Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/Mvyiwculd6CoS7xAAhl2nq2pp6c.roa
File:                     Mvyiwculd6CoS7xAAhl2nq2pp6c.roa (raw, json)
Hash identifier:          56eKDWiI6SB3+pedS9joaA90ql8sQPgiklB8odxaRJU=
Subject key identifier:   32:FC:A2:C1:CB:A5:77:A0:A8:4B:BC:40:02:19:76:9E:AD:A9:A7:A7
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018CC6B7AE004CAC60D3D1A22CA001870F36
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/Mvyiwculd6CoS7xAAhl2nq2pp6c.roa
Signing time:             Mon 01 Jan 2024 20:29:35 +0000
ROA not before:           Mon 01 Jan 2024 20:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     271842
IP address blocks:        62.72.186.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 23:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:ae:00:4c:ac:60:d3:d1:a2:2c:a0:01:87:0f:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jan  1 20:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=32fca2c1cba577a0a84bbc400219769eada9a7a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:73:98:b1:65:66:ed:8c:78:e4:99:f3:a8:c6:
                    20:10:6b:df:09:9d:7d:91:bc:79:4a:af:fd:ee:f1:
                    be:f0:10:23:1f:5a:ad:3f:55:95:84:ee:3f:a2:38:
                    db:d2:c4:38:50:e6:f9:f2:83:ec:87:03:8f:e1:0e:
                    97:57:ed:80:c0:37:fa:b2:69:2e:ba:50:61:d7:d7:
                    bd:40:02:37:ce:3c:c5:bd:1b:41:76:01:9a:f4:c1:
                    3b:61:74:06:55:c4:9c:69:5e:45:bf:f7:2b:70:6a:
                    78:57:80:07:ff:66:bb:ef:1c:31:06:db:d7:c5:73:
                    5a:65:27:b5:6b:ce:12:6e:2b:e7:43:7d:ce:5d:56:
                    2f:73:3b:1d:6b:50:05:5e:46:76:2d:ab:f2:ed:b5:
                    19:75:08:60:65:55:c6:e3:70:e0:a6:9b:f3:56:a1:
                    f8:30:d4:0b:fd:9d:7e:01:1c:ec:c6:c2:68:03:67:
                    9b:59:cc:4a:16:16:69:96:12:df:02:ba:fa:0b:59:
                    e3:fa:b6:87:98:26:ee:0f:fc:a5:3d:b8:89:44:41:
                    da:31:dc:31:ef:4f:ce:5b:3b:6d:0c:6d:74:04:98:
                    46:99:31:73:00:6d:c3:fd:a0:9c:e6:fa:62:5e:b2:
                    ab:84:85:48:b3:b8:ee:42:4a:67:3e:be:3e:40:c2:
                    50:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:FC:A2:C1:CB:A5:77:A0:A8:4B:BC:40:02:19:76:9E:AD:A9:A7:A7
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/Mvyiwculd6CoS7xAAhl2nq2pp6c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:b4:35:9d:55:05:c1:5c:0f:3b:83:ef:20:66:59:f3:c3:1d:
         12:64:89:c8:c4:32:49:5f:47:d7:10:4b:58:39:61:44:78:f6:
         a6:2f:2b:f8:c6:9a:30:b4:7a:c9:e2:0a:a2:cf:d3:b5:8c:46:
         fe:24:1e:3d:70:4a:ec:bd:ac:f5:3a:ce:2e:11:cc:1a:8d:1e:
         27:e8:e6:d5:1e:c5:ac:31:12:c2:c1:02:ba:ab:58:d7:0f:a8:
         fc:ff:34:e3:aa:0f:f6:e0:fa:c2:bc:3f:97:13:96:14:18:0b:
         5b:9d:12:cc:a5:47:d3:ab:37:b8:ad:b3:be:c5:48:f5:82:b9:
         3a:df:e3:74:2c:67:72:59:6b:37:2a:2d:b9:57:84:cf:1f:3a:
         e3:3f:f7:72:f1:ba:c0:a6:4d:62:9c:3a:c3:c0:3e:32:6b:32:
         a9:fd:73:79:cf:ee:c3:a8:21:98:c7:83:3f:4b:5a:c1:63:86:
         cd:c3:91:e8:d5:f7:a2:72:b2:ed:12:93:32:74:78:0a:e6:fb:
         fb:30:49:a7:ee:b4:4e:c2:62:3a:03:9f:74:a6:1f:09:7c:83:
         2b:8d:31:97:42:91:77:ee:b9:fe:b0:d2:3e:9b:8c:e4:90:96:
         5a:8c:a5:c8:a4:b2:8b:1a:55:1f:16:ad:da:27:ef:44:ef:7c:
         9d:51:50:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt64ATKxg09GiLKABhw82MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwMTAxMjAyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmZjYTJjMWNiYTU3N2EwYTg0YmJjNDAwMjE5NzY5ZWFkYTlhN2E3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwXOYsWVm7Yx45JnzqMYgEGvfCZ19
kbx5Sq/97vG+8BAjH1qtP1WVhO4/ojjb0sQ4UOb58oPshwOP4Q6XV+2AwDf6smku
ulBh19e9QAI3zjzFvRtBdgGa9ME7YXQGVcScaV5Fv/crcGp4V4AH/2a77xwxBtvX
xXNaZSe1a84SbivnQ33OXVYvczsda1AFXkZ2Lavy7bUZdQhgZVXG43DgppvzVqH4
MNQL/Z1+ARzsxsJoA2ebWcxKFhZplhLfArr6C1nj+raHmCbuD/ylPbiJREHaMdwx
70/OWzttDG10BJhGmTFzAG3D/aCc5vpiXrKrhIVIs7juQkpnPr4+QMJQGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDL8osHLpXegqEu8QAIZdp6tqaenMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvTXZ5aXdjdWxkNkNvUzd4QUFobDJucTJwcDZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPki6MA0G
CSqGSIb3DQEBCwUAA4IBAQAgtDWdVQXBXA87g+8gZlnzwx0SZInIxDJJX0fXEEtY
OWFEePamLyv4xpowtHrJ4gqiz9O1jEb+JB49cErsvaz1Os4uEcwajR4n6ObVHsWs
MRLCwQK6q1jXD6j8/zTjqg/24PrCvD+XE5YUGAtbnRLMpUfTqze4rbO+xUj1grk6
3+N0LGdyWWs3Ki25V4TPHzrjP/dy8brApk1inDrDwD4yazKp/XN5z+7DqCGYx4M/
S1rBY4bNw5Ho1feicrLtEpMydHgK5vv7MEmn7rROwmI6A590ph8JfIMrjTGXQpF3
7rn+sNI+m4zkkJZajKXIpLKLGlUfFq3aJ+9E73ydUVDE
-----END CERTIFICATE-----