Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/0cc712-a665-48d7-b3d4-f0f8b0775523/1/kLjsK_3NLs8WW0XFK2C3GZ_I60c.roa
File:                     kLjsK_3NLs8WW0XFK2C3GZ_I60c.roa (raw, json)
Hash identifier:          HLjQo5oGd/26fXrJaCNEqRp7RSxgkKPp3kSQ2Vb8H+k=
Subject key identifier:   90:B8:EC:2B:FD:CD:2E:CF:16:5B:45:C5:2B:60:B7:19:9F:C8:EB:47
Certificate issuer:       /CN=8dbed2dfc60987092a07a0edcb46ab14cbf74312
Certificate serial:       018CC649A9A1DB0EE53A6AE8D63C1E2EBB49
Authority key identifier: 8D:BE:D2:DF:C6:09:87:09:2A:07:A0:ED:CB:46:AB:14:CB:F7:43:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jb7S38YJhwkqB6Dty0arFMv3QxI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/0cc712-a665-48d7-b3d4-f0f8b0775523/1/kLjsK_3NLs8WW0XFK2C3GZ_I60c.roa
Signing time:             Mon 01 Jan 2024 18:29:25 +0000
ROA not before:           Mon 01 Jan 2024 18:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48440
IP address blocks:        62.122.71.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/0cc712-a665-48d7-b3d4-f0f8b0775523/1/jb7S38YJhwkqB6Dty0arFMv3QxI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/0cc712-a665-48d7-b3d4-f0f8b0775523/1/jb7S38YJhwkqB6Dty0arFMv3QxI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jb7S38YJhwkqB6Dty0arFMv3QxI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:a9:a1:db:0e:e5:3a:6a:e8:d6:3c:1e:2e:bb:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8dbed2dfc60987092a07a0edcb46ab14cbf74312
        Validity
            Not Before: Jan  1 18:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=90b8ec2bfdcd2ecf165b45c52b60b7199fc8eb47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:99:26:8b:c8:72:42:d9:d0:73:41:9d:38:f0:
                    39:5e:68:67:7a:68:13:65:f1:28:34:51:8f:00:2d:
                    ed:5c:a9:96:a9:18:a8:09:eb:b2:a6:8c:99:dc:a6:
                    79:c4:44:7f:06:5d:31:82:79:7b:f1:78:3d:fa:16:
                    6e:25:2d:8f:9f:ce:99:54:65:f3:8c:0b:91:3e:f1:
                    c1:84:8e:1a:e9:da:66:d9:be:83:99:b9:e2:7e:c4:
                    8b:39:43:c1:86:e8:05:27:28:3e:10:67:f5:f5:a6:
                    8a:4a:01:8c:9f:e0:30:49:dd:f4:3a:f2:b7:42:2d:
                    1f:ef:21:ac:3a:19:0b:23:70:32:d7:c3:f7:09:c4:
                    03:d8:8d:f3:86:aa:17:3a:1b:19:e7:91:10:80:ba:
                    43:98:94:72:a6:8e:84:2a:d4:87:b5:c8:00:5c:18:
                    45:bb:dd:48:03:bb:d6:b2:0c:34:45:cd:7f:1c:9b:
                    09:82:8b:72:42:17:03:6a:26:21:c3:d7:b5:86:09:
                    6a:f0:98:41:12:9d:b3:75:b5:2a:09:e0:b4:64:54:
                    f3:0f:14:11:22:df:b0:bb:aa:d6:3e:58:0a:19:08:
                    7c:c6:c2:6e:42:1b:e5:0b:03:f2:96:ba:fd:45:38:
                    7a:d7:7d:f2:79:27:9c:f3:43:c0:ad:85:bc:75:2d:
                    57:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:B8:EC:2B:FD:CD:2E:CF:16:5B:45:C5:2B:60:B7:19:9F:C8:EB:47
            X509v3 Authority Key Identifier:
                keyid:8D:BE:D2:DF:C6:09:87:09:2A:07:A0:ED:CB:46:AB:14:CB:F7:43:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jb7S38YJhwkqB6Dty0arFMv3QxI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/0cc712-a665-48d7-b3d4-f0f8b0775523/1/kLjsK_3NLs8WW0XFK2C3GZ_I60c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/0cc712-a665-48d7-b3d4-f0f8b0775523/1/jb7S38YJhwkqB6Dty0arFMv3QxI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.122.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:93:36:9c:e5:d3:4b:1d:40:98:bf:6c:40:95:94:ef:d0:cd:
         bb:f3:50:41:ce:99:71:7d:20:38:4c:07:96:ca:3d:d9:96:7c:
         e3:b7:60:91:af:10:c0:1c:2b:d4:f3:f6:a5:ba:75:0f:a2:f5:
         25:52:11:c0:7a:a3:2d:23:2c:4a:18:d5:8d:be:88:00:bc:1f:
         94:67:7c:68:6b:2e:ef:19:85:b7:ea:72:0c:d4:e5:43:c1:64:
         ce:56:0e:5a:59:5f:84:da:06:cc:0e:1c:e8:4a:91:04:73:09:
         e9:3d:14:51:b9:63:8d:d4:6d:e1:96:7e:53:47:d9:74:9a:4b:
         1c:80:35:f0:b4:cc:70:3c:0e:91:37:2b:82:37:90:32:88:f4:
         a3:da:c1:66:bf:3f:66:4d:01:3a:3f:d0:16:10:3e:5a:e2:02:
         c0:b1:58:04:99:1d:01:4b:42:33:7c:a4:f7:26:93:b2:93:c8:
         f6:73:6d:4a:93:2f:18:ac:25:0f:85:ae:e0:22:8c:27:c0:7d:
         99:a7:01:03:10:d1:95:2b:01:9a:bb:00:f7:5f:11:83:94:48:
         49:78:39:b4:5f:cc:b6:84:86:c2:df:30:9a:f9:e1:3f:ae:02:
         e5:8e:ad:39:49:d0:a8:b2:92:26:74:f4:85:c8:2f:ba:3a:d1:
         ea:53:9f:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSamh2w7lOmro1jweLrtJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkYmVkMmRmYzYwOTg3MDkyYTA3YTBlZGNiNDZhYjE0Y2Jm
NzQzMTIwHhcNMjQwMTAxMTgyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGI4ZWMyYmZkY2QyZWNmMTY1YjQ1YzUyYjYwYjcxOTlmYzhlYjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhZkmi8hyQtnQc0GdOPA5XmhnemgT
ZfEoNFGPAC3tXKmWqRioCeuypoyZ3KZ5xER/Bl0xgnl78Xg9+hZuJS2Pn86ZVGXz
jAuRPvHBhI4a6dpm2b6DmbnifsSLOUPBhugFJyg+EGf19aaKSgGMn+AwSd30OvK3
Qi0f7yGsOhkLI3Ay18P3CcQD2I3zhqoXOhsZ55EQgLpDmJRypo6EKtSHtcgAXBhF
u91IA7vWsgw0Rc1/HJsJgotyQhcDaiYhw9e1hglq8JhBEp2zdbUqCeC0ZFTzDxQR
It+wu6rWPlgKGQh8xsJuQhvlCwPylrr9RTh6133yeSec80PArYW8dS1XdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJC47Cv9zS7PFltFxStgtxmfyOtHMB8GA1UdIwQY
MBaAFI2+0t/GCYcJKgeg7ctGqxTL90MSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamI3UzM4WUpod2txQjZEdHkwYXJGTXYzUXhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My8wY2M3MTItYTY2NS00OGQ3LWIzZDQt
ZjBmOGIwNzc1NTIzLzEva0xqc0tfM05MczhXVzBYRksyQzNHWl9JNjBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My8wY2M3MTItYTY2NS00OGQ3LWIzZDQtZjBmOGIwNzc1NTIz
LzEvamI3UzM4WUpod2txQjZEdHkwYXJGTXYzUXhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPnpHMA0G
CSqGSIb3DQEBCwUAA4IBAQAlkzac5dNLHUCYv2xAlZTv0M2781BBzplxfSA4TAeW
yj3Zlnzjt2CRrxDAHCvU8/alunUPovUlUhHAeqMtIyxKGNWNvogAvB+UZ3xoay7v
GYW36nIM1OVDwWTOVg5aWV+E2gbMDhzoSpEEcwnpPRRRuWON1G3hln5TR9l0mksc
gDXwtMxwPA6RNyuCN5AyiPSj2sFmvz9mTQE6P9AWED5a4gLAsVgEmR0BS0IzfKT3
JpOyk8j2c21Kky8YrCUPha7gIownwH2ZpwEDENGVKwGauwD3XxGDlEhJeDm0X8y2
hIbC3zCa+eE/rgLljq05SdCospImdPSFyC+6OtHqU5/0
-----END CERTIFICATE-----