Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/mzYTG369PgNAlh5zGombwiR8USY.roa
File:                     mzYTG369PgNAlh5zGombwiR8USY.roa (raw, json)
Hash identifier:          8QzG8+TapKGW2hVk6FFFsMwf9yDJ6j+AMvjRb3edEhc=
Subject key identifier:   9B:36:13:1B:7E:BD:3E:03:40:96:1E:73:1A:89:9B:C2:24:7C:51:26
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       019421B1A7DBA9CAD1EBF0AC4F538499763B
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/mzYTG369PgNAlh5zGombwiR8USY.roa
Signing time:             Wed 01 Jan 2025 11:47:58 +0000
ROA not before:           Wed 01 Jan 2025 11:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24768
IP address blocks:        62.72.170.0/24 maxlen: 24
                          62.72.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:a7:db:a9:ca:d1:eb:f0:ac:4f:53:84:99:76:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jan  1 11:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9b36131b7ebd3e0340961e731a899bc2247c5126
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:aa:de:74:d4:d0:58:f0:b8:04:b1:fc:21:5c:
                    ad:85:d6:2a:a3:0b:d3:55:13:50:22:b1:77:eb:9c:
                    1a:30:cb:86:2d:54:b4:a9:7e:63:6a:d0:68:8f:c0:
                    b9:51:45:ce:9e:3a:7f:90:d7:11:fe:b0:b9:08:57:
                    3c:d0:77:72:72:d0:32:cb:c6:14:c0:65:ca:b1:2f:
                    ef:71:c9:7a:93:a4:c6:6f:c5:c5:9f:c5:bc:46:42:
                    5c:dd:bb:6c:af:4d:d6:cc:b5:4d:a2:28:a1:38:7e:
                    39:bc:26:34:24:50:1d:a3:ac:72:cb:1a:9a:c4:c5:
                    08:8a:2d:d2:3c:6d:4e:bc:3a:60:01:0e:e7:5a:63:
                    5d:fa:83:bf:82:b7:8b:e1:45:59:0d:75:09:0c:ca:
                    35:57:ea:0c:00:cc:9f:38:71:c3:9b:0e:93:b0:17:
                    9e:20:17:9e:10:0c:ae:11:47:00:7a:1b:b8:d0:b4:
                    b9:46:8c:a6:4e:0d:a2:a8:ce:7e:e0:73:48:b4:a7:
                    41:35:09:08:56:1f:76:11:47:33:eb:06:09:1d:bd:
                    52:a1:c4:74:62:ab:66:a3:66:03:ae:52:8c:ca:90:
                    60:4f:7f:cc:ed:46:e9:7c:24:01:03:6f:c6:14:7d:
                    de:d2:23:6e:73:f3:36:04:4d:b5:5c:51:cc:dc:0e:
                    62:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:36:13:1B:7E:BD:3E:03:40:96:1E:73:1A:89:9B:C2:24:7C:51:26
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/mzYTG369PgNAlh5zGombwiR8USY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.170.0/24
                  62.72.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:2f:5a:31:d4:5e:f1:68:df:45:7e:89:64:08:52:37:c0:ee:
         26:03:a3:79:d7:43:f0:5a:2f:37:bf:4b:89:a2:24:14:4e:46:
         dd:87:db:15:8f:bd:a2:4e:53:bd:ef:74:cc:ed:0c:50:b5:f8:
         bb:ec:3e:fc:5f:c1:19:e0:12:6b:3f:98:7b:ed:a3:ed:22:3e:
         8d:16:b6:10:17:75:21:24:12:20:50:5b:b7:09:72:e3:e1:9a:
         04:a8:39:97:be:61:1c:78:f6:aa:fc:e3:ca:84:b0:c3:56:e6:
         c5:ff:c5:83:8e:3a:b1:df:a0:4e:4b:a6:a9:bb:57:58:34:5d:
         1a:9d:7c:4f:f0:98:7c:f4:37:59:f2:46:17:02:26:b3:2d:28:
         bb:e0:24:ad:5b:ce:c5:42:f8:73:77:9a:51:83:e7:6f:83:f3:
         ea:37:89:55:6b:9e:ad:46:ff:e1:ec:da:53:9d:a7:ac:bf:9a:
         0d:c5:78:59:a9:92:90:a5:07:a6:10:fb:6e:fa:54:3a:7d:11:
         3b:3c:bc:ab:79:48:ab:84:fe:6d:27:46:25:e9:0a:7c:04:3a:
         15:86:38:3e:7f:4c:35:b0:2f:7e:57:e9:00:6e:8f:b1:80:61:
         35:7e:ed:69:72:10:89:17:bd:0d:ee:59:50:25:54:94:fd:24:
         59:c4:85:7d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhsafbqcrR6/CsT1OEmXY7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjUwMTAxMTE0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjM2MTMxYjdlYmQzZTAzNDA5NjFlNzMxYTg5OWJjMjI0N2M1MTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx6redNTQWPC4BLH8IVythdYqowvT
VRNQIrF365waMMuGLVS0qX5jatBoj8C5UUXOnjp/kNcR/rC5CFc80HdyctAyy8YU
wGXKsS/vccl6k6TGb8XFn8W8RkJc3btsr03WzLVNoiihOH45vCY0JFAdo6xyyxqa
xMUIii3SPG1OvDpgAQ7nWmNd+oO/greL4UVZDXUJDMo1V+oMAMyfOHHDmw6TsBee
IBeeEAyuEUcAehu40LS5RoymTg2iqM5+4HNItKdBNQkIVh92EUcz6wYJHb1SocR0
Yqtmo2YDrlKMypBgT3/M7UbpfCQBA2/GFH3e0iNuc/M2BE21XFHM3A5iQwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJs2Ext+vT4DQJYecxqJm8IkfFEmMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvbXpZVEczNjlQZ05BbGg1ekdvbWJ3aVI4VVNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPkiqAwQA
PkiuMA0GCSqGSIb3DQEBCwUAA4IBAQArL1ox1F7xaN9FfolkCFI3wO4mA6N510Pw
Wi83v0uJoiQUTkbdh9sVj72iTlO973TM7QxQtfi77D78X8EZ4BJrP5h77aPtIj6N
FrYQF3UhJBIgUFu3CXLj4ZoEqDmXvmEcePaq/OPKhLDDVubF/8WDjjqx36BOS6ap
u1dYNF0anXxP8Jh89DdZ8kYXAiazLSi74CStW87FQvhzd5pRg+dvg/PqN4lVa56t
Rv/h7NpTnaesv5oNxXhZqZKQpQemEPtu+lQ6fRE7PLyreUirhP5tJ0Yl6Qp8BDoV
hjg+f0w1sC9+V+kAbo+xgGE1fu1pchCJF70N7llQJVSU/SRZxIV9
-----END CERTIFICATE-----