Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/KZgEecQxE_N1dF_qgByTv9EkVAU.roa
File:                     KZgEecQxE_N1dF_qgByTv9EkVAU.roa (raw, json)
Hash identifier:          jseKOCPr/wdUS6C6gQocciho2H9ngvqSW9iw6yGoVSI=
Subject key identifier:   29:98:04:79:C4:31:13:F3:75:74:5F:EA:80:1C:93:BF:D1:24:54:05
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018CC6B7A24D03728D7974D1387B6A8E82BC
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/KZgEecQxE_N1dF_qgByTv9EkVAU.roa
Signing time:             Mon 01 Jan 2024 20:29:32 +0000
ROA not before:           Mon 01 Jan 2024 20:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     63023
IP address blocks:        62.72.171.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:a2:4d:03:72:8d:79:74:d1:38:7b:6a:8e:82:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jan  1 20:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=29980479c43113f375745fea801c93bfd1245405
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:5c:50:3e:6f:a4:72:3a:6e:77:c3:40:c7:28:
                    91:fc:a1:8a:75:0a:dd:92:56:1e:ec:f0:56:37:7d:
                    d3:03:55:c2:c5:a1:3f:d8:11:cf:76:72:59:af:ca:
                    88:21:4a:7f:8b:99:09:4b:35:f5:6c:62:c6:6a:9a:
                    71:bd:b2:b9:ff:4e:c9:d6:8a:68:af:32:bb:75:55:
                    a1:ff:63:d1:ad:51:16:cd:34:7d:3d:9e:83:2b:8f:
                    f7:b6:cc:0a:86:a2:9a:85:5e:05:8d:96:3e:5a:dc:
                    ab:7f:a9:ac:22:cb:4b:35:90:b2:37:e9:70:a1:f5:
                    b7:fa:12:2c:11:a2:11:66:0f:c7:d6:57:1a:4e:83:
                    ff:0b:a0:f2:4d:49:b4:54:e9:ec:d2:35:f6:e1:64:
                    8e:94:33:3a:12:d4:b4:8d:d3:ec:77:7b:f9:57:6e:
                    82:66:2b:58:fa:68:ea:78:31:77:8e:48:e0:d5:6c:
                    75:c7:41:4a:77:6a:92:c9:24:9c:c9:ef:8a:85:d8:
                    5f:4f:06:a2:12:18:97:ee:2e:6b:2c:52:cf:cb:34:
                    e2:04:84:5c:f7:a3:57:db:35:29:d1:cb:5d:e0:72:
                    45:20:55:4c:b6:71:fe:4e:48:f7:81:f5:fd:b0:fe:
                    7e:7f:0f:d0:ee:4b:f7:40:5d:7b:c3:b3:b1:49:1c:
                    61:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:98:04:79:C4:31:13:F3:75:74:5F:EA:80:1C:93:BF:D1:24:54:05
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/KZgEecQxE_N1dF_qgByTv9EkVAU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:50:c3:b3:3f:52:ce:7d:b4:b1:51:fa:3a:53:33:2a:2b:0a:
         f1:5e:bb:0c:37:c9:14:a3:4c:39:80:86:a3:a7:63:87:82:3f:
         6e:6b:db:f6:5f:31:8b:eb:96:ba:53:0e:db:a5:0f:73:09:89:
         ce:f9:23:ad:c0:ce:ce:a6:c9:12:ca:c7:4d:61:c9:e7:7a:07:
         67:9d:c2:86:e5:60:ed:dc:b4:e2:f6:89:ea:08:31:55:f3:38:
         e3:fc:46:ef:70:f6:e3:5e:ad:83:0c:1e:9d:f6:35:5e:90:a0:
         e4:2f:dc:2b:7a:69:15:f6:0a:38:bf:d0:6d:77:6c:4d:c8:54:
         7f:72:da:9a:f4:8d:2a:0c:b3:3a:2d:77:61:59:95:de:25:b4:
         6e:0e:9e:4c:a4:a4:2b:3e:22:3e:a6:5a:63:d8:4f:bb:4b:10:
         6e:da:b7:fa:2c:92:34:51:ad:a5:97:d3:ca:3d:bf:71:48:ed:
         5d:82:ae:b6:ca:ad:94:04:bb:f6:bf:66:4a:78:66:53:1a:5d:
         a9:fa:66:0b:61:b5:c2:f8:15:92:cf:86:42:07:1b:ed:82:42:
         af:26:2b:0f:57:c9:4e:d7:f2:37:e0:c2:3d:c7:0e:db:fc:b7:
         63:8e:05:93:1c:2a:37:46:61:10:35:78:9a:7c:f6:b6:e8:50:
         5c:de:d0:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt6JNA3KNeXTROHtqjoK8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwMTAxMjAyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTk4MDQ3OWM0MzExM2YzNzU3NDVmZWE4MDFjOTNiZmQxMjQ1NDA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgFxQPm+kcjpud8NAxyiR/KGKdQrd
klYe7PBWN33TA1XCxaE/2BHPdnJZr8qIIUp/i5kJSzX1bGLGappxvbK5/07J1opo
rzK7dVWh/2PRrVEWzTR9PZ6DK4/3tswKhqKahV4FjZY+Wtyrf6msIstLNZCyN+lw
ofW3+hIsEaIRZg/H1lcaToP/C6DyTUm0VOns0jX24WSOlDM6EtS0jdPsd3v5V26C
ZitY+mjqeDF3jkjg1Wx1x0FKd2qSySScye+KhdhfTwaiEhiX7i5rLFLPyzTiBIRc
96NX2zUp0ctd4HJFIFVMtnH+Tkj3gfX9sP5+fw/Q7kv3QF17w7OxSRxhKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCmYBHnEMRPzdXRf6oAck7/RJFQFMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvS1pnRWVjUXhFX04xZEZfcWdCeVR2OUVrVkFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPkirMA0G
CSqGSIb3DQEBCwUAA4IBAQAwUMOzP1LOfbSxUfo6UzMqKwrxXrsMN8kUo0w5gIaj
p2OHgj9ua9v2XzGL65a6Uw7bpQ9zCYnO+SOtwM7OpskSysdNYcnnegdnncKG5WDt
3LTi9onqCDFV8zjj/EbvcPbjXq2DDB6d9jVekKDkL9wremkV9go4v9Btd2xNyFR/
ctqa9I0qDLM6LXdhWZXeJbRuDp5MpKQrPiI+plpj2E+7SxBu2rf6LJI0Ua2ll9PK
Pb9xSO1dgq62yq2UBLv2v2ZKeGZTGl2p+mYLYbXC+BWSz4ZCBxvtgkKvJisPV8lO
1/I34MI9xw7b/LdjjgWTHCo3RmEQNXiafPa26FBc3tB5
-----END CERTIFICATE-----