Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/ed96c5-d633-402f-8e00-2b1d674595b7/1/th7jBurKookr0eec_93_QpkLqH0.roa
File:                     th7jBurKookr0eec_93_QpkLqH0.roa (raw, json)
Hash identifier:          gkhwJE8AC8mQUlwAq4zH8ZHds+pAv5w1YBkW6uNcOmI=
Subject key identifier:   B6:1E:E3:06:EA:CA:A2:89:2B:D1:E7:9C:FF:DD:FF:42:99:0B:A8:7D
Certificate issuer:       /CN=62af1d7f36b1865802535e49a7331e035ad01008
Certificate serial:       018CC4250B6A0BAB6505DC1A0895855F518E
Authority key identifier: 62:AF:1D:7F:36:B1:86:58:02:53:5E:49:A7:33:1E:03:5A:D0:10:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yq8dfzaxhlgCU15JpzMeA1rQEAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/ed96c5-d633-402f-8e00-2b1d674595b7/1/th7jBurKookr0eec_93_QpkLqH0.roa
Signing time:             Mon 01 Jan 2024 08:30:11 +0000
ROA not before:           Mon 01 Jan 2024 08:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47305
IP address blocks:        195.182.40.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/ed96c5-d633-402f-8e00-2b1d674595b7/1/Yq8dfzaxhlgCU15JpzMeA1rQEAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/ed96c5-d633-402f-8e00-2b1d674595b7/1/Yq8dfzaxhlgCU15JpzMeA1rQEAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yq8dfzaxhlgCU15JpzMeA1rQEAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:0b:6a:0b:ab:65:05:dc:1a:08:95:85:5f:51:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62af1d7f36b1865802535e49a7331e035ad01008
        Validity
            Not Before: Jan  1 08:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b61ee306eacaa2892bd1e79cffddff42990ba87d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:0e:a1:69:46:50:81:2f:b0:34:2a:f9:61:87:
                    6b:2a:f2:8d:44:a3:e2:bd:c1:cb:5a:c6:9f:f6:ad:
                    9f:06:70:d7:db:2f:f3:ac:9b:51:cd:e2:fe:f3:2e:
                    81:3b:9c:80:1b:02:56:e8:26:d9:56:92:05:de:ed:
                    d1:7c:fa:97:9d:15:3b:86:e1:f6:8e:89:c2:32:6a:
                    47:d5:67:3a:d6:e3:e6:a0:6e:c7:7a:ea:29:44:2e:
                    11:fd:26:a5:52:88:fb:da:37:1a:a1:e2:d9:aa:a6:
                    92:6e:13:bf:09:de:3e:44:bd:c0:f1:bb:9b:de:6b:
                    7c:a4:aa:d3:36:82:e3:f8:39:41:55:bd:45:07:29:
                    e0:4a:7d:b6:ad:f4:32:1f:8e:c8:6d:2e:99:0f:7c:
                    78:8e:c2:37:97:55:e8:80:fd:db:f4:91:3b:bd:3b:
                    4c:24:8e:78:fa:0a:5e:cb:e8:19:f4:f9:57:b2:0d:
                    1f:47:e2:ca:8f:c6:96:94:52:43:b3:83:ca:e0:32:
                    ad:d9:92:60:41:d0:4b:32:62:8d:d6:ee:29:9f:c1:
                    72:be:b9:cd:3f:aa:4d:c4:f2:29:c0:4a:35:d8:fe:
                    a1:ff:eb:af:2b:1a:8f:f9:f4:4d:10:e1:b0:0c:dd:
                    f7:37:85:aa:14:f0:4d:50:29:c7:ff:57:07:44:e8:
                    86:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:1E:E3:06:EA:CA:A2:89:2B:D1:E7:9C:FF:DD:FF:42:99:0B:A8:7D
            X509v3 Authority Key Identifier:
                keyid:62:AF:1D:7F:36:B1:86:58:02:53:5E:49:A7:33:1E:03:5A:D0:10:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yq8dfzaxhlgCU15JpzMeA1rQEAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/ed96c5-d633-402f-8e00-2b1d674595b7/1/th7jBurKookr0eec_93_QpkLqH0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/ed96c5-d633-402f-8e00-2b1d674595b7/1/Yq8dfzaxhlgCU15JpzMeA1rQEAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.182.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:be:4a:2d:f8:f0:5b:5a:84:68:d1:69:e5:27:d1:83:26:76:
         a4:78:3a:22:ef:18:59:68:eb:60:5f:43:99:2a:0c:cc:09:ea:
         b1:42:df:2f:f4:04:27:9f:87:3e:66:ef:93:ec:97:65:07:f3:
         f2:36:15:7b:21:f2:5c:c5:24:c4:e6:95:2d:7a:18:07:e1:05:
         63:58:a8:38:c2:06:b7:0d:db:24:a4:ce:11:f1:bd:78:6b:46:
         01:fe:27:1f:75:c7:66:98:b8:d6:80:f3:79:4c:33:d8:44:ab:
         7e:d0:b6:b3:83:bc:78:28:69:ad:46:db:5b:cd:d0:c8:ca:de:
         c2:40:74:23:19:71:a2:bf:f7:c5:a6:15:6a:b6:71:bc:6e:f5:
         40:a0:da:dc:f5:15:c0:f4:e5:eb:20:ec:39:fc:1f:2a:f4:25:
         1c:89:e4:5d:90:c2:45:13:77:89:a0:6c:1f:7f:58:92:0a:0c:
         5a:12:90:af:62:eb:ce:56:1b:fa:c2:08:a8:30:13:54:69:90:
         bc:bc:97:40:29:9f:92:6b:d2:f1:6f:7a:f0:77:4c:7a:d2:8f:
         87:31:07:78:b6:5f:1c:85:0a:a3:8f:8e:85:c3:dd:8f:c0:90:
         3a:45:ce:a1:d7:54:a5:e5:af:9e:86:40:1d:0d:9c:bd:d8:16:
         cf:17:b2:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJQtqC6tlBdwaCJWFX1GOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyYWYxZDdmMzZiMTg2NTgwMjUzNWU0OWE3MzMxZTAzNWFk
MDEwMDgwHhcNMjQwMTAxMDgzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjFlZTMwNmVhY2FhMjg5MmJkMWU3OWNmZmRkZmY0Mjk5MGJhODdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1g6haUZQgS+wNCr5YYdrKvKNRKPi
vcHLWsaf9q2fBnDX2y/zrJtRzeL+8y6BO5yAGwJW6CbZVpIF3u3RfPqXnRU7huH2
jonCMmpH1Wc61uPmoG7HeuopRC4R/SalUoj72jcaoeLZqqaSbhO/Cd4+RL3A8bub
3mt8pKrTNoLj+DlBVb1FByngSn22rfQyH47IbS6ZD3x4jsI3l1XogP3b9JE7vTtM
JI54+gpey+gZ9PlXsg0fR+LKj8aWlFJDs4PK4DKt2ZJgQdBLMmKN1u4pn8FyvrnN
P6pNxPIpwEo12P6h/+uvKxqP+fRNEOGwDN33N4WqFPBNUCnH/1cHROiGCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLYe4wbqyqKJK9HnnP/d/0KZC6h9MB8GA1UdIwQY
MBaAFGKvHX82sYZYAlNeSaczHgNa0BAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXE4ZGZ6YXhobGdDVTE1SnB6TWVBMXJRRUFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy9lZDk2YzUtZDYzMy00MDJmLThlMDAt
MmIxZDY3NDU5NWI3LzEvdGg3akJ1cktvb2tyMGVlY185M19RcGtMcUgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy9lZDk2YzUtZDYzMy00MDJmLThlMDAtMmIxZDY3NDU5NWI3
LzEvWXE4ZGZ6YXhobGdDVTE1SnB6TWVBMXJRRUFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7YoMA0G
CSqGSIb3DQEBCwUAA4IBAQAkvkot+PBbWoRo0WnlJ9GDJnakeDoi7xhZaOtgX0OZ
KgzMCeqxQt8v9AQnn4c+Zu+T7JdlB/PyNhV7IfJcxSTE5pUtehgH4QVjWKg4wga3
DdskpM4R8b14a0YB/icfdcdmmLjWgPN5TDPYRKt+0Lazg7x4KGmtRttbzdDIyt7C
QHQjGXGiv/fFphVqtnG8bvVAoNrc9RXA9OXrIOw5/B8q9CUcieRdkMJFE3eJoGwf
f1iSCgxaEpCvYuvOVhv6wgioMBNUaZC8vJdAKZ+Sa9Lxb3rwd0x60o+HMQd4tl8c
hQqjj46Fw92PwJA6Rc6h11Sl5a+ehkAdDZy92BbPF7I6
-----END CERTIFICATE-----