Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/ka9Kg1mP_UGoOXD67l2s092h9eY.roa
File:                     ka9Kg1mP_UGoOXD67l2s092h9eY.roa (raw, json)
Hash identifier:          gHOj1YrfYiq5kNzFwLUGBr3drQZHXZ/djO0mPNqlklo=
Subject key identifier:   91:AF:4A:83:59:8F:FD:41:A8:39:70:FA:EE:5D:AC:D3:DD:A1:F5:E6
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       019421B1A4DDA4A60325A77B277C2A6288EF
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/ka9Kg1mP_UGoOXD67l2s092h9eY.roa
Signing time:             Wed 01 Jan 2025 11:47:57 +0000
ROA not before:           Wed 01 Jan 2025 11:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7018
IP address blocks:        62.72.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:a4:dd:a4:a6:03:25:a7:7b:27:7c:2a:62:88:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jan  1 11:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=91af4a83598ffd41a83970faee5dacd3dda1f5e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:55:88:ad:ac:e2:ef:09:fd:40:5f:ac:ba:b7:
                    64:9a:c8:f1:13:76:0d:cd:66:33:70:ce:b6:d2:86:
                    bf:c9:4e:b3:ce:8d:97:67:ad:c9:81:b3:1f:51:0d:
                    5d:01:43:83:bf:1d:ce:ae:be:5e:e7:71:ac:21:8e:
                    26:6e:a5:d0:8c:83:7a:7a:e2:0f:65:42:9f:ab:18:
                    e8:f3:70:7e:85:a0:21:41:ed:57:9d:3c:bf:89:03:
                    f3:d0:88:c1:9e:a4:8c:d8:77:bf:55:eb:35:14:f4:
                    25:d6:81:aa:e9:03:d8:4d:7b:e6:b9:d0:7f:13:89:
                    68:09:b9:3f:b0:97:02:e6:78:26:5c:34:b7:3a:07:
                    60:20:ae:11:13:f0:25:a6:1e:04:ae:87:e8:c4:5c:
                    17:ff:22:78:9a:5a:8e:d0:c9:72:b2:46:d2:d3:dd:
                    23:8e:d6:ce:91:4c:04:2f:62:6a:bd:06:30:89:0c:
                    2b:03:8e:12:ac:fc:eb:91:63:68:bc:79:0f:ed:7b:
                    be:6c:e8:12:77:cd:f9:cc:33:1a:4d:da:7f:e4:3f:
                    64:a4:ab:d4:c8:7c:44:01:b4:fb:35:f1:fb:ea:c3:
                    2e:dd:15:53:be:b9:51:b1:60:98:9d:0b:be:56:97:
                    a3:7b:d3:8e:2e:8d:8f:a5:bb:fb:42:cb:e6:6b:2b:
                    36:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:AF:4A:83:59:8F:FD:41:A8:39:70:FA:EE:5D:AC:D3:DD:A1:F5:E6
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/ka9Kg1mP_UGoOXD67l2s092h9eY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:57:5c:5d:f6:7a:a7:e8:4a:3a:c9:e6:a5:69:1f:3a:1c:6f:
         60:cd:6e:aa:11:2b:f3:7f:06:1e:56:f2:24:ff:9f:1b:dc:e9:
         a6:fd:bd:24:57:86:64:dd:64:df:b9:8f:72:ba:11:c7:d8:7f:
         98:5c:f0:7a:d2:ca:5c:55:51:b9:4b:1b:f0:24:2a:b9:1f:fa:
         50:8b:2f:33:30:1b:9a:74:fe:3e:d1:88:1f:07:6b:3f:2a:f3:
         bd:42:03:86:6f:91:a0:85:25:57:dc:e5:38:79:d5:b6:2c:b3:
         9c:2d:30:34:93:31:6f:22:66:c0:c6:65:94:3f:b3:cc:cd:1f:
         73:e8:72:2b:f0:44:f1:6a:b1:b1:82:84:6e:c2:10:a6:94:78:
         f6:f3:99:20:95:8c:4d:7b:f7:37:bb:7e:35:92:45:2c:85:d6:
         64:19:32:fa:6f:d1:03:b0:75:09:41:f0:99:46:b2:98:ef:3e:
         cd:26:f0:d7:b0:76:a7:71:12:fe:8f:88:4f:f7:ce:b0:d5:53:
         57:00:d5:f6:84:21:4e:a9:b8:e5:b6:8e:01:24:c5:de:a5:a7:
         a2:28:d8:c2:0f:81:9d:fe:a0:32:6f:be:30:01:1d:bf:ea:38:
         29:38:15:3b:9f:35:60:fd:4b:a3:4c:a3:31:3f:65:e9:de:8e:
         6a:f8:9b:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsaTdpKYDJad7J3wqYojvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjUwMTAxMTE0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWFmNGE4MzU5OGZmZDQxYTgzOTcwZmFlZTVkYWNkM2RkYTFmNWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAulWIrazi7wn9QF+surdkmsjxE3YN
zWYzcM620oa/yU6zzo2XZ63JgbMfUQ1dAUODvx3Orr5e53GsIY4mbqXQjIN6euIP
ZUKfqxjo83B+haAhQe1XnTy/iQPz0IjBnqSM2He/Ves1FPQl1oGq6QPYTXvmudB/
E4loCbk/sJcC5ngmXDS3OgdgIK4RE/Alph4ErofoxFwX/yJ4mlqO0MlyskbS090j
jtbOkUwEL2JqvQYwiQwrA44SrPzrkWNovHkP7Xu+bOgSd835zDMaTdp/5D9kpKvU
yHxEAbT7NfH76sMu3RVTvrlRsWCYnQu+Vpeje9OOLo2Ppbv7Qsvmays2lwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJGvSoNZj/1BqDlw+u5drNPdofXmMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEva2E5S2cxbVBfVUdvT1hENjdsMnMwOTJoOWVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPki3MA0G
CSqGSIb3DQEBCwUAA4IBAQA3V1xd9nqn6Eo6yealaR86HG9gzW6qESvzfwYeVvIk
/58b3Omm/b0kV4Zk3WTfuY9yuhHH2H+YXPB60spcVVG5SxvwJCq5H/pQiy8zMBua
dP4+0YgfB2s/KvO9QgOGb5GghSVX3OU4edW2LLOcLTA0kzFvImbAxmWUP7PMzR9z
6HIr8ETxarGxgoRuwhCmlHj285kglYxNe/c3u341kkUshdZkGTL6b9EDsHUJQfCZ
RrKY7z7NJvDXsHancRL+j4hP986w1VNXANX2hCFOqbjlto4BJMXepaeiKNjCD4Gd
/qAyb74wAR2/6jgpOBU7nzVg/UujTKMxP2Xp3o5q+Jt/
-----END CERTIFICATE-----