Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/VCmlh7pajkVWkmG_KKbb4mthI5o.roa
File:                     VCmlh7pajkVWkmG_KKbb4mthI5o.roa (raw, json)
Hash identifier:          2tp565Iy5ZrHFLLImMFYFu/4A+RetFW6JZJqU4czAhE=
Subject key identifier:   54:29:A5:87:BA:5A:8E:45:56:92:61:BF:28:A6:DB:E2:6B:61:23:9A
Certificate issuer:       /CN=c2d21e804ab7713ad7877dde603aa7824b31983c
Certificate serial:       018D650C871EE4AE84247B60D7ED14C10DC9
Authority key identifier: C2:D2:1E:80:4A:B7:71:3A:D7:87:7D:DE:60:3A:A7:82:4B:31:98:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wtIegEq3cTrXh33eYDqngksxmDw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/VCmlh7pajkVWkmG_KKbb4mthI5o.roa
Signing time:             Thu 01 Feb 2024 14:22:16 +0000
ROA not before:           Thu 01 Feb 2024 14:22:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206286
IP address blocks:        62.68.68.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/wtIegEq3cTrXh33eYDqngksxmDw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/wtIegEq3cTrXh33eYDqngksxmDw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wtIegEq3cTrXh33eYDqngksxmDw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:65:0c:87:1e:e4:ae:84:24:7b:60:d7:ed:14:c1:0d:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2d21e804ab7713ad7877dde603aa7824b31983c
        Validity
            Not Before: Feb  1 14:22:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5429a587ba5a8e45569261bf28a6dbe26b61239a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:90:50:09:d1:4c:04:4c:ff:8c:2d:93:27:5f:
                    af:bd:c7:56:ca:3a:63:1d:77:65:ea:f2:55:1b:d7:
                    f0:0c:5b:d7:b0:6a:14:00:9f:37:fc:83:97:ab:62:
                    c7:17:b1:9f:68:1d:cd:86:11:fe:d2:74:d1:8e:20:
                    6b:a4:99:aa:0d:f4:23:30:3e:ae:75:df:02:d6:ac:
                    64:a4:f3:6f:f8:8a:50:47:7c:0c:7a:b1:e9:1c:07:
                    88:a1:02:39:eb:c8:12:70:d5:2d:cd:58:08:73:df:
                    cb:e3:17:ea:1d:40:85:5b:0b:95:ef:2d:ba:41:ca:
                    db:eb:76:06:76:0f:f1:81:a9:3d:a3:31:84:a3:a0:
                    2d:60:eb:66:e8:36:48:43:79:84:70:ac:63:8f:af:
                    3b:56:dc:f3:71:69:8d:67:c5:7b:fd:88:16:93:5c:
                    9b:d7:80:fe:a8:b7:0d:98:3b:9e:95:48:0d:ed:8e:
                    13:cd:6d:23:18:c0:4e:bb:a5:f3:c6:d9:86:4f:bd:
                    4a:b7:be:ad:ed:75:a1:8e:5f:55:1d:3d:27:94:8c:
                    03:f4:1b:1f:4c:db:ca:d5:7b:e3:f6:5b:6a:6c:5d:
                    52:33:19:ed:93:df:55:96:16:15:91:4d:35:13:09:
                    b4:61:df:5e:bc:a2:ce:94:c0:3c:fc:14:11:77:a5:
                    8d:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:29:A5:87:BA:5A:8E:45:56:92:61:BF:28:A6:DB:E2:6B:61:23:9A
            X509v3 Authority Key Identifier:
                keyid:C2:D2:1E:80:4A:B7:71:3A:D7:87:7D:DE:60:3A:A7:82:4B:31:98:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wtIegEq3cTrXh33eYDqngksxmDw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/VCmlh7pajkVWkmG_KKbb4mthI5o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/wtIegEq3cTrXh33eYDqngksxmDw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.68.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:c3:a9:a6:9e:d8:fa:d8:a9:ec:85:2b:a5:19:9f:ea:56:8a:
         f7:87:df:4d:4c:bb:28:8f:71:dd:0e:97:bf:be:73:6b:f8:01:
         21:e9:6b:b2:93:54:e0:15:de:0b:64:e2:ff:bd:44:43:31:6e:
         1d:76:0b:8b:4f:e1:d9:66:95:05:74:4c:86:5b:c7:a7:5a:32:
         7b:65:c1:79:24:ac:16:7c:f5:65:49:cd:73:ed:4d:ed:2a:c4:
         48:47:b5:a5:80:e7:3b:56:c2:96:e3:5d:0e:70:ee:a5:8d:96:
         cc:e0:93:fc:43:74:72:45:c6:74:68:c7:ac:28:21:69:c6:16:
         2b:ea:47:49:e5:4f:86:ef:0a:9f:2c:86:46:4b:50:c7:45:0c:
         8f:b2:37:bf:8e:c7:5f:c4:16:89:7d:a3:c7:8a:8d:32:47:4b:
         ab:0c:13:99:01:0f:f1:c2:65:eb:3f:70:48:71:96:f4:22:23:
         e4:73:9b:22:24:2d:33:f3:54:ae:39:42:06:5c:1d:37:c4:32:
         f5:06:a1:64:b1:e7:ec:b1:74:a3:9d:79:f3:cc:ca:41:f0:c6:
         91:22:fe:46:ec:f0:25:52:9b:ff:14:66:32:a2:4a:3f:df:cf:
         b9:c5:c4:80:db:36:80:84:c4:0f:24:48:51:0b:59:82:f2:69:
         ee:da:db:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1lDIce5K6EJHtg1+0UwQ3JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZDIxZTgwNGFiNzcxM2FkNzg3N2RkZTYwM2FhNzgyNGIz
MTk4M2MwHhcNMjQwMjAxMTQyMjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDI5YTU4N2JhNWE4ZTQ1NTY5MjYxYmYyOGE2ZGJlMjZiNjEyMzlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoJBQCdFMBEz/jC2TJ1+vvcdWyjpj
HXdl6vJVG9fwDFvXsGoUAJ83/IOXq2LHF7GfaB3NhhH+0nTRjiBrpJmqDfQjMD6u
dd8C1qxkpPNv+IpQR3wMerHpHAeIoQI568gScNUtzVgIc9/L4xfqHUCFWwuV7y26
Qcrb63YGdg/xgak9ozGEo6AtYOtm6DZIQ3mEcKxjj687VtzzcWmNZ8V7/YgWk1yb
14D+qLcNmDuelUgN7Y4TzW0jGMBOu6XzxtmGT71Kt76t7XWhjl9VHT0nlIwD9Bsf
TNvK1Xvj9ltqbF1SMxntk99VlhYVkU01Ewm0Yd9evKLOlMA8/BQRd6WNFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFQppYe6Wo5FVpJhvyim2+JrYSOaMB8GA1UdIwQY
MBaAFMLSHoBKt3E614d93mA6p4JLMZg8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3RJZWdFcTNjVHJYaDMzZVlEcW5na3N4bUR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8wNGI0NDYtNGFlMS00ZmU1LWI2NDYt
NTlhZTA5ZWRiZWI5LzEvVkNtbGg3cGFqa1ZXa21HX0tLYmI0bXRoSTVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8wNGI0NDYtNGFlMS00ZmU1LWI2NDYtNTlhZTA5ZWRiZWI5
LzEvd3RJZWdFcTNjVHJYaDMzZVlEcW5na3N4bUR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPkREMA0G
CSqGSIb3DQEBCwUAA4IBAQAew6mmntj62KnshSulGZ/qVor3h99NTLsoj3HdDpe/
vnNr+AEh6Wuyk1TgFd4LZOL/vURDMW4ddguLT+HZZpUFdEyGW8enWjJ7ZcF5JKwW
fPVlSc1z7U3tKsRIR7WlgOc7VsKW410OcO6ljZbM4JP8Q3RyRcZ0aMesKCFpxhYr
6kdJ5U+G7wqfLIZGS1DHRQyPsje/jsdfxBaJfaPHio0yR0urDBOZAQ/xwmXrP3BI
cZb0IiPkc5siJC0z81SuOUIGXB03xDL1BqFksefssXSjnXnzzMpB8MaRIv5G7PAl
Upv/FGYyoko/38+5xcSA2zaAhMQPJEhRC1mC8mnu2tsn
-----END CERTIFICATE-----