Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/Abp9IL31-1kog1uerrLG_yRxPz0.roa
File:                     Abp9IL31-1kog1uerrLG_yRxPz0.roa (raw, json)
Hash identifier:          lhTtPDTjItNi79CZcKdhehzNgaHC7J6U/1rQLcClNC8=
Subject key identifier:   01:BA:7D:20:BD:F5:FB:59:28:83:5B:9E:AE:B2:C6:FF:24:71:3F:3D
Certificate issuer:       /CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
Certificate serial:       0192C3776EA34A75EAE39817F632819E7B4A
Authority key identifier: 8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/Abp9IL31-1kog1uerrLG_yRxPz0.roa
Signing time:             Fri 25 Oct 2024 11:37:17 +0000
ROA not before:           Fri 25 Oct 2024 11:37:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42831
IP address blocks:        62.233.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:c3:77:6e:a3:4a:75:ea:e3:98:17:f6:32:81:9e:7b:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
        Validity
            Not Before: Oct 25 11:37:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=01ba7d20bdf5fb5928835b9eaeb2c6ff24713f3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:6b:b4:85:96:ee:b6:0a:32:b1:10:9f:16:95:
                    88:29:60:f8:9b:e1:3f:8a:f2:1a:1c:ad:25:5b:56:
                    53:d5:39:10:80:8d:58:83:f1:21:22:52:ed:78:d2:
                    66:a3:0b:25:f1:77:fa:3f:f4:0d:68:b5:d3:b9:36:
                    a3:6b:05:92:cc:9c:5c:c3:46:ff:09:f4:34:e4:81:
                    e7:57:d4:ca:ba:ab:a8:4f:d3:ab:06:35:26:83:43:
                    94:49:f1:c3:97:9f:46:d9:b5:0e:0e:02:e6:9b:69:
                    e3:e0:a9:be:26:ba:b9:fe:7d:f6:f3:db:29:07:ca:
                    26:fc:40:8c:9b:fd:e4:b2:43:1d:fd:ff:44:6a:2c:
                    23:3f:cf:b8:6b:8d:5d:6c:d6:9c:12:c4:34:f2:62:
                    3b:bc:53:46:b3:5e:0e:f0:c6:10:72:af:ac:9f:be:
                    d7:e5:62:dd:84:42:25:e1:f3:98:9b:77:97:77:af:
                    1e:b1:68:ba:4f:b9:8a:02:8d:d7:d8:05:c0:39:dd:
                    5f:66:f4:2c:51:15:20:f3:f9:39:db:50:4c:54:c6:
                    19:29:60:3c:92:9e:a0:46:ba:28:3d:25:78:b6:83:
                    d5:c9:39:5b:ba:42:26:36:10:12:bf:0f:ff:48:ae:
                    8c:e8:b3:8f:1b:c2:47:1f:c3:26:ed:1b:28:f5:be:
                    90:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:BA:7D:20:BD:F5:FB:59:28:83:5B:9E:AE:B2:C6:FF:24:71:3F:3D
            X509v3 Authority Key Identifier:
                keyid:8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/Abp9IL31-1kog1uerrLG_yRxPz0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.233.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:4b:c3:c4:89:b3:35:4f:d5:66:57:4e:33:73:78:2b:96:37:
         5d:9d:6e:6c:c5:45:41:7f:21:f0:f1:76:a0:7d:2d:d2:72:b2:
         68:fa:04:78:e3:9b:56:9d:89:5e:48:a7:42:8d:b2:ec:a8:bd:
         19:5b:73:e4:38:7a:46:a4:e5:e5:2d:f2:79:16:aa:02:bf:06:
         42:d5:1a:2a:34:9c:1e:72:11:91:30:0a:29:5d:db:4a:af:fb:
         0c:3b:51:fe:f7:84:2f:35:4d:04:8b:2b:f1:ec:9c:50:8a:1b:
         79:77:f7:f3:b3:bc:8b:6f:e2:7a:70:a5:23:af:d8:75:32:54:
         47:0f:e5:f9:1e:15:08:f3:32:d7:74:8d:99:92:bc:a1:d0:34:
         7d:7a:72:af:26:3e:40:99:01:76:2d:da:ba:13:7f:45:f9:f1:
         f3:f6:4a:0d:7e:cb:2d:0e:00:f9:a4:24:94:0b:a9:a4:1d:c7:
         2b:c2:c9:9f:65:8d:f4:ee:d9:fb:7d:21:03:a9:13:88:50:6a:
         4d:a4:8a:f6:55:4e:f2:2f:87:d9:0a:7a:0d:0a:d2:d7:78:f6:
         35:bf:44:5f:94:6c:e2:05:fd:5c:bc:39:26:8b:c7:c8:bb:05:
         81:65:87:ae:ad:24:9f:7f:db:dd:18:63:ca:5c:7d:32:ea:35:
         00:ad:4b:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLDd26jSnXq45gX9jKBnntKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMWFjODNlZTNhM2Y5NjhkNjZhZDJmZGY0NjE2ZTdiYjFl
NGQxZDcwHhcNMjQxMDI1MTEzNzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWJhN2QyMGJkZjVmYjU5Mjg4MzViOWVhZWIyYzZmZjI0NzEzZjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuWu0hZbutgoysRCfFpWIKWD4m+E/
ivIaHK0lW1ZT1TkQgI1Yg/EhIlLteNJmowsl8Xf6P/QNaLXTuTajawWSzJxcw0b/
CfQ05IHnV9TKuquoT9OrBjUmg0OUSfHDl59G2bUODgLmm2nj4Km+Jrq5/n3289sp
B8om/ECMm/3kskMd/f9EaiwjP8+4a41dbNacEsQ08mI7vFNGs14O8MYQcq+sn77X
5WLdhEIl4fOYm3eXd68esWi6T7mKAo3X2AXAOd1fZvQsURUg8/k521BMVMYZKWA8
kp6gRrooPSV4toPVyTlbukImNhASvw//SK6M6LOPG8JHH8Mm7Rso9b6QZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAG6fSC99ftZKINbnq6yxv8kcT89MB8GA1UdIwQY
MBaAFI0ayD7jo/lo1mrS/fRhbnux5NHXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWIt
ZGRmNTY3ZWRlZDAzLzEvQWJwOUlMMzEtMWtvZzF1ZXJyTEdfeVJ4UHowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWItZGRmNTY3ZWRlZDAz
LzEvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPuk7MA0G
CSqGSIb3DQEBCwUAA4IBAQAzS8PEibM1T9VmV04zc3grljddnW5sxUVBfyHw8Xag
fS3ScrJo+gR445tWnYleSKdCjbLsqL0ZW3PkOHpGpOXlLfJ5FqoCvwZC1RoqNJwe
chGRMAopXdtKr/sMO1H+94QvNU0Eiyvx7JxQiht5d/fzs7yLb+J6cKUjr9h1MlRH
D+X5HhUI8zLXdI2Zkryh0DR9enKvJj5AmQF2Ldq6E39F+fHz9koNfsstDgD5pCSU
C6mkHccrwsmfZY307tn7fSEDqROIUGpNpIr2VU7yL4fZCnoNCtLXePY1v0RflGzi
Bf1cvDkmi8fIuwWBZYeurSSff9vdGGPKXH0y6jUArUvc
-----END CERTIFICATE-----