Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/421e40-edf6-47aa-9abe-1b0f254de619/1/Vx4NeZDVwvJ3KnTB2hlf-GuW5_g.roa
File:                     Vx4NeZDVwvJ3KnTB2hlf-GuW5_g.roa (raw, json)
Hash identifier:          kqwbvBBNbD9hXiMMKrIMiRvVTz0jKSzbdobiKGVxld0=
Subject key identifier:   57:1E:0D:79:90:D5:C2:F2:77:2A:74:C1:DA:19:5F:F8:6B:96:E7:F8
Certificate issuer:       /CN=ccf9a6d2f6cd588a77f423622e6b8d1c654bcdf2
Certificate serial:       018CCA2AEB9A76344BCA41439309E7108BC8
Authority key identifier: CC:F9:A6:D2:F6:CD:58:8A:77:F4:23:62:2E:6B:8D:1C:65:4B:CD:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zPmm0vbNWIp39CNiLmuNHGVLzfI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/421e40-edf6-47aa-9abe-1b0f254de619/1/Vx4NeZDVwvJ3KnTB2hlf-GuW5_g.roa
Signing time:             Tue 02 Jan 2024 12:34:19 +0000
ROA not before:           Tue 02 Jan 2024 12:34:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5588
IP address blocks:        62.201.16.0/20 maxlen: 20
                          2a06:8080::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/421e40-edf6-47aa-9abe-1b0f254de619/1/zPmm0vbNWIp39CNiLmuNHGVLzfI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/421e40-edf6-47aa-9abe-1b0f254de619/1/zPmm0vbNWIp39CNiLmuNHGVLzfI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zPmm0vbNWIp39CNiLmuNHGVLzfI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:eb:9a:76:34:4b:ca:41:43:93:09:e7:10:8b:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccf9a6d2f6cd588a77f423622e6b8d1c654bcdf2
        Validity
            Not Before: Jan  2 12:34:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=571e0d7990d5c2f2772a74c1da195ff86b96e7f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:e1:40:95:52:b7:29:c9:26:d6:db:8a:8d:80:
                    fe:cd:29:47:ca:53:46:82:82:f7:30:eb:de:fa:4c:
                    46:a8:8f:2d:de:df:1e:a1:c3:da:d3:d4:e4:f4:1d:
                    bc:1b:41:bc:cc:f5:62:01:f4:84:09:00:89:19:0d:
                    83:2c:df:95:ab:9a:fd:e7:8e:cd:bc:83:9b:1a:e4:
                    d5:93:51:0f:77:50:ff:40:58:89:8e:0a:64:1e:94:
                    8e:06:e1:aa:8e:51:69:8b:14:83:79:64:2d:44:ca:
                    e2:80:1b:56:0e:4a:41:02:4d:8f:9b:1c:e1:01:23:
                    1c:3b:b3:1b:78:3c:8c:ec:1b:63:f5:53:58:ef:cb:
                    8b:19:1f:b7:48:2e:73:f2:96:19:9f:2c:53:a2:32:
                    68:c7:d7:ab:d4:f3:9c:7d:06:ed:18:64:ca:ab:4c:
                    f2:a7:f6:45:6f:dc:28:66:10:f7:f1:9a:85:13:22:
                    6d:a7:fd:de:03:fd:f9:4f:f3:1b:42:0f:88:d5:87:
                    19:2e:79:c6:46:4c:0e:d1:73:3e:46:e3:c3:16:ad:
                    5f:23:87:78:13:5b:47:e3:39:4e:1b:bb:61:f2:3c:
                    e2:79:56:b9:f4:ce:04:d0:62:d3:0a:a0:5c:dd:05:
                    b3:39:f3:65:5f:b0:05:56:c0:f4:29:4f:02:24:86:
                    74:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:1E:0D:79:90:D5:C2:F2:77:2A:74:C1:DA:19:5F:F8:6B:96:E7:F8
            X509v3 Authority Key Identifier:
