Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/943d5d-560c-4314-af82-8b8a01bd7414/1/K5LuPk3TGwfDY8S3RK32I2Bnwro.roa
File:                     K5LuPk3TGwfDY8S3RK32I2Bnwro.roa (raw, json)
Hash identifier:          o5S0EkZpQimK1ckOh5Gf1Y9s2M65jB//O1qBGCWQHqs=
Subject key identifier:   2B:92:EE:3E:4D:D3:1B:07:C3:63:C4:B7:44:AD:F6:23:60:67:C2:BA
Certificate issuer:       /CN=1fc4927ab194ae1237fde2d3bef69038893f0dc5
Certificate serial:       018CC2DACF102663AC374288E733478E6D18
Authority key identifier: 1F:C4:92:7A:B1:94:AE:12:37:FD:E2:D3:BE:F6:90:38:89:3F:0D:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H8SSerGUrhI3_eLTvvaQOIk_DcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/943d5d-560c-4314-af82-8b8a01bd7414/1/K5LuPk3TGwfDY8S3RK32I2Bnwro.roa
Signing time:             Mon 01 Jan 2024 02:29:28 +0000
ROA not before:           Mon 01 Jan 2024 02:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49289
IP address blocks:        62.100.74.0/24 maxlen: 24
                          62.100.75.0/24 maxlen: 24
                          62.100.81.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/943d5d-560c-4314-af82-8b8a01bd7414/1/H8SSerGUrhI3_eLTvvaQOIk_DcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/943d5d-560c-4314-af82-8b8a01bd7414/1/H8SSerGUrhI3_eLTvvaQOIk_DcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H8SSerGUrhI3_eLTvvaQOIk_DcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:cf:10:26:63:ac:37:42:88:e7:33:47:8e:6d:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1fc4927ab194ae1237fde2d3bef69038893f0dc5
        Validity
            Not Before: Jan  1 02:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2b92ee3e4dd31b07c363c4b744adf6236067c2ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:08:cf:9f:78:31:43:48:8a:ef:2d:b9:49:2b:
                    e6:fe:c2:26:cb:54:ae:52:14:dd:eb:3c:ea:46:81:
                    eb:be:e2:49:89:61:c5:fe:74:f2:aa:7e:d9:b7:03:
                    bb:3a:32:86:c2:32:27:4c:39:c6:a3:29:16:92:fc:
                    44:80:cc:25:13:94:4e:e9:aa:e2:1a:8c:be:27:09:
                    04:fa:50:e3:79:92:fa:84:61:4a:da:aa:89:76:63:
                    c9:bf:ce:fc:a2:9d:48:7f:c6:7e:f1:b2:1b:56:e8:
                    71:57:4c:2d:82:37:c5:96:c1:48:88:c4:3f:81:7e:
                    7e:85:48:8a:8c:b0:39:ee:19:89:5c:1c:11:f0:1c:
                    e9:a5:da:c2:e9:e6:dd:b8:9d:80:cc:8a:2c:0c:a2:
                    37:77:45:fa:13:1e:e1:d4:4f:16:91:dd:fc:f6:52:
                    ea:f6:78:96:d5:1f:e5:c0:eb:ea:75:a9:c8:b5:13:
                    93:0d:9c:c8:63:0d:a4:09:0b:15:cb:1c:9c:17:74:
                    d4:c2:5e:6f:74:63:f5:42:74:19:f0:8b:a0:41:f2:
                    c1:52:db:22:e1:ab:50:a9:d6:cb:c3:0a:43:32:3c:
                    96:72:97:ba:c9:75:bb:9d:30:e7:23:bf:b9:7b:50:
                    bd:30:9b:8c:49:11:43:81:ce:0b:0f:fe:c2:c1:98:
                    55:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:92:EE:3E:4D:D3:1B:07:C3:63:C4:B7:44:AD:F6:23:60:67:C2:BA
            X509v3 Authority Key Identifier:
