Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/a18960-2cfa-46b7-8e5a-2e2d93c4754b/1/DgVQdQeki5IDcfudrzBiA2dPJdM.roa
File:                     DgVQdQeki5IDcfudrzBiA2dPJdM.roa (raw, json)
Hash identifier:          60lm8fV3GiJ4PVwGyp5OGZgkFE3Db5Fj3vk4DE7OJOA=
Subject key identifier:   0E:05:50:75:07:A4:8B:92:03:71:FB:9D:AF:30:62:03:67:4F:25:D3
Certificate issuer:       /CN=4aebee8fe7549d1a9ae559e5da081642e9eac278
Certificate serial:       018CC5DC769948C27CDC7C6EEB6C08FE214A
Authority key identifier: 4A:EB:EE:8F:E7:54:9D:1A:9A:E5:59:E5:DA:08:16:42:E9:EA:C2:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Suvuj-dUnRqa5Vnl2ggWQunqwng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/a18960-2cfa-46b7-8e5a-2e2d93c4754b/1/DgVQdQeki5IDcfudrzBiA2dPJdM.roa
Signing time:             Mon 01 Jan 2024 16:30:09 +0000
ROA not before:           Mon 01 Jan 2024 16:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5511
IP address blocks:        62.229.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/a18960-2cfa-46b7-8e5a-2e2d93c4754b/1/Suvuj-dUnRqa5Vnl2ggWQunqwng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/a18960-2cfa-46b7-8e5a-2e2d93c4754b/1/Suvuj-dUnRqa5Vnl2ggWQunqwng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Suvuj-dUnRqa5Vnl2ggWQunqwng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 04:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:76:99:48:c2:7c:dc:7c:6e:eb:6c:08:fe:21:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4aebee8fe7549d1a9ae559e5da081642e9eac278
        Validity
            Not Before: Jan  1 16:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e05507507a48b920371fb9daf306203674f25d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:91:eb:c4:2a:b9:75:da:e2:a8:a6:64:56:61:
                    f7:c1:cf:ab:2b:b2:db:8a:86:cf:e9:f7:6c:91:18:
                    ad:bc:b2:f7:1b:c0:94:e3:13:39:93:ec:d2:74:56:
                    54:be:61:15:c3:2b:ad:21:d7:eb:ba:3b:b4:3b:3c:
                    00:63:99:d3:2e:13:d4:b1:7f:f0:33:27:75:ee:44:
                    c7:77:68:f8:c6:3c:10:41:92:b1:ea:e1:56:eb:05:
                    48:f2:1e:01:33:c6:70:07:90:44:7f:f9:15:b6:d5:
                    f1:a8:d8:54:74:76:76:40:6f:2f:5d:98:90:9c:66:
                    e7:98:de:0d:a0:52:fb:ea:64:cd:e0:43:b3:51:bf:
                    de:6e:d8:27:1e:98:a4:8e:dd:b5:55:7d:83:e7:16:
                    ad:95:49:96:4d:59:a3:92:54:14:e1:21:88:7a:ed:
                    85:bd:1f:a5:6a:69:57:f0:d6:73:6c:25:e4:dd:7b:
                    51:3f:99:9f:53:ed:6b:52:43:8f:19:95:bc:05:4a:
                    65:95:5a:d1:6b:9e:a4:f2:d9:18:03:e9:45:23:ff:
                    84:80:f9:4e:8c:57:17:b0:fc:e1:f8:3a:85:2e:05:
                    31:63:a4:96:11:b1:2e:69:53:6a:2e:ab:9e:51:cd:
                    40:20:c2:36:a2:11:87:f3:ea:7a:16:04:1e:2b:01:
                    91:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:05:50:75:07:A4:8B:92:03:71:FB:9D:AF:30:62:03:67:4F:25:D3
            X509v3 Authority Key Identifier:
                keyid:4A:EB:EE:8F:E7:54:9D:1A:9A:E5:59:E5:DA:08:16:42:E9:EA:C2:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Suvuj-dUnRqa5Vnl2ggWQunqwng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/a18960-2cfa-46b7-8e5a-2e2d93c4754b/1/DgVQdQeki5IDcfudrzBiA2dPJdM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/a18960-2cfa-46b7-8e5a-2e2d93c4754b/1/Suvuj-dUnRqa5Vnl2ggWQunqwng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.229.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         42:ef:3b:61:e5:51:53:43:76:f3:e8:86:45:67:07:9e:eb:67:
         bd:69:49:58:83:8e:21:73:76:1b:52:47:6b:83:51:db:d8:65:
         e7:91:70:b9:26:4d:26:51:1e:15:51:76:51:18:5d:a2:e0:b0:
         ef:cc:19:68:7a:d2:6f:a2:ec:1d:da:69:6a:2b:90:79:82:eb:
         ad:05:7e:fa:7d:8f:26:87:35:9a:d3:16:1a:c1:c6:00:35:e6:
         6b:bc:5f:20:b8:61:e0:62:64:b9:d0:7d:d4:43:71:c5:df:9a:
         1a:14:b5:89:06:e9:b1:4e:67:eb:c4:86:ff:20:31:98:1b:cd:
         09:da:bd:e3:db:53:43:ff:4c:c0:6e:b5:6a:d9:8c:50:19:67:
         6c:d7:80:c7:dd:ab:37:90:52:67:ed:81:f6:cb:51:8f:40:b2:
         fa:17:99:72:d4:d6:99:3c:16:dd:a2:b0:f1:63:b9:7f:2c:c4:
         6c:5b:f1:13:82:0b:0d:60:9b:db:cc:97:8a:e2:6e:ef:da:52:
         99:02:09:3c:22:01:75:27:f5:ef:94:10:01:ed:22:1b:ff:e4:
         9e:8a:96:a0:0a:0e:5f:a5:dd:b0:7d:c2:3d:7b:76:a4:84:0f:
         f3:0f:59:8b:bb:6d:b5:d3:c7:b8:cc:81:12:bb:be:b8:4b:e6:
         f1:e9:76:e9
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzF3HaZSMJ83Hxu62wI/iFKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhZWJlZThmZTc1NDlkMWE5YWU1NTllNWRhMDgxNjQyZTll
YWMyNzgwHhcNMjQwMTAxMTYzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTA1NTA3NTA3YTQ4YjkyMDM3MWZiOWRhZjMwNjIwMzY3NGYyNWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArZHrxCq5ddriqKZkVmH3wc+rK7Lb
iobP6fdskRitvLL3G8CU4xM5k+zSdFZUvmEVwyutIdfruju0OzwAY5nTLhPUsX/w
Myd17kTHd2j4xjwQQZKx6uFW6wVI8h4BM8ZwB5BEf/kVttXxqNhUdHZ2QG8vXZiQ
nGbnmN4NoFL76mTN4EOzUb/ebtgnHpikjt21VX2D5xatlUmWTVmjklQU4SGIeu2F
vR+lamlX8NZzbCXk3XtRP5mfU+1rUkOPGZW8BUpllVrRa56k8tkYA+lFI/+EgPlO
jFcXsPzh+DqFLgUxY6SWEbEuaVNqLqueUc1AIMI2ohGH8+p6FgQeKwGRSQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFA4FUHUHpIuSA3H7na8wYgNnTyXTMB8GA1UdIwQY
MBaAFErr7o/nVJ0amuVZ5doIFkLp6sJ4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3V2dWotZFVuUnFhNVZubDJnZ1dRdW5xd25nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC9hMTg5NjAtMmNmYS00NmI3LThlNWEt
MmUyZDkzYzQ3NTRiLzEvRGdWUWRRZWtpNUlEY2Z1ZHJ6QmlBMmRQSmRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC9hMTg5NjAtMmNmYS00NmI3LThlNWEtMmUyZDkzYzQ3NTRi
LzEvU3V2dWotZFVuUnFhNVZubDJnZ1dRdW5xd25nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAPuUwDQYJ
KoZIhvcNAQELBQADggEBAELvO2HlUVNDdvPohkVnB57rZ71pSViDjiFzdhtSR2uD
UdvYZeeRcLkmTSZRHhVRdlEYXaLgsO/MGWh60m+i7B3aaWorkHmC660Ffvp9jyaH
NZrTFhrBxgA15mu8XyC4YeBiZLnQfdRDccXfmhoUtYkG6bFOZ+vEhv8gMZgbzQna
vePbU0P/TMButWrZjFAZZ2zXgMfdqzeQUmftgfbLUY9AsvoXmXLU1pk8Ft2isPFj
uX8sxGxb8ROCCw1gm9vMl4ribu/aUpkCCTwiAXUn9e+UEAHtIhv/5J6KlqAKDl+l
3bB9wj17dqSED/MPWYu7bbXTx7jMgRK7vrhL5vHpduk=
-----END CERTIFICATE-----