                keyid:CC:F9:A6:D2:F6:CD:58:8A:77:F4:23:62:2E:6B:8D:1C:65:4B:CD:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zPmm0vbNWIp39CNiLmuNHGVLzfI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/421e40-edf6-47aa-9abe-1b0f254de619/1/Vx4NeZDVwvJ3KnTB2hlf-GuW5_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/421e40-edf6-47aa-9abe-1b0f254de619/1/zPmm0vbNWIp39CNiLmuNHGVLzfI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.201.16.0/20
                IPv6:
                  2a06:8080::/29

    Signature Algorithm: sha256WithRSAEncryption
         2a:e8:26:f7:dd:8c:35:54:31:dc:b4:a2:db:67:aa:da:2b:db:
         60:ef:81:73:72:d2:78:85:92:4f:06:1f:7e:c8:79:8a:d0:47:
         44:f4:b3:f4:88:74:03:ba:48:2a:32:6e:20:97:fb:6f:0f:0f:
         a9:9c:b0:7d:f0:a9:fe:e6:ff:d4:bc:a0:dd:a3:c8:c5:64:f2:
         3c:35:5a:cd:f2:c2:97:07:bc:ee:04:d9:99:43:11:eb:3a:3a:
         2f:c3:f4:3e:e3:f9:6c:cd:f4:7c:9e:0a:a0:1d:97:8a:88:e7:
         60:55:38:14:5c:c9:79:f5:44:c4:a4:1e:b9:76:3b:3a:dc:01:
         b0:6c:72:05:2d:99:81:30:80:6d:a2:b7:0c:05:18:83:ef:11:
         03:8c:94:4d:bf:79:4c:ce:b2:c8:7e:e2:a4:7b:1b:d9:c3:05:
         84:e1:06:41:da:9b:a2:90:55:82:18:75:b2:33:23:ab:66:f3:
         d8:f7:70:d5:55:4b:bd:18:59:42:3e:92:c9:6f:91:be:c8:cd:
         c5:93:2a:ab:55:4d:ca:41:76:04:bd:03:58:7c:28:f2:0f:8a:
         81:6d:70:e8:19:c0:6e:b8:5d:97:2f:5d:bb:0c:5c:6b:a0:83:
         e6:8b:49:38:13:61:4f:48:bb:ab:0e:cc:25:a0:5c:94:fa:fd:
         12:d8:39:ef
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKKuuadjRLykFDkwnnEIvIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZjlhNmQyZjZjZDU4OGE3N2Y0MjM2MjJlNmI4ZDFjNjU0
YmNkZjIwHhcNMjQwMTAyMTIzNDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzFlMGQ3OTkwZDVjMmYyNzcyYTc0YzFkYTE5NWZmODZiOTZlN2Y4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApuFAlVK3Kckm1tuKjYD+zSlHylNG
goL3MOve+kxGqI8t3t8eocPa09Tk9B28G0G8zPViAfSECQCJGQ2DLN+Vq5r9547N
vIObGuTVk1EPd1D/QFiJjgpkHpSOBuGqjlFpixSDeWQtRMrigBtWDkpBAk2Pmxzh
ASMcO7MbeDyM7Btj9VNY78uLGR+3SC5z8pYZnyxTojJox9er1POcfQbtGGTKq0zy
p/ZFb9woZhD38ZqFEyJtp/3eA/35T/MbQg+I1YcZLnnGRkwO0XM+RuPDFq1fI4d4
E1tH4zlOG7th8jzieVa59M4E0GLTCqBc3QWzOfNlX7AFVsD0KU8CJIZ0owIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFceDXmQ1cLydyp0wdoZX/hrluf4MB8GA1UdIwQY
MBaAFMz5ptL2zViKd/QjYi5rjRxlS83yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelBtbTB2Yk5XSXAzOUNOaUxtdU5IR1ZMemZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS80MjFlNDAtZWRmNi00N2FhLTlhYmUt
MWIwZjI1NGRlNjE5LzEvVng0TmVaRFZ3dkozS25UQjJobGYtR3VXNV9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS80MjFlNDAtZWRmNi00N2FhLTlhYmUtMWIwZjI1NGRlNjE5
LzEvelBtbTB2Yk5XSXAzOUNOaUxtdU5IR1ZMemZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQEPskQMA0E
AgACMAcDBQMqBoCAMA0GCSqGSIb3DQEBCwUAA4IBAQAq6Cb33Yw1VDHctKLbZ6ra
K9tg74FzctJ4hZJPBh9+yHmK0EdE9LP0iHQDukgqMm4gl/tvDw+pnLB98Kn+5v/U
vKDdo8jFZPI8NVrN8sKXB7zuBNmZQxHrOjovw/Q+4/lszfR8ngqgHZeKiOdgVTgU
XMl59UTEpB65djs63AGwbHIFLZmBMIBtorcMBRiD7xEDjJRNv3lMzrLIfuKkexvZ
wwWE4QZB2puikFWCGHWyMyOrZvPY93DVVUu9GFlCPpLJb5G+yM3FkyqrVU3KQXYE
vQNYfCjyD4qBbXDoGcBuuF2XL127DFxroIPmi0k4E2FPSLurDswloFyU+v0S2Dnv
-----END CERTIFICATE-----