Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/W97-yB2Mbwg73ap0BnNK9GZ0CBc.roa
File:                     W97-yB2Mbwg73ap0BnNK9GZ0CBc.roa (raw, json)
Hash identifier:          n9zsdGXPxROsClABiuww+dgCxSrw0pJQphR5ctWazd0=
Subject key identifier:   5B:DE:FE:C8:1D:8C:6F:08:3B:DD:AA:74:06:73:4A:F4:66:74:08:17
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018CC6B7A787C5A0C9A0CDB6660A8662DEB9
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/W97-yB2Mbwg73ap0BnNK9GZ0CBc.roa
Signing time:             Mon 01 Jan 2024 20:29:33 +0000
ROA not before:           Mon 01 Jan 2024 20:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205220
IP address blocks:        62.72.184.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 14:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:a7:87:c5:a0:c9:a0:cd:b6:66:0a:86:62:de:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jan  1 20:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5bdefec81d8c6f083bddaa7406734af466740817
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:54:f3:49:b9:63:b9:c6:d0:1c:d1:0d:a9:c8:
                    49:96:ac:25:54:fc:17:c4:86:f9:62:a3:26:0b:31:
                    c9:77:9b:ff:53:f7:ba:b8:88:9b:10:d5:f7:14:58:
                    5d:7f:0b:6b:78:84:65:c1:f8:a8:7c:a2:ae:c4:b5:
                    84:ef:eb:79:b9:27:15:01:25:23:5b:29:97:87:c9:
                    58:9c:f9:32:36:83:ba:1a:14:2c:79:7c:47:f1:50:
                    ef:84:21:d7:36:c7:dc:73:d8:e0:08:03:4e:20:85:
                    35:c0:7c:e8:ad:46:67:6c:bf:61:82:4d:91:df:4b:
                    82:3c:22:37:75:6c:1b:37:cf:46:20:2c:74:51:33:
                    2a:5d:36:f5:63:ca:0d:67:33:c2:2a:bc:f2:94:db:
                    b4:a2:db:66:18:0a:57:bb:3f:3d:63:ef:9f:f6:aa:
                    fc:02:99:8b:b0:d5:87:24:13:e3:f6:2a:9c:ad:96:
                    7f:eb:17:76:f9:3e:db:5b:9c:ae:af:1c:a4:30:3e:
                    30:4c:39:6b:61:1b:68:56:77:6f:75:dc:6c:3c:a8:
                    a2:87:b7:1c:0f:92:25:2c:c7:45:e7:46:ee:69:9c:
                    95:b8:3a:cd:03:e4:ca:18:af:a5:f2:38:1f:24:e8:
                    c0:81:4f:29:f5:2c:0f:43:a3:d1:0d:e2:dc:ea:ab:
                    0c:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:DE:FE:C8:1D:8C:6F:08:3B:DD:AA:74:06:73:4A:F4:66:74:08:17
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/W97-yB2Mbwg73ap0BnNK9GZ0CBc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:16:2d:d6:40:6f:5a:f8:09:3d:1b:3e:b7:4a:69:d1:0f:0c:
         9e:13:a5:0c:9b:3b:0f:52:da:0c:f4:2e:5f:1b:eb:f5:0f:53:
         1c:c4:3d:19:17:11:21:46:10:ff:5b:fe:db:ea:87:91:b3:d3:
         e2:ac:d7:80:39:96:d8:35:8a:b8:e1:10:b5:a3:7d:93:6b:82:
         cb:b8:a3:11:48:d4:a5:91:01:e1:a8:b5:93:f4:69:25:18:f1:
         57:71:fb:a9:d5:b3:ac:08:ba:d8:f0:27:bb:35:02:2f:48:2c:
         b0:5f:98:39:04:da:18:be:4a:cd:90:20:6a:06:43:43:7b:74:
         c2:81:fd:11:5f:85:ed:bd:b4:66:25:97:d7:b8:34:a3:1e:3d:
         cf:3f:9f:2c:a4:3f:14:88:73:83:65:37:77:f9:af:56:2c:7e:
         ae:a7:04:a6:c7:09:75:8e:81:68:0e:d1:77:83:2c:00:83:26:
         f8:88:ee:e8:45:24:24:96:98:7e:a0:41:73:7f:a1:1e:b3:a7:
         5b:12:a0:87:06:7d:63:5e:4b:fc:17:67:80:c5:73:b2:d6:9a:
         6b:a9:3e:ce:30:0a:8b:3d:70:37:1f:88:eb:bf:92:f4:d9:a2:
         c3:4d:2a:dd:d7:61:7f:df:4f:75:7d:92:cb:88:ad:d7:10:7b:
         cb:22:12:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt6eHxaDJoM22ZgqGYt65MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwMTAxMjAyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmRlZmVjODFkOGM2ZjA4M2JkZGFhNzQwNjczNGFmNDY2NzQwODE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAplTzSbljucbQHNENqchJlqwlVPwX
xIb5YqMmCzHJd5v/U/e6uIibENX3FFhdfwtreIRlwfiofKKuxLWE7+t5uScVASUj
WymXh8lYnPkyNoO6GhQseXxH8VDvhCHXNsfcc9jgCANOIIU1wHzorUZnbL9hgk2R
30uCPCI3dWwbN89GICx0UTMqXTb1Y8oNZzPCKrzylNu0ottmGApXuz89Y++f9qr8
ApmLsNWHJBPj9iqcrZZ/6xd2+T7bW5yurxykMD4wTDlrYRtoVndvddxsPKiih7cc
D5IlLMdF50buaZyVuDrNA+TKGK+l8jgfJOjAgU8p9SwPQ6PRDeLc6qsMjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFve/sgdjG8IO92qdAZzSvRmdAgXMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvVzk3LXlCMk1id2c3M2FwMEJuTks5R1owQ0JjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPki4MA0G
CSqGSIb3DQEBCwUAA4IBAQA/Fi3WQG9a+Ak9Gz63SmnRDwyeE6UMmzsPUtoM9C5f
G+v1D1McxD0ZFxEhRhD/W/7b6oeRs9PirNeAOZbYNYq44RC1o32Ta4LLuKMRSNSl
kQHhqLWT9GklGPFXcfup1bOsCLrY8Ce7NQIvSCywX5g5BNoYvkrNkCBqBkNDe3TC
gf0RX4XtvbRmJZfXuDSjHj3PP58spD8UiHODZTd3+a9WLH6upwSmxwl1joFoDtF3
gywAgyb4iO7oRSQklph+oEFzf6Ees6dbEqCHBn1jXkv8F2eAxXOy1pprqT7OMAqL
PXA3H4jrv5L02aLDTSrd12F/3091fZLLiK3XEHvLIhKl
-----END CERTIFICATE-----