Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/QKbhqnsXiFGdhBwUUpg2AzDZkD4.roa
File:                     QKbhqnsXiFGdhBwUUpg2AzDZkD4.roa (raw, json)
Hash identifier:          TWcedXtEbo5FQjEyEEJlIG6MmjkrznkKDE+P6JeqhBY=
Subject key identifier:   40:A6:E1:AA:7B:17:88:51:9D:84:1C:14:52:98:36:03:30:D9:90:3E
Certificate issuer:       /CN=0551605b675ece4e0fce7175ae31a93fa8272ba6
Certificate serial:       018CC794F6F1B2D3A4C83A314A69A518758A
Authority key identifier: 05:51:60:5B:67:5E:CE:4E:0F:CE:71:75:AE:31:A9:3F:A8:27:2B:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BVFgW2dezk4PznF1rjGpP6gnK6Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/QKbhqnsXiFGdhBwUUpg2AzDZkD4.roa
Signing time:             Tue 02 Jan 2024 00:31:17 +0000
ROA not before:           Tue 02 Jan 2024 00:31:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3320
IP address blocks:        62.56.208.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/BVFgW2dezk4PznF1rjGpP6gnK6Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/BVFgW2dezk4PznF1rjGpP6gnK6Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BVFgW2dezk4PznF1rjGpP6gnK6Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:f6:f1:b2:d3:a4:c8:3a:31:4a:69:a5:18:75:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0551605b675ece4e0fce7175ae31a93fa8272ba6
        Validity
            Not Before: Jan  2 00:31:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=40a6e1aa7b1788519d841c145298360330d9903e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:4b:f9:ce:26:43:3d:b3:15:2f:ef:99:f9:88:
                    4e:76:1e:0a:78:d6:fd:79:34:aa:8e:cb:25:18:8a:
                    67:c5:a5:8b:84:43:c1:ee:45:c7:3b:97:23:1a:cd:
                    ab:80:e6:b7:9f:b2:f2:6d:4d:c4:8e:06:f2:50:84:
                    36:b3:ed:29:37:d6:cd:b0:f3:db:0e:08:f1:c4:64:
                    04:40:af:46:72:32:b5:10:92:7c:17:af:da:66:74:
                    f7:bb:ce:bc:73:c0:e9:42:1a:86:29:b7:dd:9b:64:
                    9f:ba:71:0e:ee:3b:9a:3a:89:e7:bd:ec:a2:01:cd:
                    63:9d:0d:d9:1f:f0:eb:dc:6f:c6:b3:3a:01:1b:3c:
                    17:fe:e3:6c:76:ec:f2:84:b3:22:16:93:e8:fb:96:
                    9f:33:14:a7:a1:a5:7c:a4:84:db:d9:93:55:b0:99:
                    40:99:79:2f:c4:c3:eb:ee:9e:7b:b9:c5:da:26:9d:
                    64:90:fd:34:bf:13:00:01:ab:f7:7d:0f:bc:65:9d:
                    23:4d:b7:1f:fd:d1:94:ab:6b:fc:10:aa:b5:09:bb:
                    8e:26:31:bd:d5:62:78:f1:46:c9:9d:1e:04:69:8c:
                    ba:f0:92:e0:4b:fe:43:9e:79:c9:a2:fa:f6:26:14:
                    66:2d:0a:5a:e6:b3:06:f7:19:6c:58:59:ac:a8:71:
                    59:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:A6:E1:AA:7B:17:88:51:9D:84:1C:14:52:98:36:03:30:D9:90:3E
            X509v3 Authority Key Identifier:
