Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/943d5d-560c-4314-af82-8b8a01bd7414/1/bVmwdUozMjMzHpW7t_ZssMHJUck.roa
File:                     bVmwdUozMjMzHpW7t_ZssMHJUck.roa (raw, json)
Hash identifier:          xEhmfSViEXr0SZ/qlsQ0R2pEmi3eLHzFdnLqyJ8jNlc=
Subject key identifier:   6D:59:B0:75:4A:33:32:33:33:1E:95:BB:B7:F6:6C:B0:C1:C9:51:C9
Certificate issuer:       /CN=1fc4927ab194ae1237fde2d3bef69038893f0dc5
Certificate serial:       018CC2DACEA38553F919A4C4E21C634E3B55
Authority key identifier: 1F:C4:92:7A:B1:94:AE:12:37:FD:E2:D3:BE:F6:90:38:89:3F:0D:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H8SSerGUrhI3_eLTvvaQOIk_DcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/943d5d-560c-4314-af82-8b8a01bd7414/1/bVmwdUozMjMzHpW7t_ZssMHJUck.roa
Signing time:             Mon 01 Jan 2024 02:29:28 +0000
ROA not before:           Mon 01 Jan 2024 02:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30848
IP address blocks:        62.100.87.0/24 maxlen: 24
                          62.100.86.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/943d5d-560c-4314-af82-8b8a01bd7414/1/H8SSerGUrhI3_eLTvvaQOIk_DcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/943d5d-560c-4314-af82-8b8a01bd7414/1/H8SSerGUrhI3_eLTvvaQOIk_DcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H8SSerGUrhI3_eLTvvaQOIk_DcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:ce:a3:85:53:f9:19:a4:c4:e2:1c:63:4e:3b:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1fc4927ab194ae1237fde2d3bef69038893f0dc5
        Validity
            Not Before: Jan  1 02:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d59b0754a333233331e95bbb7f66cb0c1c951c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:28:98:32:ad:97:9e:c2:f8:27:04:41:57:2c:
                    07:f2:68:a0:6d:eb:41:51:0c:14:9c:62:82:8d:42:
                    fd:33:2c:45:2c:bb:36:fc:64:29:fb:53:43:bf:b2:
                    58:41:9c:ae:39:e5:7f:63:39:ff:91:d8:0c:23:73:
                    f9:7f:cd:96:40:56:b9:59:5a:07:8b:89:c3:9a:18:
                    fc:bd:d5:c9:eb:a2:a5:08:07:f2:25:9c:35:98:96:
                    a8:4a:a0:ab:cf:1e:0d:cd:b6:af:c5:97:51:23:2f:
                    6a:c4:43:4d:f0:02:3d:f1:7b:4f:ed:69:ee:62:53:
                    a2:f5:32:cb:80:43:f2:ba:fa:41:88:5c:85:5b:a7:
                    a5:31:95:b7:ec:96:20:20:79:d4:b0:ad:a9:f2:8c:
                    16:5d:1a:d2:f6:56:a2:be:c1:4c:b9:d9:b1:50:e5:
                    85:b4:36:a3:16:d3:0a:26:8d:40:eb:24:0d:e7:be:
                    9c:f0:c9:bb:e4:cd:e8:42:78:2e:cf:77:8c:e1:b5:
                    e4:0c:82:fc:4c:5e:f8:08:5c:20:31:a5:e5:8a:28:
                    7b:30:70:48:c4:ef:25:d1:48:d3:db:fe:6b:f0:f0:
                    ab:e6:45:f3:51:b1:ed:5c:d4:b9:0e:36:dc:7b:78:
                    b7:0a:7b:2b:0b:0b:27:8c:a2:71:0c:a6:7d:9d:11:
                    a0:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:59:B0:75:4A:33:32:33:33:1E:95:BB:B7:F6:6C:B0:C1:C9:51:C9
            X509v3 Authority Key Identifier:
                keyid:1F:C4:92:7A:B1:94:AE:12:37:FD:E2:D3:BE:F6:90:38:89:3F:0D:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H8SSerGUrhI3_eLTvvaQOIk_DcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/943d5d-560c-4314-af82-8b8a01bd7414/1/bVmwdUozMjMzHpW7t_ZssMHJUck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/943d5d-560c-4314-af82-8b8a01bd7414/1/H8SSerGUrhI3_eLTvvaQOIk_DcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.100.86.0/23

    Signature Algorithm: sha256WithRSAEncryption
         24:a6:50:5c:c6:51:f6:c8:87:62:7a:f1:d0:63:1c:f3:69:bc:
         4e:46:8a:8d:21:c8:bd:db:29:56:d0:83:12:31:5b:cf:c1:a4:
         d4:d3:d9:34:31:da:aa:11:96:3d:65:e5:2d:c8:f6:91:91:e5:
         26:10:ac:50:cc:5b:50:38:89:69:66:1a:8b:94:13:4b:ac:dc:
         a3:9a:67:9f:76:84:4e:9f:d1:b4:ff:6d:65:71:69:c8:3e:bd:
         9f:44:31:22:4a:b7:26:de:f7:8e:50:06:b2:46:e2:5e:d0:09:
         5f:d1:04:71:ec:c9:3d:78:71:f8:35:dc:c2:90:52:83:34:b4:
         1c:53:08:d3:1f:01:93:db:99:7d:9d:53:c4:99:d8:9f:90:42:
         98:1e:db:b3:b6:d7:7c:cc:94:77:ab:40:d9:fb:c3:6e:93:68:
         57:12:f4:b3:11:7a:51:f4:b3:82:c3:3a:6e:45:65:e2:5b:67:
         59:f6:85:2f:b5:db:16:fb:9d:c9:ee:cf:1a:99:95:a6:c9:18:
         6b:be:b5:cb:c7:7e:dc:28:6b:28:6e:73:da:e6:9d:0a:eb:f2:
         a6:7a:90:21:75:01:84:63:e6:5b:39:b5:ac:1b:63:da:70:c6:
         5b:a7:41:fd:53:b4:15:e6:c0:d3:aa:81:7b:46:17:47:24:40:
         70:bd:21:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2s6jhVP5GaTE4hxjTjtVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmYzQ5MjdhYjE5NGFlMTIzN2ZkZTJkM2JlZjY5MDM4ODkz
ZjBkYzUwHhcNMjQwMTAxMDIyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDU5YjA3NTRhMzMzMjMzMzMxZTk1YmJiN2Y2NmNiMGMxYzk1MWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkyiYMq2XnsL4JwRBVywH8migbetB
UQwUnGKCjUL9MyxFLLs2/GQp+1NDv7JYQZyuOeV/Yzn/kdgMI3P5f82WQFa5WVoH
i4nDmhj8vdXJ66KlCAfyJZw1mJaoSqCrzx4NzbavxZdRIy9qxENN8AI98XtP7Wnu
YlOi9TLLgEPyuvpBiFyFW6elMZW37JYgIHnUsK2p8owWXRrS9laivsFMudmxUOWF
tDajFtMKJo1A6yQN576c8Mm75M3oQnguz3eM4bXkDIL8TF74CFwgMaXliih7MHBI
xO8l0UjT2/5r8PCr5kXzUbHtXNS5Djbce3i3CnsrCwsnjKJxDKZ9nRGgkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG1ZsHVKMzIzMx6Vu7f2bLDByVHJMB8GA1UdIwQY
MBaAFB/EknqxlK4SN/3i0772kDiJPw3FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDhTU2VyR1VyaEkzX2VMVHZ2YVFPSWtfRGNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS85NDNkNWQtNTYwYy00MzE0LWFmODIt
OGI4YTAxYmQ3NDE0LzEvYlZtd2RVb3pNak16SHBXN3RfWnNzTUhKVWNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS85NDNkNWQtNTYwYy00MzE0LWFmODItOGI4YTAxYmQ3NDE0
LzEvSDhTU2VyR1VyaEkzX2VMVHZ2YVFPSWtfRGNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBPmRWMA0G
CSqGSIb3DQEBCwUAA4IBAQAkplBcxlH2yIdievHQYxzzabxORoqNIci92ylW0IMS
MVvPwaTU09k0MdqqEZY9ZeUtyPaRkeUmEKxQzFtQOIlpZhqLlBNLrNyjmmefdoRO
n9G0/21lcWnIPr2fRDEiSrcm3veOUAayRuJe0Alf0QRx7Mk9eHH4NdzCkFKDNLQc
UwjTHwGT25l9nVPEmdifkEKYHtuzttd8zJR3q0DZ+8Nuk2hXEvSzEXpR9LOCwzpu
RWXiW2dZ9oUvtdsW+53J7s8amZWmyRhrvrXLx37cKGsobnPa5p0K6/KmepAhdQGE
Y+ZbObWsG2PacMZbp0H9U7QV5sDTqoF7RhdHJEBwvSFI
-----END CERTIFICATE-----