Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/f4LnTDkkCsISE3hbkhAWVsFcsbM.roa
File:                     f4LnTDkkCsISE3hbkhAWVsFcsbM.roa (raw, json)
Hash identifier:          2isKhp0DeEqoOa/JMwLM+H7q6yvFrj7uy9YZsWVHm/A=
Subject key identifier:   7F:82:E7:4C:39:24:0A:C2:12:13:78:5B:92:10:16:56:C1:5C:B1:B3
Certificate issuer:       /CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
Certificate serial:       018F71EC0B674D2BB139BAEC445207402A38
Authority key identifier: 12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/f4LnTDkkCsISE3hbkhAWVsFcsbM.roa
Signing time:             Mon 13 May 2024 12:27:25 +0000
ROA not before:           Mon 13 May 2024 12:27:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44620
IP address blocks:        62.169.153.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:71:ec:0b:67:4d:2b:b1:39:ba:ec:44:52:07:40:2a:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
        Validity
            Not Before: May 13 12:27:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7f82e74c39240ac21213785b92101656c15cb1b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:38:5c:70:63:f0:21:a1:31:0f:e7:a3:ee:d7:
                    48:fd:29:8d:2a:79:72:7b:98:f6:d1:ea:5b:e5:6b:
                    1e:2d:0a:71:ec:e6:2c:cd:f1:81:ed:4f:24:8b:31:
                    25:51:c6:f3:3b:fb:9d:05:32:72:48:12:b5:a2:c5:
                    13:67:c5:e9:45:e7:e0:18:ca:25:47:d0:d7:60:da:
                    90:f3:95:59:64:44:71:48:73:26:9e:e1:92:3a:8e:
                    84:99:90:ba:94:31:ee:42:c5:3f:52:21:91:28:ca:
                    0f:1c:6a:94:59:3d:2b:89:77:b1:34:cf:36:89:04:
                    4e:c3:8e:3d:81:0f:37:4f:0a:67:12:f3:12:93:fb:
                    72:19:1f:44:66:ec:b6:14:7d:ad:1c:c7:52:9f:02:
                    ee:15:83:d9:98:47:d8:ea:4e:8c:42:20:4c:f6:4f:
                    94:b4:3f:0c:4e:79:00:90:31:f9:a5:ed:a6:5e:40:
                    52:74:cf:53:a0:0d:bd:b4:9a:71:24:85:3d:f2:33:
                    09:df:27:f5:8b:80:3e:78:f0:a6:d6:37:91:9c:51:
                    80:f9:c4:a3:ed:2a:d7:55:d5:e7:5c:e3:5f:c2:1f:
                    09:93:58:1d:4b:65:ce:e9:2b:e2:83:f7:08:ab:27:
                    86:9a:30:bd:9f:73:dd:5b:ff:af:ca:9f:ee:84:cc:
                    7a:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:82:E7:4C:39:24:0A:C2:12:13:78:5B:92:10:16:56:C1:5C:B1:B3
            X509v3 Authority Key Identifier:
                keyid:12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/f4LnTDkkCsISE3hbkhAWVsFcsbM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.169.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:00:6e:2e:b7:4f:ec:dc:4f:f9:d5:ce:ae:65:34:3b:59:46:
         47:ee:03:fb:84:27:32:c0:c6:11:42:9b:67:aa:c2:f6:09:71:
         1f:38:09:8f:00:64:ac:32:be:64:50:dd:6f:6a:01:6d:e5:89:
         b8:61:23:d4:a6:03:23:a5:73:84:55:5b:00:9d:ba:81:5c:1b:
         d7:48:1f:da:7c:05:fe:02:10:c9:bd:15:2f:bd:4a:67:97:13:
         1a:f4:5d:01:d2:97:74:a7:f6:d8:d8:f6:48:d6:6e:b3:7a:ee:
         d3:79:34:67:79:02:c2:fd:9c:ec:61:d7:1a:25:f5:e7:93:94:
         9f:c4:a2:15:5a:4c:ae:44:63:f0:50:29:82:58:6c:66:c8:9e:
         6d:47:52:56:88:a1:8d:9b:50:03:2a:86:5a:18:9b:4b:5b:53:
         21:39:6d:f1:ec:1c:52:b6:5f:4a:a2:df:74:b6:39:b4:b5:49:
         56:27:43:1d:92:06:06:10:41:82:d2:85:26:8e:c7:95:f4:f1:
         44:85:32:a6:79:b7:ef:34:24:bf:5e:20:7f:f2:9a:ac:7d:90:
         72:05:59:09:75:80:cb:e0:4c:df:6c:ea:30:e5:f8:7c:cb:09:
         68:8b:ff:1c:27:40:10:2d:4c:ba:84:26:64:93:5e:ec:46:2c:
         90:ee:b9:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9x7AtnTSuxObrsRFIHQCo4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyYmUyOWM5NTY4OTRjNDljNmQ0YmUwZWQ5ODg4MmI5MGQx
YmM3N2YwHhcNMjQwNTEzMTIyNzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjgyZTc0YzM5MjQwYWMyMTIxMzc4NWI5MjEwMTY1NmMxNWNiMWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjhccGPwIaExD+ej7tdI/SmNKnly
e5j20epb5WseLQpx7OYszfGB7U8kizElUcbzO/udBTJySBK1osUTZ8XpRefgGMol
R9DXYNqQ85VZZERxSHMmnuGSOo6EmZC6lDHuQsU/UiGRKMoPHGqUWT0riXexNM82
iQROw449gQ83TwpnEvMSk/tyGR9EZuy2FH2tHMdSnwLuFYPZmEfY6k6MQiBM9k+U
tD8MTnkAkDH5pe2mXkBSdM9ToA29tJpxJIU98jMJ3yf1i4A+ePCm1jeRnFGA+cSj
7SrXVdXnXONfwh8Jk1gdS2XO6Svig/cIqyeGmjC9n3PdW/+vyp/uhMx6OwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH+C50w5JArCEhN4W5IQFlbBXLGzMB8GA1UdIwQY
MBaAFBK+KclWiUxJxtS+DtmIgrkNG8d/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjIt
YWE2ZWQ0ZGFmYjNiLzEvZjRMblREa2tDc0lTRTNoYmtoQVdWc0Zjc2JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjItYWE2ZWQ0ZGFmYjNi
LzEvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPqmZMA0G
CSqGSIb3DQEBCwUAA4IBAQASAG4ut0/s3E/51c6uZTQ7WUZH7gP7hCcywMYRQptn
qsL2CXEfOAmPAGSsMr5kUN1vagFt5Ym4YSPUpgMjpXOEVVsAnbqBXBvXSB/afAX+
AhDJvRUvvUpnlxMa9F0B0pd0p/bY2PZI1m6zeu7TeTRneQLC/ZzsYdcaJfXnk5Sf
xKIVWkyuRGPwUCmCWGxmyJ5tR1JWiKGNm1ADKoZaGJtLW1MhOW3x7BxStl9Kot90
tjm0tUlWJ0MdkgYGEEGC0oUmjseV9PFEhTKmebfvNCS/XiB/8pqsfZByBVkJdYDL
4EzfbOow5fh8ywloi/8cJ0AQLUy6hCZkk17sRiyQ7rkC
-----END CERTIFICATE-----