Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/1im9hEU1Zy9gvDtniuhopIsSAfI.roa
File:                     1im9hEU1Zy9gvDtniuhopIsSAfI.roa (raw, json)
Hash identifier:          KW9osimLZTsfRmjZlDNM2cTfJYEvT/L6ZQhgwqfwXrg=
Subject key identifier:   D6:29:BD:84:45:35:67:2F:60:BC:3B:67:8A:E8:68:A4:8B:12:01:F2
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       019421B1A9FAB4715F04CB4438ADFDF4169F
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/1im9hEU1Zy9gvDtniuhopIsSAfI.roa
Signing time:             Wed 01 Jan 2025 11:47:58 +0000
ROA not before:           Wed 01 Jan 2025 11:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60949
IP address blocks:        62.72.169.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:a9:fa:b4:71:5f:04:cb:44:38:ad:fd:f4:16:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jan  1 11:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d629bd844535672f60bc3b678ae868a48b1201f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:f0:de:13:1f:c1:8a:25:9e:d8:e9:6b:6c:06:
                    92:80:a1:a4:12:70:7c:3d:d0:9f:fe:26:db:07:2b:
                    14:26:3f:e4:5e:aa:48:3e:90:8f:da:a1:df:1c:86:
                    2e:4b:4b:43:8b:20:d4:8c:02:66:32:96:9e:f9:87:
                    bf:b8:a0:26:04:30:62:9a:08:22:0b:92:54:48:7c:
                    22:62:5a:52:22:77:90:99:26:84:7f:a3:cd:f0:11:
                    15:d6:c8:e4:c2:ad:28:bc:33:0b:b5:8f:17:62:fc:
                    77:ec:68:e5:76:be:2d:79:9f:da:ab:84:92:93:4a:
                    2c:66:27:e0:eb:26:ac:cf:53:15:91:79:91:43:fc:
                    80:5b:78:02:63:35:83:7e:95:4e:b1:ae:c0:e4:6b:
                    50:e1:5a:80:76:ac:a4:60:03:f2:e1:93:55:cd:4f:
                    c9:16:15:b4:7d:7d:da:b7:55:a7:72:31:47:37:76:
                    b0:c4:a5:2b:e7:e4:6b:d1:65:e1:76:da:03:96:b2:
                    ea:23:0b:48:60:24:84:59:9f:6d:81:7e:60:0f:5d:
                    2d:d9:e1:86:03:b2:a1:45:e7:c0:fb:88:29:0b:5e:
                    ad:70:e5:ec:80:5e:c6:b2:51:c7:0b:21:31:59:40:
                    99:b8:a9:d6:e1:d7:e3:cf:95:d8:0a:6a:5a:be:97:
                    a5:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:29:BD:84:45:35:67:2F:60:BC:3B:67:8A:E8:68:A4:8B:12:01:F2
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/1im9hEU1Zy9gvDtniuhopIsSAfI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:c3:ad:db:21:73:f0:44:75:08:7e:94:3c:57:07:a7:79:50:
         ff:9d:68:9e:db:23:59:c7:a6:dc:14:c1:cd:d9:a2:6a:83:b9:
         e7:63:a1:d2:2a:85:3e:1d:8d:3f:b3:8d:1a:66:17:f9:6e:a6:
         77:00:d3:ef:2b:dd:9c:4d:ee:89:9d:70:a3:ee:da:f5:92:83:
         74:6d:e2:da:00:2c:51:a7:e8:eb:60:ba:b9:6f:83:fc:29:e6:
         18:4d:27:c8:67:38:82:74:ec:f6:19:c0:ca:d2:60:e3:1e:5e:
         01:ca:02:58:38:ec:39:9f:5e:99:5f:eb:26:0b:0c:85:93:0b:
         5a:a3:da:75:71:aa:55:f4:bb:8d:39:18:69:86:22:5d:40:fd:
         bc:d7:79:a6:4d:43:24:1b:ba:60:61:f0:21:a7:4b:07:12:66:
         55:6f:5c:9f:ab:37:47:48:61:91:24:36:5c:0e:eb:de:1f:82:
         05:7a:bc:3b:84:27:7a:97:34:07:63:8c:1d:ba:b0:3b:28:69:
         87:8a:87:8e:ea:b3:50:c8:ba:94:62:80:d8:32:4f:ba:53:31:
         69:19:3e:0c:03:bb:83:c6:a8:33:0d:1c:c8:6a:e2:4d:a2:16:
         08:e1:da:63:15:5a:7e:63:21:c6:cf:ed:aa:b1:96:37:13:d4:
         fc:88:3e:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsan6tHFfBMtEOK399BafMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjUwMTAxMTE0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjI5YmQ4NDQ1MzU2NzJmNjBiYzNiNjc4YWU4NjhhNDhiMTIwMWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvvDeEx/BiiWe2OlrbAaSgKGkEnB8
PdCf/ibbBysUJj/kXqpIPpCP2qHfHIYuS0tDiyDUjAJmMpae+Ye/uKAmBDBimggi
C5JUSHwiYlpSIneQmSaEf6PN8BEV1sjkwq0ovDMLtY8XYvx37Gjldr4teZ/aq4SS
k0osZifg6yasz1MVkXmRQ/yAW3gCYzWDfpVOsa7A5GtQ4VqAdqykYAPy4ZNVzU/J
FhW0fX3at1WncjFHN3awxKUr5+Rr0WXhdtoDlrLqIwtIYCSEWZ9tgX5gD10t2eGG
A7KhRefA+4gpC16tcOXsgF7GslHHCyExWUCZuKnW4dfjz5XYCmpavpelkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNYpvYRFNWcvYLw7Z4roaKSLEgHyMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvMWltOWhFVTFaeTlndkR0bml1aG9wSXNTQWZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPkipMA0G
CSqGSIb3DQEBCwUAA4IBAQCdw63bIXPwRHUIfpQ8VweneVD/nWie2yNZx6bcFMHN
2aJqg7nnY6HSKoU+HY0/s40aZhf5bqZ3ANPvK92cTe6JnXCj7tr1koN0beLaACxR
p+jrYLq5b4P8KeYYTSfIZziCdOz2GcDK0mDjHl4BygJYOOw5n16ZX+smCwyFkwta
o9p1capV9LuNORhphiJdQP2813mmTUMkG7pgYfAhp0sHEmZVb1yfqzdHSGGRJDZc
DuveH4IFerw7hCd6lzQHY4wdurA7KGmHioeO6rNQyLqUYoDYMk+6UzFpGT4MA7uD
xqgzDRzIauJNohYI4dpjFVp+YyHGz+2qsZY3E9T8iD4r
-----END CERTIFICATE-----