Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/g2bqt8Auc3XOeq9M3fFJg8AXDGk.roa
File:                     g2bqt8Auc3XOeq9M3fFJg8AXDGk.roa (raw, json)
Hash identifier:          4ut8boddAmaSovmvF46dOMje5EM/yTOdohYOZZl6ywk=
Subject key identifier:   83:66:EA:B7:C0:2E:73:75:CE:7A:AF:4C:DD:F1:49:83:C0:17:0C:69
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018CCF4B4F7946EADE822E99C5F3C1DB9128
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/g2bqt8Auc3XOeq9M3fFJg8AXDGk.roa
Signing time:             Wed 03 Jan 2024 12:27:48 +0000
ROA not before:           Wed 03 Jan 2024 12:27:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210542
IP address blocks:        62.72.182.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 14:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:cf:4b:4f:79:46:ea:de:82:2e:99:c5:f3:c1:db:91:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jan  3 12:27:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8366eab7c02e7375ce7aaf4cddf14983c0170c69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:05:24:01:db:95:71:40:7c:40:1c:ef:a9:73:
                    bf:02:58:de:01:4f:0a:07:0e:84:15:18:21:b0:f6:
                    b4:13:a1:fb:4b:8b:b2:b6:3f:93:c1:33:15:02:90:
                    a0:fc:55:49:9c:93:31:ba:9e:1a:b3:ab:81:0a:8b:
                    b1:d2:6c:d1:76:2f:f6:54:01:ac:c4:54:a9:5e:af:
                    41:65:5e:52:80:0f:a2:77:03:27:cf:b4:1e:4d:d1:
                    c6:86:45:a6:e1:1b:c2:23:45:7e:d0:56:22:ec:18:
                    0a:e0:0b:ab:f7:a4:67:3e:be:c6:3c:02:65:73:be:
                    c8:5e:47:38:5b:5d:2a:17:15:18:35:ce:03:88:ba:
                    e2:07:0e:ff:f1:b0:92:f7:c7:2b:2a:0b:4f:d1:52:
                    86:17:a6:17:58:e8:75:90:28:1f:0d:1f:48:f0:1d:
                    e8:8d:f8:8c:04:c9:32:ee:71:23:b2:2e:29:97:58:
                    f8:6e:db:d2:5a:c6:b2:b3:c3:d5:4c:a0:49:17:4e:
                    8b:09:60:ea:ed:36:46:78:8a:d1:83:e6:38:21:df:
                    43:51:ad:40:73:0f:7c:fb:ee:01:af:31:55:04:d6:
                    5c:c3:79:f7:c3:a5:44:31:e9:4e:02:5f:ad:09:6f:
                    dd:bc:8a:7a:69:f1:c9:a5:40:52:92:36:dd:1e:b9:
                    82:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:66:EA:B7:C0:2E:73:75:CE:7A:AF:4C:DD:F1:49:83:C0:17:0C:69
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/g2bqt8Auc3XOeq9M3fFJg8AXDGk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:5b:cc:46:e4:8e:44:d1:ed:6c:b5:3a:1f:ea:df:6b:c7:43:
         e4:26:f3:ee:5a:8e:12:59:5d:19:80:73:89:7f:74:65:1b:70:
         e6:96:c0:f1:f4:1f:08:8f:ed:2b:92:41:9f:46:d0:ec:6b:33:
         e5:65:f4:61:30:3d:e6:da:34:a6:94:45:25:3b:3e:12:52:d0:
         01:6e:d6:c2:6d:56:48:68:e9:94:7c:e1:1e:be:10:fa:e2:fe:
         e4:5e:b6:90:85:0a:e3:a0:c4:f5:80:f9:ab:95:f4:e8:38:5d:
         f9:5c:54:ea:51:c3:bb:89:ca:fb:d2:91:fa:31:c5:4a:b9:c8:
         eb:b3:c7:99:cd:f2:e7:1a:1b:49:d8:ac:bf:c2:6e:58:b8:c3:
         86:37:89:d3:88:4b:2f:a0:95:f5:73:e6:bc:d9:04:fb:cc:5d:
         78:f2:57:98:d6:58:aa:48:71:21:93:cc:8f:13:df:6c:52:b5:
         e1:ea:ce:22:96:4e:35:87:f3:08:ef:27:16:84:ff:7e:b1:35:
         60:d1:43:cf:c5:91:68:d3:6c:b3:e6:10:c4:b6:d0:4b:4d:67:
         b9:c4:c5:6c:e1:9f:48:1b:93:ab:ed:80:8a:39:1b:e0:58:9d:
         63:74:dc:24:8e:5f:dc:b1:21:d4:af:b3:2b:5c:3b:c9:65:5b:
         70:cb:00:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzPS095Ruregi6ZxfPB25EoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwMTAzMTIyNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzY2ZWFiN2MwMmU3Mzc1Y2U3YWFmNGNkZGYxNDk4M2MwMTcwYzY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjwUkAduVcUB8QBzvqXO/AljeAU8K
Bw6EFRghsPa0E6H7S4uytj+TwTMVApCg/FVJnJMxup4as6uBCoux0mzRdi/2VAGs
xFSpXq9BZV5SgA+idwMnz7QeTdHGhkWm4RvCI0V+0FYi7BgK4Aur96RnPr7GPAJl
c77IXkc4W10qFxUYNc4DiLriBw7/8bCS98crKgtP0VKGF6YXWOh1kCgfDR9I8B3o
jfiMBMky7nEjsi4pl1j4btvSWsays8PVTKBJF06LCWDq7TZGeIrRg+Y4Id9DUa1A
cw98++4BrzFVBNZcw3n3w6VEMelOAl+tCW/dvIp6afHJpUBSkjbdHrmC1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFINm6rfALnN1znqvTN3xSYPAFwxpMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvZzJicXQ4QXVjM1hPZXE5TTNmRkpnOEFYREdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPki2MA0G
CSqGSIb3DQEBCwUAA4IBAQC9W8xG5I5E0e1stTof6t9rx0PkJvPuWo4SWV0ZgHOJ
f3RlG3DmlsDx9B8Ij+0rkkGfRtDsazPlZfRhMD3m2jSmlEUlOz4SUtABbtbCbVZI
aOmUfOEevhD64v7kXraQhQrjoMT1gPmrlfToOF35XFTqUcO7icr70pH6McVKucjr
s8eZzfLnGhtJ2Ky/wm5YuMOGN4nTiEsvoJX1c+a82QT7zF148leY1liqSHEhk8yP
E99sUrXh6s4ilk41h/MI7ycWhP9+sTVg0UPPxZFo02yz5hDEttBLTWe5xMVs4Z9I
G5Or7YCKORvgWJ1jdNwkjl/csSHUr7MrXDvJZVtwywDE
-----END CERTIFICATE-----