrCuqWrNEWyTHae4ouQreguOQMtTdx9qgXFsiW8F
ibF5bT1dVe7YdqpGVyvMT+WcjibRNc+baHM4lpFIyLU4hmwlqgrqhOkIHn3AP3dk
tUZpw+HMQoTLRDPLwcKT33Q0/4R1qoB8lUUc4I2hAOT8F0R9UOZeTvIxadr0WaYz
KeuHHAfTs8FRdjWnDok7wPH66JxsI5lZu41sEbwadx9o
-----END CERTIFICATE-----