Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/51a655-2735-49ef-80df-b316db5938ff/1/Nv57qBE76yx4x6y49GkUjLAUC6U.roa
File:                     Nv57qBE76yx4x6y49GkUjLAUC6U.roa (raw, json)
Hash identifier:          QJMleDyq1SsgGPqIGcfalA2l/GYK2dzurHR4C0+lI9M=
Subject key identifier:   36:FE:7B:A8:11:3B:EB:2C:78:C7:AC:B8:F4:69:14:8C:B0:14:0B:A5
Certificate issuer:       /CN=68d24addcc3d5b77a099a907122252a47c8f6310
Certificate serial:       018CC793337206ED6D2B3D4E5F7B4090A623
Authority key identifier: 68:D2:4A:DD:CC:3D:5B:77:A0:99:A9:07:12:22:52:A4:7C:8F:63:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aNJK3cw9W3egmakHEiJSpHyPYxA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/51a655-2735-49ef-80df-b316db5938ff/1/Nv57qBE76yx4x6y49GkUjLAUC6U.roa
Signing time:             Tue 02 Jan 2024 00:29:22 +0000
ROA not before:           Tue 02 Jan 2024 00:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1902
IP address blocks:        62.152.128.0/20 maxlen: 20
                          62.152.142.0/24 maxlen: 24
                          62.152.141.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/51a655-2735-49ef-80df-b316db5938ff/1/aNJK3cw9W3egmakHEiJSpHyPYxA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/51a655-2735-49ef-80df-b316db5938ff/1/aNJK3cw9W3egmakHEiJSpHyPYxA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aNJK3cw9W3egmakHEiJSpHyPYxA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 19:51:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:33:72:06:ed:6d:2b:3d:4e:5f:7b:40:90:a6:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68d24addcc3d5b77a099a907122252a47c8f6310
        Validity
            Not Before: Jan  2 00:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=36fe7ba8113beb2c78c7acb8f469148cb0140ba5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:58:af:2d:db:07:92:ca:64:a3:b6:cd:17:00:
                    7f:e0:c6:23:01:7e:10:3b:88:dc:c9:36:98:2d:60:
                    91:b2:ec:6a:1a:e4:33:84:82:21:82:52:fb:82:40:
                    d5:66:30:23:e3:81:c9:8d:0d:d9:87:ab:8f:b4:dd:
                    78:ed:87:eb:0e:bd:6b:ee:39:89:14:a7:b3:a5:4f:
                    c0:de:e7:cd:c2:c5:a0:fb:6b:73:98:c5:fa:1c:7c:
                    85:87:65:ed:9e:bd:8f:85:15:56:25:8a:04:0e:30:
                    97:ba:d4:2e:2b:8c:98:f9:e4:18:e5:d9:3f:38:d1:
                    c7:53:15:c5:fa:e2:08:d2:5a:fe:02:0d:ee:f7:11:
                    b7:6b:46:cc:08:fa:e3:77:01:42:8f:1b:ea:32:ee:
                    3d:0e:b5:b3:ee:c0:be:ad:38:8d:06:35:51:ea:01:
                    e9:4e:7a:fd:05:34:ec:32:fd:11:60:16:fb:a7:e1:
                    b7:a6:48:96:b4:ab:03:29:a9:a4:06:8b:7a:15:95:
                    d2:63:f4:d0:19:54:02:bf:70:39:2f:ab:fb:5b:46:
                    2b:53:a3:2a:b9:3a:0f:50:c3:06:a1:03:d2:97:ec:
                    7b:32:87:31:af:a6:5a:8b:a5:db:a7:89:82:da:a0:
                    6e:b6:4f:b5:f0:87:94:9a:b1:57:ac:75:1f:47:b6:
                    16:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:FE:7B:A8:11:3B:EB:2C:78:C7:AC:B8:F4:69:14:8C:B0:14:0B:A5
            X509v3 Authority Key Identifier:
