Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/613b2a-8cae-47db-8df0-607cd7f22469/1/1-1HHsrOeuzuCnaFMj_7_dtRyc60.roa
File:                     1-1HHsrOeuzuCnaFMj_7_dtRyc60.roa (raw, json)
Hash identifier:          ypcrwR6GPMPZeB1P3u9TYuxfw2nY9xlfxnebd5qCNNQ=
Subject key identifier:   FB:51:C7:B2:B3:9E:BB:3B:82:9D:A1:4C:8F:FE:FF:76:D4:72:73:AD
Certificate issuer:       /CN=2d6f1fd4ef454476d12410fdf61d4df8c3c7c21b
Certificate serial:       018CC50143A47D2FB677187827D2939D3D5B
Authority key identifier: 2D:6F:1F:D4:EF:45:44:76:D1:24:10:FD:F6:1D:4D:F8:C3:C7:C2:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LW8f1O9FRHbRJBD99h1N-MPHwhs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/613b2a-8cae-47db-8df0-607cd7f22469/1/1-1HHsrOeuzuCnaFMj_7_dtRyc60.roa
Signing time:             Mon 01 Jan 2024 12:30:43 +0000
ROA not before:           Mon 01 Jan 2024 12:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62068
IP address blocks:        62.68.71.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/613b2a-8cae-47db-8df0-607cd7f22469/1/LW8f1O9FRHbRJBD99h1N-MPHwhs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/613b2a-8cae-47db-8df0-607cd7f22469/1/LW8f1O9FRHbRJBD99h1N-MPHwhs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LW8f1O9FRHbRJBD99h1N-MPHwhs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 16:11:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:43:a4:7d:2f:b6:77:18:78:27:d2:93:9d:3d:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d6f1fd4ef454476d12410fdf61d4df8c3c7c21b
        Validity
            Not Before: Jan  1 12:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fb51c7b2b39ebb3b829da14c8ffeff76d47273ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:3c:ac:ec:b7:4a:3d:21:8d:04:c6:57:51:67:
                    72:21:ef:f5:7f:4f:33:72:08:f5:88:a9:56:c9:d2:
                    b1:42:57:c3:73:8f:a5:e0:49:13:74:38:07:df:d6:
                    cc:ff:4d:45:66:f0:82:f4:91:5f:00:ec:a1:19:da:
                    22:39:38:5c:7a:eb:aa:90:81:ff:16:8c:31:5b:de:
                    b6:0d:62:c6:d6:38:f7:ce:4b:72:c1:2d:5e:ce:33:
                    ae:1f:44:9c:d7:58:f3:64:b0:e0:76:ba:6c:cf:64:
                    86:2e:62:70:97:82:6b:a2:4a:48:e6:f5:d3:55:00:
                    12:45:4b:cc:dc:14:e9:15:0b:fd:42:68:e2:1f:3f:
                    d7:3d:bb:29:29:8c:88:96:63:af:41:b1:c7:0d:1b:
                    5f:4c:b3:c1:7f:8a:65:b8:0b:95:6c:c0:85:cd:5b:
                    54:13:17:9d:74:13:73:9d:1d:99:31:14:c5:8b:7a:
                    38:7e:51:d3:bf:86:3a:36:34:31:17:db:41:a4:5a:
                    2c:63:76:85:e0:b5:e4:7d:f0:31:f2:88:f8:91:4f:
                    44:1e:f2:53:2b:a4:6b:75:1d:8e:64:5b:f0:f0:d6:
                    ec:cd:5c:4e:5e:6a:34:93:91:ea:ff:42:f8:16:65:
                    5a:2b:99:d1:58:19:8d:75:6b:b4:3d:a4:14:6a:e7:
                    79:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:51:C7:B2:B3:9E:BB:3B:82:9D:A1:4C:8F:FE:FF:76:D4:72:73:AD
            X509v3 Authority Key Identifier:
