Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/7262b8-a1a7-4d13-8793-d3887dc45c6d/1/S6N_DpDrvilhHQvUn80TztRdHMg.roa
File:                     S6N_DpDrvilhHQvUn80TztRdHMg.roa (raw, json)
Hash identifier:          UuyFYrk4wuUiVfKe6FXt/cjJwfvhlSEZlOuyyr9r134=
Subject key identifier:   4B:A3:7F:0E:90:EB:BE:29:61:1D:0B:D4:9F:CD:13:CE:D4:5D:1C:C8
Certificate issuer:       /CN=6325f514270167a43e65e27df9b3d26efb29c31c
Certificate serial:       018CC8DED8F8F67643339D5205C461163216
Authority key identifier: 63:25:F5:14:27:01:67:A4:3E:65:E2:7D:F9:B3:D2:6E:FB:29:C3:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YyX1FCcBZ6Q-ZeJ9-bPSbvspwxw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/7262b8-a1a7-4d13-8793-d3887dc45c6d/1/S6N_DpDrvilhHQvUn80TztRdHMg.roa
Signing time:             Tue 02 Jan 2024 06:31:36 +0000
ROA not before:           Tue 02 Jan 2024 06:31:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47641
IP address blocks:        139.28.60.0/22 maxlen: 24
                          2a09:f580::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/7262b8-a1a7-4d13-8793-d3887dc45c6d/1/YyX1FCcBZ6Q-ZeJ9-bPSbvspwxw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/7262b8-a1a7-4d13-8793-d3887dc45c6d/1/YyX1FCcBZ6Q-ZeJ9-bPSbvspwxw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YyX1FCcBZ6Q-ZeJ9-bPSbvspwxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:d8:f8:f6:76:43:33:9d:52:05:c4:61:16:32:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6325f514270167a43e65e27df9b3d26efb29c31c
        Validity
            Not Before: Jan  2 06:31:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4ba37f0e90ebbe29611d0bd49fcd13ced45d1cc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:74:0f:32:03:8f:86:0d:8d:a0:7a:cb:12:d1:
                    64:20:d3:7a:6a:8b:bd:ab:13:71:fe:de:df:42:bd:
                    2b:cf:ec:3e:12:33:90:45:70:7c:56:9a:cc:1b:49:
                    64:7a:0e:18:da:cf:d3:c4:2e:2d:f4:94:3d:6a:02:
                    6f:83:6f:7b:76:a3:94:b7:db:ab:07:d1:74:d7:67:
                    5f:71:82:53:1c:4a:c6:a5:91:29:12:13:d5:fe:e7:
                    6f:07:83:7d:1a:a7:1a:3c:33:ab:8b:bd:8b:c7:af:
                    8b:22:1b:d1:09:c5:94:be:bf:5a:fe:18:af:8b:fe:
                    91:70:37:71:4c:1c:3d:6c:f0:b4:5e:31:ab:02:eb:
                    6a:33:83:5f:1c:0b:0f:bc:2d:ee:61:59:0a:bc:92:
                    d7:a6:7b:a7:5b:c0:de:5e:03:74:a9:d9:f6:e7:dc:
                    9b:8d:58:b7:38:f7:fd:7d:a9:52:2d:31:b0:25:39:
                    99:b7:c1:4e:8a:4d:77:3c:c3:55:b1:b1:b0:5f:17:
                    e1:01:22:71:bb:88:40:44:e5:2c:7a:09:f1:99:35:
                    53:69:dc:96:ab:73:f6:21:e5:09:7f:a3:1a:20:e0:
                    00:18:e5:d7:17:e7:a2:de:29:95:6a:83:42:f7:fc:
                    65:a1:de:1f:e9:85:41:7d:51:71:25:ce:70:d8:65:
                    11:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:A3:7F:0E:90:EB:BE:29:61:1D:0B:D4:9F:CD:13:CE:D4:5D:1C:C8
            X509v3 Authority Key Identifier:
