Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/YUHdfmt4mpsOaPfPGXENhIs5Ugg.roa
File:                     YUHdfmt4mpsOaPfPGXENhIs5Ugg.roa (raw, json)
Hash identifier:          p87pw8TlBYACXBvEIKj1rsDrn5pgBEiPYqziCgWQrPo=
Subject key identifier:   61:41:DD:7E:6B:78:9A:9B:0E:68:F7:CF:19:71:0D:84:8B:39:52:08
Certificate issuer:       /CN=d411abc4c0468ab2891eaacadba0dc0377936fd5
Certificate serial:       018CC5014A71D2F3DB26DC1EC6E2EC50F3C4
Authority key identifier: D4:11:AB:C4:C0:46:8A:B2:89:1E:AA:CA:DB:A0:DC:03:77:93:6F:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/YUHdfmt4mpsOaPfPGXENhIs5Ugg.roa
Signing time:             Mon 01 Jan 2024 12:30:45 +0000
ROA not before:           Mon 01 Jan 2024 12:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35247
IP address blocks:        62.228.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:4a:71:d2:f3:db:26:dc:1e:c6:e2:ec:50:f3:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d411abc4c0468ab2891eaacadba0dc0377936fd5
        Validity
            Not Before: Jan  1 12:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6141dd7e6b789a9b0e68f7cf19710d848b395208
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:e8:57:a6:fa:7d:2b:53:81:b2:a1:f8:8c:41:
                    ea:f9:8c:df:bb:92:ae:2c:26:d6:e6:48:a0:f2:ad:
                    84:58:5d:e5:3a:35:c4:fa:e6:43:74:72:ca:02:73:
                    4f:08:52:84:be:15:37:46:3e:d4:9f:e5:d9:3f:1a:
                    ed:90:c8:37:6a:7a:ea:a2:af:76:12:b0:6b:dd:74:
                    f8:d0:a3:db:3a:74:6e:db:f7:c6:f6:be:33:6b:9b:
                    ef:d0:d3:6f:1e:c7:11:0c:84:cc:e8:d4:3d:fe:b0:
                    34:14:1e:3b:b3:5a:32:da:0c:f2:a6:4d:94:f7:7c:
                    f5:b8:3a:e8:8c:8d:f2:af:58:7f:5c:79:a3:a4:8b:
                    be:72:b1:8d:87:e0:e4:85:f9:13:c2:08:de:a6:e5:
                    01:a7:7e:23:a6:b1:98:67:d4:da:f8:55:49:5f:d1:
                    a3:e3:9a:3e:fe:72:09:47:cd:55:6f:3c:13:9b:a3:
                    38:b6:a7:6b:04:ea:9d:f7:43:12:85:e1:a7:78:fb:
                    57:b2:e8:21:a1:d7:a5:99:ce:7d:62:96:cd:6a:b4:
                    3f:8b:d6:c9:a4:17:e8:6b:58:3b:ea:5d:29:72:c3:
                    f9:03:29:d0:79:ce:f4:25:13:92:c3:5a:b9:80:0e:
                    db:0f:4b:4c:80:6d:b0:b6:73:ef:ce:3f:f4:f5:e9:
                    61:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:41:DD:7E:6B:78:9A:9B:0E:68:F7:CF:19:71:0D:84:8B:39:52:08
            X509v3 Authority Key Identifier:
                keyid:D4:11:AB:C4:C0:46:8A:B2:89:1E:AA:CA:DB:A0:DC:03:77:93:6F:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/YUHdfmt4mpsOaPfPGXENhIs5Ugg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.228.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:c9:a2:6a:32:87:16:3e:be:cd:61:7a:4a:f3:c7:a8:1d:2b:
         b0:4d:5b:5c:f3:10:c1:55:56:3e:e2:bc:f7:0b:13:17:56:a0:
         cc:73:6c:fd:ec:89:80:0b:f3:7f:9f:1d:0f:45:a4:31:56:9f:
         31:48:a4:22:af:e1:92:ba:81:a3:97:c7:40:2a:0b:d9:7a:f1:
         de:41:6a:91:c6:14:36:ae:85:e6:88:a7:f7:48:07:1e:7b:d2:
         e4:74:48:3a:8e:43:73:02:fe:da:fd:46:22:a6:91:c3:76:60:
         fa:c4:39:9b:7f:53:7c:bd:3c:d1:2a:24:f9:be:8b:c6:95:8e:
         ec:77:0a:ec:4e:6b:46:39:6f:fb:a0:e6:97:bd:ea:d3:71:b4:
         eb:73:69:6f:7d:e5:b3:24:23:3a:19:89:26:e9:e0:85:a2:a3:
         51:ea:68:98:78:88:ef:6d:7a:8f:1c:fb:64:84:de:f0:06:3b:
         0e:70:e6:59:65:5b:47:a3:d4:9b:f9:79:25:b0:65:27:81:dd:
         d2:93:78:dc:65:7f:13:64:cd:da:a4:ae:1d:8d:94:44:aa:75:
         55:78:95:5d:32:43:21:3d:a1:7d:97:9c:e6:2d:89:8b:10:3e:
         72:db:f0:64:27:36:7c:fa:b4:db:46:05:01:f7:5d:86:4f:bf:
         41:47:7e:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAUpx0vPbJtwexuLsUPPEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0MTFhYmM0YzA0NjhhYjI4OTFlYWFjYWRiYTBkYzAzNzc5
MzZmZDUwHhcNMjQwMTAxMTIzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTQxZGQ3ZTZiNzg5YTliMGU2OGY3Y2YxOTcxMGQ4NDhiMzk1MjA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwehXpvp9K1OBsqH4jEHq+Yzfu5Ku
LCbW5kig8q2EWF3lOjXE+uZDdHLKAnNPCFKEvhU3Rj7Un+XZPxrtkMg3anrqoq92
ErBr3XT40KPbOnRu2/fG9r4za5vv0NNvHscRDITM6NQ9/rA0FB47s1oy2gzypk2U
93z1uDrojI3yr1h/XHmjpIu+crGNh+DkhfkTwgjepuUBp34jprGYZ9Ta+FVJX9Gj
45o+/nIJR81VbzwTm6M4tqdrBOqd90MSheGnePtXsughodelmc59YpbNarQ/i9bJ
pBfoa1g76l0pcsP5AynQec70JROSw1q5gA7bD0tMgG2wtnPvzj/09elhYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGFB3X5reJqbDmj3zxlxDYSLOVIIMB8GA1UdIwQY
MBaAFNQRq8TARoqyiR6qytug3AN3k2/VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUJHcnhNQkdpcktKSHFySzI2RGNBM2VUYjlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My82MThlNTMtYWZjNC00MGRmLTg2MTIt
YjBmNGI5YzM3ZTQ5LzEvWVVIZGZtdDRtcHNPYVBmUEdYRU5oSXM1VWdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My82MThlNTMtYWZjNC00MGRmLTg2MTItYjBmNGI5YzM3ZTQ5
LzEvMUJHcnhNQkdpcktKSHFySzI2RGNBM2VUYjlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPuToMA0G
CSqGSIb3DQEBCwUAA4IBAQBtyaJqMocWPr7NYXpK88eoHSuwTVtc8xDBVVY+4rz3
CxMXVqDMc2z97ImAC/N/nx0PRaQxVp8xSKQir+GSuoGjl8dAKgvZevHeQWqRxhQ2
roXmiKf3SAcee9LkdEg6jkNzAv7a/UYippHDdmD6xDmbf1N8vTzRKiT5vovGlY7s
dwrsTmtGOW/7oOaXverTcbTrc2lvfeWzJCM6GYkm6eCFoqNR6miYeIjvbXqPHPtk
hN7wBjsOcOZZZVtHo9Sb+XklsGUngd3Sk3jcZX8TZM3apK4djZREqnVVeJVdMkMh
PaF9l5zmLYmLED5y2/BkJzZ8+rTbRgUB912GT79BR35n
-----END CERTIFICATE-----