Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/7_915I9BaMxhWVRqxi0K-riVXcs.roa
File:                     7_915I9BaMxhWVRqxi0K-riVXcs.roa (raw, json)
Hash identifier:          EYThhlAo+o4AAJJxXtdVAzdgcRyyGEJIsdBRPQK0yBw=
Subject key identifier:   EF:FF:75:E4:8F:41:68:CC:61:59:54:6A:C6:2D:0A:FA:B8:95:5D:CB
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018D3F973A796ACE501D3BD9C5AF446F982F
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/7_915I9BaMxhWVRqxi0K-riVXcs.roa
Signing time:             Thu 25 Jan 2024 07:48:11 +0000
ROA not before:           Thu 25 Jan 2024 07:48:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     10111
IP address blocks:        62.72.181.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:3f:97:3a:79:6a:ce:50:1d:3b:d9:c5:af:44:6f:98:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jan 25 07:48:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=efff75e48f4168cc6159546ac62d0afab8955dcb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:3b:3c:24:cf:ac:50:af:c0:47:7e:c7:a0:b4:
                    a1:0d:22:70:72:06:a1:39:c5:e5:1d:a1:c6:41:46:
                    a6:73:e7:f0:95:9e:37:02:10:0a:9b:50:6d:78:18:
                    9a:0a:2e:0f:dc:f8:21:e3:ca:91:db:83:8b:95:35:
                    73:11:43:b7:cd:46:e2:d9:3e:ff:fd:1f:bf:a4:fe:
                    d9:ea:12:40:8d:dc:b4:3f:e7:4d:53:48:cb:b5:9b:
                    89:30:9f:65:f1:d7:d8:09:77:b0:4e:97:d7:b2:fb:
                    7c:b6:38:de:d7:73:2b:ef:3e:0a:20:d3:dd:11:b8:
                    b7:c3:b1:63:de:c3:0d:5a:d8:3d:0d:8b:f0:22:ec:
                    d9:27:bc:34:1b:b1:86:e2:47:10:bf:9c:7e:47:94:
                    84:c4:fa:02:e4:e2:41:09:97:f8:e8:0f:e1:de:4f:
                    7a:14:ab:b9:cf:f9:12:43:d9:b4:68:52:8e:48:dc:
                    7f:26:0f:27:23:e2:fb:29:79:8d:26:9e:ac:18:ec:
                    61:fe:dc:f9:9a:4d:c5:f1:e9:89:b2:32:c1:f3:9a:
                    9a:8a:27:41:7e:e4:d7:f9:61:55:ee:e8:a3:57:1a:
                    1b:4f:22:3f:73:50:bc:9c:ca:68:95:f3:ec:0f:2e:
                    97:3d:b4:59:2a:28:66:ce:72:2d:2e:12:7c:f1:2e:
                    61:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:FF:75:E4:8F:41:68:CC:61:59:54:6A:C6:2D:0A:FA:B8:95:5D:CB
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/7_915I9BaMxhWVRqxi0K-riVXcs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:6a:71:29:9a:e1:22:02:97:b2:b1:a3:8a:c4:01:ab:07:f4:
         8a:3c:f4:62:32:a2:bb:22:d7:80:5a:c6:9a:78:7c:4d:32:77:
         9f:07:ad:2b:4a:ef:6a:cb:00:1a:23:1a:96:23:ae:9c:16:3f:
         6a:22:58:67:a7:5c:cc:be:d6:ff:b2:20:8c:aa:a5:fe:2e:b7:
         e0:81:06:df:24:5a:0f:a7:07:51:13:16:ab:3a:9e:37:c7:dc:
         3c:4b:d3:10:d5:a6:8f:fd:69:af:c1:bf:96:7a:8f:47:2e:ba:
         ac:b0:3e:e6:a9:46:f6:93:0f:53:93:46:ae:fa:1a:7f:7e:f2:
         68:63:26:e9:98:57:c5:b1:b7:9d:ef:d8:74:07:6a:02:69:8d:
         f9:a3:e4:45:20:d4:8f:bf:d6:18:48:e2:b1:08:69:8d:3b:92:
         71:82:45:58:d9:14:48:8f:a2:0c:9a:f8:ad:d5:c7:c0:15:7b:
         23:02:0a:66:7d:f9:d6:d5:bf:c9:9f:e2:49:64:15:6a:b6:5d:
         3a:2e:28:49:09:2f:11:fb:a2:f3:e7:9b:7c:7f:a0:29:2a:52:
         ea:da:bb:bf:c7:fd:08:81:8c:fc:ee:f7:11:d0:06:34:a1:40:
         5a:19:9f:70:f2:e0:08:f3:80:18:da:b4:68:7b:f7:dc:7a:31:
         f9:d6:a8:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0/lzp5as5QHTvZxa9Eb5gvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwMTI1MDc0ODExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmZmNzVlNDhmNDE2OGNjNjE1OTU0NmFjNjJkMGFmYWI4OTU1ZGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkzs8JM+sUK/AR37HoLShDSJwcgah
OcXlHaHGQUamc+fwlZ43AhAKm1BteBiaCi4P3Pgh48qR24OLlTVzEUO3zUbi2T7/
/R+/pP7Z6hJAjdy0P+dNU0jLtZuJMJ9l8dfYCXewTpfXsvt8tjje13Mr7z4KINPd
Ebi3w7Fj3sMNWtg9DYvwIuzZJ7w0G7GG4kcQv5x+R5SExPoC5OJBCZf46A/h3k96
FKu5z/kSQ9m0aFKOSNx/Jg8nI+L7KXmNJp6sGOxh/tz5mk3F8emJsjLB85qaiidB
fuTX+WFV7uijVxobTyI/c1C8nMpolfPsDy6XPbRZKihmznItLhJ88S5h6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO//deSPQWjMYVlUasYtCvq4lV3LMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvN185MTVJOUJhTXhoV1ZScXhpMEstcmlWWGNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPki1MA0G
CSqGSIb3DQEBCwUAA4IBAQBdanEpmuEiApeysaOKxAGrB/SKPPRiMqK7IteAWsaa
eHxNMnefB60rSu9qywAaIxqWI66cFj9qIlhnp1zMvtb/siCMqqX+LrfggQbfJFoP
pwdRExarOp43x9w8S9MQ1aaP/Wmvwb+Weo9HLrqssD7mqUb2kw9Tk0au+hp/fvJo
YybpmFfFsbed79h0B2oCaY35o+RFINSPv9YYSOKxCGmNO5JxgkVY2RRIj6IMmvit
1cfAFXsjAgpmffnW1b/Jn+JJZBVqtl06LihJCS8R+6Lz55t8f6ApKlLq2ru/x/0I
gYz87vcR0AY0oUBaGZ9w8uAI84AY2rRoe/fcejH51qin
-----END CERTIFICATE-----