Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/37109d-1337-4b2d-bc1b-48dc88b56020/1/JqcaBjXFPRhjFP95sNdHBsG25IM.roa
File:                     JqcaBjXFPRhjFP95sNdHBsG25IM.roa (raw, json)
Hash identifier:          2jjp2v0HjTSwWPOM0wfwtYsjZ2O3chG+OJ6z8HZsvbU=
Subject key identifier:   26:A7:1A:06:35:C5:3D:18:63:14:FF:79:B0:D7:47:06:C1:B6:E4:83
Certificate issuer:       /CN=08d79d20d76a9ddb075b94f9f00052ab218276b7
Certificate serial:       019204F8113D72597C2467045BF6751CC540
Authority key identifier: 08:D7:9D:20:D7:6A:9D:DB:07:5B:94:F9:F0:00:52:AB:21:82:76:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CNedINdqndsHW5T58ABSqyGCdrc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/37109d-1337-4b2d-bc1b-48dc88b56020/1/JqcaBjXFPRhjFP95sNdHBsG25IM.roa
Signing time:             Wed 18 Sep 2024 11:50:19 +0000
ROA not before:           Wed 18 Sep 2024 11:50:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8831
IP address blocks:        62.108.64.0/21 maxlen: 21
                          62.108.64.0/22 maxlen: 24
                          62.108.68.0/22 maxlen: 24
                          62.108.72.0/22 maxlen: 24
                          62.108.76.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/37109d-1337-4b2d-bc1b-48dc88b56020/1/CNedINdqndsHW5T58ABSqyGCdrc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/37109d-1337-4b2d-bc1b-48dc88b56020/1/CNedINdqndsHW5T58ABSqyGCdrc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CNedINdqndsHW5T58ABSqyGCdrc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:04:f8:11:3d:72:59:7c:24:67:04:5b:f6:75:1c:c5:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08d79d20d76a9ddb075b94f9f00052ab218276b7
        Validity
            Not Before: Sep 18 11:50:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=26a71a0635c53d186314ff79b0d74706c1b6e483
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:ae:6a:3e:5c:61:05:aa:e4:5c:95:62:c0:6e:
                    d3:52:5e:d2:fe:d2:8e:21:78:57:dd:a3:00:bd:4f:
                    4b:73:cc:72:ab:5e:99:44:4c:4b:4c:ad:47:c6:05:
                    e1:d9:78:6f:05:ea:5e:c2:96:1e:32:a0:a4:7d:d5:
                    28:77:96:72:a4:5f:0a:61:59:f4:72:76:f0:93:9b:
                    88:87:11:6f:08:8a:e4:94:1f:29:f4:53:c0:3e:51:
                    54:17:d9:90:6b:a8:97:05:d8:0a:d5:13:7f:3d:41:
                    66:90:59:45:2b:5c:19:80:b3:66:74:cb:5f:77:c1:
                    15:ec:fe:27:d0:e2:67:97:b8:34:64:3a:87:27:a3:
                    2a:e7:3f:44:8b:3c:7a:4d:77:02:01:f4:9b:d4:69:
                    71:01:fd:60:95:d9:11:b9:a1:f8:94:0a:95:cd:c7:
                    07:ab:9f:5a:8a:00:a5:cd:8f:98:9b:94:2f:50:e3:
                    75:3a:5a:63:96:f8:ca:9d:03:3d:23:90:9b:46:0c:
                    bb:83:18:67:5a:cc:fe:c9:07:9b:1c:f1:47:58:c2:
                    a0:13:72:0d:a9:30:dd:71:9a:eb:fd:e1:1c:93:59:
                    a0:ac:29:18:af:1b:79:8a:6a:54:20:87:9d:13:61:
                    9e:48:3c:75:4f:2b:21:2c:d8:ef:6e:10:4b:64:e7:
                    9d:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:A7:1A:06:35:C5:3D:18:63:14:FF:79:B0:D7:47:06:C1:B6:E4:83
