Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/OodCxvf3GjWkcuNj0EkGv25RPf4.roa
File:                     OodCxvf3GjWkcuNj0EkGv25RPf4.roa (raw, json)
Hash identifier:          NzQmG/viVCRIM9t8kAyuFhtTg9NIY9BsNYueeJqnvNg=
Subject key identifier:   3A:87:42:C6:F7:F7:1A:35:A4:72:E3:63:D0:49:06:BF:6E:51:3D:FE
Certificate issuer:       /CN=56b98f83ccbda7c19f004151c98b57c59d268f54
Certificate serial:       018EC86B6B4F6BF8D81060005A522AE6CEC8
Authority key identifier: 56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/OodCxvf3GjWkcuNj0EkGv25RPf4.roa
Signing time:             Wed 10 Apr 2024 14:31:06 +0000
ROA not before:           Wed 10 Apr 2024 14:31:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        62.68.80.0/24 maxlen: 24
                          178.211.159.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c8:6b:6b:4f:6b:f8:d8:10:60:00:5a:52:2a:e6:ce:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56b98f83ccbda7c19f004151c98b57c59d268f54
        Validity
            Not Before: Apr 10 14:31:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3a8742c6f7f71a35a472e363d04906bf6e513dfe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:99:12:a5:38:21:11:a4:42:67:7f:0b:bd:c0:
                    1f:41:5d:a0:7b:d7:71:bc:ef:e4:b1:9f:06:33:74:
                    91:d6:c8:73:aa:d6:d2:c7:ef:8f:a6:d5:a9:b6:bf:
                    33:44:af:43:d4:1a:c6:b2:7a:ee:a7:c9:28:0e:19:
                    11:64:93:11:a1:f0:9b:e9:c9:ba:3c:58:32:f4:f1:
                    63:7e:9d:45:82:59:29:44:da:70:f4:fc:32:a9:eb:
                    fb:c7:2e:ec:2f:13:fb:50:62:ec:c6:20:56:f4:5a:
                    a2:9a:3e:20:a6:65:32:51:6e:f0:2e:ac:ad:4b:bc:
                    5c:f3:32:30:d4:bf:be:42:45:6e:70:79:52:74:8d:
                    a5:fb:89:35:16:69:85:20:20:72:49:bc:f0:6b:c9:
                    a4:eb:d2:16:20:0f:3d:b0:53:8a:f9:85:34:b2:ed:
                    74:04:e5:1a:f0:f9:f2:51:28:5f:e3:15:70:ea:4c:
                    6a:08:d3:05:d8:b9:cf:73:9d:ef:b8:70:6a:73:bf:
                    12:dd:4b:08:2b:f6:ed:46:ff:97:9b:a9:1e:43:c4:
                    bc:a3:75:f7:d7:c5:c8:33:0c:a4:db:fc:29:3a:b9:
                    fa:30:2f:7c:79:04:73:65:aa:c3:af:fe:6e:f9:fc:
                    1d:18:e2:c8:34:37:67:b3:1a:4f:84:a3:bf:0d:73:
                    13:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:87:42:C6:F7:F7:1A:35:A4:72:E3:63:D0:49:06:BF:6E:51:3D:FE
            X509v3 Authority Key Identifier:
                keyid:56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/OodCxvf3GjWkcuNj0EkGv25RPf4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.68.80.0/24
                  178.211.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:84:80:94:27:fa:5b:82:81:75:0f:a0:4c:04:3f:5c:28:31:
         7a:2c:86:82:5c:77:a0:48:2c:15:5a:db:0f:fc:9b:74:17:3c:
         db:ef:cf:2e:cc:7d:a5:01:51:57:fb:9d:80:4b:be:29:7c:9c:
         93:79:f2:4b:5f:e9:0f:4d:e4:aa:ab:02:6b:48:f4:df:5e:0c:
         7c:00:2b:be:a2:29:f5:b4:23:4a:9f:4c:75:c6:5a:80:14:89:
         e5:6c:81:e7:24:c9:97:28:35:9b:0c:46:83:86:91:89:90:ac:
         8c:9c:b2:32:35:c9:b4:e4:ca:c1:a4:73:86:fb:51:09:bb:c6:
         c0:42:00:c4:6d:e5:82:61:7e:de:a4:fc:6d:6c:2c:7a:9c:d4:
         11:7d:fa:a4:6a:76:0a:5e:23:e5:b4:69:ef:25:8b:23:03:7b:
         49:fc:b4:08:88:f6:16:9d:ab:47:22:92:67:69:3c:3b:86:39:
         e2:4d:fd:8d:f5:31:b5:53:96:f5:ce:69:65:e3:23:08:21:7c:
         74:9e:fd:0f:18:69:87:63:7f:eb:16:52:48:dd:e0:f7:64:d4:
         55:27:eb:f2:f4:71:21:51:0a:b4:f0:b9:56:c7:66:19:0d:75:
         b8:8d:65:cf:f8:68:72:cc:0c:f7:84:75:a5:4c:e0:57:47:49:
         e4:0e:68:44
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY7Ia2tPa/jYEGAAWlIq5s7IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2Yjk4ZjgzY2NiZGE3YzE5ZjAwNDE1MWM5OGI1N2M1OWQy
NjhmNTQwHhcNMjQwNDEwMTQzMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTg3NDJjNmY3ZjcxYTM1YTQ3MmUzNjNkMDQ5MDZiZjZlNTEzZGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhpkSpTghEaRCZ38LvcAfQV2ge9dx
vO/ksZ8GM3SR1shzqtbSx++PptWptr8zRK9D1BrGsnrup8koDhkRZJMRofCb6cm6
PFgy9PFjfp1FglkpRNpw9Pwyqev7xy7sLxP7UGLsxiBW9Fqimj4gpmUyUW7wLqyt
S7xc8zIw1L++QkVucHlSdI2l+4k1FmmFICBySbzwa8mk69IWIA89sFOK+YU0su10
BOUa8PnyUShf4xVw6kxqCNMF2LnPc53vuHBqc78S3UsIK/btRv+Xm6keQ8S8o3X3
18XIMwyk2/wpOrn6MC98eQRzZarDr/5u+fwdGOLINDdnsxpPhKO/DXMTuQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDqHQsb39xo1pHLjY9BJBr9uUT3+MB8GA1UdIwQY
MBaAFFa5j4PMvafBnwBBUcmLV8WdJo9UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2Yt
N2FhN2ZjMzU5NjU1LzEvT29kQ3h2ZjNHaldrY3VOajBFa0d2MjVSUGY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2YtN2FhN2ZjMzU5NjU1
LzEvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPkRQAwQA
stOfMA0GCSqGSIb3DQEBCwUAA4IBAQBfhICUJ/pbgoF1D6BMBD9cKDF6LIaCXHeg
SCwVWtsP/Jt0Fzzb788uzH2lAVFX+52AS74pfJyTefJLX+kPTeSqqwJrSPTfXgx8
ACu+oin1tCNKn0x1xlqAFInlbIHnJMmXKDWbDEaDhpGJkKyMnLIyNcm05MrBpHOG
+1EJu8bAQgDEbeWCYX7epPxtbCx6nNQRffqkanYKXiPltGnvJYsjA3tJ/LQIiPYW
natHIpJnaTw7hjniTf2N9TG1U5b1zmll4yMIIXx0nv0PGGmHY3/rFlJI3eD3ZNRV
J+vy9HEhUQq08LlWx2YZDXW4jWXP+GhyzAz3hHWlTOBXR0nkDmhE
-----END CERTIFICATE-----