Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/K6kC5-I7q0kqPpaxKbrbt1jR6iw.roa
File:                     K6kC5-I7q0kqPpaxKbrbt1jR6iw.roa (raw, json)
Hash identifier:          HqUYkvdDzJtU1vyhTa6maxQ4ihN1x19hZj5aHKPFz+w=
Subject key identifier:   2B:A9:02:E7:E2:3B:AB:49:2A:3E:96:B1:29:BA:DB:B7:58:D1:EA:2C
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       019421B1AAFC95727DD30EBEE2A7153DDEC0
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/K6kC5-I7q0kqPpaxKbrbt1jR6iw.roa
Signing time:             Wed 01 Jan 2025 11:47:59 +0000
ROA not before:           Wed 01 Jan 2025 11:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     63023
IP address blocks:        62.72.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:aa:fc:95:72:7d:d3:0e:be:e2:a7:15:3d:de:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jan  1 11:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2ba902e7e23bab492a3e96b129badbb758d1ea2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:3a:7f:2a:05:ae:9b:25:17:99:7c:6c:6c:b5:
                    87:e6:fe:65:3f:b7:c0:a7:4b:5a:8e:e0:42:85:81:
                    18:73:04:5d:7e:f1:b2:55:56:d2:5a:09:4b:0b:80:
                    cd:da:44:f0:8e:13:8d:52:bf:08:b2:8c:f4:f4:12:
                    de:f5:f0:dd:e5:8e:e3:54:ce:84:dc:c4:6c:e6:cf:
                    7d:5e:87:01:40:94:a1:64:b4:00:d0:4d:fa:8f:fc:
                    0f:da:53:97:c3:b9:44:30:d1:81:84:a2:f3:39:10:
                    bb:c0:d4:a4:6b:c6:c7:a8:f8:c3:9f:73:0d:9c:91:
                    02:79:39:e2:4e:96:88:57:69:6e:32:42:56:60:b5:
                    e6:6b:4b:85:0f:bc:d5:6e:a1:de:93:a0:5f:38:d8:
                    68:e7:ec:da:13:38:c2:fd:65:42:32:7e:93:4e:8d:
                    8d:55:11:31:98:a2:d8:ea:25:83:3c:e0:39:3a:33:
                    2c:21:d1:ca:4c:df:31:f3:7d:e1:40:c9:da:11:47:
                    18:09:fd:cb:ed:05:06:85:ab:49:c4:7f:f9:0a:6e:
                    3d:a4:f5:d4:40:a2:64:4f:4a:57:75:7a:8e:d7:d6:
                    31:b7:7c:6e:69:43:40:6e:78:fd:cb:71:f5:d9:14:
                    37:7a:18:0e:cf:70:c8:93:82:5b:b9:63:d0:bc:78:
                    51:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:A9:02:E7:E2:3B:AB:49:2A:3E:96:B1:29:BA:DB:B7:58:D1:EA:2C
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/K6kC5-I7q0kqPpaxKbrbt1jR6iw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:95:0b:1d:d4:78:ef:36:93:53:e1:7f:b1:29:6a:c1:71:8a:
         bb:a6:ba:a9:39:f8:3e:69:d6:b3:49:57:4c:04:5e:6d:79:5b:
         8a:53:9e:ec:0a:cc:6f:97:14:69:34:5b:cc:d1:44:57:42:a9:
         b8:1b:d1:0b:ea:37:1d:d7:85:ea:e1:53:28:02:19:81:89:3c:
         f0:03:20:82:22:ca:70:5b:f5:a1:ee:6e:a3:cf:22:5f:de:90:
         f6:ab:1d:05:93:c0:c2:44:af:d1:5e:db:d6:32:bb:ce:de:08:
         94:80:a2:5f:34:94:8b:75:d1:eb:b6:3e:95:2b:2c:4f:be:95:
         6b:3d:83:7a:7c:81:3f:1e:d6:4c:66:4f:54:4b:4c:88:bc:92:
         fb:ea:71:45:f3:2b:f2:cd:b0:0b:28:86:f8:41:7a:7a:ad:2a:
         f8:35:c6:18:ae:36:58:bc:2c:e2:c9:85:73:16:75:87:aa:0c:
         12:a0:fe:d2:df:90:55:c2:ad:bc:dd:c1:0f:dd:65:0e:02:72:
         93:5e:4d:e3:ea:7f:96:72:c2:94:ff:cd:2f:56:a4:5d:a0:8e:
         54:2c:07:e2:25:9d:31:3c:02:a6:05:f0:2b:b3:e4:db:47:86:
         0a:46:68:d3:eb:00:e8:b7:35:c1:bb:39:3b:5b:c9:1f:62:da:
         b3:fd:2b:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsar8lXJ90w6+4qcVPd7AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjUwMTAxMTE0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmE5MDJlN2UyM2JhYjQ5MmEzZTk2YjEyOWJhZGJiNzU4ZDFlYTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Tp/KgWumyUXmXxsbLWH5v5lP7fA
p0tajuBChYEYcwRdfvGyVVbSWglLC4DN2kTwjhONUr8Isoz09BLe9fDd5Y7jVM6E
3MRs5s99XocBQJShZLQA0E36j/wP2lOXw7lEMNGBhKLzORC7wNSka8bHqPjDn3MN
nJECeTniTpaIV2luMkJWYLXma0uFD7zVbqHek6BfONho5+zaEzjC/WVCMn6TTo2N
VRExmKLY6iWDPOA5OjMsIdHKTN8x833hQMnaEUcYCf3L7QUGhatJxH/5Cm49pPXU
QKJkT0pXdXqO19Yxt3xuaUNAbnj9y3H12RQ3ehgOz3DIk4JbuWPQvHhR0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCupAufiO6tJKj6WsSm627dY0eosMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvSzZrQzUtSTdxMGtxUHBheEticmJ0MWpSNml3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPkirMA0G
CSqGSIb3DQEBCwUAA4IBAQBwlQsd1HjvNpNT4X+xKWrBcYq7prqpOfg+adazSVdM
BF5teVuKU57sCsxvlxRpNFvM0URXQqm4G9EL6jcd14Xq4VMoAhmBiTzwAyCCIspw
W/Wh7m6jzyJf3pD2qx0Fk8DCRK/RXtvWMrvO3giUgKJfNJSLddHrtj6VKyxPvpVr
PYN6fIE/HtZMZk9US0yIvJL76nFF8yvyzbALKIb4QXp6rSr4NcYYrjZYvCziyYVz
FnWHqgwSoP7S35BVwq283cEP3WUOAnKTXk3j6n+WcsKU/80vVqRdoI5ULAfiJZ0x
PAKmBfArs+TbR4YKRmjT6wDotzXBuzk7W8kfYtqz/SuR
-----END CERTIFICATE-----