Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/051CAfqgahSNIJ43aAQK8JnhapQ.roa
File:                     051CAfqgahSNIJ43aAQK8JnhapQ.roa (raw, json)
Hash identifier:          M7dv4vjEV13X1ydwsxDX0i0FqoW8ruEEV79Z0bg8qB4=
Subject key identifier:   D3:9D:42:01:FA:A0:6A:14:8D:20:9E:37:68:04:0A:F0:99:E1:6A:94
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018CC6B7A1DA7A388121B08E8793A5CF7D88
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/051CAfqgahSNIJ43aAQK8JnhapQ.roa
Signing time:             Mon 01 Jan 2024 20:29:32 +0000
ROA not before:           Mon 01 Jan 2024 20:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60949
IP address blocks:        62.72.169.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 23:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:a1:da:7a:38:81:21:b0:8e:87:93:a5:cf:7d:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jan  1 20:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d39d4201faa06a148d209e3768040af099e16a94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:85:97:ad:94:6a:69:66:d5:b3:b1:55:67:c7:
                    e2:70:e7:17:a5:8c:ac:e5:97:96:2d:12:b1:03:6d:
                    8a:1e:ee:af:aa:ee:46:3c:14:c9:58:e6:63:30:2c:
                    e2:4e:30:8b:cb:e0:ed:87:d6:54:77:f0:94:3d:21:
                    c8:f5:85:00:a6:94:89:f7:33:e5:02:81:95:ae:3d:
                    09:e6:5f:44:15:6e:f5:ff:27:c2:98:d7:da:72:29:
                    11:88:df:0b:b8:bb:e9:a1:c9:af:51:13:74:e0:86:
                    f3:01:3d:e5:74:0e:f4:c7:e0:b1:db:69:94:69:6e:
                    61:e7:9b:0f:25:92:04:79:77:dc:59:8d:95:bd:fe:
                    8e:4a:5d:ee:b3:c9:67:93:5a:e0:33:86:ad:35:32:
                    36:a3:bb:d6:8f:b5:62:7d:15:5b:9c:ff:a7:c7:3d:
                    32:b3:bb:7e:20:5d:e4:37:06:19:8f:1f:f6:e2:17:
                    ec:5f:e4:69:59:40:14:d0:3a:b2:fc:2e:56:74:53:
                    32:c1:c1:7d:d0:46:49:0d:b5:5d:f5:58:db:a4:45:
                    99:af:a0:60:da:86:f3:55:c5:b1:18:a0:e9:1b:e7:
                    22:7f:32:cd:ab:4b:50:bd:87:be:5d:15:b0:5b:94:
                    9e:32:78:f7:d1:06:35:a6:1f:77:43:51:7d:72:18:
                    fa:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:9D:42:01:FA:A0:6A:14:8D:20:9E:37:68:04:0A:F0:99:E1:6A:94
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/051CAfqgahSNIJ43aAQK8JnhapQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:55:32:c4:f2:5a:51:97:9e:68:a0:a5:76:67:ff:53:6d:7c:
         70:fb:a1:b1:bf:b6:a8:1a:84:5b:2c:bb:f6:e1:bc:a4:97:63:
         13:5c:5e:79:52:aa:66:a3:a3:fb:1f:f7:af:0d:24:7a:bd:aa:
         ea:de:44:d8:a2:87:9d:6c:c2:8f:a1:02:9a:de:d5:d3:db:2c:
         24:ff:0d:a8:c1:5d:49:10:44:50:c6:96:7e:eb:71:17:5b:1a:
         6c:70:60:1a:21:71:bb:13:91:65:2f:8c:9a:88:e2:93:7d:e2:
         39:09:a9:29:e3:f4:d3:73:a0:0b:3a:df:95:fe:15:9c:58:65:
         87:12:d6:16:e1:a0:7f:5b:75:da:84:80:67:6c:9c:5c:8a:d8:
         10:18:db:29:c5:1a:65:41:d3:83:56:1e:4c:55:2c:bd:d0:ba:
         5e:26:e4:34:83:c2:0c:0a:87:70:92:43:39:fc:ee:27:01:de:
         7a:4a:48:6c:10:17:78:4a:06:bb:97:e4:7c:70:23:b6:a1:a3:
         d9:72:60:ff:13:ac:3d:af:56:1d:3a:f8:11:5b:d7:d4:c7:2e:
         dd:ee:1d:70:5d:62:f6:36:9e:5f:66:9a:82:86:c8:aa:9c:7f:
         fa:0c:fd:22:bb:b2:c6:5b:64:38:68:87:11:88:f9:4b:eb:cb:
         97:3e:d6:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt6HaejiBIbCOh5Olz32IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwMTAxMjAyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzlkNDIwMWZhYTA2YTE0OGQyMDllMzc2ODA0MGFmMDk5ZTE2YTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhIWXrZRqaWbVs7FVZ8ficOcXpYys
5ZeWLRKxA22KHu6vqu5GPBTJWOZjMCziTjCLy+Dth9ZUd/CUPSHI9YUAppSJ9zPl
AoGVrj0J5l9EFW71/yfCmNfacikRiN8LuLvpocmvURN04IbzAT3ldA70x+Cx22mU
aW5h55sPJZIEeXfcWY2Vvf6OSl3us8lnk1rgM4atNTI2o7vWj7VifRVbnP+nxz0y
s7t+IF3kNwYZjx/24hfsX+RpWUAU0Dqy/C5WdFMywcF90EZJDbVd9VjbpEWZr6Bg
2obzVcWxGKDpG+cifzLNq0tQvYe+XRWwW5SeMnj30QY1ph93Q1F9chj6jwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNOdQgH6oGoUjSCeN2gECvCZ4WqUMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvMDUxQ0FmcWdhaFNOSUo0M2FBUUs4Sm5oYXBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPkipMA0G
CSqGSIb3DQEBCwUAA4IBAQBXVTLE8lpRl55ooKV2Z/9TbXxw+6Gxv7aoGoRbLLv2
4bykl2MTXF55Uqpmo6P7H/evDSR6varq3kTYooedbMKPoQKa3tXT2ywk/w2owV1J
EERQxpZ+63EXWxpscGAaIXG7E5FlL4yaiOKTfeI5Cakp4/TTc6ALOt+V/hWcWGWH
EtYW4aB/W3XahIBnbJxcitgQGNspxRplQdODVh5MVSy90LpeJuQ0g8IMCodwkkM5
/O4nAd56SkhsEBd4Sga7l+R8cCO2oaPZcmD/E6w9r1YdOvgRW9fUxy7d7h1wXWL2
Np5fZpqChsiqnH/6DP0iu7LGW2Q4aIcRiPlL68uXPtYw
-----END CERTIFICATE-----