Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a0450e-5634-458d-918f-103d93d251ab/1/CMxTCAMcOyg3Z9FCHd3oj6v27R4.roa
File:                     CMxTCAMcOyg3Z9FCHd3oj6v27R4.roa (raw, json)
Hash identifier:          5/+H+kwkdlalwY835pI6GJhxWor+tSbFubil9w99WpM=
Subject key identifier:   08:CC:53:08:03:1C:3B:28:37:67:D1:42:1D:DD:E8:8F:AB:F6:ED:1E
Certificate issuer:       /CN=1034068b5e9f7314277e2be9726c732131b1756c
Certificate serial:       019010A9B0119A3E7E1BE1634C9431CA6246
Authority key identifier: 10:34:06:8B:5E:9F:73:14:27:7E:2B:E9:72:6C:73:21:31:B1:75:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EDQGi16fcxQnfivpcmxzITGxdWw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a0450e-5634-458d-918f-103d93d251ab/1/CMxTCAMcOyg3Z9FCHd3oj6v27R4.roa
Signing time:             Thu 13 Jun 2024 08:14:34 +0000
ROA not before:           Thu 13 Jun 2024 08:14:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206350
IP address blocks:        62.231.244.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a0450e-5634-458d-918f-103d93d251ab/1/EDQGi16fcxQnfivpcmxzITGxdWw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a0450e-5634-458d-918f-103d93d251ab/1/EDQGi16fcxQnfivpcmxzITGxdWw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EDQGi16fcxQnfivpcmxzITGxdWw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:10:a9:b0:11:9a:3e:7e:1b:e1:63:4c:94:31:ca:62:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1034068b5e9f7314277e2be9726c732131b1756c
        Validity
            Not Before: Jun 13 08:14:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=08cc5308031c3b283767d1421ddde88fabf6ed1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:73:cf:f0:fd:2e:f0:b4:89:b0:50:9e:24:fa:
                    0f:11:23:8d:2a:b8:1b:a8:d7:65:af:81:16:6f:1b:
                    c6:b7:3e:7f:8c:69:93:73:31:5b:6d:86:76:f1:cf:
                    d3:dc:df:91:b3:72:13:c2:dc:1a:9b:ab:06:df:3f:
                    d5:2a:8d:2f:13:a7:31:69:f0:3b:5c:33:8d:25:f5:
                    d7:01:67:96:83:c5:44:82:50:83:aa:bd:c1:57:08:
                    e2:d7:ff:04:d4:2b:9c:ca:38:e4:47:83:ed:df:ab:
                    00:eb:8a:18:a3:61:b9:4a:d7:51:8f:86:6a:18:95:
                    45:6b:7d:ce:3f:f9:3b:d0:25:df:5d:03:4c:64:7b:
                    06:be:a0:18:92:98:4a:6e:e8:32:ce:be:ca:ff:d2:
                    b5:f4:b8:42:f1:8d:fc:85:e2:ac:9f:cc:5f:f5:93:
                    81:2e:da:b9:55:4d:74:f9:45:98:be:66:e1:4f:7d:
                    35:4c:54:d0:d0:ba:86:28:45:d0:14:78:48:36:01:
                    63:7a:5e:52:3b:96:07:69:14:51:53:e4:e6:3b:33:
                    a1:02:5c:6e:50:96:82:43:3e:2f:0b:83:64:f5:c1:
                    94:33:64:23:35:dd:1d:8e:f2:cd:b4:42:21:bc:4f:
                    7e:66:c9:74:70:a4:a3:09:08:65:04:89:83:31:70:
                    e5:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:CC:53:08:03:1C:3B:28:37:67:D1:42:1D:DD:E8:8F:AB:F6:ED:1E
            X509v3 Authority Key Identifier:
