Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/O2ecjhu1nB5fHrJmQfv7-DvHeBg.roa
File:                     O2ecjhu1nB5fHrJmQfv7-DvHeBg.roa (raw, json)
Hash identifier:          JJR066vSLnmoD89lIe5drH8LRDYPlHrRNPDKbUjBQ4Y=
Subject key identifier:   3B:67:9C:8E:1B:B5:9C:1E:5F:1E:B2:66:41:FB:FB:F8:3B:C7:78:18
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       018E2D6DF9992A2D5A0D47849D6DCFB995D7
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/O2ecjhu1nB5fHrJmQfv7-DvHeBg.roa
Signing time:             Mon 11 Mar 2024 12:12:45 +0000
ROA not before:           Mon 11 Mar 2024 12:12:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15626
IP address blocks:        62.68.86.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:2d:6d:f9:99:2a:2d:5a:0d:47:84:9d:6d:cf:b9:95:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Mar 11 12:12:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b679c8e1bb59c1e5f1eb26641fbfbf83bc77818
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:bf:3c:c1:a5:b1:6d:20:3f:3e:5b:27:39:a8:
                    43:e4:24:4f:a9:74:f1:7c:45:0c:b7:2d:2b:18:da:
                    b3:bd:44:97:81:fa:ea:ba:d5:cd:46:88:7b:03:e5:
                    b1:17:91:8c:e0:02:b5:5c:87:b7:20:e2:02:d1:44:
                    78:6b:0f:f8:d5:82:f5:36:eb:32:11:17:1b:9f:6d:
                    5b:3f:b9:d9:1b:08:60:a1:79:19:ed:34:af:ac:9b:
                    ed:60:c0:2b:71:28:d0:5d:fd:fe:9e:84:f4:52:9f:
                    ed:e5:70:73:32:0d:c5:e7:1d:6a:b2:ea:79:8a:a2:
                    c8:42:c4:d1:6c:f2:b9:53:fb:93:f7:67:3b:80:f2:
                    32:07:c3:55:bb:03:99:04:a0:d8:95:1b:b2:d5:5a:
                    6b:dc:f6:5d:17:1a:7e:a1:62:58:de:0e:23:5d:15:
                    42:55:c5:7b:7c:dc:45:0b:4a:d0:2f:f7:df:5f:80:
                    52:4e:e0:b2:de:e3:d7:98:a7:c0:c2:79:35:eb:d3:
                    5c:e9:9d:17:9d:97:84:5f:78:ea:60:06:aa:33:b6:
                    c8:88:cd:3d:19:c0:0b:d2:4d:01:5a:d7:77:0c:3e:
                    c2:e8:de:46:1a:f0:47:23:6f:d4:1c:f8:ca:f9:6c:
                    85:9d:34:c4:da:f8:56:4c:b0:b7:f2:bb:ba:2c:24:
                    39:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:67:9C:8E:1B:B5:9C:1E:5F:1E:B2:66:41:FB:FB:F8:3B:C7:78:18
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/O2ecjhu1nB5fHrJmQfv7-DvHeBg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.68.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:8a:d5:15:d3:12:67:5d:29:0a:8f:48:77:b9:f9:b3:a6:3b:
         9d:a8:b5:e7:f6:f3:62:92:ca:5d:c5:84:14:aa:36:07:3a:1a:
         5d:a0:46:41:40:b3:78:6c:7f:f6:26:a5:bc:f3:95:24:46:e9:
         02:b4:c2:3a:8c:f1:fc:bf:c6:a7:ee:c8:39:ac:e9:9d:1a:e4:
         07:09:e0:a0:f7:6c:0e:3e:86:ca:47:02:4f:64:e9:71:7a:2b:
         4e:03:7e:e9:09:d2:3a:14:ef:54:6d:9d:bb:3e:6d:31:ca:8c:
         04:2c:5d:75:ac:57:bf:40:4c:a0:0d:f3:ce:66:ac:09:bc:34:
         72:48:4e:5f:5c:c9:98:4b:2a:d9:bd:fa:f1:0c:a5:ec:97:c8:
         69:4e:91:9b:a7:1c:1d:5e:97:66:89:71:cd:4f:79:7b:09:9b:
         f0:70:95:b2:c2:16:2d:aa:b1:7f:07:4e:44:e6:b6:37:05:8e:
         a8:6a:e2:36:7a:61:5f:d4:44:27:21:29:49:6c:94:9c:cf:da:
         4a:a8:a1:f7:72:fa:4c:74:d2:14:5d:f7:fb:a4:fb:88:96:a0:
         1d:d6:34:4a:54:2b:80:88:e9:9b:50:59:b6:6b:2a:ae:b5:b4:
         52:fb:7b:1e:1d:b2:53:52:1e:40:c4:c3:8d:50:67:ca:dc:44:
         2e:5e:93:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4tbfmZKi1aDUeEnW3PuZXXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjQwMzExMTIxMjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjY3OWM4ZTFiYjU5YzFlNWYxZWIyNjY0MWZiZmJmODNiYzc3ODE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvr88waWxbSA/PlsnOahD5CRPqXTx
fEUMty0rGNqzvUSXgfrqutXNRoh7A+WxF5GM4AK1XIe3IOIC0UR4aw/41YL1Nusy
ERcbn21bP7nZGwhgoXkZ7TSvrJvtYMArcSjQXf3+noT0Up/t5XBzMg3F5x1qsup5
iqLIQsTRbPK5U/uT92c7gPIyB8NVuwOZBKDYlRuy1Vpr3PZdFxp+oWJY3g4jXRVC
VcV7fNxFC0rQL/ffX4BSTuCy3uPXmKfAwnk169Nc6Z0XnZeEX3jqYAaqM7bIiM09
GcAL0k0BWtd3DD7C6N5GGvBHI2/UHPjK+WyFnTTE2vhWTLC38ru6LCQ5NwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDtnnI4btZweXx6yZkH7+/g7x3gYMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvTzJlY2podTFuQjVmSHJKbVFmdjctRHZIZUJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPkRWMA0G
CSqGSIb3DQEBCwUAA4IBAQBHitUV0xJnXSkKj0h3ufmzpjudqLXn9vNikspdxYQU
qjYHOhpdoEZBQLN4bH/2JqW885UkRukCtMI6jPH8v8an7sg5rOmdGuQHCeCg92wO
PobKRwJPZOlxeitOA37pCdI6FO9UbZ27Pm0xyowELF11rFe/QEygDfPOZqwJvDRy
SE5fXMmYSyrZvfrxDKXsl8hpTpGbpxwdXpdmiXHNT3l7CZvwcJWywhYtqrF/B05E
5rY3BY6oauI2emFf1EQnISlJbJScz9pKqKH3cvpMdNIUXff7pPuIlqAd1jRKVCuA
iOmbUFm2ayqutbRS+3seHbJTUh5AxMONUGfK3EQuXpPM
-----END CERTIFICATE-----