Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/kb9BxBKY2oFyyAaWOLpVowxkabg.roa
File:                     kb9BxBKY2oFyyAaWOLpVowxkabg.roa (raw, json)
Hash identifier:          bEQAku9SJfZcJdsgmD353/m01osbhC5MCXsXKZyKu+I=
Subject key identifier:   91:BF:41:C4:12:98:DA:81:72:C8:06:96:38:BA:55:A3:0C:64:69:B8
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       019421B1AC4BC99FB90C7646D13A2B099A76
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/kb9BxBKY2oFyyAaWOLpVowxkabg.roa
Signing time:             Wed 01 Jan 2025 11:47:59 +0000
ROA not before:           Wed 01 Jan 2025 11:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     142111
IP address blocks:        62.72.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:ac:4b:c9:9f:b9:0c:76:46:d1:3a:2b:09:9a:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jan  1 11:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=91bf41c41298da8172c8069638ba55a30c6469b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:6c:32:a5:49:12:3c:d6:90:74:13:bb:0e:84:
                    77:b4:dd:d4:03:ad:32:d6:e1:61:da:7b:9a:1c:a2:
                    ed:b7:44:19:19:2b:8d:3d:ec:a5:6c:8e:94:98:b1:
                    24:d1:fe:ef:d1:08:aa:45:75:6b:4a:52:82:dc:01:
                    45:6e:c3:66:87:51:e6:d7:de:41:b9:1c:9f:91:4e:
                    f5:61:2d:ff:42:4b:1b:7e:17:f2:55:3f:43:68:34:
                    3b:fa:78:fc:01:71:14:19:64:16:16:38:1c:e4:e2:
                    45:b3:59:2b:d1:3d:43:07:7c:9e:f7:21:56:8b:fb:
                    90:dd:24:81:a1:e6:ce:d2:bf:b0:22:a2:c8:f1:35:
                    d7:f4:8e:a3:27:10:ec:6f:fd:2c:ec:ce:b7:89:89:
                    21:99:50:b3:70:4c:3e:fa:f6:90:25:9a:36:73:b1:
                    23:9b:77:5b:f1:ee:78:b7:e0:5f:15:88:1f:bc:fd:
                    6c:f7:71:fc:31:20:63:10:e4:5d:a0:fb:5b:28:1b:
                    83:74:a2:aa:8e:10:89:46:28:16:cd:eb:4d:f5:f5:
                    e9:11:6e:2e:64:0d:74:b4:9b:9a:91:7c:06:fc:e3:
                    bd:f7:3a:7b:ec:9f:09:1d:95:44:fc:2c:7f:fd:8f:
                    7b:21:d8:bd:f9:3c:e5:f7:74:b6:28:3f:6d:cb:f8:
                    d0:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:BF:41:C4:12:98:DA:81:72:C8:06:96:38:BA:55:A3:0C:64:69:B8
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/kb9BxBKY2oFyyAaWOLpVowxkabg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:6a:41:e0:7b:d6:36:55:40:39:3d:96:a7:12:b2:4f:7c:08:
         56:be:a9:44:f2:6f:91:ce:32:11:2d:88:89:66:ad:f6:95:0f:
         09:44:7b:87:50:16:4e:43:8a:b0:2a:ff:33:ea:49:8b:d8:93:
         5e:6b:b6:a2:66:95:41:a1:d3:2e:fa:19:33:5b:6f:4c:59:44:
         14:e8:cc:cb:d0:2e:db:db:81:90:7d:7b:a8:f3:9e:75:10:7f:
         03:3a:20:8a:94:5e:7e:d1:52:42:d1:82:f2:42:9b:c2:a5:6f:
         a6:cc:8b:5b:d3:e8:7a:fc:12:79:f1:8c:c5:48:af:cb:af:59:
         38:3a:e9:5a:fc:67:b9:7c:0c:34:ae:9c:94:2d:fc:f2:f0:bb:
         34:8f:cb:79:24:e4:ff:ff:db:0c:07:17:0e:61:08:84:f1:33:
         54:77:a2:c1:6c:02:37:64:7c:a0:d3:aa:11:1c:81:9f:e0:62:
         72:8c:56:bc:45:3e:e8:fc:83:61:2f:bc:c7:23:91:4f:8c:63:
         24:bd:df:39:23:e2:e1:61:71:dc:99:0d:1f:66:3c:59:d2:54:
         8c:25:29:16:b1:5a:50:c9:33:1f:be:04:69:7e:a1:b5:42:27:
         ec:f1:de:23:53:65:c4:68:42:be:d0:aa:c7:a2:62:33:00:b3:
         02:fb:4b:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsaxLyZ+5DHZG0TorCZp2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjUwMTAxMTE0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWJmNDFjNDEyOThkYTgxNzJjODA2OTYzOGJhNTVhMzBjNjQ2OWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwWwypUkSPNaQdBO7DoR3tN3UA60y
1uFh2nuaHKLtt0QZGSuNPeylbI6UmLEk0f7v0QiqRXVrSlKC3AFFbsNmh1Hm195B
uRyfkU71YS3/QksbfhfyVT9DaDQ7+nj8AXEUGWQWFjgc5OJFs1kr0T1DB3ye9yFW
i/uQ3SSBoebO0r+wIqLI8TXX9I6jJxDsb/0s7M63iYkhmVCzcEw++vaQJZo2c7Ej
m3db8e54t+BfFYgfvP1s93H8MSBjEORdoPtbKBuDdKKqjhCJRigWzetN9fXpEW4u
ZA10tJuakXwG/OO99zp77J8JHZVE/Cx//Y97Idi9+Tzl93S2KD9ty/jQQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJG/QcQSmNqBcsgGlji6VaMMZGm4MB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEva2I5QnhCS1kyb0Z5eUFhV09McFZvd3hrYWJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPkirMA0G
CSqGSIb3DQEBCwUAA4IBAQCzakHge9Y2VUA5PZanErJPfAhWvqlE8m+RzjIRLYiJ
Zq32lQ8JRHuHUBZOQ4qwKv8z6kmL2JNea7aiZpVBodMu+hkzW29MWUQU6MzL0C7b
24GQfXuo8551EH8DOiCKlF5+0VJC0YLyQpvCpW+mzItb0+h6/BJ58YzFSK/Lr1k4
Oula/Ge5fAw0rpyULfzy8Ls0j8t5JOT//9sMBxcOYQiE8TNUd6LBbAI3ZHyg06oR
HIGf4GJyjFa8RT7o/INhL7zHI5FPjGMkvd85I+LhYXHcmQ0fZjxZ0lSMJSkWsVpQ
yTMfvgRpfqG1Qifs8d4jU2XEaEK+0KrHomIzALMC+0td
-----END CERTIFICATE-----