Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/4d05cf-63b0-46af-9e2c-206e82336cde/1/o5hmlD1iIWGZX8nPTzbNeG_c9S4.roa
File:                     o5hmlD1iIWGZX8nPTzbNeG_c9S4.roa (raw, json)
Hash identifier:          ztQpR+rtuxx8o/VzHD7/gsaetl4lMnrV6jzNv3NcudY=
Subject key identifier:   A3:98:66:94:3D:62:21:61:99:5F:C9:CF:4F:36:CD:78:6F:DC:F5:2E
Certificate issuer:       /CN=9923d1040c05f099fb4fedb498bb4a14832798fa
Certificate serial:       018EBC426E9306EB8BF653EF0C5A898EF209
Authority key identifier: 99:23:D1:04:0C:05:F0:99:FB:4F:ED:B4:98:BB:4A:14:83:27:98:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mSPRBAwF8Jn7T-20mLtKFIMnmPo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/4d05cf-63b0-46af-9e2c-206e82336cde/1/o5hmlD1iIWGZX8nPTzbNeG_c9S4.roa
Signing time:             Mon 08 Apr 2024 05:50:54 +0000
ROA not before:           Mon 08 Apr 2024 05:50:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        62.122.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/4d05cf-63b0-46af-9e2c-206e82336cde/1/mSPRBAwF8Jn7T-20mLtKFIMnmPo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/4d05cf-63b0-46af-9e2c-206e82336cde/1/mSPRBAwF8Jn7T-20mLtKFIMnmPo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mSPRBAwF8Jn7T-20mLtKFIMnmPo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:bc:42:6e:93:06:eb:8b:f6:53:ef:0c:5a:89:8e:f2:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9923d1040c05f099fb4fedb498bb4a14832798fa
        Validity
            Not Before: Apr  8 05:50:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a39866943d622161995fc9cf4f36cd786fdcf52e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:f4:13:59:39:f6:98:d9:01:80:df:db:6d:b1:
                    cf:77:f5:0a:9e:fa:8c:8c:20:d4:02:f2:8e:1e:2c:
                    ae:1f:74:64:30:21:f6:e1:fb:5a:9d:69:92:82:3d:
                    71:e1:b2:9e:1c:4c:18:4f:c7:ce:bf:d6:9f:e8:7e:
                    45:a6:80:74:37:a0:ff:4a:cc:fc:5a:a8:39:8d:6b:
                    72:c4:9d:f0:4f:ea:27:d8:10:71:a5:bb:6b:9c:0d:
                    aa:9e:cf:af:53:28:12:49:d6:fb:94:5e:25:69:9d:
                    57:d1:06:81:f4:6e:c4:37:78:43:4c:5e:60:96:d8:
                    0e:f5:ef:08:ee:e7:bd:5f:99:45:63:f7:2b:e8:de:
                    27:88:db:83:69:d3:eb:2c:d0:ab:b3:76:07:fb:00:
                    e7:67:54:46:d2:7f:54:f7:41:2e:dc:19:da:fe:06:
                    2a:bb:4d:6a:eb:c9:6a:f2:f0:98:49:53:9c:ec:2b:
                    ae:67:c1:66:cb:54:9d:c8:6a:5a:03:4a:a3:d4:bd:
                    be:91:a5:24:5b:df:22:af:39:ce:ca:e3:e7:20:3a:
                    d7:ac:4d:57:00:5b:7d:e6:18:0a:77:3e:01:71:93:
                    43:b9:22:1b:68:dd:fe:37:38:b7:30:3d:74:e0:09:
                    dd:b1:db:96:d8:51:e5:f0:6d:07:49:6d:5c:ee:1d:
                    ce:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:98:66:94:3D:62:21:61:99:5F:C9:CF:4F:36:CD:78:6F:DC:F5:2E
            X509v3 Authority Key Identifier:
                keyid:99:23:D1:04:0C:05:F0:99:FB:4F:ED:B4:98:BB:4A:14:83:27:98:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mSPRBAwF8Jn7T-20mLtKFIMnmPo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/4d05cf-63b0-46af-9e2c-206e82336cde/1/o5hmlD1iIWGZX8nPTzbNeG_c9S4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/4d05cf-63b0-46af-9e2c-206e82336cde/1/mSPRBAwF8Jn7T-20mLtKFIMnmPo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.122.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:f3:05:c2:e0:34:83:22:0e:fe:96:7f:fd:72:35:ef:e8:65:
         00:c2:55:bb:25:14:40:53:4d:95:4d:0a:1e:69:7c:49:05:65:
         bf:28:3c:37:20:a5:26:dd:15:4b:30:66:d2:33:b8:69:c7:fc:
         3c:62:94:c5:19:e9:4c:1c:01:83:2f:2b:9f:bb:30:64:7e:2f:
         ce:61:37:d5:04:12:7b:07:ff:16:ce:2c:c3:0b:d5:c2:7d:d5:
         4d:3b:e2:bf:86:b4:01:07:a8:62:d5:c9:04:08:18:b0:6b:f6:
         fc:f2:ff:05:94:6e:3c:af:a8:35:7d:72:45:a4:a9:3a:f0:33:
         0b:74:cb:08:c1:ba:73:80:b4:54:38:3d:d7:16:ce:19:fe:e5:
         49:52:a8:60:d4:9f:55:af:80:50:fc:e8:52:ae:f2:b9:73:ca:
         e9:fc:c3:c7:ee:8f:fd:f4:ff:64:1f:55:94:aa:96:c7:2e:ac:
         d8:be:46:e1:09:76:1a:8d:67:7f:36:ba:b7:b5:c0:99:ec:3a:
         d0:66:6d:9c:de:af:93:dd:58:f4:ae:a2:97:f5:84:f1:53:ca:
         d4:c0:4b:ae:08:27:72:7c:8d:21:ce:24:47:2c:ce:7b:68:e1:
         7a:51:c2:ed:4c:ce:48:d7:92:f0:a6:c7:4e:18:ff:99:1b:8d:
         6b:b6:38:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY68Qm6TBuuL9lPvDFqJjvIJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MjNkMTA0MGMwNWYwOTlmYjRmZWRiNDk4YmI0YTE0ODMy
Nzk4ZmEwHhcNMjQwNDA4MDU1MDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzk4NjY5NDNkNjIyMTYxOTk1ZmM5Y2Y0ZjM2Y2Q3ODZmZGNmNTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkvQTWTn2mNkBgN/bbbHPd/UKnvqM
jCDUAvKOHiyuH3RkMCH24ftanWmSgj1x4bKeHEwYT8fOv9af6H5FpoB0N6D/Ssz8
Wqg5jWtyxJ3wT+on2BBxpbtrnA2qns+vUygSSdb7lF4laZ1X0QaB9G7EN3hDTF5g
ltgO9e8I7ue9X5lFY/cr6N4niNuDadPrLNCrs3YH+wDnZ1RG0n9U90Eu3Bna/gYq
u01q68lq8vCYSVOc7CuuZ8Fmy1SdyGpaA0qj1L2+kaUkW98irznOyuPnIDrXrE1X
AFt95hgKdz4BcZNDuSIbaN3+Nzi3MD104AndsduW2FHl8G0HSW1c7h3O5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKOYZpQ9YiFhmV/Jz082zXhv3PUuMB8GA1UdIwQY
MBaAFJkj0QQMBfCZ+0/ttJi7ShSDJ5j6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVNQUkJBd0Y4Sm43VC0yMG1MdEtGSU1ubVBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy80ZDA1Y2YtNjNiMC00NmFmLTllMmMt
MjA2ZTgyMzM2Y2RlLzEvbzVobWxEMWlJV0daWDhuUFR6Yk5lR19jOVM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy80ZDA1Y2YtNjNiMC00NmFmLTllMmMtMjA2ZTgyMzM2Y2Rl
LzEvbVNQUkJBd0Y4Sm43VC0yMG1MdEtGSU1ubVBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPnofMA0G
CSqGSIb3DQEBCwUAA4IBAQAG8wXC4DSDIg7+ln/9cjXv6GUAwlW7JRRAU02VTQoe
aXxJBWW/KDw3IKUm3RVLMGbSM7hpx/w8YpTFGelMHAGDLyufuzBkfi/OYTfVBBJ7
B/8WzizDC9XCfdVNO+K/hrQBB6hi1ckECBiwa/b88v8FlG48r6g1fXJFpKk68DML
dMsIwbpzgLRUOD3XFs4Z/uVJUqhg1J9Vr4BQ/OhSrvK5c8rp/MPH7o/99P9kH1WU
qpbHLqzYvkbhCXYajWd/Nrq3tcCZ7DrQZm2c3q+T3Vj0rqKX9YTxU8rUwEuuCCdy
fI0hziRHLM57aOF6UcLtTM5I15LwpsdOGP+ZG41rtjjf
-----END CERTIFICATE-----