                keyid:05:51:60:5B:67:5E:CE:4E:0F:CE:71:75:AE:31:A9:3F:A8:27:2B:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BVFgW2dezk4PznF1rjGpP6gnK6Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/QKbhqnsXiFGdhBwUUpg2AzDZkD4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/BVFgW2dezk4PznF1rjGpP6gnK6Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.56.208.0/21

    Signature Algorithm: sha256WithRSAEncryption
         57:85:a1:5c:65:88:c2:be:4e:ee:70:29:27:72:99:60:cf:96:
         96:1e:34:93:5f:3e:7c:0a:da:ad:6c:5a:e6:03:49:ec:b3:2c:
         1a:7e:87:14:28:2d:83:f1:fd:48:00:83:cf:b9:5f:02:dd:3f:
         da:95:a3:ea:66:7c:8a:00:25:f7:40:7b:4e:cf:d9:47:c9:a5:
         25:fa:7e:34:15:89:7a:5d:bd:fa:cd:f6:37:72:1e:26:3c:d0:
         e1:cf:2a:8a:6f:b3:02:83:5b:84:24:3d:d2:ac:b0:b8:57:a6:
         39:f2:73:2d:4c:d0:90:e8:18:36:8d:65:be:9e:53:4d:94:f4:
         e4:94:82:6a:52:73:5d:13:07:e8:e7:93:b4:af:7c:66:3c:f8:
         f2:57:b9:f7:a5:a0:d9:95:c9:e3:3a:b6:f0:11:6d:dd:23:48:
         ed:6f:25:02:10:51:69:8a:36:b6:a4:ad:8c:91:af:ba:ec:f2:
         3b:37:1f:e0:88:79:4b:5d:b8:d7:c4:c7:91:ba:3e:14:c8:ce:
         97:39:ff:38:48:ef:76:18:15:90:e7:6b:74:89:a3:e2:b5:ca:
         14:4d:c9:73:34:81:4f:e8:48:4b:62:7c:27:e4:45:f4:d4:53:
         a3:df:5d:b7:10:3c:ee:bc:2b:3c:45:3e:de:27:e8:b0:0a:78:
         6c:06:4e:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlPbxstOkyDoxSmmlGHWKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NTE2MDViNjc1ZWNlNGUwZmNlNzE3NWFlMzFhOTNmYTgy
NzJiYTYwHhcNMjQwMTAyMDAzMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGE2ZTFhYTdiMTc4ODUxOWQ4NDFjMTQ1Mjk4MzYwMzMwZDk5MDNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Uv5ziZDPbMVL++Z+YhOdh4KeNb9
eTSqjsslGIpnxaWLhEPB7kXHO5cjGs2rgOa3n7LybU3EjgbyUIQ2s+0pN9bNsPPb
DgjxxGQEQK9GcjK1EJJ8F6/aZnT3u868c8DpQhqGKbfdm2SfunEO7juaOonnveyi
Ac1jnQ3ZH/Dr3G/GszoBGzwX/uNsduzyhLMiFpPo+5afMxSnoaV8pITb2ZNVsJlA
mXkvxMPr7p57ucXaJp1kkP00vxMAAav3fQ+8ZZ0jTbcf/dGUq2v8EKq1CbuOJjG9
1WJ48UbJnR4EaYy68JLgS/5DnnnJovr2JhRmLQpa5rMG9xlsWFmsqHFZawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFECm4ap7F4hRnYQcFFKYNgMw2ZA+MB8GA1UdIwQY
MBaAFAVRYFtnXs5OD85xda4xqT+oJyumMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlZGZ1cyZGV6azRQem5GMXJqR3BQNmduSzZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yOGVhNDUtN2QzMC00NmRmLThmMmEt
MDc3OWY0OGVjZWEwLzEvUUtiaHFuc1hpRkdkaEJ3VVVwZzJBekRaa0Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yOGVhNDUtN2QzMC00NmRmLThmMmEtMDc3OWY0OGVjZWEw
LzEvQlZGZ1cyZGV6azRQem5GMXJqR3BQNmduSzZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDPjjQMA0G
CSqGSIb3DQEBCwUAA4IBAQBXhaFcZYjCvk7ucCkncplgz5aWHjSTXz58CtqtbFrm
A0nssywafocUKC2D8f1IAIPPuV8C3T/alaPqZnyKACX3QHtOz9lHyaUl+n40FYl6
Xb36zfY3ch4mPNDhzyqKb7MCg1uEJD3SrLC4V6Y58nMtTNCQ6Bg2jWW+nlNNlPTk
lIJqUnNdEwfo55O0r3xmPPjyV7n3paDZlcnjOrbwEW3dI0jtbyUCEFFpija2pK2M
ka+67PI7Nx/giHlLXbjXxMeRuj4UyM6XOf84SO92GBWQ52t0iaPitcoUTclzNIFP
6EhLYnwn5EX01FOj3123EDzuvCs8RT7eJ+iwCnhsBk7Q
-----END CERTIFICATE-----