Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/lUdx5RnbBoe3Dq7QWSvDtE7chr4.roa
File:                     lUdx5RnbBoe3Dq7QWSvDtE7chr4.roa (raw, json)
Hash identifier:          X/lM3UZVy/mM/EJK6IX8w56+nHiR5N306xdOX3N6JEM=
Subject key identifier:   95:47:71:E5:19:DB:06:87:B7:0E:AE:D0:59:2B:C3:B4:4E:DC:86:BE
Certificate issuer:       /CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
Certificate serial:       018E862573BBD88367CC268A3B539FF87E84
Authority key identifier: 8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/lUdx5RnbBoe3Dq7QWSvDtE7chr4.roa
Signing time:             Thu 28 Mar 2024 17:39:45 +0000
ROA not before:           Thu 28 Mar 2024 17:39:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14445
IP address blocks:        62.233.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 14:49:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:86:25:73:bb:d8:83:67:cc:26:8a:3b:53:9f:f8:7e:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
        Validity
            Not Before: Mar 28 17:39:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=954771e519db0687b70eaed0592bc3b44edc86be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:07:95:e2:0d:16:57:58:44:8a:45:e9:c9:2a:
                    84:50:7c:04:87:df:57:10:66:48:7e:1b:19:5a:d0:
                    cd:f5:7f:3f:34:f1:b2:5a:cb:33:a4:f3:a5:c0:5d:
                    73:c4:43:91:be:75:7a:3c:10:8f:e2:2b:28:ff:e7:
                    15:c0:b0:05:5f:87:6d:a6:0d:00:87:21:79:7a:55:
                    1a:f9:be:92:96:ca:cc:74:b1:13:37:e6:87:f3:3c:
                    37:7f:b9:af:40:71:40:fd:76:f5:07:85:7a:22:53:
                    27:84:53:f7:6f:dd:85:c0:7a:94:62:f2:fb:1d:a2:
                    77:7d:af:1a:79:bd:69:6c:0e:28:0c:09:2c:52:7e:
                    55:e4:f9:79:8b:15:0b:fe:ee:b5:07:a1:45:8c:af:
                    6c:af:c6:38:0f:a6:8b:59:43:45:32:15:6d:6c:1b:
                    c1:b2:70:89:26:88:80:bf:5c:49:26:f3:0b:24:62:
                    82:a9:f2:13:bb:3c:3b:ed:b7:81:c3:86:d0:87:34:
                    30:5a:94:e6:b7:c5:8d:07:f1:38:6c:0d:94:19:81:
                    80:47:c5:ac:e3:aa:59:9c:7e:02:6d:f2:aa:1a:2e:
                    e3:13:05:f1:e7:31:a4:c3:69:02:c8:cf:6b:d9:1f:
                    15:4a:6d:e3:44:82:00:eb:8f:5d:98:33:4e:db:3d:
                    fa:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:47:71:E5:19:DB:06:87:B7:0E:AE:D0:59:2B:C3:B4:4E:DC:86:BE
            X509v3 Authority Key Identifier:
                keyid:8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/lUdx5RnbBoe3Dq7QWSvDtE7chr4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.233.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:cb:34:9c:33:a8:e1:1d:1a:a1:19:3b:2b:57:29:63:cf:88:
         9a:df:c9:fa:24:81:32:fa:78:39:7e:9d:f9:12:b3:81:f3:18:
         9e:08:b6:48:33:45:a9:c9:94:83:8a:2b:28:eb:6a:fc:03:81:
         a9:2c:d9:df:2d:0d:fa:8c:27:2b:31:6b:54:42:50:90:c1:b7:
         55:b1:59:09:2f:a1:60:2e:b9:1a:45:e2:81:f4:3a:00:15:a7:
         2b:15:0d:43:9c:34:e2:27:24:47:be:82:1e:34:d5:22:4d:7b:
         f4:1d:fe:e7:17:42:6e:67:59:38:27:91:af:bd:13:43:45:fb:
         0b:80:70:ee:78:f3:64:6a:84:25:72:d4:ad:c9:e4:12:0d:59:
         78:6b:0e:f7:e1:ad:48:f8:ef:47:21:1a:a4:68:07:c5:de:0b:
         07:aa:90:ab:4f:31:57:a0:aa:20:ad:cc:37:98:c8:a6:97:16:
         00:5b:43:af:78:fb:de:7e:9d:ea:0c:ec:37:55:43:3b:70:35:
         d7:6c:f9:1e:ff:2e:b5:bb:95:06:c4:fd:2b:e7:58:0b:e4:cc:
         b6:87:dc:d9:08:b7:1d:fe:2c:23:e3:48:39:10:e0:34:48:3e:
         10:aa:e5:d5:ad:ed:70:04:3f:85:90:45:13:1e:b0:06:7c:6a:
         43:33:f4:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6GJXO72INnzCaKO1Of+H6EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMWFjODNlZTNhM2Y5NjhkNjZhZDJmZGY0NjE2ZTdiYjFl
NGQxZDcwHhcNMjQwMzI4MTczOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTQ3NzFlNTE5ZGIwNjg3YjcwZWFlZDA1OTJiYzNiNDRlZGM4NmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiQeV4g0WV1hEikXpySqEUHwEh99X
EGZIfhsZWtDN9X8/NPGyWsszpPOlwF1zxEORvnV6PBCP4iso/+cVwLAFX4dtpg0A
hyF5elUa+b6SlsrMdLETN+aH8zw3f7mvQHFA/Xb1B4V6IlMnhFP3b92FwHqUYvL7
HaJ3fa8aeb1pbA4oDAksUn5V5Pl5ixUL/u61B6FFjK9sr8Y4D6aLWUNFMhVtbBvB
snCJJoiAv1xJJvMLJGKCqfITuzw77beBw4bQhzQwWpTmt8WNB/E4bA2UGYGAR8Ws
46pZnH4CbfKqGi7jEwXx5zGkw2kCyM9r2R8VSm3jRIIA649dmDNO2z36JwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJVHceUZ2waHtw6u0Fkrw7RO3Ia+MB8GA1UdIwQY
MBaAFI0ayD7jo/lo1mrS/fRhbnux5NHXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWIt
ZGRmNTY3ZWRlZDAzLzEvbFVkeDVSbmJCb2UzRHE3UVdTdkR0RTdjaHI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWItZGRmNTY3ZWRlZDAz
LzEvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPuk7MA0G
CSqGSIb3DQEBCwUAA4IBAQB8yzScM6jhHRqhGTsrVyljz4ia38n6JIEy+ng5fp35
ErOB8xieCLZIM0WpyZSDiiso62r8A4GpLNnfLQ36jCcrMWtUQlCQwbdVsVkJL6Fg
LrkaReKB9DoAFacrFQ1DnDTiJyRHvoIeNNUiTXv0Hf7nF0JuZ1k4J5GvvRNDRfsL
gHDuePNkaoQlctStyeQSDVl4aw734a1I+O9HIRqkaAfF3gsHqpCrTzFXoKogrcw3
mMimlxYAW0OvePvefp3qDOw3VUM7cDXXbPke/y61u5UGxP0r51gL5My2h9zZCLcd
/iwj40g5EOA0SD4QquXVre1wBD+FkEUTHrAGfGpDM/T0
-----END CERTIFICATE-----