Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/t-UmPK7a0z1d7carLDgkN2MFV9U.roa
File:                     t-UmPK7a0z1d7carLDgkN2MFV9U.roa (raw, json)
Hash identifier:          p1/ryE9eJhz1aBFKaaCLHbdy0ZdGSBl52Opjx5n2p0s=
Subject key identifier:   B7:E5:26:3C:AE:DA:D3:3D:5D:ED:C6:AB:2C:38:24:37:63:05:57:D5
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       019421B1A848E1AAB651DA1C050597F3439E
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/t-UmPK7a0z1d7carLDgkN2MFV9U.roa
Signing time:             Wed 01 Jan 2025 11:47:58 +0000
ROA not before:           Wed 01 Jan 2025 11:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31715
IP address blocks:        62.72.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:a8:48:e1:aa:b6:51:da:1c:05:05:97:f3:43:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jan  1 11:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b7e5263caedad33d5dedc6ab2c382437630557d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:b0:d6:e9:1c:f0:c8:94:f3:60:43:08:b3:8a:
                    ce:39:64:23:cf:83:4f:0f:d5:8f:f2:07:93:7c:a1:
                    0b:15:af:da:69:a5:f9:89:48:70:2f:bf:0c:23:d8:
                    b9:1e:ce:83:bf:89:74:d2:62:f0:e7:89:35:8b:4f:
                    9d:f9:03:85:38:a3:39:40:43:95:10:ad:78:ca:83:
                    6b:68:aa:f6:a5:56:b3:71:21:fb:cc:fc:93:b7:c7:
                    57:8b:f1:09:8a:df:53:3b:03:f0:cc:fd:81:eb:a8:
                    56:81:51:d2:05:25:ab:7c:7c:fd:83:f8:97:00:c2:
                    9d:45:3c:d3:f1:4e:7f:f5:51:60:f7:03:8c:90:36:
                    52:1b:32:2e:2a:60:bf:8e:b8:eb:e9:e0:88:e0:dd:
                    3a:4b:ca:dc:f3:cc:1c:ca:75:5c:09:49:63:3f:68:
                    13:72:fb:29:d0:51:ab:f2:5b:0f:1d:7d:ad:bf:f6:
                    ba:24:07:6d:8d:23:03:c0:a6:d1:14:78:9e:ae:cd:
                    7f:ae:12:98:fc:23:b4:e1:d3:4f:b9:bc:02:5d:9e:
                    b8:72:af:a9:e5:b9:c3:63:ff:66:6c:d6:5e:f7:dc:
                    73:9a:e7:c9:35:92:59:99:f3:95:3a:6e:74:84:b9:
                    e0:4f:09:95:52:0e:78:87:e1:c5:64:9d:33:36:16:
                    77:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:E5:26:3C:AE:DA:D3:3D:5D:ED:C6:AB:2C:38:24:37:63:05:57:D5
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/t-UmPK7a0z1d7carLDgkN2MFV9U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:e3:7b:d1:9f:38:dd:b1:59:21:c7:c4:ac:23:68:0a:33:2e:
         30:72:68:a4:ed:03:74:8a:40:15:93:03:2b:e5:51:9c:f6:51:
         2e:f2:28:f9:35:94:df:93:0d:4c:7d:16:60:d0:98:f6:a1:0b:
         bc:78:f6:7d:9b:cd:bc:71:a5:b8:c4:84:69:10:a6:38:d9:e0:
         da:dc:f9:57:5a:8a:2b:0a:58:63:9a:2b:88:33:51:d7:15:85:
         98:22:a5:14:d1:32:f3:68:70:52:1c:d1:84:5a:4f:a2:be:1b:
         12:e1:ad:e7:dd:91:9f:a4:99:64:9e:68:62:4a:7d:fc:d7:f4:
         2b:d4:11:35:e9:47:cc:7e:f2:ae:b0:4f:89:c6:1e:60:08:ef:
         b7:f4:92:ac:41:ad:e1:00:94:9c:77:66:1b:44:31:da:3d:33:
         6b:f5:05:c0:3a:8c:68:1a:18:d5:7f:07:db:f2:36:cd:a3:a0:
         77:14:71:61:d8:e3:2c:ff:12:e5:52:e1:90:10:41:72:a9:01:
         4c:90:82:29:e0:c5:fe:c7:82:62:b6:e3:a7:78:01:2f:86:cf:
         ef:1f:3c:87:73:a8:e6:36:b4:4b:90:5e:8b:f8:3b:c7:4c:fb:
         a4:c0:df:15:14:c6:70:63:c3:7c:9f:b8:25:6e:f1:5f:7e:05:
         a0:3f:9b:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsahI4aq2UdocBQWX80OeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjUwMTAxMTE0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2U1MjYzY2FlZGFkMzNkNWRlZGM2YWIyYzM4MjQzNzYzMDU1N2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA07DW6RzwyJTzYEMIs4rOOWQjz4NP
D9WP8geTfKELFa/aaaX5iUhwL78MI9i5Hs6Dv4l00mLw54k1i0+d+QOFOKM5QEOV
EK14yoNraKr2pVazcSH7zPyTt8dXi/EJit9TOwPwzP2B66hWgVHSBSWrfHz9g/iX
AMKdRTzT8U5/9VFg9wOMkDZSGzIuKmC/jrjr6eCI4N06S8rc88wcynVcCUljP2gT
cvsp0FGr8lsPHX2tv/a6JAdtjSMDwKbRFHiers1/rhKY/CO04dNPubwCXZ64cq+p
5bnDY/9mbNZe99xzmufJNZJZmfOVOm50hLngTwmVUg54h+HFZJ0zNhZ3vQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLflJjyu2tM9Xe3Gqyw4JDdjBVfVMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvdC1VbVBLN2EwejFkN2NhckxEZ2tOMk1GVjlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPki8MA0G
CSqGSIb3DQEBCwUAA4IBAQBb43vRnzjdsVkhx8SsI2gKMy4wcmik7QN0ikAVkwMr
5VGc9lEu8ij5NZTfkw1MfRZg0Jj2oQu8ePZ9m828caW4xIRpEKY42eDa3PlXWoor
ClhjmiuIM1HXFYWYIqUU0TLzaHBSHNGEWk+ivhsS4a3n3ZGfpJlknmhiSn381/Qr
1BE16UfMfvKusE+Jxh5gCO+39JKsQa3hAJScd2YbRDHaPTNr9QXAOoxoGhjVfwfb
8jbNo6B3FHFh2OMs/xLlUuGQEEFyqQFMkIIp4MX+x4JituOneAEvhs/vHzyHc6jm
NrRLkF6L+DvHTPukwN8VFMZwY8N8n7glbvFffgWgP5u/
-----END CERTIFICATE-----