Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/AukalE-r-bjQutuuvm1Lux9wfFg.roa
File:                     AukalE-r-bjQutuuvm1Lux9wfFg.roa (raw, json)
Hash identifier:          TkM7PqU1Bi0NMg4R09BsTUSqs2I74dj9su3vhVPxxi0=
Subject key identifier:   02:E9:1A:94:4F:AB:F9:B8:D0:BA:DB:AE:BE:6D:4B:BB:1F:70:7C:58
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       0191FBA03FDDBCD8E6490F9E4BC6BE345AFD
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/AukalE-r-bjQutuuvm1Lux9wfFg.roa
Signing time:             Mon 16 Sep 2024 16:17:48 +0000
ROA not before:           Mon 16 Sep 2024 16:17:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3320
IP address blocks:        62.72.172.0/24 maxlen: 24
                          176.57.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:fb:a0:3f:dd:bc:d8:e6:49:0f:9e:4b:c6:be:34:5a:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Sep 16 16:17:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=02e91a944fabf9b8d0badbaebe6d4bbb1f707c58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:46:0d:bc:d3:a6:7b:e0:19:4f:77:13:d1:0a:
                    17:12:d6:ec:51:76:52:58:85:b6:76:23:28:29:2d:
                    0f:2f:62:f0:23:5e:2d:6b:e2:fc:ac:f1:c9:cb:c4:
                    5e:45:43:a4:67:44:99:6c:ba:97:a8:b5:47:ea:c0:
                    d2:9f:81:5d:72:f1:bf:e9:34:77:7a:f6:28:09:5a:
                    44:ca:32:bd:71:93:44:f5:de:34:7e:a3:8d:5e:d7:
                    92:db:e3:be:49:67:23:8f:0d:cf:03:ca:90:c0:e2:
                    48:2e:03:c0:0f:9a:12:2d:9e:31:88:a6:fb:b3:eb:
                    6f:fc:6b:55:7d:6a:d3:6d:45:7c:29:c0:0b:36:84:
                    ce:d3:0e:9f:24:28:d1:45:fd:a8:7f:5f:4b:d3:a9:
                    1e:4e:75:cf:30:de:fc:54:60:f5:dc:e2:55:0b:44:
                    e8:bc:cc:8d:60:5b:b0:d8:40:be:0f:b7:c8:7c:41:
                    cf:0e:d1:d6:be:77:b2:dc:d2:9d:1f:62:68:87:d4:
                    02:77:96:3c:eb:62:d9:f0:2b:56:58:fc:d9:74:cb:
                    94:42:2d:1f:bb:8a:9a:03:fd:80:f2:43:df:b3:e3:
                    72:9e:a3:09:f3:f4:e4:27:db:50:49:87:3a:6c:4e:
                    7e:a0:3a:58:a2:de:84:aa:d0:28:84:68:84:5c:be:
                    3a:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:E9:1A:94:4F:AB:F9:B8:D0:BA:DB:AE:BE:6D:4B:BB:1F:70:7C:58
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/AukalE-r-bjQutuuvm1Lux9wfFg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.172.0/24
                  176.57.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:6a:9d:24:12:1a:94:c8:1e:d4:ad:ce:72:6b:44:37:e3:8e:
         4a:7f:ed:5d:51:f0:32:ce:d2:8c:ec:b6:de:e7:1c:e4:fc:e0:
         f2:4c:96:00:b2:13:b7:d8:6f:e0:b8:a0:f9:7c:02:86:25:1f:
         72:c3:cd:b5:8a:2a:6d:12:e9:0c:02:b9:cc:cd:92:07:54:aa:
         06:bb:c2:c2:85:8e:4b:fb:7e:c0:77:80:1b:68:1b:97:42:60:
         05:0a:72:3f:18:00:76:66:60:27:45:15:ce:f3:5d:df:f8:ab:
         de:d6:4a:e9:22:20:2a:73:76:bd:8f:6f:c2:dc:a5:0c:cd:67:
         25:82:21:d1:75:43:60:b2:84:b3:e2:e8:9b:ea:5e:e6:2c:b3:
         9d:56:f5:40:80:87:66:13:4a:56:45:00:04:11:3d:20:1b:3b:
         3f:b9:61:f5:f6:ae:42:b1:86:fd:2e:24:e4:c9:fd:10:09:06:
         be:41:81:b3:65:19:91:60:2c:64:2a:65:01:57:af:30:91:88:
         5d:e3:f3:63:16:b1:e2:3d:51:b8:ae:b4:77:f5:fc:8c:9e:04:
         9c:4a:87:39:61:0f:3d:eb:5c:b6:13:97:d8:9d:8e:00:0b:73:
         36:a5:43:ca:e1:ed:e0:71:82:a7:cd:1e:82:ef:a4:52:bd:70:
         c2:89:e8:38
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZH7oD/dvNjmSQ+eS8a+NFr9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwOTE2MTYxNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmU5MWE5NDRmYWJmOWI4ZDBiYWRiYWViZTZkNGJiYjFmNzA3YzU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArkYNvNOme+AZT3cT0QoXEtbsUXZS
WIW2diMoKS0PL2LwI14ta+L8rPHJy8ReRUOkZ0SZbLqXqLVH6sDSn4FdcvG/6TR3
evYoCVpEyjK9cZNE9d40fqONXteS2+O+SWcjjw3PA8qQwOJILgPAD5oSLZ4xiKb7
s+tv/GtVfWrTbUV8KcALNoTO0w6fJCjRRf2of19L06keTnXPMN78VGD13OJVC0To
vMyNYFuw2EC+D7fIfEHPDtHWvney3NKdH2Joh9QCd5Y862LZ8CtWWPzZdMuUQi0f
u4qaA/2A8kPfs+NynqMJ8/TkJ9tQSYc6bE5+oDpYot6EqtAohGiEXL46XQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFALpGpRPq/m40Lrbrr5tS7sfcHxYMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvQXVrYWxFLXItYmpRdXR1dXZtMUx1eDl3ZkZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPkisAwQA
sDk7MA0GCSqGSIb3DQEBCwUAA4IBAQA8ap0kEhqUyB7Urc5ya0Q3445Kf+1dUfAy
ztKM7Lbe5xzk/ODyTJYAshO32G/guKD5fAKGJR9yw821iiptEukMArnMzZIHVKoG
u8LChY5L+37Ad4AbaBuXQmAFCnI/GAB2ZmAnRRXO813f+Kve1krpIiAqc3a9j2/C
3KUMzWclgiHRdUNgsoSz4uib6l7mLLOdVvVAgIdmE0pWRQAEET0gGzs/uWH19q5C
sYb9LiTkyf0QCQa+QYGzZRmRYCxkKmUBV68wkYhd4/NjFrHiPVG4rrR39fyMngSc
Soc5YQ8961y2E5fYnY4AC3M2pUPK4e3gcYKnzR6C76RSvXDCieg4
-----END CERTIFICATE-----