Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/37109d-1337-4b2d-bc1b-48dc88b56020/1/pcrmxUSnHd2oOsHG7g0gPYbli_k.roa
File:                     pcrmxUSnHd2oOsHG7g0gPYbli_k.roa (raw, json)
Hash identifier:          OUZ5NLEnu+Hmk3SuGMFwVvzI7ie/L5S+PCvTFmGzXn4=
Subject key identifier:   A5:CA:E6:C5:44:A7:1D:DD:A8:3A:C1:C6:EE:0D:20:3D:86:E5:8B:F9
Certificate issuer:       /CN=08d79d20d76a9ddb075b94f9f00052ab218276b7
Certificate serial:       018CC56E169C87824EA440569A3C687B9178
Authority key identifier: 08:D7:9D:20:D7:6A:9D:DB:07:5B:94:F9:F0:00:52:AB:21:82:76:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CNedINdqndsHW5T58ABSqyGCdrc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/37109d-1337-4b2d-bc1b-48dc88b56020/1/pcrmxUSnHd2oOsHG7g0gPYbli_k.roa
Signing time:             Mon 01 Jan 2024 14:29:35 +0000
ROA not before:           Mon 01 Jan 2024 14:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34984
IP address blocks:        62.108.64.0/22 maxlen: 24
                          62.108.68.0/22 maxlen: 24
                          62.108.72.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/37109d-1337-4b2d-bc1b-48dc88b56020/1/CNedINdqndsHW5T58ABSqyGCdrc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/37109d-1337-4b2d-bc1b-48dc88b56020/1/CNedINdqndsHW5T58ABSqyGCdrc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CNedINdqndsHW5T58ABSqyGCdrc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:16:9c:87:82:4e:a4:40:56:9a:3c:68:7b:91:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08d79d20d76a9ddb075b94f9f00052ab218276b7
        Validity
            Not Before: Jan  1 14:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a5cae6c544a71ddda83ac1c6ee0d203d86e58bf9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:79:1a:65:c5:f6:20:d3:0f:7c:5f:c3:94:fb:
                    6b:6e:ae:9b:d7:6c:bc:75:d3:d5:40:b1:79:a6:e7:
                    57:05:cd:34:68:9a:fc:01:60:db:cc:b0:21:5a:aa:
                    19:c3:6b:79:7b:7e:02:11:ae:cf:23:26:1c:3f:ee:
                    fe:55:fa:85:05:a5:c4:a1:bf:a0:d4:a7:bc:f0:8a:
                    aa:f6:1b:07:e8:60:46:79:d1:81:5d:6e:bb:8e:00:
                    90:31:49:cd:56:df:4b:7e:0e:e8:ff:29:fe:23:f7:
                    8c:19:d1:3d:6a:86:4f:be:ec:19:61:6e:58:b4:8a:
                    ef:7d:13:b5:0a:e5:b7:ec:82:58:5f:aa:ec:2e:65:
                    d5:ba:9f:6f:45:9a:aa:ff:75:ce:ee:c2:4e:7a:11:
                    6c:75:5a:9d:dc:86:31:65:6e:d5:9c:1c:8a:7b:bc:
                    b7:19:06:e5:98:07:6b:29:6f:35:90:79:49:13:37:
                    ac:96:19:f6:2d:3a:0d:d6:8f:24:5a:3f:ba:39:1e:
                    92:28:71:a2:06:63:48:d0:c1:77:70:4c:32:9a:de:
                    5b:57:59:f3:4a:46:4d:eb:cd:71:18:71:69:3f:d4:
                    83:f0:76:0f:26:b2:d0:50:3e:7c:13:3e:20:e4:22:
                    c7:d2:fd:ad:e1:94:74:f5:98:6b:ab:39:2c:87:b0:
                    cb:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:CA:E6:C5:44:A7:1D:DD:A8:3A:C1:C6:EE:0D:20:3D:86:E5:8B:F9
            X509v3 Authority Key Identifier:
