Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/P0zP1jJVbq5izuOS18FYTI1YHxs.roa
File:                     P0zP1jJVbq5izuOS18FYTI1YHxs.roa (raw, json)
Hash identifier:          s6fzct44ef1GEvO9VXyOMf9H83k5wEPaumVmsRJC6ns=
Subject key identifier:   3F:4C:CF:D6:32:55:6E:AE:62:CE:E3:92:D7:C1:58:4C:8D:58:1F:1B
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       019421B1A60286904DFCFFFF0DFF57835956
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/P0zP1jJVbq5izuOS18FYTI1YHxs.roa
Signing time:             Wed 01 Jan 2025 11:47:57 +0000
ROA not before:           Wed 01 Jan 2025 11:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     11426
IP address blocks:        62.72.164.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:a6:02:86:90:4d:fc:ff:ff:0d:ff:57:83:59:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jan  1 11:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3f4ccfd632556eae62cee392d7c1584c8d581f1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:8e:46:a6:cf:34:10:17:43:19:50:1a:a2:77:
                    38:aa:66:17:5f:86:2a:57:88:b1:38:f7:70:0c:0d:
                    a7:a6:61:0a:fa:d6:91:c4:37:7f:4d:c9:7e:52:46:
                    b6:b4:f4:af:00:8b:ff:65:eb:ee:d2:2c:c3:ad:6b:
                    dd:d7:09:47:5e:0d:00:fb:9b:a3:0c:26:cd:88:c5:
                    f0:bc:eb:1a:1a:b6:52:62:91:55:29:d0:fc:35:60:
                    78:2b:8d:f2:6a:19:eb:16:03:0c:f4:bd:1c:e7:9f:
                    2c:00:c9:33:75:9b:50:2c:2f:c2:9a:ab:6a:8d:6d:
                    1f:95:ba:fb:be:69:e0:7c:06:0a:f2:37:8d:fb:cf:
                    f5:b3:37:16:45:18:f3:7c:e8:71:2b:54:35:cb:82:
                    99:f2:d9:31:b0:2c:12:7d:02:2c:29:0f:27:46:af:
                    2c:ba:35:eb:04:93:28:20:2a:b9:65:13:da:dc:2d:
                    17:2d:4e:41:48:e5:ff:67:11:4c:6e:12:4f:a0:4a:
                    af:20:6e:a8:35:5a:e4:45:57:ad:5e:15:43:05:e2:
                    0c:c1:89:91:b9:7f:ab:55:0f:70:64:27:6a:96:c7:
                    29:e5:af:1e:f9:53:56:d0:84:3d:68:fe:e2:87:f3:
                    9f:2d:a9:3a:5e:6c:9f:0a:f6:18:47:14:bd:d5:c0:
                    95:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:4C:CF:D6:32:55:6E:AE:62:CE:E3:92:D7:C1:58:4C:8D:58:1F:1B
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/P0zP1jJVbq5izuOS18FYTI1YHxs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:6d:80:55:ae:44:96:ef:8c:ac:50:26:43:0e:e9:94:9c:e7:
         f2:48:a1:da:6d:58:8f:1f:3d:bd:7d:46:05:d6:de:7a:65:f6:
         70:33:29:14:56:80:9d:3e:a6:74:21:71:3e:2d:74:10:e9:d3:
         e6:f4:d6:41:10:d9:27:15:83:7d:4e:52:ed:3c:20:02:fe:1d:
         86:cd:f4:1b:76:66:c6:bf:a8:fd:97:b0:8d:f1:34:8e:ee:ef:
         2b:a3:b5:1b:a2:b5:88:af:25:8b:06:48:6f:d6:1e:90:06:59:
         eb:a6:16:fd:0f:08:83:e9:04:76:60:9f:49:3d:2f:94:ba:2d:
         7d:d2:cd:b7:97:c7:bd:8f:c2:98:ea:a2:b9:96:55:b0:59:dc:
         7b:7d:1a:4b:5c:1e:c1:ab:5d:6c:55:3f:97:00:a8:f3:ef:58:
         b9:dd:51:00:1f:65:ee:46:48:6e:1c:22:ea:78:32:82:50:c3:
         b0:5f:ed:8f:5b:d2:0c:4f:42:a3:fe:2b:32:70:74:fa:98:cf:
         98:94:68:c6:fd:6f:45:69:6f:c0:22:c6:ba:d0:ba:74:c7:83:
         7b:71:6a:26:b8:db:70:c2:ae:81:8b:d3:e3:ab:fd:a3:54:1a:
         a2:b1:35:d6:af:02:17:12:aa:cd:0d:b3:2f:90:4e:b9:e7:ab:
         ea:92:f0:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsaYChpBN/P//Df9Xg1lWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjUwMTAxMTE0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjRjY2ZkNjMyNTU2ZWFlNjJjZWUzOTJkN2MxNTg0YzhkNTgxZjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmo5Gps80EBdDGVAaonc4qmYXX4Yq
V4ixOPdwDA2npmEK+taRxDd/Tcl+Uka2tPSvAIv/Zevu0izDrWvd1wlHXg0A+5uj
DCbNiMXwvOsaGrZSYpFVKdD8NWB4K43yahnrFgMM9L0c558sAMkzdZtQLC/Cmqtq
jW0flbr7vmngfAYK8jeN+8/1szcWRRjzfOhxK1Q1y4KZ8tkxsCwSfQIsKQ8nRq8s
ujXrBJMoICq5ZRPa3C0XLU5BSOX/ZxFMbhJPoEqvIG6oNVrkRVetXhVDBeIMwYmR
uX+rVQ9wZCdqlscp5a8e+VNW0IQ9aP7ih/OfLak6XmyfCvYYRxS91cCVDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD9Mz9YyVW6uYs7jktfBWEyNWB8bMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvUDB6UDFqSlZicTVpenVPUzE4RllUSTFZSHhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPkikMA0G
CSqGSIb3DQEBCwUAA4IBAQBbbYBVrkSW74ysUCZDDumUnOfySKHabViPHz29fUYF
1t56ZfZwMykUVoCdPqZ0IXE+LXQQ6dPm9NZBENknFYN9TlLtPCAC/h2GzfQbdmbG
v6j9l7CN8TSO7u8ro7UborWIryWLBkhv1h6QBlnrphb9DwiD6QR2YJ9JPS+Uui19
0s23l8e9j8KY6qK5llWwWdx7fRpLXB7Bq11sVT+XAKjz71i53VEAH2XuRkhuHCLq
eDKCUMOwX+2PW9IMT0Kj/isycHT6mM+YlGjG/W9FaW/AIsa60Lp0x4N7cWomuNtw
wq6Bi9Pjq/2jVBqisTXWrwIXEqrNDbMvkE6556vqkvCJ
-----END CERTIFICATE-----