Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/EYJ4yde1bOebYakBgVTUvzub09k.roa
File:                     EYJ4yde1bOebYakBgVTUvzub09k.roa (raw, json)
Hash identifier:          yvDerswncrQenHPYm/R7dOFYDQ62RMdaiVBuIx3TVbc=
Subject key identifier:   11:82:78:C9:D7:B5:6C:E7:9B:61:A9:01:81:54:D4:BF:3B:9B:D3:D9
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018E5A8FEC02628F918BA79701608449DF24
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/EYJ4yde1bOebYakBgVTUvzub09k.roa
Signing time:             Wed 20 Mar 2024 06:32:45 +0000
ROA not before:           Wed 20 Mar 2024 06:32:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     142019
IP address blocks:        62.72.190.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 14:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:5a:8f:ec:02:62:8f:91:8b:a7:97:01:60:84:49:df:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Mar 20 06:32:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=118278c9d7b56ce79b61a9018154d4bf3b9bd3d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:c2:2e:21:a9:97:bf:43:62:8b:70:7a:32:06:
                    69:35:37:8c:4a:ed:3c:f7:b4:46:ec:2c:f4:2d:d6:
                    08:bd:5c:55:3c:e7:81:7c:0a:5d:d3:86:d5:c4:b7:
                    10:56:20:dd:75:2c:be:c6:31:79:30:28:cc:82:55:
                    4a:44:5b:ed:05:bd:31:d4:db:1a:72:27:3d:97:47:
                    bf:b1:9c:c8:16:4a:ad:55:51:fb:0b:6c:e3:96:2d:
                    2a:3f:0f:d5:62:f5:d5:f5:d3:0c:fb:55:ad:b2:f5:
                    27:b5:27:44:60:9d:50:2d:7b:8a:c1:4b:9a:4b:21:
                    c9:09:59:12:6b:62:1c:08:46:01:b9:22:13:3b:49:
                    5d:c4:b9:0c:6f:1a:55:ee:23:b1:6a:37:69:a5:b5:
                    ae:f8:c8:02:d0:25:87:8c:ee:91:c1:15:e2:c7:4d:
                    35:d5:70:58:0f:77:29:11:21:6c:e1:c7:b3:5a:37:
                    9b:14:b0:a9:fb:0e:1e:cc:9b:15:d5:35:7e:7c:1a:
                    20:bd:90:a1:27:f3:1f:20:90:8b:a9:3f:d6:4f:ad:
                    e0:29:8b:03:ba:bb:8d:dd:16:7e:22:a2:53:35:01:
                    d4:7a:e9:93:1c:70:65:7f:4f:ad:23:f1:3b:0d:46:
                    9f:25:ef:26:d3:14:cc:7e:ca:fa:be:5c:ef:8e:6d:
                    43:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:82:78:C9:D7:B5:6C:E7:9B:61:A9:01:81:54:D4:BF:3B:9B:D3:D9
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/EYJ4yde1bOebYakBgVTUvzub09k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:44:83:cb:b5:04:c4:fe:72:44:9c:b0:a0:15:b0:c3:61:70:
         81:50:32:21:4d:c6:03:2b:73:b0:24:76:80:f3:95:eb:03:80:
         6a:e8:8f:a0:c1:ed:ca:5c:b2:09:fc:9b:13:5e:6a:b9:0e:e7:
         a4:4d:58:e6:bb:79:36:15:35:04:3f:5a:de:a1:bc:ec:31:31:
         17:01:31:0b:22:80:b2:da:48:20:b9:a1:9b:f8:4e:d3:19:07:
         9c:31:4a:1d:f6:b9:ff:9c:8a:a4:50:46:bf:35:01:94:48:e5:
         5e:fd:f1:3e:df:de:53:e4:fa:2b:ed:61:5f:a8:76:dd:b3:3d:
         04:47:15:1d:2f:c0:55:42:65:bd:ac:a4:d7:7e:56:04:24:07:
         37:7e:ad:ae:58:67:71:a5:f0:90:a3:57:b4:d3:33:49:14:e9:
         6a:e4:da:0f:11:db:99:29:7c:d3:9d:1a:75:04:71:32:07:73:
         e7:c2:3c:1f:e3:3a:92:ef:4e:f4:8f:46:d4:63:85:58:53:1b:
         fc:52:e0:36:2f:34:85:25:2e:15:bb:60:e8:fe:10:ee:0a:91:
         1b:ae:3b:a7:ec:73:fb:7a:e9:dc:03:98:ce:67:d9:fc:7e:a1:
         45:12:c6:78:6d:82:74:c8:34:fa:85:17:2e:26:ff:ff:1c:ab:
         1b:bd:ac:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5aj+wCYo+Ri6eXAWCESd8kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwMzIwMDYzMjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTgyNzhjOWQ3YjU2Y2U3OWI2MWE5MDE4MTU0ZDRiZjNiOWJkM2Q5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwMIuIamXv0Nii3B6MgZpNTeMSu08
97RG7Cz0LdYIvVxVPOeBfApd04bVxLcQViDddSy+xjF5MCjMglVKRFvtBb0x1Nsa
cic9l0e/sZzIFkqtVVH7C2zjli0qPw/VYvXV9dMM+1WtsvUntSdEYJ1QLXuKwUua
SyHJCVkSa2IcCEYBuSITO0ldxLkMbxpV7iOxajdppbWu+MgC0CWHjO6RwRXix001
1XBYD3cpESFs4cezWjebFLCp+w4ezJsV1TV+fBogvZChJ/MfIJCLqT/WT63gKYsD
uruN3RZ+IqJTNQHUeumTHHBlf0+tI/E7DUafJe8m0xTMfsr6vlzvjm1DHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBGCeMnXtWznm2GpAYFU1L87m9PZMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvRVlKNHlkZTFiT2ViWWFrQmdWVFV2enViMDlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPki+MA0G
CSqGSIb3DQEBCwUAA4IBAQB/RIPLtQTE/nJEnLCgFbDDYXCBUDIhTcYDK3OwJHaA
85XrA4Bq6I+gwe3KXLIJ/JsTXmq5DuekTVjmu3k2FTUEP1reobzsMTEXATELIoCy
2kgguaGb+E7TGQecMUod9rn/nIqkUEa/NQGUSOVe/fE+395T5Por7WFfqHbdsz0E
RxUdL8BVQmW9rKTXflYEJAc3fq2uWGdxpfCQo1e00zNJFOlq5NoPEduZKXzTnRp1
BHEyB3Pnwjwf4zqS7070j0bUY4VYUxv8UuA2LzSFJS4Vu2Do/hDuCpEbrjun7HP7
euncA5jOZ9n8fqFFEsZ4bYJ0yDT6hRcuJv//HKsbvayc
-----END CERTIFICATE-----