                keyid:08:D7:9D:20:D7:6A:9D:DB:07:5B:94:F9:F0:00:52:AB:21:82:76:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CNedINdqndsHW5T58ABSqyGCdrc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/37109d-1337-4b2d-bc1b-48dc88b56020/1/pcrmxUSnHd2oOsHG7g0gPYbli_k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/37109d-1337-4b2d-bc1b-48dc88b56020/1/CNedINdqndsHW5T58ABSqyGCdrc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.108.64.0-62.108.75.255

    Signature Algorithm: sha256WithRSAEncryption
         15:68:b4:8c:f5:6d:a0:c7:c4:a8:fb:36:ab:2c:f3:37:9e:19:
         16:3d:c2:30:34:43:7e:37:c0:ef:78:53:39:01:2d:f5:d5:c2:
         d6:da:78:f0:6e:b8:40:b8:72:c3:7f:a8:a8:ae:59:ea:41:63:
         fa:51:bd:1c:b4:da:5c:79:9a:c8:0e:c8:f8:ff:d3:3a:cb:e1:
         ef:b0:70:fb:c0:09:c1:38:17:03:d4:90:a2:dd:44:88:f8:06:
         e3:fd:02:ae:f4:61:8c:71:16:9c:f6:8a:ff:20:c4:e3:22:9d:
         92:a1:10:09:c7:eb:ad:38:ed:86:58:bd:e7:4d:ca:ec:ac:06:
         08:7d:6f:0a:80:da:74:7d:3d:94:7c:6e:77:e4:96:a7:49:90:
         1d:d8:ee:9e:f6:ea:f4:c7:2b:79:8a:28:5f:7f:7a:9f:38:04:
         ec:d2:c5:1a:f8:89:18:b4:c1:80:28:75:78:82:62:ab:40:5a:
         75:cb:81:c7:85:0f:a1:14:46:18:1d:ae:42:6e:02:94:73:ad:
         1a:7d:4f:26:c1:3e:a9:5a:1b:7c:de:3f:ff:12:4a:1e:9c:88:
         2e:7e:cd:9a:29:cd:f2:04:83:05:16:1e:17:a2:2f:6a:5a:02:
         fa:48:32:42:b2:31:8f:c0:35:ae:b9:e6:77:3d:d5:48:5e:24:
         ab:43:08:cb
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzFbhach4JOpEBWmjxoe5F4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ZDc5ZDIwZDc2YTlkZGIwNzViOTRmOWYwMDA1MmFiMjE4
Mjc2YjcwHhcNMjQwMTAxMTQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWNhZTZjNTQ0YTcxZGRkYTgzYWMxYzZlZTBkMjAzZDg2ZTU4YmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi3kaZcX2INMPfF/DlPtrbq6b12y8
ddPVQLF5pudXBc00aJr8AWDbzLAhWqoZw2t5e34CEa7PIyYcP+7+VfqFBaXEob+g
1Ke88Iqq9hsH6GBGedGBXW67jgCQMUnNVt9Lfg7o/yn+I/eMGdE9aoZPvuwZYW5Y
tIrvfRO1CuW37IJYX6rsLmXVup9vRZqq/3XO7sJOehFsdVqd3IYxZW7VnByKe7y3
GQblmAdrKW81kHlJEzeslhn2LToN1o8kWj+6OR6SKHGiBmNI0MF3cEwymt5bV1nz
SkZN681xGHFpP9SD8HYPJrLQUD58Ez4g5CLH0v2t4ZR09Zhrqzksh7DL/QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFKXK5sVEpx3dqDrBxu4NID2G5Yv5MB8GA1UdIwQY
MBaAFAjXnSDXap3bB1uU+fAAUqshgna3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ05lZElOZHFuZHNIVzVUNThBQlNxeUdDZHJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8zNzEwOWQtMTMzNy00YjJkLWJjMWIt
NDhkYzg4YjU2MDIwLzEvcGNybXhVU25IZDJvT3NIRzdnMGdQWWJsaV9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8zNzEwOWQtMTMzNy00YjJkLWJjMWItNDhkYzg4YjU2MDIw
LzEvQ05lZElOZHFuZHNIVzVUNThBQlNxeUdDZHJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAY+bEAD
BAI+bEgwDQYJKoZIhvcNAQELBQADggEBABVotIz1baDHxKj7Nqss8zeeGRY9wjA0
Q343wO94UzkBLfXVwtbaePBuuEC4csN/qKiuWepBY/pRvRy02lx5msgOyPj/0zrL
4e+wcPvACcE4FwPUkKLdRIj4BuP9Aq70YYxxFpz2iv8gxOMinZKhEAnH66047YZY
vedNyuysBgh9bwqA2nR9PZR8bnfklqdJkB3Y7p726vTHK3mKKF9/ep84BOzSxRr4
iRi0wYAodXiCYqtAWnXLgceFD6EURhgdrkJuApRzrRp9TybBPqlaG3zeP/8SSh6c
iC5+zZopzfIEgwUWHheiL2paAvpIMkKyMY/ANa655nc91UheJKtDCMs=
-----END CERTIFICATE-----