Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/c2c271-171a-4190-bfd5-47220d318b4c/1/1-qJJzP1NUvwF8Zc0vjFqhXpsThU.roa
File:                     1-qJJzP1NUvwF8Zc0vjFqhXpsThU.roa (raw, json)
Hash identifier:          xEc4CEyeKwttqiyzjiBZESVguH8yPHEXmNmB0uNJ9J0=
Subject key identifier:   FA:A2:49:CC:FD:4D:52:FC:05:F1:97:34:BE:31:6A:85:7A:6C:4E:15
Certificate issuer:       /CN=0b61d0a1d7953cf3b8608adc1020b26a1b6d6ae7
Certificate serial:       018CC64ACE9E9C333C07F194490B09CE6DAF
Authority key identifier: 0B:61:D0:A1:D7:95:3C:F3:B8:60:8A:DC:10:20:B2:6A:1B:6D:6A:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C2HQodeVPPO4YIrcECCyahttauc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/c2c271-171a-4190-bfd5-47220d318b4c/1/1-qJJzP1NUvwF8Zc0vjFqhXpsThU.roa
Signing time:             Mon 01 Jan 2024 18:30:40 +0000
ROA not before:           Mon 01 Jan 2024 18:30:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60631
IP address blocks:        194.62.43.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/c2c271-171a-4190-bfd5-47220d318b4c/1/C2HQodeVPPO4YIrcECCyahttauc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/c2c271-171a-4190-bfd5-47220d318b4c/1/C2HQodeVPPO4YIrcECCyahttauc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C2HQodeVPPO4YIrcECCyahttauc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:ce:9e:9c:33:3c:07:f1:94:49:0b:09:ce:6d:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b61d0a1d7953cf3b8608adc1020b26a1b6d6ae7
        Validity
            Not Before: Jan  1 18:30:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=faa249ccfd4d52fc05f19734be316a857a6c4e15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:17:e0:41:f7:d8:40:61:95:7b:43:18:8e:65:
                    a3:f6:46:67:a9:15:28:a2:12:a8:d3:11:16:6c:d3:
                    58:c5:82:19:42:70:50:7f:26:12:5e:b2:de:d9:ef:
                    79:4b:88:d3:0b:01:9d:9c:2f:3b:ac:13:fb:ee:b9:
                    e8:21:ae:52:2a:40:40:5a:ea:dc:09:7f:01:0d:75:
                    3a:10:ec:85:60:41:ca:82:91:32:e9:c0:b1:a9:0e:
                    bb:c2:22:07:09:e1:d5:ea:63:9a:3b:42:1c:f7:12:
                    2f:ac:06:30:bf:6e:47:10:e4:06:c6:0c:43:57:28:
                    44:34:de:53:05:dd:05:c4:f6:27:c4:f1:b3:31:aa:
                    94:dd:4c:33:b4:5d:0a:c0:c6:12:1c:3e:d3:b9:68:
                    0a:44:96:38:05:65:9c:35:37:5c:99:5f:37:a0:bc:
                    3e:32:f8:6a:18:37:aa:f2:a6:67:af:2e:f8:1e:1c:
                    2d:ef:eb:59:c1:b0:bb:14:f9:35:16:23:9c:c9:76:
                    5f:4a:53:24:66:df:77:84:66:a3:b3:f7:1a:77:49:
                    d8:47:b6:3c:f8:52:fe:75:59:fd:b0:a8:42:8b:6e:
                    b0:6e:f9:5c:87:6f:b6:8d:8d:f7:a0:25:a2:36:39:
                    78:3e:87:77:44:02:20:8f:7a:23:67:f3:b5:74:72:
                    c0:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:A2:49:CC:FD:4D:52:FC:05:F1:97:34:BE:31:6A:85:7A:6C:4E:15
            X509v3 Authority Key Identifier:
