Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/CvYPnO9n9wAN8861pn_AlstUSmc.roa
File:                     CvYPnO9n9wAN8861pn_AlstUSmc.roa (raw, json)
Hash identifier:          AhTYD+mPr3Q/UsUfGKJ2zJxIpB92wOFsAXppP+mD++w=
Subject key identifier:   0A:F6:0F:9C:EF:67:F7:00:0D:F3:CE:B5:A6:7F:C0:96:CB:54:4A:67
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       019421B1B320C022FC7E0C1952B3C1CD8C78
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/CvYPnO9n9wAN8861pn_AlstUSmc.roa
Signing time:             Wed 01 Jan 2025 11:48:01 +0000
ROA not before:           Wed 01 Jan 2025 11:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209242
IP address blocks:        62.72.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:b3:20:c0:22:fc:7e:0c:19:52:b3:c1:cd:8c:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jan  1 11:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0af60f9cef67f7000df3ceb5a67fc096cb544a67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:33:45:d8:f5:03:aa:0f:02:38:fb:1e:a1:84:
                    f0:a6:76:d1:69:fa:38:e5:56:78:4a:f8:8a:e3:e2:
                    62:c1:1b:6f:55:87:d9:98:65:64:9b:37:88:f8:19:
                    6b:86:be:06:7d:9e:61:68:50:31:6f:1e:c8:f4:cf:
                    3c:93:99:a8:44:91:b6:27:55:60:f6:ce:2c:a8:a6:
                    fa:07:fa:bf:20:ce:5e:2f:5b:10:73:a1:fa:c7:28:
                    51:46:da:73:86:95:79:8d:69:33:0d:7f:4f:97:b2:
                    b8:c1:8c:aa:64:10:31:cc:b9:58:25:41:a6:42:59:
                    a7:1e:d3:d5:ad:18:02:b6:08:97:e9:72:4c:d4:ca:
                    a4:53:9f:d4:24:86:1c:85:5d:3d:b0:aa:7f:c7:19:
                    4b:a8:ba:af:3d:10:15:d5:6c:73:97:2d:7e:12:f7:
                    e9:c3:05:69:59:01:4b:46:48:48:01:99:51:38:c8:
                    fc:3c:6d:6e:69:83:ab:09:e9:b5:e8:10:5e:7a:57:
                    ae:79:a4:dd:92:6b:a0:a6:13:df:b6:2c:e7:d2:06:
                    f7:64:3e:c5:42:c7:77:43:2c:7d:5c:41:5c:3d:7c:
                    34:6e:ce:d1:67:a0:0f:0b:cc:b3:9e:bf:e3:e9:92:
                    79:dd:ea:4b:cc:65:82:a7:2f:59:8d:a9:3d:46:6c:
                    b7:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:F6:0F:9C:EF:67:F7:00:0D:F3:CE:B5:A6:7F:C0:96:CB:54:4A:67
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/CvYPnO9n9wAN8861pn_AlstUSmc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:3c:f2:41:cc:88:7e:f0:a0:a6:57:7b:c0:05:db:6f:ae:42:
         79:61:69:d8:05:4f:b3:1b:84:2f:e1:bb:01:dc:64:1d:ce:5f:
         c9:f7:f6:1c:04:31:6b:f8:bb:02:bc:c5:b5:45:70:00:16:86:
         bf:b7:d8:03:b9:40:93:c3:ac:b9:c4:ab:0e:ee:fe:2f:78:92:
         6e:1c:82:f1:62:3a:c7:a2:7c:a3:73:9e:56:3d:aa:9f:08:1d:
         6a:50:f0:09:7f:6a:73:e7:8a:42:32:ec:3b:9a:66:0e:e4:c8:
         17:b3:c3:32:ef:34:5f:e9:8f:d1:d3:eb:4d:a1:39:02:fd:9f:
         27:c2:e7:5d:2f:64:f5:36:b9:79:14:06:d7:d3:16:17:16:d0:
         d3:58:2b:03:e6:7a:8c:12:31:33:57:df:0e:e1:26:8f:4c:e3:
         3e:04:4b:ad:2d:52:23:f2:2d:8e:41:b5:13:b7:92:8c:da:95:
         00:d6:22:83:b6:13:77:fb:94:4c:e4:f4:a0:0e:30:ce:fb:88:
         17:d6:f6:73:77:64:f4:95:6b:67:c4:89:9e:71:47:c5:6f:82:
         ac:4b:3a:ec:fb:11:8c:a6:93:8e:7b:a1:4c:1d:32:e9:e2:8f:
         9a:88:fb:c0:ec:78:c3:fb:b4:20:b7:56:41:ef:85:18:7d:36:
         06:fe:e5:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsbMgwCL8fgwZUrPBzYx4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjUwMTAxMTE0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWY2MGY5Y2VmNjdmNzAwMGRmM2NlYjVhNjdmYzA5NmNiNTQ0YTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiTNF2PUDqg8COPseoYTwpnbRafo4
5VZ4SviK4+JiwRtvVYfZmGVkmzeI+Blrhr4GfZ5haFAxbx7I9M88k5moRJG2J1Vg
9s4sqKb6B/q/IM5eL1sQc6H6xyhRRtpzhpV5jWkzDX9Pl7K4wYyqZBAxzLlYJUGm
QlmnHtPVrRgCtgiX6XJM1MqkU5/UJIYchV09sKp/xxlLqLqvPRAV1Wxzly1+Evfp
wwVpWQFLRkhIAZlROMj8PG1uaYOrCem16BBeeleueaTdkmugphPftizn0gb3ZD7F
Qsd3Qyx9XEFcPXw0bs7RZ6APC8yznr/j6ZJ53epLzGWCpy9Zjak9Rmy3YQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAr2D5zvZ/cADfPOtaZ/wJbLVEpnMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvQ3ZZUG5POW45d0FOODg2MXBuX0Fsc3RVU21jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPkimMA0G
CSqGSIb3DQEBCwUAA4IBAQCfPPJBzIh+8KCmV3vABdtvrkJ5YWnYBU+zG4Qv4bsB
3GQdzl/J9/YcBDFr+LsCvMW1RXAAFoa/t9gDuUCTw6y5xKsO7v4veJJuHILxYjrH
onyjc55WPaqfCB1qUPAJf2pz54pCMuw7mmYO5MgXs8My7zRf6Y/R0+tNoTkC/Z8n
wuddL2T1Nrl5FAbX0xYXFtDTWCsD5nqMEjEzV98O4SaPTOM+BEutLVIj8i2OQbUT
t5KM2pUA1iKDthN3+5RM5PSgDjDO+4gX1vZzd2T0lWtnxImecUfFb4KsSzrs+xGM
ppOOe6FMHTLp4o+aiPvA7HjD+7Qgt1ZB74UYfTYG/uWZ
-----END CERTIFICATE-----