Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/grkpzxJson0VO7xVFrMikGMv36c.roa
File:                     grkpzxJson0VO7xVFrMikGMv36c.roa (raw, json)
Hash identifier:          YMm6A4zlYtaXgWVdkGysieoloVta9ggqSz989h7KXRQ=
Subject key identifier:   82:B9:29:CF:12:6C:A2:7D:15:3B:BC:55:16:B3:22:90:63:2F:DF:A7
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       019421B1A58CEDDF6161ED1268A91B3DFC58
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/grkpzxJson0VO7xVFrMikGMv36c.roa
Signing time:             Wed 01 Jan 2025 11:47:57 +0000
ROA not before:           Wed 01 Jan 2025 11:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     10111
IP address blocks:        62.72.181.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:a5:8c:ed:df:61:61:ed:12:68:a9:1b:3d:fc:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jan  1 11:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=82b929cf126ca27d153bbc5516b32290632fdfa7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:6c:bc:6c:b5:6c:ca:9a:e4:f9:2e:d8:1c:98:
                    39:ab:bf:f1:99:b8:73:13:8e:3b:b9:89:83:3d:1c:
                    73:ee:fe:6e:f5:8c:81:6e:39:1f:fb:6d:ca:e0:42:
                    3d:22:0f:70:94:f8:c0:e3:90:bf:e6:8f:1a:76:87:
                    2b:6e:39:27:26:c0:26:d6:5b:81:d1:df:c1:98:20:
                    7b:72:bf:b9:9e:68:91:10:17:85:0c:05:73:ae:6f:
                    97:89:7a:54:b4:64:f3:ff:7b:66:bc:08:7d:e1:7b:
                    3d:3a:2f:0c:f7:70:2b:1b:ad:a6:61:48:88:09:f5:
                    6b:06:48:a8:0f:90:55:80:de:7e:06:86:c8:f0:cc:
                    90:c0:4f:2a:1e:e5:49:3c:79:9e:27:09:22:0c:a9:
                    c7:37:2b:c6:3e:f2:90:a1:3c:c8:56:8e:ea:58:c2:
                    a6:f5:ad:f7:b8:4b:79:64:7b:9b:90:0d:6a:c9:ec:
                    53:14:3b:9e:09:24:8d:7e:c3:d9:47:ac:4e:4f:04:
                    72:82:33:b6:5e:64:22:fc:b4:ca:18:04:29:49:39:
                    c5:c8:ac:b4:aa:fe:11:e2:6d:02:70:d5:77:78:19:
                    47:a5:de:c6:f7:dc:42:ab:56:d3:d8:6b:85:67:39:
                    6f:7e:8d:63:c9:f9:99:57:f7:de:d6:4a:d5:7c:b2:
                    59:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:B9:29:CF:12:6C:A2:7D:15:3B:BC:55:16:B3:22:90:63:2F:DF:A7
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/grkpzxJson0VO7xVFrMikGMv36c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:31:56:bf:68:1d:f3:73:29:ea:74:98:38:50:4c:22:c9:b8:
         69:e3:9d:27:10:ef:2b:b4:00:13:6d:23:19:56:a9:89:38:a7:
         fb:1d:c8:28:65:86:a2:f0:83:c8:97:ce:a6:6e:38:a2:c0:94:
         c1:09:ce:19:a7:3b:72:48:5d:fa:56:9d:75:c9:98:e6:00:36:
         f1:cc:93:30:40:6d:05:98:24:cd:c2:b9:c4:57:57:d5:21:8a:
         51:35:fa:6c:d5:b1:7d:9e:4e:f1:06:bf:97:e1:db:a4:d6:0c:
         b3:95:85:78:b5:41:32:94:20:a6:9f:cc:63:8b:f3:32:7f:85:
         ec:05:dc:ef:7b:8f:2a:bd:d2:73:9b:51:e5:8b:26:a6:a5:3c:
         ce:df:9c:90:4c:63:b5:a1:f5:f1:b4:ef:d4:f8:95:67:4e:62:
         39:8b:16:83:ec:e4:83:60:cf:e0:03:80:25:7f:5b:38:67:e9:
         ef:35:ca:81:2c:6a:9a:6c:bc:c3:b1:fe:54:77:74:bd:f8:e2:
         b6:55:c6:78:a7:f5:89:7f:72:00:f8:70:d3:a2:82:23:e9:8f:
         18:c1:9e:eb:bb:7b:8a:0e:8e:6a:72:85:66:0e:e8:e0:e2:49:
         04:63:c4:58:fe:f0:56:55:5b:e8:ce:20:95:dc:7b:f8:6f:d4:
         af:8a:5c:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsaWM7d9hYe0SaKkbPfxYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjUwMTAxMTE0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmI5MjljZjEyNmNhMjdkMTUzYmJjNTUxNmIzMjI5MDYzMmZkZmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoWy8bLVsyprk+S7YHJg5q7/xmbhz
E447uYmDPRxz7v5u9YyBbjkf+23K4EI9Ig9wlPjA45C/5o8adocrbjknJsAm1luB
0d/BmCB7cr+5nmiREBeFDAVzrm+XiXpUtGTz/3tmvAh94Xs9Oi8M93ArG62mYUiI
CfVrBkioD5BVgN5+BobI8MyQwE8qHuVJPHmeJwkiDKnHNyvGPvKQoTzIVo7qWMKm
9a33uEt5ZHubkA1qyexTFDueCSSNfsPZR6xOTwRygjO2XmQi/LTKGAQpSTnFyKy0
qv4R4m0CcNV3eBlHpd7G99xCq1bT2GuFZzlvfo1jyfmZV/fe1krVfLJZeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIK5Kc8SbKJ9FTu8VRazIpBjL9+nMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvZ3JrcHp4SnNvbjBWTzd4VkZyTWlrR012MzZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPki1MA0G
CSqGSIb3DQEBCwUAA4IBAQBmMVa/aB3zcynqdJg4UEwiybhp450nEO8rtAATbSMZ
VqmJOKf7HcgoZYai8IPIl86mbjiiwJTBCc4ZpztySF36Vp11yZjmADbxzJMwQG0F
mCTNwrnEV1fVIYpRNfps1bF9nk7xBr+X4duk1gyzlYV4tUEylCCmn8xji/Myf4Xs
Bdzve48qvdJzm1HliyampTzO35yQTGO1ofXxtO/U+JVnTmI5ixaD7OSDYM/gA4Al
f1s4Z+nvNcqBLGqabLzDsf5Ud3S9+OK2VcZ4p/WJf3IA+HDTooIj6Y8YwZ7ru3uK
Do5qcoVmDujg4kkEY8RY/vBWVVvoziCV3Hv4b9Svilxa
-----END CERTIFICATE-----