Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/yLcbHMgRfnm3GP6mvQgxG6m7W4E.roa
File:                     yLcbHMgRfnm3GP6mvQgxG6m7W4E.roa (raw, json)
Hash identifier:          Ezieh4C0OjR9hVJWQfbuNJn+pjhzzmPKBbae2Gg46+w=
Subject key identifier:   C8:B7:1B:1C:C8:11:7E:79:B7:18:FE:A6:BD:08:31:1B:A9:BB:5B:81
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       019421B1ABC8FB6FBABCF2BD5C2F8820B791
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/yLcbHMgRfnm3GP6mvQgxG6m7W4E.roa
Signing time:             Wed 01 Jan 2025 11:47:59 +0000
ROA not before:           Wed 01 Jan 2025 11:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64267
IP address blocks:        62.72.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:ab:c8:fb:6f:ba:bc:f2:bd:5c:2f:88:20:b7:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jan  1 11:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c8b71b1cc8117e79b718fea6bd08311ba9bb5b81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:9f:e4:66:af:f0:e1:ec:75:b7:fd:68:15:63:
                    1b:6f:93:51:aa:6f:fe:a2:bf:63:c8:fb:05:82:bf:
                    9f:e0:cf:b3:49:22:06:08:bb:8c:d8:d8:8e:ae:82:
                    5a:de:89:ab:de:a3:07:dd:e4:bc:67:d4:fa:89:63:
                    d0:26:b9:93:71:f0:38:06:3c:94:eb:90:e8:ee:b9:
                    1d:c1:8b:19:8c:0a:62:92:ec:30:21:00:80:2a:c1:
                    3a:f0:e5:0b:56:52:a5:71:b2:a2:3e:d2:b6:f8:1b:
                    20:4e:af:1d:11:6d:85:65:5d:93:79:6f:3d:a9:49:
                    ed:46:e8:81:78:0b:4e:3c:75:e8:da:0e:04:54:80:
                    ad:56:e6:ce:dd:b0:ce:4a:27:36:60:fb:48:94:46:
                    dd:02:be:c7:4c:5f:60:9b:40:a1:de:75:b8:b5:1e:
                    e8:5a:fc:0d:2d:e9:55:aa:3f:e6:26:5a:1c:27:9c:
                    23:72:65:c5:04:d1:39:b2:87:cb:fe:e6:cd:27:32:
                    3a:57:a9:e6:05:bb:a7:89:8b:ee:0c:ee:02:7f:23:
                    82:e0:85:4e:12:b3:79:5f:46:a4:a5:22:7f:d3:43:
                    d0:c0:3e:f4:aa:26:92:f5:ed:71:9e:a6:2a:f2:dc:
                    0f:52:67:78:b2:df:89:68:0a:00:ad:04:8e:76:05:
                    0c:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:B7:1B:1C:C8:11:7E:79:B7:18:FE:A6:BD:08:31:1B:A9:BB:5B:81
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/yLcbHMgRfnm3GP6mvQgxG6m7W4E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c3:4d:08:ea:9e:8e:91:1e:8e:9a:f9:59:f5:dc:aa:9c:59:15:
         95:0d:ff:bb:f9:1b:fb:82:a3:3d:ab:7b:77:da:89:58:24:cc:
         af:da:bc:08:74:b0:b9:38:5c:d4:16:9c:67:23:32:55:8e:50:
         1e:4d:9d:8d:cc:e5:56:25:d3:c7:a9:ed:f0:b0:93:ce:d2:22:
         15:90:f6:b7:ff:91:89:ff:2d:a1:c3:50:5e:7e:8f:a7:d0:3e:
         bc:82:3c:66:4d:17:e4:4e:39:c2:25:73:73:7f:2f:a8:b9:e7:
         6a:1d:b0:f7:9b:47:61:b5:d9:f6:65:52:0e:13:c1:56:34:9a:
         24:55:ab:7d:09:d6:e4:13:f4:d0:6a:e5:7c:b2:bc:a8:89:d2:
         81:e5:4c:16:1f:17:20:d4:3e:cc:ba:00:da:5a:9d:d1:c6:04:
         4d:61:90:82:78:1c:6d:f0:d8:aa:be:dd:10:ec:dc:86:b6:e8:
         9b:54:ec:47:6e:13:2e:84:f4:9f:48:4e:c5:0a:e5:30:6e:dd:
         96:d2:a0:51:d4:b0:2b:c7:f6:8a:0d:32:e2:52:b9:6e:d3:9a:
         ff:0a:eb:10:88:bf:9e:4e:7a:a1:8f:cd:b6:f3:8e:9b:cf:f1:
         9b:17:d0:0b:dd:5c:2f:fc:7d:8a:f5:77:ce:74:59:1d:ae:19:
         dc:8a:dc:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsavI+2+6vPK9XC+IILeRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjUwMTAxMTE0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGI3MWIxY2M4MTE3ZTc5YjcxOGZlYTZiZDA4MzExYmE5YmI1YjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv5/kZq/w4ex1t/1oFWMbb5NRqm/+
or9jyPsFgr+f4M+zSSIGCLuM2NiOroJa3omr3qMH3eS8Z9T6iWPQJrmTcfA4BjyU
65Do7rkdwYsZjApikuwwIQCAKsE68OULVlKlcbKiPtK2+BsgTq8dEW2FZV2TeW89
qUntRuiBeAtOPHXo2g4EVICtVubO3bDOSic2YPtIlEbdAr7HTF9gm0Ch3nW4tR7o
WvwNLelVqj/mJlocJ5wjcmXFBNE5sofL/ubNJzI6V6nmBbuniYvuDO4CfyOC4IVO
ErN5X0akpSJ/00PQwD70qiaS9e1xnqYq8twPUmd4st+JaAoArQSOdgUMawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMi3GxzIEX55txj+pr0IMRupu1uBMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEveUxjYkhNZ1Jmbm0zR1A2bXZRZ3hHNm03VzRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPkivMA0G
CSqGSIb3DQEBCwUAA4IBAQDDTQjqno6RHo6a+Vn13KqcWRWVDf+7+Rv7gqM9q3t3
2olYJMyv2rwIdLC5OFzUFpxnIzJVjlAeTZ2NzOVWJdPHqe3wsJPO0iIVkPa3/5GJ
/y2hw1Befo+n0D68gjxmTRfkTjnCJXNzfy+ouedqHbD3m0dhtdn2ZVIOE8FWNJok
Vat9CdbkE/TQauV8sryoidKB5UwWHxcg1D7MugDaWp3RxgRNYZCCeBxt8Niqvt0Q
7NyGtuibVOxHbhMuhPSfSE7FCuUwbt2W0qBR1LArx/aKDTLiUrlu05r/CusQiL+e
Tnqhj822846bz/GbF9AL3Vwv/H2K9XfOdFkdrhncityN
-----END CERTIFICATE-----