                keyid:1F:C4:92:7A:B1:94:AE:12:37:FD:E2:D3:BE:F6:90:38:89:3F:0D:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H8SSerGUrhI3_eLTvvaQOIk_DcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/943d5d-560c-4314-af82-8b8a01bd7414/1/K5LuPk3TGwfDY8S3RK32I2Bnwro.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/943d5d-560c-4314-af82-8b8a01bd7414/1/H8SSerGUrhI3_eLTvvaQOIk_DcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.100.74.0/23
                  62.100.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:05:76:5d:92:2a:22:f1:37:69:05:eb:53:63:5f:9c:a1:6b:
         34:d2:65:58:2d:d6:2d:76:6b:bf:45:1f:d0:8b:84:ac:ed:72:
         f0:9c:f9:fa:dc:13:c8:3f:90:a7:14:98:fa:e3:7b:a4:de:73:
         14:1e:e5:88:c2:5b:f7:77:e6:0b:1f:51:02:0c:00:71:23:ca:
         aa:4e:ae:9f:2e:69:fc:7a:f0:29:bc:ed:5c:11:59:c3:0a:98:
         33:c0:ab:20:05:eb:6e:69:28:c6:5a:4a:4c:f7:f1:30:32:db:
         38:e4:62:f6:d5:0c:4f:5b:ce:2a:48:92:dc:10:60:0a:5f:36:
         1a:14:e7:8d:83:b6:b4:aa:b3:f9:10:08:ba:00:a6:58:04:68:
         99:be:34:4c:bc:60:27:c5:2e:03:41:28:e2:4f:4c:e6:44:b5:
         84:2e:4d:3d:fd:82:93:5f:f2:0a:5a:61:77:e7:93:63:93:fd:
         03:24:a6:03:4e:91:78:ce:43:e3:bb:8d:8e:9e:10:7e:91:7b:
         05:e4:c7:18:6d:a3:d3:33:51:a8:5d:2b:23:0d:4e:7a:46:58:
         ba:e1:84:0a:20:ad:cf:fc:47:61:bc:9b:03:b6:1b:f2:a9:b1:
         f5:37:bd:e7:54:c3:e0:a2:32:af:bc:cf:0d:d3:f7:09:e1:48:
         bc:a1:89:3d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2s8QJmOsN0KI5zNHjm0YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmYzQ5MjdhYjE5NGFlMTIzN2ZkZTJkM2JlZjY5MDM4ODkz
ZjBkYzUwHhcNMjQwMTAxMDIyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjkyZWUzZTRkZDMxYjA3YzM2M2M0Yjc0NGFkZjYyMzYwNjdjMmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuAjPn3gxQ0iK7y25SSvm/sImy1Su
UhTd6zzqRoHrvuJJiWHF/nTyqn7ZtwO7OjKGwjInTDnGoykWkvxEgMwlE5RO6ari
Goy+JwkE+lDjeZL6hGFK2qqJdmPJv878op1If8Z+8bIbVuhxV0wtgjfFlsFIiMQ/
gX5+hUiKjLA57hmJXBwR8BzppdrC6ebduJ2AzIosDKI3d0X6Ex7h1E8Wkd389lLq
9niW1R/lwOvqdanItROTDZzIYw2kCQsVyxycF3TUwl5vdGP1QnQZ8IugQfLBUtsi
4atQqdbLwwpDMjyWcpe6yXW7nTDnI7+5e1C9MJuMSRFDgc4LD/7CwZhVKQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCuS7j5N0xsHw2PEt0St9iNgZ8K6MB8GA1UdIwQY
MBaAFB/EknqxlK4SN/3i0772kDiJPw3FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDhTU2VyR1VyaEkzX2VMVHZ2YVFPSWtfRGNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS85NDNkNWQtNTYwYy00MzE0LWFmODIt
OGI4YTAxYmQ3NDE0LzEvSzVMdVBrM1RHd2ZEWThTM1JLMzJJMkJud3JvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS85NDNkNWQtNTYwYy00MzE0LWFmODItOGI4YTAxYmQ3NDE0
LzEvSDhTU2VyR1VyaEkzX2VMVHZ2YVFPSWtfRGNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBPmRKAwQA
PmRRMA0GCSqGSIb3DQEBCwUAA4IBAQBKBXZdkioi8TdpBetTY1+coWs00mVYLdYt
dmu/RR/Qi4Ss7XLwnPn63BPIP5CnFJj643uk3nMUHuWIwlv3d+YLH1ECDABxI8qq
Tq6fLmn8evApvO1cEVnDCpgzwKsgBetuaSjGWkpM9/EwMts45GL21QxPW84qSJLc
EGAKXzYaFOeNg7a0qrP5EAi6AKZYBGiZvjRMvGAnxS4DQSjiT0zmRLWELk09/YKT
X/IKWmF355Njk/0DJKYDTpF4zkPju42OnhB+kXsF5McYbaPTM1GoXSsjDU56Rli6
4YQKIK3P/EdhvJsDthvyqbH1N73nVMPgojKvvM8N0/cJ4Ui8oYk9
-----END CERTIFICATE-----