Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/wRiDHiDNQ0yhxdflLsJrih8UC7Y.roa
File:                     wRiDHiDNQ0yhxdflLsJrih8UC7Y.roa (raw, json)
Hash identifier:          jxqdyrm/ACaS3cdbVRl+qj1oX5dEFF6jugcZUowqa8c=
Subject key identifier:   C1:18:83:1E:20:CD:43:4C:A1:C5:D7:E5:2E:C2:6B:8A:1F:14:0B:B6
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018CC6B7AAF35F609F0D4986ECB9B4BE9913
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/wRiDHiDNQ0yhxdflLsJrih8UC7Y.roa
Signing time:             Mon 01 Jan 2024 20:29:34 +0000
ROA not before:           Mon 01 Jan 2024 20:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211373
IP address blocks:        62.72.178.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 23:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:aa:f3:5f:60:9f:0d:49:86:ec:b9:b4:be:99:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jan  1 20:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c118831e20cd434ca1c5d7e52ec26b8a1f140bb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:98:42:19:1e:79:51:53:84:cc:93:31:6b:ac:
                    50:8c:51:44:2e:75:80:96:2b:17:ee:de:6a:c7:da:
                    6a:7d:83:c6:22:ab:2a:8d:01:ee:3c:ee:20:da:a6:
                    3d:f3:41:1d:82:07:84:d6:83:83:28:04:0f:53:a9:
                    4c:89:96:91:32:08:4d:a9:fb:79:a7:27:33:37:7f:
                    d0:0a:14:24:00:77:b3:86:92:ce:3b:99:da:75:02:
                    64:cc:cd:6c:6f:8d:01:dd:80:78:c1:95:a9:84:d7:
                    8b:60:1d:f5:58:99:ec:96:b0:8d:ca:56:bf:e7:94:
                    1a:e0:e7:5e:45:85:b1:71:31:95:4a:91:b8:17:64:
                    43:d1:66:d3:28:90:86:bb:9d:3c:c4:1e:c7:55:33:
                    38:8b:75:08:da:77:11:fe:2d:d1:10:56:5e:6d:76:
                    31:ca:61:3c:5f:09:7a:cd:6b:fa:30:ec:75:a9:43:
                    40:8a:d1:49:93:82:5b:f0:8e:56:2c:9e:6a:aa:32:
                    0d:ef:69:1a:4e:3a:37:e4:2d:62:83:0d:b5:72:f6:
                    33:c5:f6:f8:11:2c:4e:c5:fb:53:44:97:25:76:e9:
                    81:20:9a:72:7d:b7:0d:37:18:e6:59:a7:57:68:d0:
                    ea:74:bc:e7:93:c0:cc:d4:f4:b8:ad:c4:22:d4:8c:
                    26:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:18:83:1E:20:CD:43:4C:A1:C5:D7:E5:2E:C2:6B:8A:1F:14:0B:B6
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/wRiDHiDNQ0yhxdflLsJrih8UC7Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:4c:1e:37:ba:34:03:b9:d6:63:9d:9a:dc:95:1e:a2:12:35:
         89:8d:2a:21:c4:45:c7:35:40:90:b4:6b:99:14:0f:df:86:97:
         f3:35:0b:01:ac:32:e8:2a:96:5f:6b:18:8b:2d:d5:0b:ea:a2:
         7b:c5:1c:c9:39:8d:0a:06:93:f9:1a:df:00:97:8b:c4:14:fe:
         bd:19:92:09:d5:57:d6:4e:ef:0c:71:6c:d1:46:e9:b8:63:0d:
         6a:b4:a8:4a:b6:a0:77:b3:c4:57:15:8b:cd:fb:5d:95:41:be:
         42:a3:34:7f:73:03:a4:68:13:ed:cb:c0:d6:56:81:5e:9a:3d:
         19:c5:2e:39:ff:6c:63:0b:fc:d1:37:27:71:ab:b8:7f:bb:10:
         1e:e8:83:13:b2:8c:b6:63:ce:fc:10:2c:97:25:0a:20:c7:b9:
         e7:12:21:e2:37:84:23:b7:c0:c5:0a:88:46:7b:73:4f:5f:94:
         5c:fa:c3:46:af:4b:e2:42:60:01:ea:55:a7:98:5e:7c:68:fe:
         9a:b9:4f:66:2a:ae:73:85:bc:16:35:3a:3c:98:10:67:45:2d:
         4f:60:34:f5:6b:0a:47:aa:2a:9a:51:be:b7:20:68:7d:be:a2:
         b6:cd:6b:bd:d4:85:a7:64:87:2c:28:f9:de:1d:5a:88:a3:e0:
         6d:7d:a2:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt6rzX2CfDUmG7Lm0vpkTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwMTAxMjAyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTE4ODMxZTIwY2Q0MzRjYTFjNWQ3ZTUyZWMyNmI4YTFmMTQwYmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz5hCGR55UVOEzJMxa6xQjFFELnWA
lisX7t5qx9pqfYPGIqsqjQHuPO4g2qY980EdggeE1oODKAQPU6lMiZaRMghNqft5
pyczN3/QChQkAHezhpLOO5nadQJkzM1sb40B3YB4wZWphNeLYB31WJnslrCNyla/
55Qa4OdeRYWxcTGVSpG4F2RD0WbTKJCGu508xB7HVTM4i3UI2ncR/i3REFZebXYx
ymE8Xwl6zWv6MOx1qUNAitFJk4Jb8I5WLJ5qqjIN72kaTjo35C1igw21cvYzxfb4
ESxOxftTRJcldumBIJpyfbcNNxjmWadXaNDqdLznk8DM1PS4rcQi1IwmmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMEYgx4gzUNMocXX5S7Ca4ofFAu2MB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvd1JpREhpRE5RMHloeGRmbExzSnJpaDhVQzdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPkiyMA0G
CSqGSIb3DQEBCwUAA4IBAQAMTB43ujQDudZjnZrclR6iEjWJjSohxEXHNUCQtGuZ
FA/fhpfzNQsBrDLoKpZfaxiLLdUL6qJ7xRzJOY0KBpP5Gt8Al4vEFP69GZIJ1VfW
Tu8McWzRRum4Yw1qtKhKtqB3s8RXFYvN+12VQb5CozR/cwOkaBPty8DWVoFemj0Z
xS45/2xjC/zRNydxq7h/uxAe6IMTsoy2Y878ECyXJQogx7nnEiHiN4Qjt8DFCohG
e3NPX5Rc+sNGr0viQmAB6lWnmF58aP6auU9mKq5zhbwWNTo8mBBnRS1PYDT1awpH
qiqaUb63IGh9vqK2zWu91IWnZIcsKPneHVqIo+BtfaJ5
-----END CERTIFICATE-----