Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/v7dy_mb7YZoaDUFEBuwa_jnPSJU.roa
File:                     v7dy_mb7YZoaDUFEBuwa_jnPSJU.roa (raw, json)
Hash identifier:          qMbDJJjc0Lg8e5UME+LO+TcqIgbebI00FO/ng7YkPkA=
Subject key identifier:   BF:B7:72:FE:66:FB:61:9A:1A:0D:41:44:06:EC:1A:FE:39:CF:48:95
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018EDC2BE0BABFBC01F373A4C4500918C563
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/v7dy_mb7YZoaDUFEBuwa_jnPSJU.roa
Signing time:             Sun 14 Apr 2024 10:34:06 +0000
ROA not before:           Sun 14 Apr 2024 10:34:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        62.72.173.0/24 maxlen: 24
                          62.72.180.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:dc:2b:e0:ba:bf:bc:01:f3:73:a4:c4:50:09:18:c5:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Apr 14 10:34:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bfb772fe66fb619a1a0d414406ec1afe39cf4895
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:39:d5:fa:3c:98:d3:79:1b:53:c5:68:6a:54:
                    6a:40:5c:67:4e:bb:2a:d8:a6:44:37:69:f1:7a:15:
                    94:d6:c3:12:38:71:97:54:9a:b4:ea:fd:6e:0f:ff:
                    09:2b:fb:17:0d:9f:f2:c9:81:68:d0:d6:37:0b:34:
                    80:5f:cd:4b:29:64:63:3f:7e:bf:31:a8:d3:50:df:
                    91:a1:72:4e:79:c3:49:b0:44:08:ca:e4:1a:87:a8:
                    22:6b:65:69:c5:51:15:2d:c0:cf:69:a1:44:6b:9b:
                    47:0a:9f:e1:8b:26:ea:a4:43:a1:3e:7f:19:be:47:
                    0c:ee:f4:38:9d:ac:71:fe:81:bd:a5:d7:73:fc:c7:
                    5c:c7:42:54:23:86:c8:3f:3f:32:74:a3:e2:b6:9f:
                    da:44:00:9d:0e:22:34:6a:3c:4b:d1:71:76:68:81:
                    19:81:43:45:31:67:13:21:4a:72:34:c0:11:fc:a1:
                    f4:c2:98:32:d1:02:ca:8a:02:99:85:6a:69:df:90:
                    08:77:13:fb:61:fd:d2:1b:80:26:06:f0:68:8b:d7:
                    c0:d8:4f:c2:3a:ff:5b:8a:dc:d2:92:0b:d8:36:68:
                    26:ec:27:aa:f7:50:ba:96:05:89:0f:46:c8:b2:05:
                    92:54:8a:c9:37:89:69:66:07:35:72:80:e9:6b:d3:
                    a1:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:B7:72:FE:66:FB:61:9A:1A:0D:41:44:06:EC:1A:FE:39:CF:48:95
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/v7dy_mb7YZoaDUFEBuwa_jnPSJU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.173.0/24
                  62.72.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:b6:11:fd:04:30:d5:bb:35:21:9c:29:67:1d:c1:38:0c:05:
         08:53:00:9f:f2:d4:89:1d:62:b1:57:32:5f:50:64:d9:44:54:
         cb:5a:35:2d:83:00:e1:4a:7f:71:18:43:97:51:3b:f4:d7:a8:
         fc:d9:68:99:24:32:70:4c:86:e9:da:2e:29:69:af:c1:5f:83:
         93:85:86:91:60:16:4e:af:0a:d2:3a:8b:a3:3b:e9:11:20:34:
         3b:1b:6a:80:32:86:7a:2c:0e:19:92:8b:48:83:35:b8:21:99:
         35:46:86:26:b8:cb:c5:08:22:d1:29:4c:c9:88:3f:82:1f:89:
         2b:38:0a:3e:65:bf:e1:8d:53:b4:ee:2d:a1:92:db:06:bf:d4:
         77:e1:64:2d:80:91:ca:87:12:a9:98:1f:24:d6:3d:f2:4d:53:
         a4:89:e4:a6:d0:24:a9:45:06:ed:67:e2:12:d9:e4:39:f5:b0:
         a5:5f:2e:08:81:0a:9c:b1:c4:d5:c6:45:cc:ad:1b:29:d2:98:
         9b:62:4a:55:f5:9c:8f:8f:23:01:de:a8:e3:76:31:ca:b1:0e:
         cd:55:05:39:0e:af:fc:79:4c:92:39:c8:be:91:58:1c:b1:1a:
         ee:1b:3d:09:9b:1c:28:5b:c0:03:96:ad:ef:24:05:0a:2c:5f:
         91:dd:1a:1d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY7cK+C6v7wB83OkxFAJGMVjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwNDE0MTAzNDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmI3NzJmZTY2ZmI2MTlhMWEwZDQxNDQwNmVjMWFmZTM5Y2Y0ODk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhjnV+jyY03kbU8VoalRqQFxnTrsq
2KZEN2nxehWU1sMSOHGXVJq06v1uD/8JK/sXDZ/yyYFo0NY3CzSAX81LKWRjP36/
MajTUN+RoXJOecNJsEQIyuQah6gia2VpxVEVLcDPaaFEa5tHCp/hiybqpEOhPn8Z
vkcM7vQ4naxx/oG9pddz/Mdcx0JUI4bIPz8ydKPitp/aRACdDiI0ajxL0XF2aIEZ
gUNFMWcTIUpyNMAR/KH0wpgy0QLKigKZhWpp35AIdxP7Yf3SG4AmBvBoi9fA2E/C
Ov9bitzSkgvYNmgm7Ceq91C6lgWJD0bIsgWSVIrJN4lpZgc1coDpa9OhUQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL+3cv5m+2GaGg1BRAbsGv45z0iVMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvdjdkeV9tYjdZWm9hRFVGRUJ1d2Ffam5QU0pVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPkitAwQA
Pki0MA0GCSqGSIb3DQEBCwUAA4IBAQB5thH9BDDVuzUhnClnHcE4DAUIUwCf8tSJ
HWKxVzJfUGTZRFTLWjUtgwDhSn9xGEOXUTv016j82WiZJDJwTIbp2i4paa/BX4OT
hYaRYBZOrwrSOoujO+kRIDQ7G2qAMoZ6LA4ZkotIgzW4IZk1RoYmuMvFCCLRKUzJ
iD+CH4krOAo+Zb/hjVO07i2hktsGv9R34WQtgJHKhxKpmB8k1j3yTVOkieSm0CSp
RQbtZ+IS2eQ59bClXy4IgQqcscTVxkXMrRsp0pibYkpV9ZyPjyMB3qjjdjHKsQ7N
VQU5Dq/8eUySOci+kVgcsRruGz0JmxwoW8ADlq3vJAUKLF+R3Rod
-----END CERTIFICATE-----