Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/943d5d-560c-4314-af82-8b8a01bd7414/1/xngsphKlqyUDOo4N9L4SxcpfV_c.roa
File:                     xngsphKlqyUDOo4N9L4SxcpfV_c.roa (raw, json)
Hash identifier:          jx6daqHXVaOOPSJUBD84kNV8KWsrSpTfFIDvBRMndKU=
Subject key identifier:   C6:78:2C:A6:12:A5:AB:25:03:3A:8E:0D:F4:BE:12:C5:CA:5F:57:F7
Certificate issuer:       /CN=1fc4927ab194ae1237fde2d3bef69038893f0dc5
Certificate serial:       018CC2DACD2D1F57A5FE60EDAECDA4949B67
Authority key identifier: 1F:C4:92:7A:B1:94:AE:12:37:FD:E2:D3:BE:F6:90:38:89:3F:0D:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H8SSerGUrhI3_eLTvvaQOIk_DcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/943d5d-560c-4314-af82-8b8a01bd7414/1/xngsphKlqyUDOo4N9L4SxcpfV_c.roa
Signing time:             Mon 01 Jan 2024 02:29:28 +0000
ROA not before:           Mon 01 Jan 2024 02:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5602
IP address blocks:        62.100.76.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/943d5d-560c-4314-af82-8b8a01bd7414/1/H8SSerGUrhI3_eLTvvaQOIk_DcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/943d5d-560c-4314-af82-8b8a01bd7414/1/H8SSerGUrhI3_eLTvvaQOIk_DcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H8SSerGUrhI3_eLTvvaQOIk_DcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:cd:2d:1f:57:a5:fe:60:ed:ae:cd:a4:94:9b:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1fc4927ab194ae1237fde2d3bef69038893f0dc5
        Validity
            Not Before: Jan  1 02:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c6782ca612a5ab25033a8e0df4be12c5ca5f57f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:7d:fd:cb:16:52:c0:21:d5:9e:2a:58:84:47:
                    34:55:47:b7:06:53:0a:84:64:3d:bf:85:a8:66:3b:
                    47:03:d9:05:d4:60:99:5d:3c:2d:33:d7:3e:0e:79:
                    62:af:9d:df:4c:53:00:d6:53:43:23:ef:56:ca:94:
                    4b:fb:1c:2e:d6:cd:94:03:c3:ff:fd:cd:a7:aa:c1:
                    d6:71:ae:00:12:7a:d0:8b:db:a5:a9:7f:44:82:68:
                    13:54:40:ae:a4:63:5d:5a:ce:bf:0e:a5:4c:04:1d:
                    8e:58:f9:2d:4a:cf:78:ac:c8:03:eb:5d:2b:e3:e9:
                    80:27:ca:cb:68:9e:37:68:92:63:a8:84:2d:2c:bb:
                    94:8c:35:c7:da:5e:32:67:12:4f:61:f2:1a:45:4b:
                    b7:03:31:94:9d:56:10:ae:87:d2:b9:6c:ea:5c:d7:
                    ec:b6:5c:8e:f7:18:c5:4b:04:2d:8c:48:6e:22:24:
                    e1:c2:0e:5a:4e:ff:ee:2d:fe:a0:ac:2e:4a:85:0d:
                    32:84:66:f1:bc:cc:8a:73:b4:50:d5:64:0d:e3:6c:
                    ed:86:5c:c4:5a:5d:4c:a6:f0:f2:80:e2:b8:8c:3e:
                    4b:66:51:9a:48:1e:5c:5f:00:34:15:3b:40:77:cd:
                    ca:92:fe:fb:c4:29:2b:78:37:75:e7:fa:c7:ef:73:
                    fd:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:78:2C:A6:12:A5:AB:25:03:3A:8E:0D:F4:BE:12:C5:CA:5F:57:F7
            X509v3 Authority Key Identifier:
                keyid:1F:C4:92:7A:B1:94:AE:12:37:FD:E2:D3:BE:F6:90:38:89:3F:0D:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H8SSerGUrhI3_eLTvvaQOIk_DcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/943d5d-560c-4314-af82-8b8a01bd7414/1/xngsphKlqyUDOo4N9L4SxcpfV_c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/943d5d-560c-4314-af82-8b8a01bd7414/1/H8SSerGUrhI3_eLTvvaQOIk_DcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.100.76.0/23

    Signature Algorithm: sha256WithRSAEncryption
         29:76:70:e0:ce:81:00:ce:f4:1a:23:93:a0:67:32:7d:41:e8:
         4c:b0:17:9b:e8:b6:4c:c3:15:68:9b:3e:c2:df:45:2e:c1:9d:
         73:1b:2a:82:fa:2b:5d:07:87:21:51:38:39:ad:dc:55:65:aa:
         78:62:e1:40:aa:db:bc:47:25:06:97:04:ee:dc:14:6e:90:af:
         6f:6c:40:08:b9:60:6c:f5:75:c1:0a:ec:ea:95:b0:02:bb:0d:
         fc:53:79:e0:c9:75:33:e9:3d:f5:88:cd:6c:4f:1e:65:4d:c3:
         d7:d8:ae:1b:03:e9:38:db:35:a4:74:7f:c9:16:03:fd:0d:a8:
         4d:25:77:da:d6:8c:5f:00:b2:7d:f1:f3:37:22:6e:ea:9f:1b:
         8c:aa:b6:c8:cf:04:1b:d5:2b:4e:3b:07:13:7f:1b:ce:68:d4:
         48:61:ec:91:76:12:40:04:0c:28:5f:b0:68:9d:40:da:e9:09:
         13:ce:0b:4c:50:d7:3e:e4:78:c1:5c:6e:2f:8d:73:8a:d0:b0:
         e4:8b:45:bc:3b:a3:a3:8a:aa:81:71:9e:80:81:86:9d:f5:8e:
         e3:56:92:be:c4:ff:4d:a7:14:da:54:75:e1:cd:81:30:40:d3:
         46:4f:7b:50:27:83:27:a0:2a:7a:7e:a3:50:87:1c:a5:98:18:
         57:f6:6b:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2s0tH1el/mDtrs2klJtnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmYzQ5MjdhYjE5NGFlMTIzN2ZkZTJkM2JlZjY5MDM4ODkz
ZjBkYzUwHhcNMjQwMTAxMDIyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjc4MmNhNjEyYTVhYjI1MDMzYThlMGRmNGJlMTJjNWNhNWY1N2Y3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnH39yxZSwCHVnipYhEc0VUe3BlMK
hGQ9v4WoZjtHA9kF1GCZXTwtM9c+Dnlir53fTFMA1lNDI+9WypRL+xwu1s2UA8P/
/c2nqsHWca4AEnrQi9ulqX9EgmgTVECupGNdWs6/DqVMBB2OWPktSs94rMgD610r
4+mAJ8rLaJ43aJJjqIQtLLuUjDXH2l4yZxJPYfIaRUu3AzGUnVYQrofSuWzqXNfs
tlyO9xjFSwQtjEhuIiThwg5aTv/uLf6grC5KhQ0yhGbxvMyKc7RQ1WQN42zthlzE
Wl1MpvDygOK4jD5LZlGaSB5cXwA0FTtAd83Kkv77xCkreDd15/rH73P9vwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMZ4LKYSpaslAzqODfS+EsXKX1f3MB8GA1UdIwQY
MBaAFB/EknqxlK4SN/3i0772kDiJPw3FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDhTU2VyR1VyaEkzX2VMVHZ2YVFPSWtfRGNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS85NDNkNWQtNTYwYy00MzE0LWFmODIt
OGI4YTAxYmQ3NDE0LzEveG5nc3BoS2xxeVVET280TjlMNFN4Y3BmVl9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS85NDNkNWQtNTYwYy00MzE0LWFmODItOGI4YTAxYmQ3NDE0
LzEvSDhTU2VyR1VyaEkzX2VMVHZ2YVFPSWtfRGNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBPmRMMA0G
CSqGSIb3DQEBCwUAA4IBAQApdnDgzoEAzvQaI5OgZzJ9QehMsBeb6LZMwxVomz7C
30UuwZ1zGyqC+itdB4chUTg5rdxVZap4YuFAqtu8RyUGlwTu3BRukK9vbEAIuWBs
9XXBCuzqlbACuw38U3ngyXUz6T31iM1sTx5lTcPX2K4bA+k42zWkdH/JFgP9DahN
JXfa1oxfALJ98fM3Im7qnxuMqrbIzwQb1StOOwcTfxvOaNRIYeyRdhJABAwoX7Bo
nUDa6QkTzgtMUNc+5HjBXG4vjXOK0LDki0W8O6OjiqqBcZ6AgYad9Y7jVpK+xP9N
pxTaVHXhzYEwQNNGT3tQJ4MnoCp6fqNQhxylmBhX9muO
-----END CERTIFICATE-----