Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/732b26-3193-44a7-938e-af68467c3727/1/VXEKPUHDdaRCfsoTliRm9IrXdQY.roa
File:                     VXEKPUHDdaRCfsoTliRm9IrXdQY.roa (raw, json)
Hash identifier:          qOlzK575d0bJLMY18897KauGWFG0rsdIGbeIDdYOfyI=
Subject key identifier:   55:71:0A:3D:41:C3:75:A4:42:7E:CA:13:96:24:66:F4:8A:D7:75:06
Certificate issuer:       /CN=b869cc42415eac65c4baa1a3926302e88b5e1629
Certificate serial:       018CCA9A2168F59003DE3FBD14ADA29982CF
Authority key identifier: B8:69:CC:42:41:5E:AC:65:C4:BA:A1:A3:92:63:02:E8:8B:5E:16:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uGnMQkFerGXEuqGjkmMC6IteFik.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/732b26-3193-44a7-938e-af68467c3727/1/VXEKPUHDdaRCfsoTliRm9IrXdQY.roa
Signing time:             Tue 02 Jan 2024 14:35:47 +0000
ROA not before:           Tue 02 Jan 2024 14:35:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48137
IP address blocks:        62.145.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/732b26-3193-44a7-938e-af68467c3727/1/uGnMQkFerGXEuqGjkmMC6IteFik.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/732b26-3193-44a7-938e-af68467c3727/1/uGnMQkFerGXEuqGjkmMC6IteFik.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uGnMQkFerGXEuqGjkmMC6IteFik.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 01:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:9a:21:68:f5:90:03:de:3f:bd:14:ad:a2:99:82:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b869cc42415eac65c4baa1a3926302e88b5e1629
        Validity
            Not Before: Jan  2 14:35:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55710a3d41c375a4427eca13962466f48ad77506
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:59:c2:c2:95:c6:4f:02:ce:c3:16:de:fb:d3:
                    cf:b0:1f:1e:8c:4c:7c:da:c5:45:ed:5b:6f:fa:41:
                    47:8e:f9:47:c5:8c:b8:19:e6:98:a4:53:1a:d7:4c:
                    59:24:81:12:93:4e:22:72:6c:97:d0:4d:aa:dc:87:
                    56:50:b9:e6:eb:09:20:be:82:9c:6b:64:a4:56:66:
                    94:9c:cf:15:46:43:1d:9c:1e:f4:9c:c7:fd:c6:62:
                    84:07:72:77:dc:42:0a:da:ea:d0:e4:58:92:dd:6d:
                    39:63:25:53:93:de:aa:f7:dd:87:3e:d8:84:14:8a:
                    de:ca:b5:b8:bd:3b:e4:93:c3:34:fc:35:50:99:6c:
                    3f:38:99:b2:b2:01:dd:d6:35:cb:e4:a4:46:31:b7:
                    0c:d8:98:4a:fe:fc:e2:4b:8f:e4:f1:fb:55:73:ff:
                    92:81:81:68:f6:c4:7b:32:dc:fb:79:df:41:70:8f:
                    ee:14:a0:cd:b2:74:d9:83:3d:b9:04:d9:0b:83:a6:
                    9d:f9:88:b6:6b:cf:d6:5e:30:d1:07:23:2d:d3:d9:
                    2a:ae:47:25:82:1a:01:d8:0d:fd:1d:6b:45:68:a9:
                    eb:60:38:8c:c9:4e:ad:d4:84:10:d9:07:59:aa:af:
                    c8:b7:40:57:b2:59:7d:db:0c:26:81:69:cc:69:a7:
                    cc:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:71:0A:3D:41:C3:75:A4:42:7E:CA:13:96:24:66:F4:8A:D7:75:06
            X509v3 Authority Key Identifier:
                keyid:B8:69:CC:42:41:5E:AC:65:C4:BA:A1:A3:92:63:02:E8:8B:5E:16:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uGnMQkFerGXEuqGjkmMC6IteFik.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/732b26-3193-44a7-938e-af68467c3727/1/VXEKPUHDdaRCfsoTliRm9IrXdQY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/732b26-3193-44a7-938e-af68467c3727/1/uGnMQkFerGXEuqGjkmMC6IteFik.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.145.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:68:d3:db:a6:18:42:5b:05:e4:97:b5:4c:bf:ad:d3:35:61:
         49:fa:8b:ff:f5:bf:48:13:7a:fb:ce:46:cb:78:22:44:cf:e8:
         d2:a1:b1:c9:28:52:49:b7:ff:8d:9d:69:22:bf:81:d8:fa:ee:
         e1:b7:a9:4b:05:88:c3:a7:68:40:ae:41:2e:20:6a:de:98:3e:
         c7:50:df:ba:5c:16:d9:18:cc:b5:5a:09:10:2f:9b:96:ee:b1:
         c7:c4:61:d3:3b:b6:73:77:3e:af:7c:6f:f2:6b:27:79:8d:26:
         8c:cb:d2:a1:b5:76:d2:37:9d:07:2f:c9:21:c4:e3:a4:01:e8:
         00:2a:ef:39:63:ba:8d:0a:54:aa:28:00:9c:fe:f0:bf:fd:e7:
         cb:78:48:d5:ec:f6:e1:d3:9d:1b:94:84:74:d2:47:af:3c:8c:
         56:dc:1d:cb:13:db:b2:7e:ad:78:fc:16:37:96:e1:93:2c:24:
         83:d2:bc:21:f2:6a:20:90:b0:1a:38:e6:a3:8a:b2:ca:e0:3f:
         5a:5c:20:a2:9e:ad:85:28:78:eb:1b:73:ff:5d:50:4a:c7:44:
         50:a9:8e:c0:09:b4:79:25:50:b2:38:4e:0e:e5:9f:7b:1d:eb:
         db:e0:7a:ce:6e:d6:8f:91:34:b8:86:1c:8d:bb:5f:a8:b2:a3:
         46:fc:d2:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmiFo9ZAD3j+9FK2imYLPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4NjljYzQyNDE1ZWFjNjVjNGJhYTFhMzkyNjMwMmU4OGI1
ZTE2MjkwHhcNMjQwMTAyMTQzNTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTcxMGEzZDQxYzM3NWE0NDI3ZWNhMTM5NjI0NjZmNDhhZDc3NTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi1nCwpXGTwLOwxbe+9PPsB8ejEx8
2sVF7Vtv+kFHjvlHxYy4GeaYpFMa10xZJIESk04icmyX0E2q3IdWULnm6wkgvoKc
a2SkVmaUnM8VRkMdnB70nMf9xmKEB3J33EIK2urQ5FiS3W05YyVTk96q992HPtiE
FIreyrW4vTvkk8M0/DVQmWw/OJmysgHd1jXL5KRGMbcM2JhK/vziS4/k8ftVc/+S
gYFo9sR7Mtz7ed9BcI/uFKDNsnTZgz25BNkLg6ad+Yi2a8/WXjDRByMt09kqrkcl
ghoB2A39HWtFaKnrYDiMyU6t1IQQ2QdZqq/It0BXsll92wwmgWnMaafM0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFVxCj1Bw3WkQn7KE5YkZvSK13UGMB8GA1UdIwQY
MBaAFLhpzEJBXqxlxLqho5JjAuiLXhYpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUduTVFrRmVyR1hFdXFHamttTUM2SXRlRmlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83MzJiMjYtMzE5My00NGE3LTkzOGUt
YWY2ODQ2N2MzNzI3LzEvVlhFS1BVSERkYVJDZnNvVGxpUm05SXJYZFFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83MzJiMjYtMzE5My00NGE3LTkzOGUtYWY2ODQ2N2MzNzI3
LzEvdUduTVFrRmVyR1hFdXFHamttTUM2SXRlRmlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPpFhMA0G
CSqGSIb3DQEBCwUAA4IBAQB6aNPbphhCWwXkl7VMv63TNWFJ+ov/9b9IE3r7zkbL
eCJEz+jSobHJKFJJt/+NnWkiv4HY+u7ht6lLBYjDp2hArkEuIGremD7HUN+6XBbZ
GMy1WgkQL5uW7rHHxGHTO7Zzdz6vfG/yayd5jSaMy9KhtXbSN50HL8khxOOkAegA
Ku85Y7qNClSqKACc/vC//efLeEjV7Pbh050blIR00kevPIxW3B3LE9uyfq14/BY3
luGTLCSD0rwh8mogkLAaOOajirLK4D9aXCCinq2FKHjrG3P/XVBKx0RQqY7ACbR5
JVCyOE4O5Z97Hevb4HrObtaPkTS4hhyNu1+osqNG/NJT
-----END CERTIFICATE-----