                keyid:10:34:06:8B:5E:9F:73:14:27:7E:2B:E9:72:6C:73:21:31:B1:75:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EDQGi16fcxQnfivpcmxzITGxdWw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a0450e-5634-458d-918f-103d93d251ab/1/CMxTCAMcOyg3Z9FCHd3oj6v27R4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a0450e-5634-458d-918f-103d93d251ab/1/EDQGi16fcxQnfivpcmxzITGxdWw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.231.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:71:2e:29:94:ef:65:9e:6e:bb:ca:93:00:1b:46:2e:e9:30:
         56:72:d9:b4:57:c6:0b:6f:2e:03:a9:fc:65:0f:98:fe:c6:e2:
         45:d6:78:e7:4f:94:fc:ed:d4:f0:42:20:0b:48:8b:9f:52:0d:
         c6:f4:91:01:1c:72:f1:da:77:e9:fe:57:57:25:68:56:04:4b:
         aa:8b:44:2c:ca:7c:79:7d:6e:8f:13:43:07:98:6d:7d:c3:31:
         76:97:19:ff:50:9f:a9:8d:72:76:75:bb:06:cb:cf:ad:27:a0:
         53:77:71:3d:b3:83:ea:d8:bd:7a:09:0d:1d:01:23:db:ae:80:
         fe:98:f8:82:bd:ec:ce:1d:23:e5:1a:27:1d:79:bc:c0:a3:97:
         08:c4:c6:3d:69:5e:61:4b:ad:53:e6:22:ad:dc:da:1f:f2:f4:
         a0:23:48:10:36:2e:e5:b9:b5:7f:c0:5c:e3:bb:72:c0:a5:9d:
         f7:44:92:08:5c:93:87:e2:e4:d6:a4:dc:5e:3c:a8:d3:b3:58:
         8c:ca:04:43:de:1f:97:2f:48:f3:72:0a:15:7b:07:c1:f4:b2:
         81:d5:80:28:60:8c:45:a1:b3:1b:67:89:bf:0f:88:12:55:e7:
         49:00:26:7e:4e:33:cd:7f:c4:a7:34:e3:a4:35:8b:7d:96:1a:
         d8:17:5c:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAQqbARmj5+G+FjTJQxymJGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwMzQwNjhiNWU5ZjczMTQyNzdlMmJlOTcyNmM3MzIxMzFi
MTc1NmMwHhcNMjQwNjEzMDgxNDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGNjNTMwODAzMWMzYjI4Mzc2N2QxNDIxZGRkZTg4ZmFiZjZlZDFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXPP8P0u8LSJsFCeJPoPESONKrgb
qNdlr4EWbxvGtz5/jGmTczFbbYZ28c/T3N+Rs3ITwtwam6sG3z/VKo0vE6cxafA7
XDONJfXXAWeWg8VEglCDqr3BVwji1/8E1CucyjjkR4Pt36sA64oYo2G5StdRj4Zq
GJVFa33OP/k70CXfXQNMZHsGvqAYkphKbugyzr7K/9K19LhC8Y38heKsn8xf9ZOB
Ltq5VU10+UWYvmbhT301TFTQ0LqGKEXQFHhINgFjel5SO5YHaRRRU+TmOzOhAlxu
UJaCQz4vC4Nk9cGUM2QjNd0djvLNtEIhvE9+Zsl0cKSjCQhlBImDMXDltwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAjMUwgDHDsoN2fRQh3d6I+r9u0eMB8GA1UdIwQY
MBaAFBA0Boten3MUJ34r6XJscyExsXVsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRURRR2kxNmZjeFFuZml2cGNteHpJVEd4ZFd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hMDQ1MGUtNTYzNC00NThkLTkxOGYt
MTAzZDkzZDI1MWFiLzEvQ014VENBTWNPeWczWjlGQ0hkM29qNnYyN1I0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hMDQ1MGUtNTYzNC00NThkLTkxOGYtMTAzZDkzZDI1MWFi
LzEvRURRR2kxNmZjeFFuZml2cGNteHpJVEd4ZFd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPuf0MA0G
CSqGSIb3DQEBCwUAA4IBAQBrcS4plO9lnm67ypMAG0Yu6TBWctm0V8YLby4Dqfxl
D5j+xuJF1njnT5T87dTwQiALSIufUg3G9JEBHHLx2nfp/ldXJWhWBEuqi0Qsynx5
fW6PE0MHmG19wzF2lxn/UJ+pjXJ2dbsGy8+tJ6BTd3E9s4Pq2L16CQ0dASPbroD+
mPiCvezOHSPlGicdebzAo5cIxMY9aV5hS61T5iKt3Nof8vSgI0gQNi7lubV/wFzj
u3LApZ33RJIIXJOH4uTWpNxePKjTs1iMygRD3h+XL0jzcgoVewfB9LKB1YAoYIxF
obMbZ4m/D4gSVedJACZ+TjPNf8SnNOOkNYt9lhrYF1xH
-----END CERTIFICATE-----