Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/1a830a-f061-4cdc-bafb-a2fe9f015d71/1/9PgVUR7UE4cFJRhtQe5BJMQEixc.roa
File:                     9PgVUR7UE4cFJRhtQe5BJMQEixc.roa (raw, json)
Hash identifier:          gB9nGc//ZgxmTkhKnz3uoUBrY1V5L4gL3p/ushyW5Mo=
Subject key identifier:   F4:F8:15:51:1E:D4:13:87:05:25:18:6D:41:EE:41:24:C4:04:8B:17
Certificate issuer:       /CN=efad344eb5f7eb1dee4b8f8435fb5b9d87663e9d
Certificate serial:       018CD06F5CC274466B3129989A77CDDC9154
Authority key identifier: EF:AD:34:4E:B5:F7:EB:1D:EE:4B:8F:84:35:FB:5B:9D:87:66:3E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7600TrX36x3uS4-ENftbnYdmPp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/1a830a-f061-4cdc-bafb-a2fe9f015d71/1/9PgVUR7UE4cFJRhtQe5BJMQEixc.roa
Signing time:             Wed 03 Jan 2024 17:46:48 +0000
ROA not before:           Wed 03 Jan 2024 17:46:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212377
IP address blocks:        62.36.55.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/1a830a-f061-4cdc-bafb-a2fe9f015d71/1/7600TrX36x3uS4-ENftbnYdmPp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/1a830a-f061-4cdc-bafb-a2fe9f015d71/1/7600TrX36x3uS4-ENftbnYdmPp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7600TrX36x3uS4-ENftbnYdmPp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:d0:6f:5c:c2:74:46:6b:31:29:98:9a:77:cd:dc:91:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=efad344eb5f7eb1dee4b8f8435fb5b9d87663e9d
        Validity
            Not Before: Jan  3 17:46:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4f815511ed413870525186d41ee4124c4048b17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:c1:ea:33:e0:e3:0e:4d:11:0f:43:03:82:14:
                    11:b6:69:d5:41:87:94:68:c2:a1:ac:8b:31:42:0e:
                    07:9c:3f:f8:99:91:e2:96:cb:ac:b0:60:c8:ee:b0:
                    90:b5:62:a1:c6:d7:da:af:36:54:05:e6:33:56:34:
                    bb:45:3d:31:0b:73:3f:2c:a6:b1:fb:73:45:3c:7a:
                    09:e4:96:35:83:bc:e5:24:cf:84:bd:bd:4d:18:41:
                    be:ee:bb:4c:7a:ba:05:0a:a3:31:88:3a:83:ee:ee:
                    b4:07:33:d8:5f:6a:a3:27:d1:b3:65:93:55:fd:15:
                    fa:d3:7b:73:3a:9b:81:bb:3f:39:00:df:86:71:2c:
                    bd:ce:1f:f0:89:ba:24:a7:d4:a5:b8:af:38:9d:31:
                    73:26:29:50:98:81:13:bd:63:6c:18:95:e5:1e:d6:
                    ea:44:e3:c9:88:61:53:fc:3e:b1:58:31:38:9c:31:
                    e7:96:09:2b:97:ab:99:be:74:5b:30:e5:2a:9e:29:
                    87:9a:d4:7e:56:46:55:6c:b8:48:6f:31:35:37:e0:
                    ce:1a:b6:69:e4:db:b5:b1:1f:d7:2d:65:66:54:60:
                    58:18:4f:77:d0:10:80:8f:c8:75:d2:ae:07:a6:a2:
                    b5:a1:5f:8e:92:70:fc:f6:a5:18:b5:84:c0:ac:d5:
                    e1:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:F8:15:51:1E:D4:13:87:05:25:18:6D:41:EE:41:24:C4:04:8B:17
            X509v3 Authority Key Identifier:
                keyid:EF:AD:34:4E:B5:F7:EB:1D:EE:4B:8F:84:35:FB:5B:9D:87:66:3E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7600TrX36x3uS4-ENftbnYdmPp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/1a830a-f061-4cdc-bafb-a2fe9f015d71/1/9PgVUR7UE4cFJRhtQe5BJMQEixc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/1a830a-f061-4cdc-bafb-a2fe9f015d71/1/7600TrX36x3uS4-ENftbnYdmPp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.36.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:d4:19:16:13:d0:8d:fb:8d:35:ee:57:23:a0:f5:4d:6f:47:
         1b:64:fb:d6:f1:be:e1:f5:68:74:6e:c3:f9:85:9b:a8:04:4d:
         7a:fc:69:ee:22:a7:97:24:c4:c7:59:05:f7:6e:2a:df:84:15:
         55:a0:9e:39:a3:4c:54:0c:48:1e:6c:0a:17:0c:50:9b:29:e0:
         60:91:8f:94:ef:30:b5:ae:1f:cd:6d:a8:67:75:3c:03:6e:89:
         57:07:65:00:b3:00:92:59:cf:24:72:15:f6:53:b4:54:17:ee:
         32:17:ec:f3:2a:e1:f4:90:1f:ed:52:1a:78:04:5c:57:88:d9:
         ec:64:d6:92:c1:be:2f:59:0b:d5:3b:3b:6d:ed:be:17:7d:24:
         b6:fc:1a:e2:97:14:11:aa:49:7a:ac:6a:8b:ed:05:27:c3:d1:
         29:1c:01:fe:50:e6:fa:a7:2f:39:35:3e:54:bb:f4:e4:f3:3e:
         72:f2:4f:35:7d:a6:70:6c:0c:22:1a:be:16:5b:fa:8a:ec:3f:
         95:41:2a:68:f8:59:89:6b:70:cc:e3:b3:d0:60:51:ca:95:f0:
         7c:74:34:16:6d:9c:06:c4:81:f4:ae:3a:6f:16:fb:95:ac:38:
         15:57:69:d9:b3:aa:48:d6:29:c7:07:3d:97:32:94:01:1f:6f:
         4d:de:0d:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzQb1zCdEZrMSmYmnfN3JFUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmYWQzNDRlYjVmN2ViMWRlZTRiOGY4NDM1ZmI1YjlkODc2
NjNlOWQwHhcNMjQwMTAzMTc0NjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGY4MTU1MTFlZDQxMzg3MDUyNTE4NmQ0MWVlNDEyNGM0MDQ4YjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAscHqM+DjDk0RD0MDghQRtmnVQYeU
aMKhrIsxQg4HnD/4mZHilsussGDI7rCQtWKhxtfarzZUBeYzVjS7RT0xC3M/LKax
+3NFPHoJ5JY1g7zlJM+Evb1NGEG+7rtMeroFCqMxiDqD7u60BzPYX2qjJ9GzZZNV
/RX603tzOpuBuz85AN+GcSy9zh/wibokp9SluK84nTFzJilQmIETvWNsGJXlHtbq
ROPJiGFT/D6xWDE4nDHnlgkrl6uZvnRbMOUqnimHmtR+VkZVbLhIbzE1N+DOGrZp
5Nu1sR/XLWVmVGBYGE930BCAj8h10q4HpqK1oV+OknD89qUYtYTArNXh4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPT4FVEe1BOHBSUYbUHuQSTEBIsXMB8GA1UdIwQY
MBaAFO+tNE619+sd7kuPhDX7W52HZj6dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzYwMFRyWDM2eDN1UzQtRU5mdGJuWWRtUHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8xYTgzMGEtZjA2MS00Y2RjLWJhZmIt
YTJmZTlmMDE1ZDcxLzEvOVBnVlVSN1VFNGNGSlJodFFlNUJKTVFFaXhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8xYTgzMGEtZjA2MS00Y2RjLWJhZmItYTJmZTlmMDE1ZDcx
LzEvNzYwMFRyWDM2eDN1UzQtRU5mdGJuWWRtUHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPiQ3MA0G
CSqGSIb3DQEBCwUAA4IBAQCQ1BkWE9CN+4017lcjoPVNb0cbZPvW8b7h9Wh0bsP5
hZuoBE16/GnuIqeXJMTHWQX3birfhBVVoJ45o0xUDEgebAoXDFCbKeBgkY+U7zC1
rh/NbahndTwDbolXB2UAswCSWc8kchX2U7RUF+4yF+zzKuH0kB/tUhp4BFxXiNns
ZNaSwb4vWQvVOztt7b4XfSS2/BrilxQRqkl6rGqL7QUnw9EpHAH+UOb6py85NT5U
u/Tk8z5y8k81faZwbAwiGr4WW/qK7D+VQSpo+FmJa3DM47PQYFHKlfB8dDQWbZwG
xIH0rjpvFvuVrDgVV2nZs6pI1inHBz2XMpQBH29N3g13
-----END CERTIFICATE-----