Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/rfTGK5iafO3bPZgm-xUKLCtAmp8.roa
File:                     rfTGK5iafO3bPZgm-xUKLCtAmp8.roa (raw, json)
Hash identifier:          Rd8J2KfmaGk/xnq5TEKoZc9ccdL08dZ6oOIJ6/3UI4s=
Subject key identifier:   AD:F4:C6:2B:98:9A:7C:ED:DB:3D:98:26:FB:15:0A:2C:2B:40:9A:9F
Certificate issuer:       /CN=215266435617fa0f1fd2837ec80c6d83b0b9d608
Certificate serial:       018F76E33F3F9CFE221D31ACA17CBB31088F
Authority key identifier: 21:52:66:43:56:17:FA:0F:1F:D2:83:7E:C8:0C:6D:83:B0:B9:D6:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/rfTGK5iafO3bPZgm-xUKLCtAmp8.roa
Signing time:             Tue 14 May 2024 11:35:55 +0000
ROA not before:           Tue 14 May 2024 11:35:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60631
IP address blocks:        62.106.95.0/24 maxlen: 24
                          146.19.212.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/IVJmQ1YX-g8f0oN-yAxtg7C51gg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/IVJmQ1YX-g8f0oN-yAxtg7C51gg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:76:e3:3f:3f:9c:fe:22:1d:31:ac:a1:7c:bb:31:08:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=215266435617fa0f1fd2837ec80c6d83b0b9d608
        Validity
            Not Before: May 14 11:35:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=adf4c62b989a7ceddb3d9826fb150a2c2b409a9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:ed:d2:1f:f9:99:9d:47:70:5a:86:26:07:8a:
                    ce:d6:d8:0d:ed:b7:22:fd:a9:75:87:42:bc:73:07:
                    8e:c4:90:8f:c1:21:cb:5d:ad:f6:ee:96:5e:45:6b:
                    1e:34:3f:3e:d7:91:51:89:37:86:9f:ea:b1:d4:c9:
                    83:09:92:a7:f5:fe:58:cd:82:83:9c:37:09:17:d9:
                    13:19:cd:76:4c:42:bb:79:bf:69:f6:5d:a1:86:11:
                    3f:7e:88:d2:c5:13:17:30:40:ef:ab:37:38:5d:89:
                    24:31:31:d1:34:e8:db:c7:2b:9b:d4:fc:90:0e:14:
                    70:09:a5:30:69:85:a5:46:f1:58:32:8b:22:5e:2a:
                    11:df:50:22:c9:fd:3e:da:8a:88:4c:c5:42:ca:f3:
                    3a:3c:21:06:68:7a:20:09:01:fa:19:ca:d0:d7:78:
                    6e:16:af:5e:dd:3d:89:8c:b1:a3:08:f8:8a:74:fa:
                    c4:d3:9b:9e:04:30:a4:20:ea:5f:82:7a:ab:d1:df:
                    72:0e:56:da:1c:96:5b:9f:41:4d:b4:35:dd:ca:86:
                    a9:ec:b6:b8:37:3a:cb:fc:ac:12:43:17:68:11:6b:
                    8d:f1:b6:dd:0f:3e:45:81:af:67:12:51:80:4f:3e:
                    0d:9b:55:e5:20:2d:95:d3:7b:fc:3f:b3:97:9c:a0:
                    84:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:F4:C6:2B:98:9A:7C:ED:DB:3D:98:26:FB:15:0A:2C:2B:40:9A:9F
            X509v3 Authority Key Identifier:
                keyid:21:52:66:43:56:17:FA:0F:1F:D2:83:7E:C8:0C:6D:83:B0:B9:D6:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/rfTGK5iafO3bPZgm-xUKLCtAmp8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/IVJmQ1YX-g8f0oN-yAxtg7C51gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.106.95.0/24
                  146.19.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:73:00:d4:68:8a:b2:aa:b5:eb:94:fc:b4:0e:91:7e:d6:6d:
         bb:a4:c3:32:58:0d:63:3d:81:63:d3:b1:a7:22:4a:66:eb:4a:
         84:19:82:02:90:72:7b:bc:30:7d:ca:06:d0:29:17:df:3b:50:
         87:ca:c4:30:4d:eb:b8:ae:ee:dc:93:90:2f:2a:2f:87:77:b3:
         c7:a0:28:1c:3d:fc:67:e1:bf:de:26:b7:05:6c:c3:53:2b:95:
         12:bc:3b:6c:97:2f:ae:e9:a6:38:2d:59:9a:c9:a3:90:3b:31:
         cc:b5:28:77:df:0b:96:e7:2e:1e:9f:b4:6b:d7:89:51:7b:a3:
         df:4f:1c:29:e5:44:68:3a:eb:82:8c:c5:75:6d:85:76:a0:de:
         87:11:e9:62:32:90:8e:99:23:30:29:52:57:f7:f5:23:4c:59:
         88:a5:03:7a:f9:d2:75:29:38:11:76:b5:f7:ef:37:c1:cc:c0:
         e9:6e:7b:73:e8:a9:67:f2:54:ae:5f:fc:f9:d0:2a:8a:fb:66:
         bb:7a:b5:be:21:86:84:fd:e4:d5:ee:87:5f:d4:09:72:b8:5e:
         84:a7:e3:12:b5:36:2a:5d:6a:51:f9:c6:1a:ea:f1:de:89:cf:
         e1:61:b1:5a:f1:ad:d2:63:fe:78:ab:0b:69:8d:6f:9b:0c:ea:
         2a:63:f2:d5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY924z8/nP4iHTGsoXy7MQiPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNTI2NjQzNTYxN2ZhMGYxZmQyODM3ZWM4MGM2ZDgzYjBi
OWQ2MDgwHhcNMjQwNTE0MTEzNTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGY0YzYyYjk4OWE3Y2VkZGIzZDk4MjZmYjE1MGEyYzJiNDA5YTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr+3SH/mZnUdwWoYmB4rO1tgN7bci
/al1h0K8cweOxJCPwSHLXa327pZeRWseND8+15FRiTeGn+qx1MmDCZKn9f5YzYKD
nDcJF9kTGc12TEK7eb9p9l2hhhE/fojSxRMXMEDvqzc4XYkkMTHRNOjbxyub1PyQ
DhRwCaUwaYWlRvFYMosiXioR31Aiyf0+2oqITMVCyvM6PCEGaHogCQH6GcrQ13hu
Fq9e3T2JjLGjCPiKdPrE05ueBDCkIOpfgnqr0d9yDlbaHJZbn0FNtDXdyoap7La4
NzrL/KwSQxdoEWuN8bbdDz5Fga9nElGATz4Nm1XlIC2V03v8P7OXnKCEcQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK30xiuYmnzt2z2YJvsVCiwrQJqfMB8GA1UdIwQY
MBaAFCFSZkNWF/oPH9KDfsgMbYOwudYIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVZKbVExWVgtZzhmMG9OLXlBeHRnN0M1MWdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9jMDcyYWUtMTVkNy00MmE4LWJmYzIt
YmM5M2NhNjc5ZTFmLzEvcmZUR0s1aWFmTzNiUFpnbS14VUtMQ3RBbXA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9jMDcyYWUtMTVkNy00MmE4LWJmYzItYmM5M2NhNjc5ZTFm
LzEvSVZKbVExWVgtZzhmMG9OLXlBeHRnN0M1MWdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPmpfAwQA
khPUMA0GCSqGSIb3DQEBCwUAA4IBAQB6cwDUaIqyqrXrlPy0DpF+1m27pMMyWA1j
PYFj07GnIkpm60qEGYICkHJ7vDB9ygbQKRffO1CHysQwTeu4ru7ck5AvKi+Hd7PH
oCgcPfxn4b/eJrcFbMNTK5USvDtsly+u6aY4LVmayaOQOzHMtSh33wuW5y4en7Rr
14lRe6PfTxwp5URoOuuCjMV1bYV2oN6HEeliMpCOmSMwKVJX9/UjTFmIpQN6+dJ1
KTgRdrX37zfBzMDpbntz6Kln8lSuX/z50CqK+2a7erW+IYaE/eTV7odf1AlyuF6E
p+MStTYqXWpR+cYa6vHeic/hYbFa8a3SY/54qwtpjW+bDOoqY/LV
-----END CERTIFICATE-----