                keyid:2D:6F:1F:D4:EF:45:44:76:D1:24:10:FD:F6:1D:4D:F8:C3:C7:C2:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LW8f1O9FRHbRJBD99h1N-MPHwhs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/613b2a-8cae-47db-8df0-607cd7f22469/1/1-1HHsrOeuzuCnaFMj_7_dtRyc60.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/613b2a-8cae-47db-8df0-607cd7f22469/1/LW8f1O9FRHbRJBD99h1N-MPHwhs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.68.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:08:6b:a9:7d:66:df:dc:19:15:fb:26:4a:fd:4f:9d:d0:57:
         d0:d1:12:27:74:35:8a:8d:ca:df:5f:03:4e:0f:b9:b7:88:67:
         d0:13:ad:a7:71:2c:07:c5:69:7d:86:b3:df:83:25:81:89:1a:
         b6:39:05:33:b0:51:53:a4:89:09:d5:ea:f4:04:0f:fd:cc:42:
         1c:f4:b9:57:24:96:01:16:6b:d7:f8:53:93:65:0c:83:4d:c3:
         34:00:21:36:9b:d1:c0:11:c3:c1:34:e3:70:ed:5d:5c:8e:59:
         59:2a:07:91:b2:0a:b6:16:37:bb:04:f5:c6:54:77:51:ac:ff:
         35:62:a7:3c:02:92:68:10:de:8c:41:0a:bd:d9:09:11:fc:26:
         e2:7e:48:71:3c:83:2e:1d:9a:e1:fb:54:e6:e7:bc:d9:cd:1f:
         da:60:0b:de:66:02:6e:ca:77:f4:64:67:78:f4:d0:9b:ce:b5:
         74:5b:3c:95:33:3e:76:8e:03:f4:a8:91:ec:e8:bc:23:53:48:
         33:fb:8c:53:ed:26:a3:fc:ba:a5:bd:60:6e:47:3c:b0:29:b7:
         be:3b:72:1a:b9:40:d8:42:67:95:02:0a:cc:27:27:9c:c0:d2:
         b5:6f:b9:84:52:f0:36:05:9a:36:22:43:e4:bc:3a:45:13:69:
         03:ff:5f:f3
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzFAUOkfS+2dxh4J9KTnT1bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkNmYxZmQ0ZWY0NTQ0NzZkMTI0MTBmZGY2MWQ0ZGY4YzNj
N2MyMWIwHhcNMjQwMTAxMTIzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjUxYzdiMmIzOWViYjNiODI5ZGExNGM4ZmZlZmY3NmQ0NzI3M2FkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhzys7LdKPSGNBMZXUWdyIe/1f08z
cgj1iKlWydKxQlfDc4+l4EkTdDgH39bM/01FZvCC9JFfAOyhGdoiOThceuuqkIH/
FowxW962DWLG1jj3zktywS1ezjOuH0Sc11jzZLDgdrpsz2SGLmJwl4JrokpI5vXT
VQASRUvM3BTpFQv9QmjiHz/XPbspKYyIlmOvQbHHDRtfTLPBf4pluAuVbMCFzVtU
ExeddBNznR2ZMRTFi3o4flHTv4Y6NjQxF9tBpFosY3aF4LXkffAx8oj4kU9EHvJT
K6RrdR2OZFvw8NbszVxOXmo0k5Hq/0L4FmVaK5nRWBmNdWu0PaQUaud55QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPtRx7Kznrs7gp2hTI/+/3bUcnOtMB8GA1UdIwQY
MBaAFC1vH9TvRUR20SQQ/fYdTfjDx8IbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFc4ZjFPOUZSSGJSSkJEOTloMU4tTVBId2hzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC82MTNiMmEtOGNhZS00N2RiLThkZjAt
NjA3Y2Q3ZjIyNDY5LzEvMS0xSEhzck9ldXp1Q25hRk1qXzdfZHRSeWM2MC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMzgvNjEzYjJhLThjYWUtNDdkYi04ZGYwLTYwN2NkN2YyMjQ2
OS8xL0xXOGYxTzlGUkhiUkpCRDk5aDFOLU1QSHdocy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAD5ERzAN
BgkqhkiG9w0BAQsFAAOCAQEABghrqX1m39wZFfsmSv1PndBX0NESJ3Q1io3K318D
Tg+5t4hn0BOtp3EsB8VpfYaz34MlgYkatjkFM7BRU6SJCdXq9AQP/cxCHPS5VySW
ARZr1/hTk2UMg03DNAAhNpvRwBHDwTTjcO1dXI5ZWSoHkbIKthY3uwT1xlR3Uaz/
NWKnPAKSaBDejEEKvdkJEfwm4n5IcTyDLh2a4ftU5ue82c0f2mAL3mYCbsp39GRn
ePTQm861dFs8lTM+do4D9KiR7Oi8I1NIM/uMU+0mo/y6pb1gbkc8sCm3vjtyGrlA
2EJnlQIKzCcnnMDStW+5hFLwNgWaNiJD5Lw6RRNpA/9f8w==
-----END CERTIFICATE-----