                keyid:63:25:F5:14:27:01:67:A4:3E:65:E2:7D:F9:B3:D2:6E:FB:29:C3:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YyX1FCcBZ6Q-ZeJ9-bPSbvspwxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/7262b8-a1a7-4d13-8793-d3887dc45c6d/1/S6N_DpDrvilhHQvUn80TztRdHMg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/7262b8-a1a7-4d13-8793-d3887dc45c6d/1/YyX1FCcBZ6Q-ZeJ9-bPSbvspwxw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.28.60.0/22
                IPv6:
                  2a09:f580::/29

    Signature Algorithm: sha256WithRSAEncryption
         58:35:9b:bc:18:e1:9c:07:c9:77:b9:36:e7:52:17:fd:ab:9a:
         ed:3b:21:d8:91:2e:37:13:99:b9:a6:1e:07:29:a7:38:f8:34:
         23:92:e4:27:be:73:16:3c:4b:d6:52:17:0f:e3:90:75:aa:6c:
         d2:a7:21:d1:c9:d3:b9:4d:e4:1b:53:97:76:6f:98:73:7b:ea:
         c7:ed:cf:47:b8:da:9e:9f:a4:5f:ce:a5:47:49:b7:19:d9:22:
         56:4a:58:05:64:bf:a0:33:fd:68:49:d9:c8:b4:43:a5:ba:d9:
         3e:35:b0:a1:a2:a3:4a:fb:c8:0b:fd:47:ea:ac:d3:79:d3:92:
         78:08:66:84:c1:63:7c:3c:b3:6d:c0:35:29:ea:d4:56:8b:cc:
         2b:3a:32:08:74:53:43:c4:57:82:e8:f7:bb:6a:4d:29:cf:21:
         67:83:35:55:8a:d9:4f:23:fc:19:b3:fd:b2:75:37:e8:f2:75:
         ae:40:4f:7d:48:c5:ae:af:a2:f3:17:bc:f5:71:fb:15:bc:4b:
         43:99:74:46:23:53:e1:bb:2c:fe:1a:0e:ed:b0:16:b7:91:94:
         39:61:82:25:87:02:7c:48:12:f2:62:87:3a:b8:10:5d:00:ba:
         fb:aa:fb:9b:4e:16:4e:be:ff:6b:65:34:aa:b4:38:65:0b:98:
         9d:f4:4a:6d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI3tj49nZDM51SBcRhFjIWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMjVmNTE0MjcwMTY3YTQzZTY1ZTI3ZGY5YjNkMjZlZmIy
OWMzMWMwHhcNMjQwMTAyMDYzMTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmEzN2YwZTkwZWJiZTI5NjExZDBiZDQ5ZmNkMTNjZWQ0NWQxY2M4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArXQPMgOPhg2NoHrLEtFkINN6aou9
qxNx/t7fQr0rz+w+EjOQRXB8VprMG0lkeg4Y2s/TxC4t9JQ9agJvg297dqOUt9ur
B9F012dfcYJTHErGpZEpEhPV/udvB4N9GqcaPDOri72Lx6+LIhvRCcWUvr9a/hiv
i/6RcDdxTBw9bPC0XjGrAutqM4NfHAsPvC3uYVkKvJLXpnunW8DeXgN0qdn259yb
jVi3OPf9falSLTGwJTmZt8FOik13PMNVsbGwXxfhASJxu4hAROUsegnxmTVTadyW
q3P2IeUJf6MaIOAAGOXXF+ei3imVaoNC9/xlod4f6YVBfVFxJc5w2GURWwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEujfw6Q674pYR0L1J/NE87UXRzIMB8GA1UdIwQY
MBaAFGMl9RQnAWekPmXiffmz0m77KcMcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXlYMUZDY0JaNlEtWmVKOS1iUFNidnNwd3h3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi83MjYyYjgtYTFhNy00ZDEzLTg3OTMt
ZDM4ODdkYzQ1YzZkLzEvUzZOX0RwRHJ2aWxoSFF2VW44MFR6dFJkSE1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi83MjYyYjgtYTFhNy00ZDEzLTg3OTMtZDM4ODdkYzQ1YzZk
LzEvWXlYMUZDY0JaNlEtWmVKOS1iUFNidnNwd3h3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCixw8MA0E
AgACMAcDBQMqCfWAMA0GCSqGSIb3DQEBCwUAA4IBAQBYNZu8GOGcB8l3uTbnUhf9
q5rtOyHYkS43E5m5ph4HKac4+DQjkuQnvnMWPEvWUhcP45B1qmzSpyHRydO5TeQb
U5d2b5hze+rH7c9HuNqen6RfzqVHSbcZ2SJWSlgFZL+gM/1oSdnItEOlutk+NbCh
oqNK+8gL/UfqrNN505J4CGaEwWN8PLNtwDUp6tRWi8wrOjIIdFNDxFeC6Pe7ak0p
zyFngzVVitlPI/wZs/2ydTfo8nWuQE99SMWur6LzF7z1cfsVvEtDmXRGI1Phuyz+
Gg7tsBa3kZQ5YYIlhwJ8SBLyYoc6uBBdALr7qvubThZOvv9rZTSqtDhlC5id9Ept
-----END CERTIFICATE-----