Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/ibFxBG7dXlbb6vkuxzpj8aFPW9Y.roa
File:                     ibFxBG7dXlbb6vkuxzpj8aFPW9Y.roa (raw, json)
Hash identifier:          y/2gh96vV7NoVV/3aZvzkY+4+mY1wFJEbah0HG6tQZs=
Subject key identifier:   89:B1:71:04:6E:DD:5E:56:DB:EA:F9:2E:C7:3A:63:F1:A1:4F:5B:D6
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018DCBE8810B5F1DA23989054ABAA315D540
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/ibFxBG7dXlbb6vkuxzpj8aFPW9Y.roa
Signing time:             Wed 21 Feb 2024 13:43:48 +0000
ROA not before:           Wed 21 Feb 2024 13:43:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206980
IP address blocks:        62.72.168.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:cb:e8:81:0b:5f:1d:a2:39:89:05:4a:ba:a3:15:d5:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Feb 21 13:43:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=89b171046edd5e56dbeaf92ec73a63f1a14f5bd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:27:03:37:53:d4:bb:e7:74:be:9e:10:1c:7a:
                    cd:42:73:f4:c0:46:8a:0d:d6:ec:8b:88:6f:9e:37:
                    14:ed:ca:78:61:5a:74:8d:ce:66:cc:ad:e3:80:fa:
                    56:3b:3e:f8:84:c9:38:cc:5d:0b:0a:87:58:71:b6:
                    75:d2:ee:ce:a7:f4:fe:15:aa:51:15:f5:a4:b4:38:
                    c2:0e:4c:eb:8a:93:1e:c6:8d:50:68:b3:db:87:a8:
                    34:81:43:7f:e3:79:9e:f6:11:e9:f6:d1:11:a7:76:
                    3f:fe:e7:60:51:b8:a8:03:ba:c9:e2:2b:e7:f4:76:
                    f5:06:17:77:b5:b7:30:ca:ce:5a:af:5d:2a:cd:a1:
                    50:9d:5f:cb:16:cf:ce:b5:ee:9d:1a:e8:36:00:15:
                    81:ac:2b:09:bd:f9:2c:46:58:3a:43:df:aa:1a:42:
                    e2:cb:90:e3:f0:2c:95:54:7c:bb:c9:2d:e1:56:c2:
                    f9:82:b7:9f:2b:8c:e3:1c:92:89:80:5f:b6:14:cc:
                    7f:e6:e6:df:14:38:e4:1c:86:07:6c:57:6e:91:9b:
                    77:f5:0c:bb:78:a4:cd:ea:36:99:b3:a8:c5:ae:ca:
                    db:29:b1:95:21:5d:5f:4e:f1:74:47:25:b2:1f:9c:
                    7e:aa:9b:74:0b:48:08:fa:b6:4c:1f:da:3b:30:98:
                    1e:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:B1:71:04:6E:DD:5E:56:DB:EA:F9:2E:C7:3A:63:F1:A1:4F:5B:D6
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/ibFxBG7dXlbb6vkuxzpj8aFPW9Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:64:0c:fc:12:10:18:d9:70:65:3b:b9:c6:06:fc:56:ce:61:
         69:5f:82:95:f7:a0:db:80:84:33:f3:06:7b:30:8f:09:6d:06:
         c7:12:5a:a2:c4:b4:09:48:e5:06:33:19:27:01:9f:68:0c:33:
         74:2a:38:36:79:b6:b0:82:30:02:bd:44:35:8f:6c:c7:a7:6b:
         7f:30:34:3d:8d:40:dd:b8:a3:78:2b:2f:24:f3:d8:97:8a:72:
         45:54:61:d9:8c:ce:68:4c:6c:d8:e8:e4:ef:c5:1c:65:30:04:
         62:91:03:63:a0:7d:68:b5:fa:d6:a2:b8:59:98:6d:81:5d:20:
         e5:71:41:31:b2:f6:5c:54:d0:c6:38:2e:53:f7:be:da:6f:7b:
         ea:5f:98:23:94:b8:05:c0:d8:43:9c:8e:58:0c:3e:7b:c2:32:
         80:43:2a:bb:86:ea:4d:ee:71:e6:6f:30:e6:cb:55:a1:46:d7:
         09:05:88:63:ca:8c:f1:dd:03:08:4b:c4:5d:0e:b9:64:3b:dc:
         3f:5c:86:ad:69:70:ed:dd:39:6f:4c:b5:3f:5b:5e:33:bc:d8:
         47:32:b6:f7:53:34:36:81:d3:9e:8a:ba:4d:bb:5d:9b:e0:39:
         0b:c5:be:32:99:f4:5a:fd:59:30:c2:43:d3:4a:06:72:46:ec:
         1c:60:8d:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3L6IELXx2iOYkFSrqjFdVAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwMjIxMTM0MzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWIxNzEwNDZlZGQ1ZTU2ZGJlYWY5MmVjNzNhNjNmMWExNGY1YmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsicDN1PUu+d0vp4QHHrNQnP0wEaK
Ddbsi4hvnjcU7cp4YVp0jc5mzK3jgPpWOz74hMk4zF0LCodYcbZ10u7Op/T+FapR
FfWktDjCDkzripMexo1QaLPbh6g0gUN/43me9hHp9tERp3Y//udgUbioA7rJ4ivn
9Hb1Bhd3tbcwys5ar10qzaFQnV/LFs/Ote6dGug2ABWBrCsJvfksRlg6Q9+qGkLi
y5Dj8CyVVHy7yS3hVsL5grefK4zjHJKJgF+2FMx/5ubfFDjkHIYHbFdukZt39Qy7
eKTN6jaZs6jFrsrbKbGVIV1fTvF0RyWyH5x+qpt0C0gI+rZMH9o7MJgeIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFImxcQRu3V5W2+r5Lsc6Y/GhT1vWMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvaWJGeEJHN2RYbGJiNnZrdXh6cGo4YUZQVzlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPkioMA0G
CSqGSIb3DQEBCwUAA4IBAQBoZAz8EhAY2XBlO7nGBvxWzmFpX4KV96DbgIQz8wZ7
MI8JbQbHElqixLQJSOUGMxknAZ9oDDN0Kjg2ebawgjACvUQ1j2zHp2t/MDQ9jUDd
uKN4Ky8k89iXinJFVGHZjM5oTGzY6OTvxRxlMARikQNjoH1otfrWorhZmG2BXSDl
cUExsvZcVNDGOC5T977ab3vqX5gjlLgFwNhDnI5YDD57wjKAQyq7hupN7nHmbzDm
y1WhRtcJBYhjyozx3QMIS8RdDrlkO9w/XIataXDt3TlvTLU/W14zvNhHMrb3UzQ2
gdOeirpNu12b4DkLxb4ymfRa/VkwwkPTSgZyRuwcYI1/
-----END CERTIFICATE-----