Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/JtB98-zjAD0o4TNU9pjTR9pO87g.roa
File:                     JtB98-zjAD0o4TNU9pjTR9pO87g.roa (raw, json)
Hash identifier:          51Lh/9Bb5cG4HIceUoViNNCpat096OxyOVGeT8oufno=
Subject key identifier:   26:D0:7D:F3:EC:E3:00:3D:28:E1:33:54:F6:98:D3:47:DA:4E:F3:B8
Certificate issuer:       /CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
Certificate serial:       018CC94E374D78FBC46D51D92B5DA2AEA270
Authority key identifier: A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/JtB98-zjAD0o4TNU9pjTR9pO87g.roa
Signing time:             Tue 02 Jan 2024 08:33:15 +0000
ROA not before:           Tue 02 Jan 2024 08:33:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48179
IP address blocks:        62.85.128.0/19 maxlen: 19
                          2a00:ec80::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:37:4d:78:fb:c4:6d:51:d9:2b:5d:a2:ae:a2:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
        Validity
            Not Before: Jan  2 08:33:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=26d07df3ece3003d28e13354f698d347da4ef3b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:55:34:f3:f4:b4:f4:38:1a:54:e9:80:0b:3a:
                    0f:c8:bf:b8:fe:28:ed:b6:21:38:34:94:47:30:cc:
                    ab:55:cf:e7:ef:95:0b:31:04:51:9a:e0:20:13:70:
                    60:0f:37:ae:dc:10:a2:3b:db:c2:d7:aa:6a:97:25:
                    e7:b2:92:ad:0a:80:be:6c:10:e8:2a:d0:2e:97:62:
                    33:e4:a2:6f:0b:9b:2e:0c:d9:74:2e:dc:74:66:9a:
                    6c:80:50:b9:a3:1d:f8:47:af:85:26:93:ff:fe:4b:
                    ae:2d:c0:38:7c:f3:28:61:1f:1f:a6:d1:2b:e8:2a:
                    20:00:10:11:b0:86:c6:9a:c4:d4:0f:50:9b:73:41:
                    e0:09:b2:d7:51:06:d6:d6:9a:e6:6b:6b:eb:dd:e1:
                    a9:ed:4e:89:02:98:e3:d0:fd:1c:26:ef:e3:47:63:
                    da:26:9e:cf:4e:be:e9:1e:47:70:bd:77:41:03:ff:
                    70:61:7a:60:cb:8e:1f:71:cf:8f:37:49:f2:dd:fa:
                    8c:99:06:48:f5:85:29:0f:7a:cb:dc:95:08:d5:52:
                    3d:1c:a8:ca:a2:da:83:ef:e5:a5:0d:3a:a1:ab:0e:
                    0c:f9:ef:e8:98:32:4a:c5:cd:ac:de:ad:d4:6a:b3:
                    9e:02:23:d1:7d:54:f0:bf:51:70:80:39:10:0c:08:
                    62:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:D0:7D:F3:EC:E3:00:3D:28:E1:33:54:F6:98:D3:47:DA:4E:F3:B8
            X509v3 Authority Key Identifier:
                keyid:A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/JtB98-zjAD0o4TNU9pjTR9pO87g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.85.128.0/19
                IPv6:
                  2a00:ec80::/32

    Signature Algorithm: sha256WithRSAEncryption
         72:7c:26:e9:d1:d3:5b:00:2b:4e:73:d2:b2:cd:24:9c:7e:ab:
         16:51:6c:9c:3d:db:73:08:6e:e8:a4:d3:63:cb:73:b6:c3:4f:
         e8:75:39:ad:9b:1b:f9:d3:bd:f5:1a:2e:d4:d3:55:9f:1c:08:
         0f:19:d2:45:06:1c:ff:c6:67:3e:d8:41:55:9b:02:15:3d:2f:
         02:2c:59:ec:13:ad:87:11:45:e8:73:46:11:42:5f:03:67:f2:
         a0:79:96:58:b4:31:e1:cd:69:46:2a:7b:ba:9c:80:ba:cf:f4:
         78:21:d4:f2:d4:4f:d4:d9:6a:72:b7:7a:2a:29:2d:c5:31:ce:
         65:d8:74:10:0b:99:52:dd:6f:11:f1:88:bf:81:54:1b:9b:d5:
         e5:69:99:f3:09:56:9c:15:74:97:ce:c8:34:8b:d1:54:1d:7d:
         f7:c2:87:47:a0:96:25:72:0b:d3:fb:e7:4f:4d:73:cf:ba:e1:
         e4:9b:66:0a:5a:ad:69:ca:2b:3f:03:a3:92:69:55:b9:a8:b1:
         e2:f2:c0:5e:e3:f6:99:21:ea:69:9e:cb:e8:be:1a:2a:6a:f7:
         eb:bf:05:05:52:60:18:81:d8:a1:97:33:a2:16:fa:81:51:80:
         f2:f9:fc:0f:8e:c6:99:6d:54:fb:6d:a9:d4:2c:fd:e4:d6:7d:
         95:e8:2d:55
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJTjdNePvEbVHZK12irqJwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZWY1ZmJiZmNhN2E5M2NmZWU5NjVlZWI2YmRlZTZmYjQz
YzQwM2UwHhcNMjQwMTAyMDgzMzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmQwN2RmM2VjZTMwMDNkMjhlMTMzNTRmNjk4ZDM0N2RhNGVmM2I4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqFU08/S09DgaVOmACzoPyL+4/ijt
tiE4NJRHMMyrVc/n75ULMQRRmuAgE3BgDzeu3BCiO9vC16pqlyXnspKtCoC+bBDo
KtAul2Iz5KJvC5suDNl0Ltx0ZppsgFC5ox34R6+FJpP//kuuLcA4fPMoYR8fptEr
6CogABARsIbGmsTUD1Cbc0HgCbLXUQbW1prma2vr3eGp7U6JApjj0P0cJu/jR2Pa
Jp7PTr7pHkdwvXdBA/9wYXpgy44fcc+PN0ny3fqMmQZI9YUpD3rL3JUI1VI9HKjK
otqD7+WlDTqhqw4M+e/omDJKxc2s3q3UarOeAiPRfVTwv1FwgDkQDAhiyQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCbQffPs4wA9KOEzVPaY00faTvO4MB8GA1UdIwQY
MBaAFKDvX7v8p6k8/ull7ra97m+0PEA+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2Mt
MDI5MmIwMjAxNTBhLzEvSnRCOTgtempBRDBvNFROVTlwalRSOXBPODdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2MtMDI5MmIwMjAxNTBh
LzEvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQFPlWAMA0E
AgACMAcDBQAqAOyAMA0GCSqGSIb3DQEBCwUAA4IBAQByfCbp0dNbACtOc9KyzSSc
fqsWUWycPdtzCG7opNNjy3O2w0/odTmtmxv50731Gi7U01WfHAgPGdJFBhz/xmc+
2EFVmwIVPS8CLFnsE62HEUXoc0YRQl8DZ/KgeZZYtDHhzWlGKnu6nIC6z/R4IdTy
1E/U2Wpyt3oqKS3FMc5l2HQQC5lS3W8R8Yi/gVQbm9XlaZnzCVacFXSXzsg0i9FU
HX33wodHoJYlcgvT++dPTXPPuuHkm2YKWq1pyis/A6OSaVW5qLHi8sBe4/aZIepp
nsvovhoqavfrvwUFUmAYgdihlzOiFvqBUYDy+fwPjsaZbVT7banULP3k1n2V6C1V
-----END CERTIFICATE-----