                keyid:0B:61:D0:A1:D7:95:3C:F3:B8:60:8A:DC:10:20:B2:6A:1B:6D:6A:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C2HQodeVPPO4YIrcECCyahttauc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/c2c271-171a-4190-bfd5-47220d318b4c/1/1-qJJzP1NUvwF8Zc0vjFqhXpsThU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/c2c271-171a-4190-bfd5-47220d318b4c/1/C2HQodeVPPO4YIrcECCyahttauc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.62.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:e8:b9:01:df:5c:78:53:9d:05:4f:65:f1:d2:71:ae:f2:d4:
         58:5e:a3:a0:90:0c:38:6a:6e:fd:64:6f:72:a3:23:d0:b0:c6:
         c7:0d:de:5d:c2:3b:41:1e:aa:6d:f9:df:f4:f5:68:1a:30:de:
         94:13:5a:40:5e:d2:5d:e0:c2:59:31:23:83:ad:78:7d:97:52:
         c8:e4:24:9a:56:85:d2:4b:97:8d:2b:dc:fd:e8:85:73:03:93:
         0c:aa:68:1f:8e:43:dd:8d:0c:8a:90:f2:73:b4:e0:7c:35:49:
         09:2e:53:9e:51:41:67:a5:d6:50:1c:f5:78:98:38:b8:23:53:
         a9:5f:73:cb:55:c4:40:4d:7a:05:3a:b2:db:d2:74:6c:ae:3a:
         37:83:0a:48:b7:6e:e0:b4:06:88:e6:2e:cb:6f:46:5d:ee:4e:
         15:b2:99:36:7e:a7:fa:9e:3c:b7:ee:14:ac:fd:c7:93:95:d5:
         8a:ec:f1:22:44:4f:74:18:9a:d0:fe:28:f7:0c:4d:7a:93:ed:
         a6:1a:cd:d3:b2:b5:57:62:c0:ac:ba:1c:c9:d4:f8:4f:90:01:
         9d:8a:00:36:69:22:82:c6:8b:9a:3d:49:a6:ef:1f:d5:d1:ef:
         7b:6c:48:1a:57:5c:f6:a0:3c:70:b9:33:11:c0:a3:c5:c0:be:
         0f:e7:90:e4
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzGSs6enDM8B/GUSQsJzm2vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNjFkMGExZDc5NTNjZjNiODYwOGFkYzEwMjBiMjZhMWI2
ZDZhZTcwHhcNMjQwMTAxMTgzMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWEyNDljY2ZkNGQ1MmZjMDVmMTk3MzRiZTMxNmE4NTdhNmM0ZTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3xfgQffYQGGVe0MYjmWj9kZnqRUo
ohKo0xEWbNNYxYIZQnBQfyYSXrLe2e95S4jTCwGdnC87rBP77rnoIa5SKkBAWurc
CX8BDXU6EOyFYEHKgpEy6cCxqQ67wiIHCeHV6mOaO0Ic9xIvrAYwv25HEOQGxgxD
VyhENN5TBd0FxPYnxPGzMaqU3UwztF0KwMYSHD7TuWgKRJY4BWWcNTdcmV83oLw+
MvhqGDeq8qZnry74Hhwt7+tZwbC7FPk1FiOcyXZfSlMkZt93hGajs/cad0nYR7Y8
+FL+dVn9sKhCi26wbvlch2+2jY33oCWiNjl4Pod3RAIgj3ojZ/O1dHLAzQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPqiScz9TVL8BfGXNL4xaoV6bE4VMB8GA1UdIwQY
MBaAFAth0KHXlTzzuGCK3BAgsmobbWrnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzJIUW9kZVZQUE80WUlyY0VDQ3lhaHR0YXVjLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9jMmMyNzEtMTcxYS00MTkwLWJmZDUt
NDcyMjBkMzE4YjRjLzEvMS1xSkp6UDFOVXZ3RjhaYzB2akZxaFhwc1RoVS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvM2MvYzJjMjcxLTE3MWEtNDE5MC1iZmQ1LTQ3MjIwZDMxOGI0
Yy8xL0MySFFvZGVWUFBPNFlJcmNFQ0N5YWh0dGF1Yy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMI+KzAN
BgkqhkiG9w0BAQsFAAOCAQEAIui5Ad9ceFOdBU9l8dJxrvLUWF6joJAMOGpu/WRv
cqMj0LDGxw3eXcI7QR6qbfnf9PVoGjDelBNaQF7SXeDCWTEjg614fZdSyOQkmlaF
0kuXjSvc/eiFcwOTDKpoH45D3Y0MipDyc7TgfDVJCS5TnlFBZ6XWUBz1eJg4uCNT
qV9zy1XEQE16BTqy29J0bK46N4MKSLdu4LQGiOYuy29GXe5OFbKZNn6n+p48t+4U
rP3Hk5XViuzxIkRPdBia0P4o9wxNepPtphrN07K1V2LArLocydT4T5ABnYoANmki
gsaLmj1Jpu8f1dHve2xIGldc9qA8cLkzEcCjxcC+D+eQ5A==
-----END CERTIFICATE-----