Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/732b26-3193-44a7-938e-af68467c3727/1/x-EVvlzTY1IMOW2s55tD-H7YElg.roa
File:                     x-EVvlzTY1IMOW2s55tD-H7YElg.roa (raw, json)
Hash identifier:          V/w3O51u0D1I4oeqe1NnI34TpWQdZTbc52Uf+dAWdto=
Subject key identifier:   C7:E1:15:BE:5C:D3:63:52:0C:39:6D:AC:E7:9B:43:F8:7E:D8:12:58
Certificate issuer:       /CN=b869cc42415eac65c4baa1a3926302e88b5e1629
Certificate serial:       018CCA9A207A10A78DFB79CC817965CEC03A
Authority key identifier: B8:69:CC:42:41:5E:AC:65:C4:BA:A1:A3:92:63:02:E8:8B:5E:16:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uGnMQkFerGXEuqGjkmMC6IteFik.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/732b26-3193-44a7-938e-af68467c3727/1/x-EVvlzTY1IMOW2s55tD-H7YElg.roa
Signing time:             Tue 02 Jan 2024 14:35:47 +0000
ROA not before:           Tue 02 Jan 2024 14:35:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13126
IP address blocks:        62.145.64.0/18 maxlen: 32
                          2a0b:7f80::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/732b26-3193-44a7-938e-af68467c3727/1/uGnMQkFerGXEuqGjkmMC6IteFik.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/732b26-3193-44a7-938e-af68467c3727/1/uGnMQkFerGXEuqGjkmMC6IteFik.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uGnMQkFerGXEuqGjkmMC6IteFik.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 16:01:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:9a:20:7a:10:a7:8d:fb:79:cc:81:79:65:ce:c0:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b869cc42415eac65c4baa1a3926302e88b5e1629
        Validity
            Not Before: Jan  2 14:35:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7e115be5cd363520c396dace79b43f87ed81258
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:c5:40:b0:cd:dd:65:8c:c9:69:d1:d5:ed:d3:
                    34:8f:73:2c:f6:ee:18:3d:6e:ca:90:71:7d:2f:95:
                    0a:bd:4d:3b:78:e3:9a:49:a6:f5:7c:e6:3e:8a:e0:
                    11:2f:63:eb:89:1a:3d:25:0f:e4:d8:41:9e:50:45:
                    63:f1:65:a7:6a:55:ac:e9:7d:70:69:c8:30:ae:68:
                    d6:d7:d8:bb:37:b3:63:be:72:d4:95:72:5f:45:43:
                    87:d1:af:e3:7a:00:de:44:af:b5:87:c7:16:05:d9:
                    3d:f5:b8:d4:6a:38:a5:6b:7b:30:b9:6c:9d:ef:80:
                    d5:0c:67:79:0b:35:14:57:7d:87:42:22:fb:49:25:
                    e0:cb:c0:6c:59:e1:a6:25:cb:bc:4e:2f:ae:84:0b:
                    c9:c1:f2:1c:b9:f5:ab:ca:03:d3:13:58:60:3d:48:
                    4d:04:14:a3:c0:c1:d5:0c:18:c6:5e:5f:e4:5c:bd:
                    d6:df:bb:99:68:8a:b3:d2:62:59:06:74:13:b9:e6:
                    96:c0:a2:ec:28:27:5b:64:68:02:c6:4c:38:5c:4a:
                    af:33:cb:c1:0b:8b:d2:7c:ee:25:72:e2:f9:e6:a6:
                    70:c2:5c:c5:29:2c:0b:66:98:61:fe:47:2d:c7:69:
                    51:0c:b9:8c:b2:d7:de:69:41:94:d2:7b:47:97:4c:
                    c4:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:E1:15:BE:5C:D3:63:52:0C:39:6D:AC:E7:9B:43:F8:7E:D8:12:58
            X509v3 Authority Key Identifier:
                keyid:B8:69:CC:42:41:5E:AC:65:C4:BA:A1:A3:92:63:02:E8:8B:5E:16:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uGnMQkFerGXEuqGjkmMC6IteFik.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/732b26-3193-44a7-938e-af68467c3727/1/x-EVvlzTY1IMOW2s55tD-H7YElg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/732b26-3193-44a7-938e-af68467c3727/1/uGnMQkFerGXEuqGjkmMC6IteFik.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.145.64.0/18
                IPv6:
                  2a0b:7f80::/29

    Signature Algorithm: sha256WithRSAEncryption
         cc:0b:71:44:9e:3c:79:3a:0e:f4:12:0f:56:81:a4:2c:c1:75:
         8b:fc:de:43:19:fb:de:2b:7e:22:b9:b6:51:d3:17:c8:17:1b:
         bf:1e:d7:7e:f5:79:c0:77:d7:fa:02:5b:76:a9:7d:d2:72:3f:
         53:58:65:b9:00:e1:9f:58:88:d4:37:25:e1:a4:22:6e:98:9a:
         b8:84:9c:d4:88:4f:37:87:6a:c1:1f:bb:29:81:57:4b:b2:92:
         ce:33:45:7e:6b:d7:81:cc:ba:4f:85:a8:99:b4:c2:1a:e6:20:
         1f:cf:60:2f:1e:07:65:87:1a:27:63:44:9e:d3:5d:ff:d2:02:
         4b:89:f1:2a:4e:05:49:7a:27:b7:b7:28:dd:e7:ba:84:24:73:
         4e:d4:14:71:ba:37:3a:db:b9:3d:14:ed:bf:c2:c9:50:16:a3:
         45:d0:d0:42:d4:6f:b8:28:bf:e4:43:8a:97:7c:c6:a8:47:3a:
         cb:75:33:d5:29:c3:53:84:82:27:f2:3f:d9:a2:e5:2f:8d:e0:
         f4:63:9e:c4:39:c0:83:66:c2:4b:56:b7:27:8c:c8:d9:9a:e2:
         6e:3d:59:85:78:60:97:7b:07:25:97:d5:57:69:9b:1e:75:5a:
         63:fb:65:0a:30:94:c5:d3:26:fd:54:a6:bb:d0:ca:39:75:72:
         b9:3f:e6:f4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKmiB6EKeN+3nMgXllzsA6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4NjljYzQyNDE1ZWFjNjVjNGJhYTFhMzkyNjMwMmU4OGI1
ZTE2MjkwHhcNMjQwMTAyMTQzNTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2UxMTViZTVjZDM2MzUyMGMzOTZkYWNlNzliNDNmODdlZDgxMjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAncVAsM3dZYzJadHV7dM0j3Ms9u4Y
PW7KkHF9L5UKvU07eOOaSab1fOY+iuARL2PriRo9JQ/k2EGeUEVj8WWnalWs6X1w
acgwrmjW19i7N7NjvnLUlXJfRUOH0a/jegDeRK+1h8cWBdk99bjUajila3swuWyd
74DVDGd5CzUUV32HQiL7SSXgy8BsWeGmJcu8Ti+uhAvJwfIcufWrygPTE1hgPUhN
BBSjwMHVDBjGXl/kXL3W37uZaIqz0mJZBnQTueaWwKLsKCdbZGgCxkw4XEqvM8vB
C4vSfO4lcuL55qZwwlzFKSwLZphh/kctx2lRDLmMstfeaUGU0ntHl0zEewIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMfhFb5c02NSDDltrOebQ/h+2BJYMB8GA1UdIwQY
MBaAFLhpzEJBXqxlxLqho5JjAuiLXhYpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUduTVFrRmVyR1hFdXFHamttTUM2SXRlRmlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83MzJiMjYtMzE5My00NGE3LTkzOGUt
YWY2ODQ2N2MzNzI3LzEveC1FVnZselRZMUlNT1cyczU1dEQtSDdZRWxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83MzJiMjYtMzE5My00NGE3LTkzOGUtYWY2ODQ2N2MzNzI3
LzEvdUduTVFrRmVyR1hFdXFHamttTUM2SXRlRmlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQGPpFAMA0E
AgACMAcDBQMqC3+AMA0GCSqGSIb3DQEBCwUAA4IBAQDMC3FEnjx5Og70Eg9WgaQs
wXWL/N5DGfveK34iubZR0xfIFxu/Htd+9XnAd9f6Alt2qX3Scj9TWGW5AOGfWIjU
NyXhpCJumJq4hJzUiE83h2rBH7spgVdLspLOM0V+a9eBzLpPhaiZtMIa5iAfz2Av
HgdlhxonY0Se013/0gJLifEqTgVJeie3tyjd57qEJHNO1BRxujc627k9FO2/wslQ
FqNF0NBC1G+4KL/kQ4qXfMaoRzrLdTPVKcNThIIn8j/ZouUvjeD0Y57EOcCDZsJL
VrcnjMjZmuJuPVmFeGCXewcll9VXaZsedVpj+2UKMJTF0yb9VKa70Mo5dXK5P+b0
-----END CERTIFICATE-----