            X509v3 Authority Key Identifier:
                keyid:08:D7:9D:20:D7:6A:9D:DB:07:5B:94:F9:F0:00:52:AB:21:82:76:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CNedINdqndsHW5T58ABSqyGCdrc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/37109d-1337-4b2d-bc1b-48dc88b56020/1/JqcaBjXFPRhjFP95sNdHBsG25IM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/37109d-1337-4b2d-bc1b-48dc88b56020/1/CNedINdqndsHW5T58ABSqyGCdrc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.108.64.0/20

    Signature Algorithm: sha256WithRSAEncryption
         a5:b7:74:6f:d1:ce:8f:44:2a:80:c2:52:f8:ab:7e:c5:cb:f4:
         f7:ad:02:a8:a9:d3:d2:64:0e:35:81:91:88:9b:4d:64:0b:02:
         3b:5e:fd:4b:1b:ff:89:f3:82:72:3d:da:dd:61:01:e7:8d:bc:
         71:8b:c6:8a:33:a0:cc:fc:d3:6f:04:35:00:6e:eb:20:33:ff:
         fa:6f:61:32:27:a4:d3:d5:52:48:77:68:cc:42:9a:9b:d9:80:
         a6:fa:e0:dc:1a:87:c3:c9:2b:eb:aa:fb:1f:03:9e:47:c4:21:
         1e:ae:43:f8:cf:91:dd:d5:0f:47:81:6b:a4:bd:e0:d6:07:f6:
         31:b7:2b:67:a5:71:c9:29:bc:f9:c3:fc:8d:c3:92:dc:48:90:
         06:62:0c:dc:7f:f2:09:4f:6d:6b:3e:fa:28:58:de:e0:20:46:
         c7:2b:13:fd:19:7d:25:a7:7c:62:2a:79:be:42:fb:72:4f:ca:
         e4:f3:98:31:5b:ac:7b:41:07:f9:12:02:7a:be:e4:37:67:66:
         26:51:5e:08:69:c0:4d:d7:27:23:04:78:67:8c:ba:26:c8:e7:
         b3:70:06:84:5f:f5:65:2d:4a:7e:72:aa:ec:c2:6a:53:0c:9d:
         89:a4:10:5b:47:9e:9d:f5:10:40:63:94:1c:65:14:1e:84:92:
         4a:5f:ad:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIE+BE9cll8JGcEW/Z1HMVAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ZDc5ZDIwZDc2YTlkZGIwNzViOTRmOWYwMDA1MmFiMjE4
Mjc2YjcwHhcNMjQwOTE4MTE1MDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmE3MWEwNjM1YzUzZDE4NjMxNGZmNzliMGQ3NDcwNmMxYjZlNDgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5K5qPlxhBarkXJViwG7TUl7S/tKO
IXhX3aMAvU9Lc8xyq16ZRExLTK1HxgXh2XhvBepewpYeMqCkfdUod5ZypF8KYVn0
cnbwk5uIhxFvCIrklB8p9FPAPlFUF9mQa6iXBdgK1RN/PUFmkFlFK1wZgLNmdMtf
d8EV7P4n0OJnl7g0ZDqHJ6Mq5z9Eizx6TXcCAfSb1GlxAf1gldkRuaH4lAqVzccH
q59aigClzY+Ym5QvUON1OlpjlvjKnQM9I5CbRgy7gxhnWsz+yQebHPFHWMKgE3IN
qTDdcZrr/eEck1mgrCkYrxt5impUIIedE2GeSDx1TyshLNjvbhBLZOed+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCanGgY1xT0YYxT/ebDXRwbBtuSDMB8GA1UdIwQY
MBaAFAjXnSDXap3bB1uU+fAAUqshgna3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ05lZElOZHFuZHNIVzVUNThBQlNxeUdDZHJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8zNzEwOWQtMTMzNy00YjJkLWJjMWIt
NDhkYzg4YjU2MDIwLzEvSnFjYUJqWEZQUmhqRlA5NXNOZEhCc0cyNUlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8zNzEwOWQtMTMzNy00YjJkLWJjMWItNDhkYzg4YjU2MDIw
LzEvQ05lZElOZHFuZHNIVzVUNThBQlNxeUdDZHJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEPmxAMA0G
CSqGSIb3DQEBCwUAA4IBAQClt3Rv0c6PRCqAwlL4q37Fy/T3rQKoqdPSZA41gZGI
m01kCwI7Xv1LG/+J84JyPdrdYQHnjbxxi8aKM6DM/NNvBDUAbusgM//6b2EyJ6TT
1VJId2jMQpqb2YCm+uDcGofDySvrqvsfA55HxCEerkP4z5Hd1Q9HgWukveDWB/Yx
tytnpXHJKbz5w/yNw5LcSJAGYgzcf/IJT21rPvooWN7gIEbHKxP9GX0lp3xiKnm+
QvtyT8rk85gxW6x7QQf5EgJ6vuQ3Z2YmUV4IacBN1ycjBHhnjLomyOezcAaEX/Vl
LUp+cqrswmpTDJ2JpBBbR56d9RBAY5QcZRQehJJKX620
-----END CERTIFICATE-----