Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/prQuL3Q1FypQoeqfp_uG6z3yFOg.roa
File:                     prQuL3Q1FypQoeqfp_uG6z3yFOg.roa (raw, json)
Hash identifier:          JuvBa9Dy9bhoqYfBjrw210O4zb7C1iAH7lEzlrmW7Qo=
Subject key identifier:   A6:B4:2E:2F:74:35:17:2A:50:A1:EA:9F:A7:FB:86:EB:3D:F2:14:E8
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       0192D83A10DCB8847FB014B5F4774864B6F4
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/prQuL3Q1FypQoeqfp_uG6z3yFOg.roa
Signing time:             Tue 29 Oct 2024 12:22:16 +0000
ROA not before:           Tue 29 Oct 2024 12:22:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        62.72.168.0/24 maxlen: 24
                          176.57.55.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d8:3a:10:dc:b8:84:7f:b0:14:b5:f4:77:48:64:b6:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Oct 29 12:22:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a6b42e2f7435172a50a1ea9fa7fb86eb3df214e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:d9:03:c4:0e:58:b0:a3:19:73:01:cc:d0:7f:
                    67:32:4a:cd:78:56:50:68:3b:aa:00:e3:32:b7:6f:
                    64:8c:48:d0:78:69:c3:f0:9f:df:ff:c4:96:dd:7e:
                    42:9d:29:94:af:b1:c9:bc:ea:50:43:e2:c0:4f:0b:
                    e4:24:a8:31:99:ee:64:da:c6:9d:1a:d8:8c:5a:32:
                    03:81:d3:da:27:8f:94:64:ce:70:15:d7:b7:99:d5:
                    35:9e:00:c8:a0:35:5b:79:1a:cb:77:48:36:05:ba:
                    fc:12:dc:c0:81:da:18:0f:75:aa:3b:c3:6f:6a:1b:
                    3b:7d:9f:d8:12:2f:6b:75:b5:2c:b0:d0:9c:81:89:
                    7e:8b:b1:dc:94:6d:c3:56:83:be:d3:a6:8e:a7:86:
                    09:37:83:ca:58:7b:8a:12:85:e4:56:50:d9:9a:5d:
                    7e:da:9f:7e:37:fa:15:4c:11:45:47:96:17:18:fc:
                    6f:a5:9c:63:8a:70:24:03:57:33:5b:df:09:06:55:
                    66:64:de:77:d0:f2:37:9f:8d:74:ad:06:f8:ca:80:
                    18:60:a7:53:e3:19:87:d2:6f:27:95:ed:c4:90:3b:
                    43:52:2f:69:dd:e2:52:a0:81:95:80:fd:f6:56:61:
                    5e:ae:ee:6c:cb:2b:8a:18:be:6e:c6:c4:ab:19:02:
                    c6:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:B4:2E:2F:74:35:17:2A:50:A1:EA:9F:A7:FB:86:EB:3D:F2:14:E8
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/prQuL3Q1FypQoeqfp_uG6z3yFOg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.168.0/24
                  176.57.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:37:3d:62:17:be:c6:81:21:b9:32:95:62:d4:49:39:b5:61:
         14:00:33:6e:09:1d:c5:a8:9f:99:53:3d:fe:eb:23:80:af:09:
         88:99:48:32:c5:97:2c:55:6f:11:e7:eb:95:d9:2a:d6:47:ad:
         1d:65:85:60:b4:42:b4:ff:d6:3b:4e:47:4e:c5:28:46:55:8f:
         7c:61:fb:e0:fc:e2:1c:c0:ba:3f:00:e4:55:af:da:0e:27:16:
         b5:74:ee:fd:b4:26:1a:0c:0f:a1:16:39:63:87:02:e3:85:36:
         6f:eb:b7:f4:05:ab:b7:70:25:e4:21:35:b1:a9:6e:7f:1f:d8:
         1d:9c:cf:91:40:0c:66:c9:f0:a2:15:38:1c:ff:b8:2a:17:d1:
         e7:7e:69:ce:91:e5:0e:5b:4c:1c:02:cc:bc:4f:8d:86:6a:fa:
         ce:09:67:5e:8b:16:73:b6:06:e3:ac:da:73:7c:aa:37:66:e4:
         48:a9:44:b7:7b:6a:1c:8a:8c:ec:54:f5:22:57:15:8c:3c:6c:
         1e:48:7e:51:8b:fd:3e:49:74:89:b0:bd:94:a4:92:78:ce:c2:
         a2:a1:25:f0:1f:17:75:b8:9f:93:63:b8:17:75:00:50:db:89:
         6c:be:cf:3b:e6:93:f3:7b:fa:4a:61:6b:7d:66:6e:8b:99:6c:
         57:77:d2:a0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZLYOhDcuIR/sBS19HdIZLb0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQxMDI5MTIyMjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmI0MmUyZjc0MzUxNzJhNTBhMWVhOWZhN2ZiODZlYjNkZjIxNGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArtkDxA5YsKMZcwHM0H9nMkrNeFZQ
aDuqAOMyt29kjEjQeGnD8J/f/8SW3X5CnSmUr7HJvOpQQ+LATwvkJKgxme5k2sad
GtiMWjIDgdPaJ4+UZM5wFde3mdU1ngDIoDVbeRrLd0g2Bbr8EtzAgdoYD3WqO8Nv
ahs7fZ/YEi9rdbUssNCcgYl+i7HclG3DVoO+06aOp4YJN4PKWHuKEoXkVlDZml1+
2p9+N/oVTBFFR5YXGPxvpZxjinAkA1czW98JBlVmZN530PI3n410rQb4yoAYYKdT
4xmH0m8nle3EkDtDUi9p3eJSoIGVgP32VmFeru5syyuKGL5uxsSrGQLG5QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKa0Li90NRcqUKHqn6f7hus98hToMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvcHJRdUwzUTFGeXBRb2VxZnBfdUc2ejN5Rk9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPkioAwQA
sDk3MA0GCSqGSIb3DQEBCwUAA4IBAQCbNz1iF77GgSG5MpVi1Ek5tWEUADNuCR3F
qJ+ZUz3+6yOArwmImUgyxZcsVW8R5+uV2SrWR60dZYVgtEK0/9Y7TkdOxShGVY98
Yfvg/OIcwLo/AORVr9oOJxa1dO79tCYaDA+hFjljhwLjhTZv67f0Bau3cCXkITWx
qW5/H9gdnM+RQAxmyfCiFTgc/7gqF9HnfmnOkeUOW0wcAsy8T42GavrOCWdeixZz
tgbjrNpzfKo3ZuRIqUS3e2ociozsVPUiVxWMPGweSH5Ri/0+SXSJsL2UpJJ4zsKi
oSXwHxd1uJ+TY7gXdQBQ24lsvs875pPze/pKYWt9Zm6LmWxXd9Kg
-----END CERTIFICATE-----