Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/ecde3e-1fcf-4531-b0f9-24e7e6ada1e2/1/3MfigbHeBY_Obz2C18RZij3852o.roa
File:                     3MfigbHeBY_Obz2C18RZij3852o.roa (raw, json)
Hash identifier:          kfAQUcqYHG9HXKAkl80srOXg0bTJSwBp2fQnxABBplM=
Subject key identifier:   DC:C7:E2:81:B1:DE:05:8F:CE:6F:3D:82:D7:C4:59:8A:3D:FC:E7:6A
Certificate issuer:       /CN=c441ae2612d2527167c83f7afc16f5e674d88b0f
Certificate serial:       018F398E6A1418293130D965C93118DE2D3D
Authority key identifier: C4:41:AE:26:12:D2:52:71:67:C8:3F:7A:FC:16:F5:E6:74:D8:8B:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xEGuJhLSUnFnyD96_Bb15nTYiw8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/ecde3e-1fcf-4531-b0f9-24e7e6ada1e2/1/3MfigbHeBY_Obz2C18RZij3852o.roa
Signing time:             Thu 02 May 2024 13:46:25 +0000
ROA not before:           Thu 02 May 2024 13:46:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60023
IP address blocks:        185.62.52.0/22 maxlen: 22
                          2a04:ef40::/29 maxlen: 29
                          2a0b:d180::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/ecde3e-1fcf-4531-b0f9-24e7e6ada1e2/1/xEGuJhLSUnFnyD96_Bb15nTYiw8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/ecde3e-1fcf-4531-b0f9-24e7e6ada1e2/1/xEGuJhLSUnFnyD96_Bb15nTYiw8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xEGuJhLSUnFnyD96_Bb15nTYiw8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 01:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:39:8e:6a:14:18:29:31:30:d9:65:c9:31:18:de:2d:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c441ae2612d2527167c83f7afc16f5e674d88b0f
        Validity
            Not Before: May  2 13:46:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dcc7e281b1de058fce6f3d82d7c4598a3dfce76a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:7f:79:e6:e7:38:43:da:77:a4:b1:3c:45:17:
                    9c:98:65:fb:97:a5:a9:11:4f:a8:e2:fd:31:a3:f7:
                    93:51:49:ad:76:7c:4b:a6:46:38:17:6f:6c:62:e9:
                    00:6b:fc:99:bb:3f:96:79:33:f0:4b:3d:34:29:30:
                    f5:5a:5e:35:a3:9d:b4:68:a8:15:3c:a2:ea:57:4c:
                    1f:6c:8b:19:1d:ed:b0:4e:09:a7:17:b4:79:26:f5:
                    e9:d6:29:0b:46:1b:8d:cb:ad:20:c5:8f:24:27:3c:
                    2b:5d:0b:05:c3:b1:32:80:57:7f:0d:7c:48:cd:b5:
                    3b:98:62:ff:8f:e6:3e:32:12:a5:13:fb:72:33:87:
                    37:95:e7:29:d3:e0:13:83:58:3b:3b:d2:51:92:ec:
                    19:ec:73:62:29:fe:e4:fe:4c:72:e7:53:2f:a4:cb:
                    94:86:49:c5:7f:00:55:59:87:e6:cd:d5:5c:1f:58:
                    64:97:e9:43:95:1a:78:cc:41:08:16:31:96:88:9a:
                    05:5e:10:8e:36:63:d4:ec:4f:33:49:81:87:06:5d:
                    19:5d:cd:4e:8d:6c:34:99:c8:04:6b:fd:8c:5c:e6:
                    00:d0:2b:c3:aa:6d:13:ef:f9:85:19:de:b4:6c:a5:
                    de:b8:1c:f0:ff:71:d9:5c:ec:1a:bb:01:d5:c5:da:
                    ba:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:C7:E2:81:B1:DE:05:8F:CE:6F:3D:82:D7:C4:59:8A:3D:FC:E7:6A
            X509v3 Authority Key Identifier:
                keyid:C4:41:AE:26:12:D2:52:71:67:C8:3F:7A:FC:16:F5:E6:74:D8:8B:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xEGuJhLSUnFnyD96_Bb15nTYiw8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/ecde3e-1fcf-4531-b0f9-24e7e6ada1e2/1/3MfigbHeBY_Obz2C18RZij3852o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/ecde3e-1fcf-4531-b0f9-24e7e6ada1e2/1/xEGuJhLSUnFnyD96_Bb15nTYiw8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.62.52.0/22
                IPv6:
                  2a04:ef40::/29
                  2a0b:d180::/29

    Signature Algorithm: sha256WithRSAEncryption
         5e:0a:03:74:2d:b3:21:e6:4b:d9:31:a7:88:e1:62:50:43:d5:
         9b:9d:25:fa:7b:c5:9c:2a:31:5c:cf:6d:b0:17:18:2a:a3:c1:
         be:9e:12:d3:2d:c9:3a:95:a1:60:57:10:91:b4:eb:93:ba:1c:
         02:76:f5:9b:6d:08:2c:98:a4:bc:b4:a1:f5:92:a5:3f:34:a6:
         ec:c6:c9:da:33:5a:8c:58:46:82:94:4e:7f:63:88:80:61:a9:
         02:d8:5e:f6:5c:81:36:87:c5:b1:eb:bd:90:20:a2:41:24:f0:
         28:79:e8:ed:79:f4:7e:10:cc:c8:75:51:dc:0e:42:34:8b:0d:
         be:ba:66:37:b0:24:a4:31:16:b4:ad:04:0d:90:0e:d3:ad:87:
         a3:b8:09:38:b9:e0:bd:8a:e2:ad:60:87:31:5a:5c:fb:87:09:
         8c:5c:b9:61:4f:f0:8f:a7:ae:47:dc:90:dd:08:c7:12:e3:e0:
         3a:c4:7d:13:6e:17:f4:25:ce:b8:65:72:ab:cf:ca:15:1b:31:
         3d:e2:78:f3:1c:1d:4b:16:5d:6c:39:b8:75:8d:e4:d7:6a:3a:
         c0:60:63:63:59:d2:cf:7e:2b:7f:32:06:5f:da:48:0e:f1:27:
         51:c6:bc:21:31:13:08:44:99:7e:c6:64:bb:31:ba:67:97:9b:
         3b:b6:8b:bc
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAY85jmoUGCkxMNllyTEY3i09MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0NDFhZTI2MTJkMjUyNzE2N2M4M2Y3YWZjMTZmNWU2NzRk
ODhiMGYwHhcNMjQwNTAyMTM0NjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2M3ZTI4MWIxZGUwNThmY2U2ZjNkODJkN2M0NTk4YTNkZmNlNzZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzn955uc4Q9p3pLE8RRecmGX7l6Wp
EU+o4v0xo/eTUUmtdnxLpkY4F29sYukAa/yZuz+WeTPwSz00KTD1Wl41o520aKgV
PKLqV0wfbIsZHe2wTgmnF7R5JvXp1ikLRhuNy60gxY8kJzwrXQsFw7EygFd/DXxI
zbU7mGL/j+Y+MhKlE/tyM4c3lecp0+ATg1g7O9JRkuwZ7HNiKf7k/kxy51MvpMuU
hknFfwBVWYfmzdVcH1hkl+lDlRp4zEEIFjGWiJoFXhCONmPU7E8zSYGHBl0ZXc1O
jWw0mcgEa/2MXOYA0CvDqm0T7/mFGd60bKXeuBzw/3HZXOwauwHVxdq6twIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFNzH4oGx3gWPzm89gtfEWYo9/OdqMB8GA1UdIwQY
MBaAFMRBriYS0lJxZ8g/evwW9eZ02IsPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEVHdUpoTFNVbkZueUQ5Nl9CYjE1blRZaXc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9lY2RlM2UtMWZjZi00NTMxLWIwZjkt
MjRlN2U2YWRhMWUyLzEvM01maWdiSGVCWV9PYnoyQzE4UlppajM4NTJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9lY2RlM2UtMWZjZi00NTMxLWIwZjktMjRlN2U2YWRhMWUy
LzEveEVHdUpoTFNVbkZueUQ5Nl9CYjE1blRZaXc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAMBAIAATAGAwQCuT40MBQE
AgACMA4DBQMqBO9AAwUDKgvRgDANBgkqhkiG9w0BAQsFAAOCAQEAXgoDdC2zIeZL
2TGniOFiUEPVm50l+nvFnCoxXM9tsBcYKqPBvp4S0y3JOpWhYFcQkbTrk7ocAnb1
m20ILJikvLSh9ZKlPzSm7MbJ2jNajFhGgpROf2OIgGGpAthe9lyBNofFseu9kCCi
QSTwKHno7Xn0fhDMyHVR3A5CNIsNvrpmN7AkpDEWtK0EDZAO062Ho7gJOLngvYri
rWCHMVpc+4cJjFy5YU/wj6euR9yQ3QjHEuPgOsR9E24X9CXOuGVyq8/KFRsxPeJ4
8xwdSxZdbDm4dY3k12o6wGBjY1nSz34rfzIGX9pIDvEnUca8ITETCESZfsZkuzG6
Z5ebO7aLvA==
-----END CERTIFICATE-----