Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/37109d-1337-4b2d-bc1b-48dc88b56020/1/ip_vdS02CpK1QaC5IrkGjkTBh9s.roa
File:                     ip_vdS02CpK1QaC5IrkGjkTBh9s.roa (raw, json)
Hash identifier:          2NvKoHUkqkBquViqZB++CyHA9OVZCNFdSDHvBexvUFI=
Subject key identifier:   8A:9F:EF:75:2D:36:0A:92:B5:41:A0:B9:22:B9:06:8E:44:C1:87:DB
Certificate issuer:       /CN=08d79d20d76a9ddb075b94f9f00052ab218276b7
Certificate serial:       018CC56E1673CDA1A12B0382A4B5726E43A9
Authority key identifier: 08:D7:9D:20:D7:6A:9D:DB:07:5B:94:F9:F0:00:52:AB:21:82:76:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CNedINdqndsHW5T58ABSqyGCdrc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/37109d-1337-4b2d-bc1b-48dc88b56020/1/ip_vdS02CpK1QaC5IrkGjkTBh9s.roa
Signing time:             Mon 01 Jan 2024 14:29:35 +0000
ROA not before:           Mon 01 Jan 2024 14:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9121
IP address blocks:        62.108.64.0/22 maxlen: 24
                          62.108.68.0/22 maxlen: 24
                          62.108.72.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/37109d-1337-4b2d-bc1b-48dc88b56020/1/CNedINdqndsHW5T58ABSqyGCdrc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/37109d-1337-4b2d-bc1b-48dc88b56020/1/CNedINdqndsHW5T58ABSqyGCdrc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CNedINdqndsHW5T58ABSqyGCdrc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 18:17:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:16:73:cd:a1:a1:2b:03:82:a4:b5:72:6e:43:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08d79d20d76a9ddb075b94f9f00052ab218276b7
        Validity
            Not Before: Jan  1 14:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a9fef752d360a92b541a0b922b9068e44c187db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:f4:eb:e1:af:b4:1b:a9:d3:b0:8f:85:2b:a7:
                    fd:9f:02:0d:02:e0:85:16:77:1e:ee:15:fc:5e:bf:
                    2f:78:db:df:3e:4c:44:52:aa:82:15:1d:7b:eb:e1:
                    6a:d3:a2:d5:16:67:15:f9:c5:47:e8:81:6c:12:0e:
                    96:25:05:8e:ec:5e:10:3b:42:0b:64:cf:26:b0:db:
                    3e:f7:bb:56:fb:ad:e5:27:3f:86:fc:3c:b8:8f:58:
                    9a:7a:0c:b7:bb:cb:ea:64:19:7b:b4:49:97:4b:40:
                    17:77:0f:62:a6:10:ad:b2:a3:0b:ce:bd:8e:1a:a4:
                    6b:d8:78:86:e8:20:49:23:81:16:71:3b:5a:f5:b1:
                    33:01:d9:3b:9d:c3:b1:ef:6d:66:ab:7b:77:a4:5a:
                    5a:f4:48:f6:6b:f8:7e:d0:77:91:3d:8a:6f:cb:09:
                    03:8b:58:36:3a:89:5d:ca:21:0a:32:50:9f:83:a6:
                    70:11:d6:01:2a:61:e3:f2:93:26:82:a7:ff:4f:3b:
                    c0:50:6b:26:9c:bd:f9:c3:52:74:a2:2b:67:8e:e5:
                    e3:72:e4:ec:09:21:ec:ca:1d:c9:46:6e:fb:4b:ec:
                    c0:2e:af:15:f1:a5:d4:b0:af:ac:22:a9:5c:b8:e7:
                    64:13:0a:c0:55:6c:6a:30:bd:68:94:ad:5f:a1:4b:
                    06:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:9F:EF:75:2D:36:0A:92:B5:41:A0:B9:22:B9:06:8E:44:C1:87:DB
            X509v3 Authority Key Identifier:
                keyid:08:D7:9D:20:D7:6A:9D:DB:07:5B:94:F9:F0:00:52:AB:21:82:76:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CNedINdqndsHW5T58ABSqyGCdrc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/37109d-1337-4b2d-bc1b-48dc88b56020/1/ip_vdS02CpK1QaC5IrkGjkTBh9s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/37109d-1337-4b2d-bc1b-48dc88b56020/1/CNedINdqndsHW5T58ABSqyGCdrc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.108.64.0-62.108.75.255

    Signature Algorithm: sha256WithRSAEncryption
         a4:c6:d2:b5:5c:0f:11:56:16:91:41:93:69:46:32:28:52:a4:
         76:ab:ee:d3:f3:b4:64:0a:bb:96:fc:df:84:58:8a:d2:09:1a:
         a1:de:3d:65:8b:d3:8e:7d:3f:46:42:20:cb:a7:33:b2:03:8c:
         ab:2d:96:b1:70:5f:cd:86:a1:ba:61:ee:24:a1:fd:0c:17:b2:
         cd:26:00:c0:51:52:47:0b:d3:59:0a:04:f1:bb:be:0e:f2:08:
         f0:d3:f0:2c:ff:1d:86:78:e4:fe:01:c3:93:82:92:3d:43:2c:
         ef:a2:f9:32:b9:1a:13:e4:79:48:0b:93:c6:f9:ea:f1:cf:e4:
         a3:d9:28:28:52:81:6c:67:a0:33:a0:9b:f1:bd:ae:d9:08:b5:
         10:f2:e5:36:b6:42:a4:94:c9:40:3c:15:43:41:9e:cb:a3:49:
         49:dc:f2:c3:b5:6b:7b:70:52:dd:e5:cb:85:54:dc:27:f2:cc:
         f6:ac:72:f1:3b:31:7e:ad:0f:73:69:f9:5c:ca:c8:ad:81:6c:
         e2:ae:13:83:d2:61:b8:0c:95:56:c2:3e:1d:b6:f8:7e:9e:bd:
         71:60:e0:4d:7b:d4:68:14:a3:69:b2:ab:25:ac:b2:04:a8:45:
         06:8d:48:c9:4c:57:f6:84:3e:85:16:58:cf:75:96:fe:ff:68:
         af:25:40:e3
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzFbhZzzaGhKwOCpLVybkOpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ZDc5ZDIwZDc2YTlkZGIwNzViOTRmOWYwMDA1MmFiMjE4
Mjc2YjcwHhcNMjQwMTAxMTQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTlmZWY3NTJkMzYwYTkyYjU0MWEwYjkyMmI5MDY4ZTQ0YzE4N2RiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5fTr4a+0G6nTsI+FK6f9nwINAuCF
Fnce7hX8Xr8veNvfPkxEUqqCFR176+Fq06LVFmcV+cVH6IFsEg6WJQWO7F4QO0IL
ZM8msNs+97tW+63lJz+G/Dy4j1iaegy3u8vqZBl7tEmXS0AXdw9iphCtsqMLzr2O
GqRr2HiG6CBJI4EWcTta9bEzAdk7ncOx721mq3t3pFpa9Ej2a/h+0HeRPYpvywkD
i1g2OoldyiEKMlCfg6ZwEdYBKmHj8pMmgqf/TzvAUGsmnL35w1J0oitnjuXjcuTs
CSHsyh3JRm77S+zALq8V8aXUsK+sIqlcuOdkEwrAVWxqML1olK1foUsGowIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIqf73UtNgqStUGguSK5Bo5EwYfbMB8GA1UdIwQY
MBaAFAjXnSDXap3bB1uU+fAAUqshgna3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ05lZElOZHFuZHNIVzVUNThBQlNxeUdDZHJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8zNzEwOWQtMTMzNy00YjJkLWJjMWIt
NDhkYzg4YjU2MDIwLzEvaXBfdmRTMDJDcEsxUWFDNUlya0dqa1RCaDlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8zNzEwOWQtMTMzNy00YjJkLWJjMWItNDhkYzg4YjU2MDIw
LzEvQ05lZElOZHFuZHNIVzVUNThBQlNxeUdDZHJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAY+bEAD
BAI+bEgwDQYJKoZIhvcNAQELBQADggEBAKTG0rVcDxFWFpFBk2lGMihSpHar7tPz
tGQKu5b834RYitIJGqHePWWL0459P0ZCIMunM7IDjKstlrFwX82Gobph7iSh/QwX
ss0mAMBRUkcL01kKBPG7vg7yCPDT8Cz/HYZ45P4Bw5OCkj1DLO+i+TK5GhPkeUgL
k8b56vHP5KPZKChSgWxnoDOgm/G9rtkItRDy5Ta2QqSUyUA8FUNBnsujSUnc8sO1
a3twUt3ly4VU3CfyzPascvE7MX6tD3Np+VzKyK2BbOKuE4PSYbgMlVbCPh22+H6e
vXFg4E171GgUo2myqyWssgSoRQaNSMlMV/aEPoUWWM91lv7/aK8lQOM=
-----END CERTIFICATE-----