Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/aRL9FoEBg7BMj05sWh1OuHWG_JA.roa
File:                     aRL9FoEBg7BMj05sWh1OuHWG_JA.roa (raw, json)
Hash identifier:          xMhJwojo944cMXD8MesrnUbAOEDQp/Q7R1IenKTmrbg=
Subject key identifier:   69:12:FD:16:81:01:83:B0:4C:8F:4E:6C:5A:1D:4E:B8:75:86:FC:90
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018D47797B4AC7866256F81C453FD5327734
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/aRL9FoEBg7BMj05sWh1OuHWG_JA.roa
Signing time:             Fri 26 Jan 2024 20:32:40 +0000
ROA not before:           Fri 26 Jan 2024 20:32:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24768
IP address blocks:        62.72.170.0/24 maxlen: 24
                          62.72.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 23:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:47:79:7b:4a:c7:86:62:56:f8:1c:45:3f:d5:32:77:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jan 26 20:32:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6912fd16810183b04c8f4e6c5a1d4eb87586fc90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:4f:be:92:41:84:e9:25:b2:3f:8a:27:99:6d:
                    fe:49:4c:e4:1f:90:f9:62:5a:c6:74:d4:51:2a:24:
                    cd:38:92:81:03:9a:3e:56:5b:76:28:c3:99:7f:e3:
                    ff:42:6f:b2:35:d1:4b:6a:9d:55:4b:ab:47:64:3a:
                    eb:d8:fb:28:60:8f:46:aa:15:a6:69:aa:94:20:62:
                    9b:89:e3:8c:c0:98:f6:cf:e9:73:39:a0:64:f3:20:
                    87:9f:e9:38:bf:c0:61:e8:4a:cf:17:e4:9d:82:d7:
                    30:af:b3:9d:e3:f9:a1:21:57:af:ea:cc:17:74:0a:
                    9b:b4:ae:57:9a:2c:80:96:52:96:8c:25:32:44:48:
                    5b:96:03:b0:51:46:7f:80:53:80:0b:1b:44:1f:80:
                    8d:c8:0f:fb:89:77:87:db:da:c7:19:5e:2c:02:35:
                    50:1c:df:5e:8c:61:11:d7:3c:8f:90:89:66:3b:14:
                    dd:89:e6:69:f2:c3:88:5d:4c:10:b9:70:db:ea:c8:
                    3c:56:02:74:f4:6c:59:f7:9d:53:f2:34:e0:da:19:
                    9c:04:9f:2f:5e:b8:cb:23:00:33:3e:3d:5b:c9:36:
                    2b:f3:2b:8a:12:66:76:b5:a4:be:d8:09:2d:24:96:
                    b0:46:c6:f1:48:d2:18:ec:8b:2a:2d:4b:59:4a:af:
                    ea:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:12:FD:16:81:01:83:B0:4C:8F:4E:6C:5A:1D:4E:B8:75:86:FC:90
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/aRL9FoEBg7BMj05sWh1OuHWG_JA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.170.0/24
                  62.72.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:49:d5:68:f7:8d:d3:6d:bc:49:b5:be:33:d5:30:32:b8:60:
         91:42:97:26:ce:b6:3c:d1:a2:43:cd:ab:29:78:9e:88:74:c9:
         30:1b:7a:0f:cc:5a:b9:1b:b6:aa:b8:88:1f:77:1e:db:16:09:
         31:c8:26:e1:96:84:4f:8a:e6:e2:d5:c0:15:cd:30:4d:90:9e:
         e7:f6:58:40:ed:fb:3c:65:ae:bb:73:f4:f8:56:d7:53:03:01:
         4c:ae:95:66:90:da:8c:3b:18:70:63:57:e1:3f:a3:d0:ee:7d:
         ab:b6:df:59:f2:96:dd:58:b2:e4:b1:a2:f9:e9:0a:b5:c0:c9:
         21:b5:ea:51:a6:0c:de:05:97:88:c1:4a:45:7f:32:ec:f9:46:
         93:e5:f8:5b:28:7b:53:ba:ad:44:5b:1a:df:0d:99:57:55:8d:
         03:fd:64:6c:b6:5c:5c:ad:b3:39:7b:f6:f5:07:ff:bb:80:62:
         1b:af:0b:39:59:b2:ce:2c:ee:b6:c5:60:55:ad:74:1d:3f:fa:
         c0:d6:0e:33:32:f6:23:c4:98:ed:29:20:ae:28:cf:75:2f:b3:
         03:be:2e:a9:bc:c9:ed:50:6c:22:71:12:e5:d6:5d:2c:32:36:
         cf:05:e5:2e:31:3e:00:49:24:8f:a5:5f:76:84:d2:e4:9c:bf:
         e6:3c:c7:9e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY1HeXtKx4ZiVvgcRT/VMnc0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwMTI2MjAzMjQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTEyZmQxNjgxMDE4M2IwNGM4ZjRlNmM1YTFkNGViODc1ODZmYzkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsk++kkGE6SWyP4onmW3+SUzkH5D5
YlrGdNRRKiTNOJKBA5o+Vlt2KMOZf+P/Qm+yNdFLap1VS6tHZDrr2PsoYI9GqhWm
aaqUIGKbieOMwJj2z+lzOaBk8yCHn+k4v8Bh6ErPF+Sdgtcwr7Od4/mhIVev6swX
dAqbtK5XmiyAllKWjCUyREhblgOwUUZ/gFOACxtEH4CNyA/7iXeH29rHGV4sAjVQ
HN9ejGER1zyPkIlmOxTdieZp8sOIXUwQuXDb6sg8VgJ09GxZ951T8jTg2hmcBJ8v
XrjLIwAzPj1byTYr8yuKEmZ2taS+2AktJJawRsbxSNIY7IsqLUtZSq/qMwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGkS/RaBAYOwTI9ObFodTrh1hvyQMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvYVJMOUZvRUJnN0JNajA1c1doMU91SFdHX0pBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPkiqAwQA
PkiuMA0GCSqGSIb3DQEBCwUAA4IBAQAESdVo943TbbxJtb4z1TAyuGCRQpcmzrY8
0aJDzaspeJ6IdMkwG3oPzFq5G7aquIgfdx7bFgkxyCbhloRPiubi1cAVzTBNkJ7n
9lhA7fs8Za67c/T4VtdTAwFMrpVmkNqMOxhwY1fhP6PQ7n2rtt9Z8pbdWLLksaL5
6Qq1wMkhtepRpgzeBZeIwUpFfzLs+UaT5fhbKHtTuq1EWxrfDZlXVY0D/WRstlxc
rbM5e/b1B/+7gGIbrws5WbLOLO62xWBVrXQdP/rA1g4zMvYjxJjtKSCuKM91L7MD
vi6pvMntUGwicRLl1l0sMjbPBeUuMT4ASSSPpV92hNLknL/mPMee
-----END CERTIFICATE-----