Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/77d607-7d7c-4589-aff7-2fda97079c01/1/ZzIfOxiz1UFSipC0qMHMuDpK3VQ.roa
File:                     ZzIfOxiz1UFSipC0qMHMuDpK3VQ.roa (raw, json)
Hash identifier:          6jEgr8+T6X+pCVKGvbKvMNEruvxVecmGz/LddjsHtw4=
Subject key identifier:   67:32:1F:3B:18:B3:D5:41:52:8A:90:B4:A8:C1:CC:B8:3A:4A:DD:54
Certificate issuer:       /CN=c4d8c1985c50c7ead4cfd8d3a93d63e5611f6fb6
Certificate serial:       018CC7277012F4F79196205E70169DB52AB7
Authority key identifier: C4:D8:C1:98:5C:50:C7:EA:D4:CF:D8:D3:A9:3D:63:E5:61:1F:6F:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xNjBmFxQx-rUz9jTqT1j5WEfb7Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/77d607-7d7c-4589-aff7-2fda97079c01/1/ZzIfOxiz1UFSipC0qMHMuDpK3VQ.roa
Signing time:             Mon 01 Jan 2024 22:31:39 +0000
ROA not before:           Mon 01 Jan 2024 22:31:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203650
IP address blocks:        62.176.216.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/77d607-7d7c-4589-aff7-2fda97079c01/1/xNjBmFxQx-rUz9jTqT1j5WEfb7Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/77d607-7d7c-4589-aff7-2fda97079c01/1/xNjBmFxQx-rUz9jTqT1j5WEfb7Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xNjBmFxQx-rUz9jTqT1j5WEfb7Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:70:12:f4:f7:91:96:20:5e:70:16:9d:b5:2a:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4d8c1985c50c7ead4cfd8d3a93d63e5611f6fb6
        Validity
            Not Before: Jan  1 22:31:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67321f3b18b3d541528a90b4a8c1ccb83a4add54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:04:fb:73:65:0b:87:6f:45:f0:d8:8e:62:43:
                    39:21:ea:12:ca:29:10:ad:7c:8c:31:bd:71:48:52:
                    72:a3:70:8d:50:56:fc:be:24:12:63:fc:d4:94:0d:
                    96:64:0f:b7:cf:94:38:b7:f7:1d:87:8c:5b:72:c0:
                    ca:76:b8:1b:0f:0a:39:ae:c8:e1:be:ff:07:d4:da:
                    8c:1b:d5:ff:b0:59:fc:6b:35:e9:87:41:ae:0c:17:
                    4a:8f:56:2d:3a:e1:10:25:cb:c8:79:21:97:3b:e7:
                    03:ec:16:45:94:46:13:2a:b2:38:2a:f5:88:15:a9:
                    dc:fe:40:4f:38:0a:16:8c:0f:f6:dd:e0:2e:a2:f4:
                    b0:12:df:53:80:ed:6c:d6:b1:9d:64:a8:0f:76:51:
                    50:f5:82:1f:c9:52:e9:35:a6:4a:53:e6:bd:52:e6:
                    f1:21:00:c3:31:37:0a:b3:ad:05:58:91:23:64:1a:
                    38:c1:8b:e1:8d:e8:51:a2:49:db:ed:52:9e:a4:a1:
                    f8:b5:c1:d8:6f:d6:c0:89:b8:3b:d2:b5:19:84:44:
                    3b:a3:a5:48:fd:f1:7c:10:13:06:f6:b0:63:db:21:
                    19:61:16:83:69:52:fd:d6:a8:ef:8a:d8:ac:be:4b:
                    28:f2:15:39:64:9a:a5:be:42:9e:27:a2:4d:ab:51:
                    40:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:32:1F:3B:18:B3:D5:41:52:8A:90:B4:A8:C1:CC:B8:3A:4A:DD:54
            X509v3 Authority Key Identifier:
                keyid:C4:D8:C1:98:5C:50:C7:EA:D4:CF:D8:D3:A9:3D:63:E5:61:1F:6F:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xNjBmFxQx-rUz9jTqT1j5WEfb7Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/77d607-7d7c-4589-aff7-2fda97079c01/1/ZzIfOxiz1UFSipC0qMHMuDpK3VQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/77d607-7d7c-4589-aff7-2fda97079c01/1/xNjBmFxQx-rUz9jTqT1j5WEfb7Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.176.216.0/21

    Signature Algorithm: sha256WithRSAEncryption
         27:6c:8a:ce:1f:8f:7a:1b:c3:71:7d:4e:3f:d7:1b:14:26:3d:
         7f:16:55:13:22:56:9a:a4:cd:6e:e1:d4:ca:bd:25:b4:cd:56:
         5d:3d:a0:d9:1e:2a:4f:54:f6:ad:58:d5:6b:37:ae:a1:f4:0f:
         e7:f7:a1:52:dd:81:a0:64:33:23:bd:14:8f:cf:3d:1d:2f:b4:
         34:97:3d:89:3d:66:93:ba:71:3e:3c:3a:58:97:85:e6:6c:89:
         2d:c0:e9:30:ac:d0:cc:86:80:5a:bc:b2:d0:c6:9c:51:0f:69:
         80:01:1d:59:f7:af:b5:15:7e:af:fb:ad:39:b7:e9:e3:2d:20:
         e5:41:1e:94:a6:4e:18:45:f7:6b:30:37:b4:91:81:20:cf:d8:
         d7:29:98:e0:b9:27:b7:62:f8:4a:29:a9:f6:65:33:a4:14:39:
         a2:41:ec:20:fa:68:e9:8b:98:ef:32:4c:1f:19:67:7f:75:3b:
         8f:fe:bc:31:fb:3e:87:f9:4b:03:8e:0d:44:fd:c2:9c:5a:0a:
         d8:fc:8f:71:fa:38:a7:e1:91:6a:59:fa:7c:90:a9:b5:94:cb:
         39:2f:92:ff:01:38:5c:b3:9f:ae:da:12:59:4f:e7:ab:5e:02:
         37:78:7f:51:69:43:b4:18:1b:6c:f0:56:62:89:ff:e5:d2:a3:
         45:3a:66:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ3AS9PeRliBecBadtSq3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0ZDhjMTk4NWM1MGM3ZWFkNGNmZDhkM2E5M2Q2M2U1NjEx
ZjZmYjYwHhcNMjQwMTAxMjIzMTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzMyMWYzYjE4YjNkNTQxNTI4YTkwYjRhOGMxY2NiODNhNGFkZDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkAT7c2ULh29F8NiOYkM5IeoSyikQ
rXyMMb1xSFJyo3CNUFb8viQSY/zUlA2WZA+3z5Q4t/cdh4xbcsDKdrgbDwo5rsjh
vv8H1NqMG9X/sFn8azXph0GuDBdKj1YtOuEQJcvIeSGXO+cD7BZFlEYTKrI4KvWI
Fanc/kBPOAoWjA/23eAuovSwEt9TgO1s1rGdZKgPdlFQ9YIfyVLpNaZKU+a9Uubx
IQDDMTcKs60FWJEjZBo4wYvhjehRoknb7VKepKH4tcHYb9bAibg70rUZhEQ7o6VI
/fF8EBMG9rBj2yEZYRaDaVL91qjvitisvkso8hU5ZJqlvkKeJ6JNq1FA2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGcyHzsYs9VBUoqQtKjBzLg6St1UMB8GA1UdIwQY
MBaAFMTYwZhcUMfq1M/Y06k9Y+VhH2+2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveE5qQm1GeFF4LXJVejlqVHFUMWo1V0VmYjdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS83N2Q2MDctN2Q3Yy00NTg5LWFmZjct
MmZkYTk3MDc5YzAxLzEvWnpJZk94aXoxVUZTaXBDMHFNSE11RHBLM1ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS83N2Q2MDctN2Q3Yy00NTg5LWFmZjctMmZkYTk3MDc5YzAx
LzEveE5qQm1GeFF4LXJVejlqVHFUMWo1V0VmYjdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDPrDYMA0G
CSqGSIb3DQEBCwUAA4IBAQAnbIrOH496G8NxfU4/1xsUJj1/FlUTIlaapM1u4dTK
vSW0zVZdPaDZHipPVPatWNVrN66h9A/n96FS3YGgZDMjvRSPzz0dL7Q0lz2JPWaT
unE+PDpYl4XmbIktwOkwrNDMhoBavLLQxpxRD2mAAR1Z96+1FX6v+605t+njLSDl
QR6Upk4YRfdrMDe0kYEgz9jXKZjguSe3YvhKKan2ZTOkFDmiQewg+mjpi5jvMkwf
GWd/dTuP/rwx+z6H+UsDjg1E/cKcWgrY/I9x+jin4ZFqWfp8kKm1lMs5L5L/AThc
s5+u2hJZT+erXgI3eH9RaUO0GBts8FZiif/l0qNFOmbC
-----END CERTIFICATE-----