Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/K-_riyDE9STZjbzknztRx_JNE5M.roa
File:                     K-_riyDE9STZjbzknztRx_JNE5M.roa (raw, json)
Hash identifier:          p8TWAMkQObzdlp3I1iHN5LVdAHXNAfCnVizUKo6JYLY=
Subject key identifier:   2B:EF:EB:8B:20:C4:F5:24:D9:8D:BC:E4:9F:3B:51:C7:F2:4D:13:93
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       01904ACD6B557D526ED05A1547BA97EFF388
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/K-_riyDE9STZjbzknztRx_JNE5M.roa
Signing time:             Mon 24 Jun 2024 15:11:34 +0000
ROA not before:           Mon 24 Jun 2024 15:11:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        62.72.168.0/24 maxlen: 24
                          176.57.55.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Sep 2024 11:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4a:cd:6b:55:7d:52:6e:d0:5a:15:47:ba:97:ef:f3:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jun 24 15:11:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2befeb8b20c4f524d98dbce49f3b51c7f24d1393
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:7a:73:50:82:ab:87:53:15:44:2e:94:b1:da:
                    ff:31:5e:ee:f0:06:47:39:95:c6:67:65:cb:9d:d7:
                    db:f8:5d:42:16:90:93:5f:f9:32:5c:ff:11:cf:0a:
                    11:7d:69:c7:80:49:8e:39:54:f1:24:5b:46:6d:77:
                    a8:1e:12:c8:35:8f:09:fb:25:28:14:a7:61:da:e2:
                    97:64:4a:29:f9:76:fd:35:71:3f:e6:8e:fc:e4:b1:
                    e2:7b:4c:f8:11:d1:17:88:a3:5d:bc:0d:59:63:e8:
                    f1:be:41:55:ce:e7:75:3c:ee:59:aa:59:7d:ac:c0:
                    a0:12:c8:14:a4:9e:37:db:e4:41:39:b8:23:03:ca:
                    0c:f2:d4:c5:c3:40:cd:41:45:90:e8:1f:0d:06:8f:
                    2a:bf:73:b7:42:f3:d7:ce:98:df:35:ad:ae:c7:30:
                    f6:83:ff:58:19:6a:83:44:43:73:d7:16:ba:ca:f4:
                    50:73:ee:a7:9a:0b:4d:a9:65:4d:03:f3:f1:43:21:
                    da:77:fb:a0:07:dc:58:ff:1d:8b:66:87:9f:71:5a:
                    ef:9e:42:b2:22:65:8c:6c:14:13:bf:e3:ff:88:d2:
                    aa:9e:ea:26:88:6b:17:8a:6c:5a:f1:10:e0:c0:17:
                    cc:69:96:ee:61:c3:ef:57:8e:05:f6:3c:28:57:82:
                    63:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:EF:EB:8B:20:C4:F5:24:D9:8D:BC:E4:9F:3B:51:C7:F2:4D:13:93
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/K-_riyDE9STZjbzknztRx_JNE5M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.168.0/24
                  176.57.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:6a:8a:e9:5b:2e:34:25:4b:2e:a8:77:5c:f5:59:8c:48:1a:
         09:58:85:f5:31:35:cc:2e:84:27:f8:bb:58:da:02:51:be:e1:
         a7:b7:96:87:8e:74:7b:2d:c0:a9:8f:be:8b:2f:26:bd:ef:ed:
         af:9e:8d:94:aa:22:42:69:ea:da:e9:74:a1:85:24:6f:f0:e9:
         cb:ea:fa:4a:a2:a0:b0:cf:51:0a:74:50:f7:91:91:17:1b:e0:
         b9:bb:9c:d6:f8:5f:fe:cb:a0:fa:44:b8:aa:c5:b5:e8:27:72:
         f1:fd:fd:f3:92:df:01:61:74:80:ea:cb:4a:c9:58:40:31:ec:
         60:8d:4a:71:6c:d1:aa:1d:41:2b:c1:9a:cf:40:a5:d9:22:b6:
         36:cf:fc:a6:58:28:10:db:40:7a:3d:f5:44:6c:d4:8a:67:6c:
         fb:e0:c7:2e:2c:b3:c9:fb:d1:44:58:05:a7:71:38:b9:22:fb:
         21:4d:3f:e4:02:e2:8a:05:23:96:11:7e:ab:40:a5:d7:30:16:
         8a:55:1a:4a:e0:2b:b4:8a:46:9d:09:f1:7c:ce:ba:6f:71:84:
         14:3f:11:96:c7:73:63:83:ed:f6:c4:f0:4f:22:eb:cc:ca:02:
         88:db:16:5c:47:3c:7f:e6:f8:50:69:80:9e:04:1f:55:a5:33:
         8a:74:d0:b1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZBKzWtVfVJu0FoVR7qX7/OIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwNjI0MTUxMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmVmZWI4YjIwYzRmNTI0ZDk4ZGJjZTQ5ZjNiNTFjN2YyNGQxMzkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzXpzUIKrh1MVRC6Usdr/MV7u8AZH
OZXGZ2XLndfb+F1CFpCTX/kyXP8RzwoRfWnHgEmOOVTxJFtGbXeoHhLINY8J+yUo
FKdh2uKXZEop+Xb9NXE/5o785LHie0z4EdEXiKNdvA1ZY+jxvkFVzud1PO5Zqll9
rMCgEsgUpJ432+RBObgjA8oM8tTFw0DNQUWQ6B8NBo8qv3O3QvPXzpjfNa2uxzD2
g/9YGWqDRENz1xa6yvRQc+6nmgtNqWVNA/PxQyHad/ugB9xY/x2LZoefcVrvnkKy
ImWMbBQTv+P/iNKqnuomiGsXimxa8RDgwBfMaZbuYcPvV44F9jwoV4JjWwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCvv64sgxPUk2Y285J87UcfyTROTMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvSy1fcml5REU5U1RaamJ6a256dFJ4X0pORTVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPkioAwQA
sDk3MA0GCSqGSIb3DQEBCwUAA4IBAQA5aorpWy40JUsuqHdc9VmMSBoJWIX1MTXM
LoQn+LtY2gJRvuGnt5aHjnR7LcCpj76LLya97+2vno2UqiJCaera6XShhSRv8OnL
6vpKoqCwz1EKdFD3kZEXG+C5u5zW+F/+y6D6RLiqxbXoJ3Lx/f3zkt8BYXSA6stK
yVhAMexgjUpxbNGqHUErwZrPQKXZIrY2z/ymWCgQ20B6PfVEbNSKZ2z74McuLLPJ
+9FEWAWncTi5IvshTT/kAuKKBSOWEX6rQKXXMBaKVRpK4Cu0ikadCfF8zrpvcYQU
PxGWx3Njg+32xPBPIuvMygKI2xZcRzx/5vhQaYCeBB9VpTOKdNCx
-----END CERTIFICATE-----