Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/Q-PoiEkBAFL77EgYbfNw2JO83SY.roa
File:                     Q-PoiEkBAFL77EgYbfNw2JO83SY.roa (raw, json)
Hash identifier:          hjDWtvwBL5uNPTkwOprJb2MTh5HCRBO+IS81YCbWwE4=
Subject key identifier:   43:E3:E8:88:49:01:00:52:FB:EC:48:18:6D:F3:70:D8:93:BC:DD:26
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018CC6B7A5CBFA957B27D4805B75BEDF7652
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/Q-PoiEkBAFL77EgYbfNw2JO83SY.roa
Signing time:             Mon 01 Jan 2024 20:29:33 +0000
ROA not before:           Mon 01 Jan 2024 20:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199077
IP address blocks:        62.72.171.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:a5:cb:fa:95:7b:27:d4:80:5b:75:be:df:76:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jan  1 20:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=43e3e88849010052fbec48186df370d893bcdd26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:f4:fd:1e:f8:0b:59:11:d8:a2:f7:15:9a:93:
                    e5:fe:10:35:a9:84:6f:69:5d:fa:0b:1e:14:f8:66:
                    bc:25:b0:3a:c8:66:55:6a:d9:64:f7:34:93:aa:75:
                    13:69:73:ce:73:90:ba:bc:91:40:cf:75:ff:a1:49:
                    96:ea:bb:5b:16:e8:7a:90:98:76:9f:e2:48:bd:00:
                    45:4d:bb:6e:9a:0e:5d:1c:7b:93:c0:87:38:f6:ea:
                    43:25:4d:a8:df:3b:65:af:ce:b2:03:a1:b5:21:c2:
                    cd:9e:44:d6:4b:a6:ce:2b:74:6f:1c:a4:e5:09:2f:
                    85:f6:fb:39:a6:7b:cb:dc:a0:b3:e5:a3:d8:43:21:
                    28:1d:f2:58:d4:4c:c0:2b:18:24:9c:b8:6e:1e:fe:
                    77:94:3d:93:91:da:2c:7e:06:9b:f2:2e:08:24:01:
                    76:8b:16:80:57:0e:94:fe:c7:c9:96:2e:da:2f:6f:
                    d6:01:cf:6e:18:2e:db:0e:19:dd:67:96:42:39:88:
                    c2:92:1e:51:2a:73:1b:55:f9:5e:d0:35:12:a4:75:
                    b9:6a:f7:8d:57:0d:10:79:98:d2:80:12:b6:9c:02:
                    81:ee:82:49:24:de:3a:f0:c1:6f:df:7c:f8:cf:7c:
                    f0:77:a3:5f:1e:c6:67:07:ec:84:44:3b:d0:4f:71:
                    50:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:E3:E8:88:49:01:00:52:FB:EC:48:18:6D:F3:70:D8:93:BC:DD:26
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/Q-PoiEkBAFL77EgYbfNw2JO83SY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:27:a5:28:10:05:ea:49:2b:4b:3a:8b:8a:9e:a9:c4:b5:2e:
         bc:c3:ea:a1:b4:04:d9:a7:d9:62:d8:b2:3c:fb:14:b5:d4:57:
         72:8d:82:41:8c:c2:4e:a1:37:55:ac:f8:b5:ac:81:1e:1d:b9:
         dc:a0:66:3e:54:21:97:10:3f:78:26:fa:05:95:e3:fb:bf:64:
         0e:5f:5c:2f:d7:c5:0e:62:b0:14:30:ed:be:79:d7:81:47:f5:
         53:6c:fb:d1:9a:de:d3:c9:07:29:00:23:15:fa:d8:e3:8c:f4:
         c5:43:ff:28:82:3c:4f:4a:01:44:b2:31:f0:0b:b1:c0:c6:23:
         3e:9c:55:a7:d2:68:32:ad:ba:f9:d5:8d:f9:b8:d8:14:44:10:
         5a:07:00:c0:9d:e4:7a:3e:4e:f4:8e:b1:c1:dc:09:6d:fd:08:
         59:9f:69:98:d4:40:ee:e0:ea:0b:e9:a7:96:8f:be:8a:08:aa:
         cc:50:7d:8c:1b:2e:34:21:09:6d:eb:d5:f8:0e:cc:ef:f1:05:
         ea:fc:7d:53:fb:27:bd:d6:ad:d5:57:bc:59:d4:54:f4:fb:15:
         4a:e3:ed:74:30:33:54:15:66:f3:6c:fe:f5:0c:f3:2c:2d:c8:
         54:9f:a1:fa:6a:63:b5:ec:1c:a1:2c:4c:b9:10:77:c2:46:da:
         f8:47:a0:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt6XL+pV7J9SAW3W+33ZSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwMTAxMjAyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2UzZTg4ODQ5MDEwMDUyZmJlYzQ4MTg2ZGYzNzBkODkzYmNkZDI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnPT9HvgLWRHYovcVmpPl/hA1qYRv
aV36Cx4U+Ga8JbA6yGZVatlk9zSTqnUTaXPOc5C6vJFAz3X/oUmW6rtbFuh6kJh2
n+JIvQBFTbtumg5dHHuTwIc49upDJU2o3ztlr86yA6G1IcLNnkTWS6bOK3RvHKTl
CS+F9vs5pnvL3KCz5aPYQyEoHfJY1EzAKxgknLhuHv53lD2Tkdosfgab8i4IJAF2
ixaAVw6U/sfJli7aL2/WAc9uGC7bDhndZ5ZCOYjCkh5RKnMbVfle0DUSpHW5aveN
Vw0QeZjSgBK2nAKB7oJJJN468MFv33z4z3zwd6NfHsZnB+yERDvQT3FQlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEPj6IhJAQBS++xIGG3zcNiTvN0mMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvUS1Qb2lFa0JBRkw3N0VnWWJmTncySk84M1NZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPkirMA0G
CSqGSIb3DQEBCwUAA4IBAQBgJ6UoEAXqSStLOouKnqnEtS68w+qhtATZp9li2LI8
+xS11FdyjYJBjMJOoTdVrPi1rIEeHbncoGY+VCGXED94JvoFleP7v2QOX1wv18UO
YrAUMO2+edeBR/VTbPvRmt7TyQcpACMV+tjjjPTFQ/8ogjxPSgFEsjHwC7HAxiM+
nFWn0mgyrbr51Y35uNgURBBaBwDAneR6Pk70jrHB3Alt/QhZn2mY1EDu4OoL6aeW
j76KCKrMUH2MGy40IQlt69X4Dszv8QXq/H1T+ye91q3VV7xZ1FT0+xVK4+10MDNU
FWbzbP71DPMsLchUn6H6amO17ByhLEy5EHfCRtr4R6DO
-----END CERTIFICATE-----