Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/4w0OcNBMbXySdlTzmnDGQgBU9a8.roa
File:                     4w0OcNBMbXySdlTzmnDGQgBU9a8.roa (raw, json)
Hash identifier:          HOVgOjXWlde60TLoL13QmDFef+tA0GiODY8tGT7zA4U=
Subject key identifier:   E3:0D:0E:70:D0:4C:6D:7C:92:76:54:F3:9A:70:C6:42:00:54:F5:AF
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018D173F81334FF54F06F2C7513AF36736B2
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/4w0OcNBMbXySdlTzmnDGQgBU9a8.roa
Signing time:             Wed 17 Jan 2024 11:47:34 +0000
ROA not before:           Wed 17 Jan 2024 11:47:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     26042
IP address blocks:        62.72.162.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:17:3f:81:33:4f:f5:4f:06:f2:c7:51:3a:f3:67:36:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jan 17 11:47:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e30d0e70d04c6d7c927654f39a70c6420054f5af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:37:55:73:fe:9b:d2:e1:68:d3:b7:0d:25:7c:
                    1c:f2:47:b0:85:72:79:c1:20:ca:91:38:71:9f:f4:
                    81:ec:50:77:91:d7:43:3f:fc:dd:cb:b9:10:8e:4e:
                    25:c8:45:06:52:be:fd:a1:88:65:3b:7a:51:92:ed:
                    f7:15:0a:da:b3:ae:f0:ef:f6:62:92:cd:88:f9:a8:
                    8e:f9:3b:70:9c:1b:f7:13:5c:b2:d9:84:08:9c:6d:
                    89:bf:91:f4:ee:d2:5f:65:bb:9a:7b:ba:48:24:66:
                    ff:94:8d:96:85:78:d8:1c:fe:38:81:dd:15:31:42:
                    e5:7e:39:71:ff:f6:04:a0:58:17:d1:18:fa:72:9a:
                    54:f6:46:cf:8b:b5:c5:57:bf:d1:44:0f:4d:8c:2f:
                    eb:41:ab:96:1b:03:be:84:4a:ad:02:8c:60:44:f4:
                    fb:e3:c4:ae:43:a8:9b:6e:8b:54:c3:82:4b:dc:22:
                    9f:df:3c:a8:82:7e:ec:d8:fb:8d:02:61:76:11:93:
                    7f:ac:23:e2:9b:95:e3:4e:01:35:ad:84:74:50:40:
                    7e:bb:43:ef:25:86:0b:d5:5b:8e:3a:50:43:09:d3:
                    39:64:1f:e5:c1:6d:92:2f:63:70:54:e3:b9:4a:9c:
                    d3:3c:a3:21:3c:54:e9:0c:fd:a8:09:de:fc:73:f7:
                    0e:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:0D:0E:70:D0:4C:6D:7C:92:76:54:F3:9A:70:C6:42:00:54:F5:AF
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/4w0OcNBMbXySdlTzmnDGQgBU9a8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:d3:54:9f:b6:dc:a7:58:ba:0f:2f:a5:71:e4:4c:96:bf:1b:
         4b:ec:17:f7:48:24:20:8d:4a:43:fa:59:aa:89:b8:8b:0f:17:
         51:55:a9:8f:6a:7b:95:01:a7:23:16:af:a8:5a:e8:de:e4:e5:
         cb:dd:74:29:52:14:dd:b0:99:72:25:71:26:8e:c1:06:2c:a0:
         84:14:91:52:ed:9f:b8:ac:c3:92:dd:98:fa:d2:3a:09:bf:76:
         7a:0d:e4:7e:e5:ea:2e:d1:b7:92:85:62:db:19:3c:79:74:ac:
         c8:c8:ef:8b:74:24:85:45:9e:5d:be:36:72:3c:cc:6f:0a:f8:
         9e:c6:82:c5:e2:ba:66:71:7f:d7:99:9e:35:bc:3a:9e:27:f4:
         3b:67:09:b6:56:11:c4:2e:dc:f6:f5:42:2a:7e:07:a1:11:c2:
         bf:4c:57:63:99:5c:32:e2:0d:40:82:86:a6:a1:89:b9:a6:2a:
         1d:d3:21:02:60:0b:5d:16:45:80:0b:06:39:fa:1c:09:65:23:
         37:0f:7c:29:07:f3:fa:3f:b4:de:20:cc:44:fd:b0:35:b1:39:
         1c:c3:aa:7c:76:76:b4:4c:50:b7:62:cf:c8:9e:9d:a8:2a:38:
         0e:bc:e0:a5:12:11:18:92:ef:fc:e9:20:b7:a4:77:68:36:50:
         2c:52:81:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0XP4EzT/VPBvLHUTrzZzayMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwMTE3MTE0NzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzBkMGU3MGQwNGM2ZDdjOTI3NjU0ZjM5YTcwYzY0MjAwNTRmNWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqTdVc/6b0uFo07cNJXwc8kewhXJ5
wSDKkThxn/SB7FB3kddDP/zdy7kQjk4lyEUGUr79oYhlO3pRku33FQras67w7/Zi
ks2I+aiO+TtwnBv3E1yy2YQInG2Jv5H07tJfZbuae7pIJGb/lI2WhXjYHP44gd0V
MULlfjlx//YEoFgX0Rj6cppU9kbPi7XFV7/RRA9NjC/rQauWGwO+hEqtAoxgRPT7
48SuQ6ibbotUw4JL3CKf3zyogn7s2PuNAmF2EZN/rCPim5XjTgE1rYR0UEB+u0Pv
JYYL1VuOOlBDCdM5ZB/lwW2SL2NwVOO5SpzTPKMhPFTpDP2oCd78c/cO8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOMNDnDQTG18knZU85pwxkIAVPWvMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvNHcwT2NOQk1iWHlTZGxUem1uREdRZ0JVOWE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPkiiMA0G
CSqGSIb3DQEBCwUAA4IBAQB+01SfttynWLoPL6Vx5EyWvxtL7Bf3SCQgjUpD+lmq
ibiLDxdRVamPanuVAacjFq+oWuje5OXL3XQpUhTdsJlyJXEmjsEGLKCEFJFS7Z+4
rMOS3Zj60joJv3Z6DeR+5eou0beShWLbGTx5dKzIyO+LdCSFRZ5dvjZyPMxvCvie
xoLF4rpmcX/XmZ41vDqeJ/Q7Zwm2VhHELtz29UIqfgehEcK/TFdjmVwy4g1Agoam
oYm5piod0yECYAtdFkWACwY5+hwJZSM3D3wpB/P6P7TeIMxE/bA1sTkcw6p8dna0
TFC3Ys/Inp2oKjgOvOClEhEYku/86SC3pHdoNlAsUoEq
-----END CERTIFICATE-----