                keyid:68:D2:4A:DD:CC:3D:5B:77:A0:99:A9:07:12:22:52:A4:7C:8F:63:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aNJK3cw9W3egmakHEiJSpHyPYxA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/51a655-2735-49ef-80df-b316db5938ff/1/Nv57qBE76yx4x6y49GkUjLAUC6U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/51a655-2735-49ef-80df-b316db5938ff/1/aNJK3cw9W3egmakHEiJSpHyPYxA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.152.128.0/20

    Signature Algorithm: sha256WithRSAEncryption
         63:c1:37:16:4e:f6:c8:ce:25:b1:8e:94:97:82:58:dd:fc:9a:
         0f:85:3b:30:41:24:ee:59:a1:98:8d:8f:89:fd:b9:8d:94:ad:
         22:c7:a1:e9:9e:74:71:89:1a:c5:a4:89:f8:42:a2:26:b9:9f:
         9d:64:69:e6:9d:85:d9:b2:74:e9:51:5c:68:c0:50:16:ca:6a:
         91:dc:8e:d5:9a:a9:53:df:cd:1b:c1:d8:ed:ee:cb:64:c2:0d:
         80:f9:47:22:2b:e3:63:ea:f3:a7:38:03:cc:08:3d:51:d7:2f:
         22:0a:3f:a8:8c:88:61:39:da:28:d2:32:1b:a2:fc:85:97:ed:
         b7:e0:91:9e:80:d1:82:0c:32:04:3d:6a:22:84:04:95:3f:67:
         80:89:50:99:db:06:8a:eb:67:cc:af:34:5f:21:01:aa:a7:4c:
         54:a3:b5:a3:ea:fc:90:2a:de:bb:df:12:9b:17:8f:a8:f4:17:
         95:98:c0:cb:38:e5:ac:d1:b4:97:bd:20:1e:1f:ba:0f:77:13:
         33:2e:e3:f3:77:31:8d:e6:3d:49:b3:7b:03:49:ce:a5:e4:b7:
         69:77:41:e2:ab:72:db:28:31:d6:35:da:d9:69:ca:bd:3e:45:
         22:6a:69:38:4a:d0:fc:14:93:36:07:bb:b5:ab:8b:bc:67:e6:
         e2:b6:fb:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHkzNyBu1tKz1OX3tAkKYjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4ZDI0YWRkY2MzZDViNzdhMDk5YTkwNzEyMjI1MmE0N2M4
ZjYzMTAwHhcNMjQwMTAyMDAyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmZlN2JhODExM2JlYjJjNzhjN2FjYjhmNDY5MTQ4Y2IwMTQwYmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoFivLdsHkspko7bNFwB/4MYjAX4Q
O4jcyTaYLWCRsuxqGuQzhIIhglL7gkDVZjAj44HJjQ3Zh6uPtN147YfrDr1r7jmJ
FKezpU/A3ufNwsWg+2tzmMX6HHyFh2Xtnr2PhRVWJYoEDjCXutQuK4yY+eQY5dk/
ONHHUxXF+uII0lr+Ag3u9xG3a0bMCPrjdwFCjxvqMu49DrWz7sC+rTiNBjVR6gHp
Tnr9BTTsMv0RYBb7p+G3pkiWtKsDKamkBot6FZXSY/TQGVQCv3A5L6v7W0YrU6Mq
uToPUMMGoQPSl+x7Mocxr6Zai6Xbp4mC2qButk+18IeUmrFXrHUfR7YW0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDb+e6gRO+sseMesuPRpFIywFAulMB8GA1UdIwQY
MBaAFGjSSt3MPVt3oJmpBxIiUqR8j2MQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU5KSzNjdzlXM2VnbWFrSEVpSlNwSHlQWXhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi81MWE2NTUtMjczNS00OWVmLTgwZGYt
YjMxNmRiNTkzOGZmLzEvTnY1N3FCRTc2eXg0eDZ5NDlHa1VqTEFVQzZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi81MWE2NTUtMjczNS00OWVmLTgwZGYtYjMxNmRiNTkzOGZm
LzEvYU5KSzNjdzlXM2VnbWFrSEVpSlNwSHlQWXhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEPpiAMA0G
CSqGSIb3DQEBCwUAA4IBAQBjwTcWTvbIziWxjpSXgljd/JoPhTswQSTuWaGYjY+J
/bmNlK0ix6HpnnRxiRrFpIn4QqImuZ+dZGnmnYXZsnTpUVxowFAWymqR3I7VmqlT
380bwdjt7stkwg2A+UciK+Nj6vOnOAPMCD1R1y8iCj+ojIhhOdoo0jIbovyFl+23
4JGegNGCDDIEPWoihASVP2eAiVCZ2waK62fMrzRfIQGqp0xUo7Wj6vyQKt673xKb
F4+o9BeVmMDLOOWs0bSXvSAeH7oPdxMzLuPzdzGN5j1Js3sDSc6l5Ldpd0Hiq3Lb
KDHWNdrZacq9PkUiamk4StD8FJM2B7u1q4u8Z+bitvvG
-----END CERTIFICATE-----