Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/h86Y5XIw-Lnt4Fr7DydqWvjmPk8.roa
File:                     h86Y5XIw-Lnt4Fr7DydqWvjmPk8.roa (raw, json)
Hash identifier:          rDWkJlvLmJY+FniIU4qPnxNm1DzUm7MWrqr8EeOr6N8=
Subject key identifier:   87:CE:98:E5:72:30:F8:B9:ED:E0:5A:FB:0F:27:6A:5A:F8:E6:3E:4F
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       018CC5DC4D0F381276BCA77E27272682CC71
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/h86Y5XIw-Lnt4Fr7DydqWvjmPk8.roa
Signing time:             Mon 01 Jan 2024 16:29:58 +0000
ROA not before:           Mon 01 Jan 2024 16:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60915
IP address blocks:        62.76.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:4d:0f:38:12:76:bc:a7:7e:27:27:26:82:cc:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  1 16:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=87ce98e57230f8b9ede05afb0f276a5af8e63e4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:84:60:81:d1:43:2a:22:75:eb:ca:09:6e:f3:
                    d7:05:09:d0:43:c9:51:f6:ae:0e:6b:93:11:5d:aa:
                    cb:bc:0d:71:9e:d9:de:67:86:34:cb:d4:12:5d:f4:
                    ea:08:e0:21:3f:34:07:9f:7d:7b:6d:ba:85:b6:71:
                    29:01:82:44:9f:fb:55:d2:89:9d:0c:8a:f5:87:54:
                    31:b4:b1:8e:7e:73:e0:f3:0f:7c:3a:2a:8f:f8:ce:
                    d6:96:d5:7d:7a:7f:67:40:72:5e:f5:fe:85:b0:bf:
                    30:68:71:27:eb:ed:1f:18:8c:61:b3:5c:bf:2d:de:
                    7b:31:6f:e6:c2:73:81:80:e8:05:87:aa:13:37:7e:
                    36:9d:ec:ab:0d:2f:7c:26:e7:0d:6e:29:2c:df:36:
                    0b:7e:a1:81:2c:fa:3e:2c:a1:c8:90:86:1a:6c:ea:
                    c1:e4:88:e6:bd:7c:a7:23:96:ec:42:c7:f6:54:37:
                    9e:79:95:ed:89:87:23:cd:9b:36:fe:75:0e:a1:21:
                    b9:af:e9:d7:e1:1f:7a:3f:75:98:71:30:3a:90:6b:
                    9c:ea:3e:01:f1:94:0f:b8:aa:52:47:bc:1e:18:c6:
                    cd:09:00:bb:89:eb:da:cb:9e:76:57:68:45:21:d8:
                    10:c7:62:12:d6:20:8f:84:36:59:9f:12:61:f4:66:
                    71:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:CE:98:E5:72:30:F8:B9:ED:E0:5A:FB:0F:27:6A:5A:F8:E6:3E:4F
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/h86Y5XIw-Lnt4Fr7DydqWvjmPk8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.76.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:84:fd:0c:ca:88:c0:07:87:5b:fe:02:07:ae:d3:84:f9:b0:
         3b:69:5a:87:3f:43:17:b7:c0:06:55:37:5b:6f:53:74:3b:b7:
         6f:5a:aa:58:92:35:bb:05:70:7e:87:29:a9:0a:1a:fd:21:b7:
         a7:18:03:38:93:77:7b:ae:82:17:83:67:2c:2b:1e:da:76:1f:
         98:ed:dd:99:b9:21:3c:93:d1:64:b8:8d:e8:73:54:b0:a0:1d:
         fa:bd:c5:4d:39:24:16:96:9c:08:ee:fe:2e:04:3b:77:ce:22:
         29:48:9b:72:5b:13:3c:84:55:d7:36:29:f7:02:3b:ff:f8:88:
         99:dc:83:23:83:cb:6f:9a:e0:53:d6:d1:3c:6e:03:fe:ca:ee:
         98:89:a3:49:c9:b1:8f:ae:42:c3:91:f5:75:4d:2c:b4:0e:73:
         53:a6:cb:a9:f9:d7:ec:bb:8f:d8:dc:1b:82:de:4b:a6:f7:82:
         35:1d:80:41:61:b8:38:59:e3:a2:ee:ad:72:9b:a3:69:60:f5:
         4d:ef:b2:7e:8d:d4:2a:4a:76:84:be:c0:bb:76:45:90:12:f4:
         c9:31:43:9b:2a:1a:fd:c2:d3:b2:70:7c:1f:14:f3:67:95:da:
         dd:25:a2:6a:a2:5d:71:90:b5:67:24:67:f7:00:e0:61:1e:fc:
         d4:6f:c7:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3E0POBJ2vKd+JycmgsxxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjQwMTAxMTYyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2NlOThlNTcyMzBmOGI5ZWRlMDVhZmIwZjI3NmE1YWY4ZTYzZTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhYRggdFDKiJ168oJbvPXBQnQQ8lR
9q4Oa5MRXarLvA1xntneZ4Y0y9QSXfTqCOAhPzQHn317bbqFtnEpAYJEn/tV0omd
DIr1h1QxtLGOfnPg8w98OiqP+M7WltV9en9nQHJe9f6FsL8waHEn6+0fGIxhs1y/
Ld57MW/mwnOBgOgFh6oTN342neyrDS98JucNbiks3zYLfqGBLPo+LKHIkIYabOrB
5IjmvXynI5bsQsf2VDeeeZXtiYcjzZs2/nUOoSG5r+nX4R96P3WYcTA6kGuc6j4B
8ZQPuKpSR7weGMbNCQC7ievay552V2hFIdgQx2IS1iCPhDZZnxJh9GZxIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIfOmOVyMPi57eBa+w8nalr45j5PMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvaDg2WTVYSXctTG50NEZyN0R5ZHFXdmptUGs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPkwJMA0G
CSqGSIb3DQEBCwUAA4IBAQA5hP0MyojAB4db/gIHrtOE+bA7aVqHP0MXt8AGVTdb
b1N0O7dvWqpYkjW7BXB+hympChr9IbenGAM4k3d7roIXg2csKx7adh+Y7d2ZuSE8
k9FkuI3oc1SwoB36vcVNOSQWlpwI7v4uBDt3ziIpSJtyWxM8hFXXNin3Ajv/+IiZ
3IMjg8tvmuBT1tE8bgP+yu6YiaNJybGPrkLDkfV1TSy0DnNTpsup+dfsu4/Y3BuC
3kum94I1HYBBYbg4WeOi7q1ym6NpYPVN77J+jdQqSnaEvsC7dkWQEvTJMUObKhr9
wtOycHwfFPNnldrdJaJqol1xkLVnJGf3AOBhHvzUb8eL
-----END CERTIFICATE-----