Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/sgqA9dDyEjB2dxnBjKekJlXaVxU.roa
File:                     sgqA9dDyEjB2dxnBjKekJlXaVxU.roa (raw, json)
Hash identifier:          x7OVigOPBx0IQrekW/6kznohUbrxdLPbfH+tBzUhCyA=
Subject key identifier:   B2:0A:80:F5:D0:F2:12:30:76:77:19:C1:8C:A7:A4:26:55:DA:57:15
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018CC6B7A92B701C49420D40A27B68D09CE2
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/sgqA9dDyEjB2dxnBjKekJlXaVxU.roa
Signing time:             Mon 01 Jan 2024 20:29:34 +0000
ROA not before:           Mon 01 Jan 2024 20:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207515
IP address blocks:        62.72.165.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 06:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:a9:2b:70:1c:49:42:0d:40:a2:7b:68:d0:9c:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jan  1 20:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b20a80f5d0f21230767719c18ca7a42655da5715
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:7d:48:bb:19:01:7e:7b:3d:0b:97:00:9c:28:
                    dc:8a:04:a5:7d:48:f8:99:58:2b:81:dc:34:a2:ab:
                    95:7d:00:12:02:5d:22:f3:b1:52:43:a9:73:a6:48:
                    a3:79:91:e6:6e:1d:6b:51:99:e8:15:d5:70:08:4d:
                    6b:4e:98:a8:42:4f:f4:f6:16:72:bb:c3:5d:dd:46:
                    34:d4:29:a0:bb:d1:cc:cc:1e:08:ab:64:47:97:54:
                    42:95:01:0b:d8:96:50:19:f4:e8:fb:a1:df:dd:08:
                    83:ae:42:8a:5c:5b:5b:b2:de:84:0a:81:f5:5a:15:
                    c0:ee:f7:95:4c:0a:0d:ba:2e:15:ba:a3:bf:7a:8e:
                    a9:aa:00:32:5a:dc:45:44:82:38:86:61:ae:9e:27:
                    03:6e:a6:41:77:dc:9c:fb:11:84:ee:10:1e:6b:1d:
                    67:31:19:be:d8:e7:b0:30:e8:b9:3b:1f:ce:b3:db:
                    03:df:01:93:30:72:4c:55:e9:3b:b8:7b:36:63:32:
                    9c:88:e6:d1:fe:da:25:ad:37:52:c3:f3:9c:46:c3:
                    2f:16:ea:bb:92:b1:c2:0b:e0:6c:5b:e2:5a:d9:f4:
                    d0:22:22:6e:1f:94:3b:dd:7c:a4:92:63:6f:6c:a7:
                    2e:6c:09:7c:17:bc:8c:a0:59:36:21:5f:9e:8b:2f:
                    8c:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:0A:80:F5:D0:F2:12:30:76:77:19:C1:8C:A7:A4:26:55:DA:57:15
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/sgqA9dDyEjB2dxnBjKekJlXaVxU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:ed:40:28:9e:50:8a:46:3b:f1:6c:78:63:b2:75:9d:5b:0a:
         ab:a7:5c:b3:bb:12:4b:9f:91:3c:26:41:97:5f:43:e0:39:ca:
         78:21:bb:54:f8:17:d0:0e:74:c6:75:9d:9e:ad:be:6b:f6:fc:
         42:aa:59:a0:76:03:91:b4:0b:50:22:a1:48:c7:69:5a:ea:ef:
         9f:a8:49:20:e9:48:94:75:6f:43:47:98:eb:47:5c:37:f0:1f:
         0a:03:ab:b0:3a:2e:ab:f0:5a:10:27:25:0c:ec:6d:23:ef:b7:
         e6:38:26:d0:67:75:02:67:42:4c:b6:25:58:a5:8a:4c:6a:cd:
         72:de:90:3c:51:68:70:60:2c:06:54:9e:99:18:14:59:a3:1b:
         79:a8:09:2f:77:b1:e9:67:41:b4:35:2f:6a:ba:f9:66:44:97:
         83:66:ba:38:53:3f:00:8d:66:a2:d7:4a:79:99:e8:7e:c0:7d:
         63:a9:af:dd:a7:0c:27:45:40:6d:06:e0:8f:f7:c9:69:88:61:
         db:6f:83:60:81:7a:88:d3:88:5d:27:d6:e7:cc:c1:d4:bd:2b:
         1f:51:02:6a:8e:cb:d2:1f:91:e5:e0:b9:11:75:72:5f:74:9a:
         8b:e4:f4:3b:50:0f:6c:90:a1:f5:c5:05:cc:d1:2e:2b:77:4a:
         35:6e:58:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt6krcBxJQg1Aonto0JziMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwMTAxMjAyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjBhODBmNWQwZjIxMjMwNzY3NzE5YzE4Y2E3YTQyNjU1ZGE1NzE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhX1IuxkBfns9C5cAnCjcigSlfUj4
mVgrgdw0oquVfQASAl0i87FSQ6lzpkijeZHmbh1rUZnoFdVwCE1rTpioQk/09hZy
u8Nd3UY01Cmgu9HMzB4Iq2RHl1RClQEL2JZQGfTo+6Hf3QiDrkKKXFtbst6ECoH1
WhXA7veVTAoNui4VuqO/eo6pqgAyWtxFRII4hmGunicDbqZBd9yc+xGE7hAeax1n
MRm+2OewMOi5Ox/Os9sD3wGTMHJMVek7uHs2YzKciObR/tolrTdSw/OcRsMvFuq7
krHCC+BsW+Ja2fTQIiJuH5Q73XykkmNvbKcubAl8F7yMoFk2IV+eiy+M0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLIKgPXQ8hIwdncZwYynpCZV2lcVMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvc2dxQTlkRHlFakIyZHhuQmpLZWtKbFhhVnhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPkilMA0G
CSqGSIb3DQEBCwUAA4IBAQCm7UAonlCKRjvxbHhjsnWdWwqrp1yzuxJLn5E8JkGX
X0PgOcp4IbtU+BfQDnTGdZ2erb5r9vxCqlmgdgORtAtQIqFIx2la6u+fqEkg6UiU
dW9DR5jrR1w38B8KA6uwOi6r8FoQJyUM7G0j77fmOCbQZ3UCZ0JMtiVYpYpMas1y
3pA8UWhwYCwGVJ6ZGBRZoxt5qAkvd7HpZ0G0NS9quvlmRJeDZro4Uz8AjWai10p5
meh+wH1jqa/dpwwnRUBtBuCP98lpiGHbb4NggXqI04hdJ9bnzMHUvSsfUQJqjsvS
H5Hl4LkRdXJfdJqL5PQ7UA9skKH1xQXM0S4rd0o1blhb
-----END CERTIFICATE-----