Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/pRKV5NnSuigLYC9OzbXlUz4fMic.roa
File:                     pRKV5NnSuigLYC9OzbXlUz4fMic.roa (raw, json)
Hash identifier:          4y/NfLDBoopBcm4EtlSOqI1kOdlLNZGs+mJqvxTsbxE=
Subject key identifier:   A5:12:95:E4:D9:D2:BA:28:0B:60:2F:4E:CD:B5:E5:53:3E:1F:32:27
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       019421B1AC8EA946C686ABD3956062806D55
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/pRKV5NnSuigLYC9OzbXlUz4fMic.roa
Signing time:             Wed 01 Jan 2025 11:47:59 +0000
ROA not before:           Wed 01 Jan 2025 11:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     152672
IP address blocks:        62.72.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:ac:8e:a9:46:c6:86:ab:d3:95:60:62:80:6d:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jan  1 11:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a51295e4d9d2ba280b602f4ecdb5e5533e1f3227
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:5f:51:d6:f7:f1:3b:ac:18:47:ef:82:1d:a0:
                    33:b7:e9:e4:da:5c:c5:88:d4:5d:f2:48:87:1f:72:
                    d3:e8:58:e9:5b:db:65:79:b4:cf:32:99:09:59:d2:
                    15:32:c0:70:65:03:c8:e4:ba:0f:22:a0:ae:02:42:
                    a3:e6:e7:18:e4:0f:68:97:36:4b:3e:d8:81:e4:8d:
                    02:a8:c4:49:e0:91:04:35:4b:db:5f:39:34:4b:52:
                    80:bc:75:6a:c9:ad:f0:2a:f9:b3:e5:b1:2a:17:aa:
                    14:15:37:89:7d:73:99:1f:6c:33:1d:dc:cf:7a:ba:
                    35:57:00:ed:2b:82:1e:48:8b:74:a8:18:e5:39:42:
                    73:7b:33:03:a5:23:47:62:0d:99:7c:02:b8:95:37:
                    9f:0b:f3:81:b3:df:e4:dc:5e:35:db:2a:dd:d0:2f:
                    b4:4f:22:75:f2:53:c3:4b:4b:40:30:d2:2f:97:8a:
                    e8:79:40:c0:ee:d1:72:5c:ba:93:c0:71:db:cd:ba:
                    fd:ea:df:05:fd:2e:59:c6:91:30:03:7e:64:60:ac:
                    d9:da:af:10:08:6b:04:77:23:fb:43:c7:ed:f4:59:
                    b5:e3:23:29:21:c2:b3:70:a3:4f:5f:b8:fc:0c:07:
                    fe:cb:4c:3f:9b:61:ab:bf:32:12:66:6c:83:30:6d:
                    8a:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:12:95:E4:D9:D2:BA:28:0B:60:2F:4E:CD:B5:E5:53:3E:1F:32:27
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/pRKV5NnSuigLYC9OzbXlUz4fMic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:d1:2e:cc:19:2e:00:d0:55:47:b4:05:5d:92:72:82:45:04:
         de:2e:6a:a8:9b:3f:fc:18:22:aa:a8:ea:b8:c8:b2:cc:44:a7:
         9d:21:8f:89:ea:f1:94:ba:6c:18:88:01:92:f3:5b:e6:e6:5d:
         67:73:99:ef:c5:85:9e:99:42:57:55:df:c0:91:15:3e:9e:33:
         26:04:ec:2d:d8:16:04:e7:c0:06:21:48:94:65:7b:f3:c8:60:
         ee:8f:7e:9f:dd:8f:c3:55:f3:94:8d:52:50:d4:0b:52:30:79:
         82:d3:4e:5d:9d:ef:2b:be:59:59:f2:79:1c:52:30:92:46:b7:
         fb:05:14:1a:22:80:00:92:0a:b3:78:df:df:c1:ff:70:85:5a:
         7a:02:1d:de:7a:bf:ba:74:a8:12:3e:2d:a7:e1:c8:9d:00:b8:
         30:ac:d4:14:e8:30:f9:27:f1:4b:23:cf:06:98:2e:30:23:5a:
         a1:e8:b6:93:25:04:af:73:c6:8f:78:ca:0e:92:5b:a6:8c:e6:
         3c:b1:a0:38:0f:ce:8b:cb:cb:f5:b5:14:48:75:4f:58:3d:17:
         d9:c2:6b:8e:ae:1f:31:a1:c8:66:4b:85:86:99:4e:27:59:e8:
         48:b0:43:0a:23:02:00:01:cd:e6:88:c4:c7:16:6d:6c:89:a6:
         88:ec:31:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsayOqUbGhqvTlWBigG1VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjUwMTAxMTE0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTEyOTVlNGQ5ZDJiYTI4MGI2MDJmNGVjZGI1ZTU1MzNlMWYzMjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoF9R1vfxO6wYR++CHaAzt+nk2lzF
iNRd8kiHH3LT6FjpW9tlebTPMpkJWdIVMsBwZQPI5LoPIqCuAkKj5ucY5A9olzZL
PtiB5I0CqMRJ4JEENUvbXzk0S1KAvHVqya3wKvmz5bEqF6oUFTeJfXOZH2wzHdzP
ero1VwDtK4IeSIt0qBjlOUJzezMDpSNHYg2ZfAK4lTefC/OBs9/k3F412yrd0C+0
TyJ18lPDS0tAMNIvl4roeUDA7tFyXLqTwHHbzbr96t8F/S5ZxpEwA35kYKzZ2q8Q
CGsEdyP7Q8ft9Fm14yMpIcKzcKNPX7j8DAf+y0w/m2GrvzISZmyDMG2K6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKUSleTZ0rooC2AvTs215VM+HzInMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvcFJLVjVOblN1aWdMWUM5T3piWGxVejRmTWljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPkirMA0G
CSqGSIb3DQEBCwUAA4IBAQAl0S7MGS4A0FVHtAVdknKCRQTeLmqomz/8GCKqqOq4
yLLMRKedIY+J6vGUumwYiAGS81vm5l1nc5nvxYWemUJXVd/AkRU+njMmBOwt2BYE
58AGIUiUZXvzyGDuj36f3Y/DVfOUjVJQ1AtSMHmC005dne8rvllZ8nkcUjCSRrf7
BRQaIoAAkgqzeN/fwf9whVp6Ah3eer+6dKgSPi2n4cidALgwrNQU6DD5J/FLI88G
mC4wI1qh6LaTJQSvc8aPeMoOklumjOY8saA4D86Ly8v1tRRIdU9YPRfZwmuOrh8x
ochmS4WGmU4nWehIsEMKIwIAAc3miMTHFm1siaaI7DHI
-----END CERTIFICATE-----