Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/pvgX41Wy_vtC3mHGveHJ_bLEu4c.roa
File:                     pvgX41Wy_vtC3mHGveHJ_bLEu4c.roa (raw, json)
Hash identifier:          CPFj0DK55YJUkIvP7DkybeTXzSeCNrv0jzOxCS4ttCE=
Subject key identifier:   A6:F8:17:E3:55:B2:FE:FB:42:DE:61:C6:BD:E1:C9:FD:B2:C4:BB:87
Certificate issuer:       /CN=d411abc4c0468ab2891eaacadba0dc0377936fd5
Certificate serial:       018CC5014D738021B03D93183F6529F58181
Authority key identifier: D4:11:AB:C4:C0:46:8A:B2:89:1E:AA:CA:DB:A0:DC:03:77:93:6F:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/pvgX41Wy_vtC3mHGveHJ_bLEu4c.roa
Signing time:             Mon 01 Jan 2024 12:30:46 +0000
ROA not before:           Mon 01 Jan 2024 12:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202117
IP address blocks:        62.228.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:4d:73:80:21:b0:3d:93:18:3f:65:29:f5:81:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d411abc4c0468ab2891eaacadba0dc0377936fd5
        Validity
            Not Before: Jan  1 12:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a6f817e355b2fefb42de61c6bde1c9fdb2c4bb87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:f5:dc:ac:6f:0a:f1:11:90:66:c5:a2:1b:8b:
                    5b:a3:2c:83:69:6c:79:2f:ea:1c:68:d7:e6:73:a1:
                    ca:c0:74:e6:db:26:8f:79:1e:f3:ba:d4:d2:14:b0:
                    71:3f:af:c0:b1:01:e2:84:d4:ec:04:0f:82:5a:c7:
                    82:31:5d:c7:cf:d4:95:40:c4:c7:f4:e1:7c:94:68:
                    8e:ca:8a:00:7b:e5:0a:16:c2:73:96:9c:b5:1f:bd:
                    25:6b:dd:f6:5e:56:0c:39:35:49:0b:03:b0:1b:b5:
                    5a:fd:a6:18:5c:d4:4e:e1:bc:4f:6c:2f:b4:ae:b5:
                    b2:e7:f2:f0:ca:05:80:4d:28:59:ef:ea:18:de:f4:
                    4a:e6:24:fb:78:71:e9:e1:06:a5:3e:b6:eb:6f:5c:
                    88:d8:37:7c:bd:9d:db:ec:b3:ee:76:bb:bd:0a:67:
                    8b:e6:d7:2d:68:7c:81:f6:79:e0:38:f5:4d:64:ad:
                    58:12:23:50:64:c0:05:09:76:07:95:48:43:1a:c8:
                    a1:e9:83:1c:0d:1d:44:ca:0f:b2:70:c3:60:b5:7a:
                    d4:fb:96:73:3b:d4:65:e7:7d:d9:1a:0d:31:17:65:
                    e3:fb:cf:5e:1d:4a:38:ea:07:9c:d5:a7:43:7d:f3:
                    4e:6c:68:f4:b5:67:28:5d:2d:59:90:7f:bd:42:02:
                    0a:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:F8:17:E3:55:B2:FE:FB:42:DE:61:C6:BD:E1:C9:FD:B2:C4:BB:87
            X509v3 Authority Key Identifier:
                keyid:D4:11:AB:C4:C0:46:8A:B2:89:1E:AA:CA:DB:A0:DC:03:77:93:6F:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/pvgX41Wy_vtC3mHGveHJ_bLEu4c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.228.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:80:99:28:d4:93:b4:ec:e3:36:7c:14:9b:80:d1:c4:fa:28:
         33:fb:a9:88:13:16:9e:4b:67:a2:a7:3e:14:ca:69:15:25:e8:
         a7:40:6f:19:11:7e:2c:37:0e:02:7a:0b:1e:27:46:3e:dd:ef:
         0b:57:84:7b:1f:f8:a9:f7:d4:0a:f0:29:30:ca:ce:7d:a7:24:
         ac:90:65:5b:0a:3c:11:71:38:d3:10:55:95:eb:3a:39:da:72:
         b3:a8:d8:8a:40:e9:75:f4:7e:c4:3d:41:94:26:2d:63:2e:84:
         69:73:06:6a:84:4f:b6:70:33:78:ba:7b:01:0a:8e:6e:b4:dd:
         f0:71:ce:2e:7a:41:6e:c3:fb:e7:f4:19:d9:24:e0:15:69:02:
         2a:ea:c8:eb:e1:a6:0e:b4:52:b9:c9:e8:8d:24:ac:5c:a3:ed:
         42:2d:20:9f:5b:54:f6:2a:c8:e6:0f:3e:ea:63:2d:8b:fa:2e:
         fd:8f:28:7b:42:7d:47:2e:79:7e:8d:13:86:74:59:7e:89:ec:
         bf:e8:3d:22:d8:13:4d:22:71:a3:a7:8a:e1:85:75:30:58:f3:
         dd:54:88:5f:d9:f4:d4:d7:87:f0:53:92:de:4c:e5:6b:ee:4a:
         57:2f:be:af:ed:d0:da:3f:a1:e6:2b:b2:4d:fe:a2:2d:33:c4:
         0c:dd:f8:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAU1zgCGwPZMYP2Up9YGBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0MTFhYmM0YzA0NjhhYjI4OTFlYWFjYWRiYTBkYzAzNzc5
MzZmZDUwHhcNMjQwMTAxMTIzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmY4MTdlMzU1YjJmZWZiNDJkZTYxYzZiZGUxYzlmZGIyYzRiYjg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp/XcrG8K8RGQZsWiG4tboyyDaWx5
L+ocaNfmc6HKwHTm2yaPeR7zutTSFLBxP6/AsQHihNTsBA+CWseCMV3Hz9SVQMTH
9OF8lGiOyooAe+UKFsJzlpy1H70la932XlYMOTVJCwOwG7Va/aYYXNRO4bxPbC+0
rrWy5/LwygWATShZ7+oY3vRK5iT7eHHp4QalPrbrb1yI2Dd8vZ3b7LPudru9CmeL
5tctaHyB9nngOPVNZK1YEiNQZMAFCXYHlUhDGsih6YMcDR1Eyg+ycMNgtXrU+5Zz
O9Rl533ZGg0xF2Xj+89eHUo46gec1adDffNObGj0tWcoXS1ZkH+9QgIKMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKb4F+NVsv77Qt5hxr3hyf2yxLuHMB8GA1UdIwQY
MBaAFNQRq8TARoqyiR6qytug3AN3k2/VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUJHcnhNQkdpcktKSHFySzI2RGNBM2VUYjlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My82MThlNTMtYWZjNC00MGRmLTg2MTIt
YjBmNGI5YzM3ZTQ5LzEvcHZnWDQxV3lfdnRDM21IR3ZlSEpfYkxFdTRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My82MThlNTMtYWZjNC00MGRmLTg2MTItYjBmNGI5YzM3ZTQ5
LzEvMUJHcnhNQkdpcktKSHFySzI2RGNBM2VUYjlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPuT5MA0G
CSqGSIb3DQEBCwUAA4IBAQAjgJko1JO07OM2fBSbgNHE+igz+6mIExaeS2eipz4U
ymkVJeinQG8ZEX4sNw4CegseJ0Y+3e8LV4R7H/ip99QK8Ckwys59pySskGVbCjwR
cTjTEFWV6zo52nKzqNiKQOl19H7EPUGUJi1jLoRpcwZqhE+2cDN4unsBCo5utN3w
cc4uekFuw/vn9BnZJOAVaQIq6sjr4aYOtFK5yeiNJKxco+1CLSCfW1T2KsjmDz7q
Yy2L+i79jyh7Qn1HLnl+jROGdFl+iey/6D0i2BNNInGjp4rhhXUwWPPdVIhf2fTU
14fwU5LeTOVr7kpXL76v7dDaP6HmK7JN/qItM8QM3fiM
-----END CERTIFICATE-----