Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c0ec5b-fce5-49fa-80b5-5561c5a62d4c/1/rOCrrjaWzqaeh5UoZU0eiYBArxM.roa
File:                     rOCrrjaWzqaeh5UoZU0eiYBArxM.roa (raw, json)
Hash identifier:          2vAuU1yxBlR9ZU9D1ADHnb95gjt0C7DSErNWYGjxYCU=
Subject key identifier:   AC:E0:AB:AE:36:96:CE:A6:9E:87:95:28:65:4D:1E:89:80:40:AF:13
Certificate issuer:       /CN=619b9872dcc492fc9707f9ec7c16112f45b8535f
Certificate serial:       018CC802A62A0544983884764B3B4F9EE74E
Authority key identifier: 61:9B:98:72:DC:C4:92:FC:97:07:F9:EC:7C:16:11:2F:45:B8:53:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YZuYctzEkvyXB_nsfBYRL0W4U18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/c0ec5b-fce5-49fa-80b5-5561c5a62d4c/1/rOCrrjaWzqaeh5UoZU0eiYBArxM.roa
Signing time:             Tue 02 Jan 2024 02:31:05 +0000
ROA not before:           Tue 02 Jan 2024 02:31:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     45010
IP address blocks:        62.220.224.0/22 maxlen: 22
                          93.90.48.0/20 maxlen: 20
                          2a01:b5a0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/c0ec5b-fce5-49fa-80b5-5561c5a62d4c/1/YZuYctzEkvyXB_nsfBYRL0W4U18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/c0ec5b-fce5-49fa-80b5-5561c5a62d4c/1/YZuYctzEkvyXB_nsfBYRL0W4U18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YZuYctzEkvyXB_nsfBYRL0W4U18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:a6:2a:05:44:98:38:84:76:4b:3b:4f:9e:e7:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=619b9872dcc492fc9707f9ec7c16112f45b8535f
        Validity
            Not Before: Jan  2 02:31:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ace0abae3696cea69e879528654d1e898040af13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:86:53:16:fa:41:67:f3:4d:4a:60:fb:e9:7c:
                    cf:08:b2:2b:6c:6a:08:22:4b:3a:24:97:80:ab:b7:
                    b7:6d:b9:cc:35:60:a4:3a:5a:cd:f9:02:da:ec:3d:
                    6d:59:43:a7:f6:cc:d4:b0:d6:fc:5b:3d:d9:33:46:
                    ea:9d:7b:45:94:e9:06:1e:c3:17:71:f7:3d:7b:cb:
                    40:57:de:b7:39:f0:59:92:4f:44:8b:13:d7:15:60:
                    82:43:06:b6:7a:ac:e0:62:e6:3a:02:86:58:4a:15:
                    2e:f0:d1:d6:1f:fe:d3:57:5f:ac:2f:94:ad:fc:dc:
                    8a:aa:fa:3c:fa:f0:45:84:d6:97:dd:6c:af:85:69:
                    2b:cb:ae:1a:6b:07:cf:42:8b:e3:cc:51:8e:23:40:
                    73:77:ff:9a:ee:55:67:8a:a6:6a:b2:8a:27:19:c6:
                    ba:8c:9a:ff:54:a8:c2:6d:dc:b5:7d:34:4f:cc:eb:
                    88:2d:7a:3c:ed:c3:f3:59:47:cd:69:ff:26:b6:0d:
                    82:8d:ca:0b:f6:07:01:68:08:5e:90:bf:0f:72:ca:
                    c6:1e:35:e8:2c:8b:0a:0a:2a:be:62:ff:c8:ab:c5:
                    9d:fd:a6:09:59:7e:a6:09:91:6a:22:a4:20:89:5a:
                    cc:bc:9f:f8:e9:4a:e0:ef:d2:5f:37:6c:a0:40:1b:
                    a6:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:E0:AB:AE:36:96:CE:A6:9E:87:95:28:65:4D:1E:89:80:40:AF:13
            X509v3 Authority Key Identifier:
                keyid:61:9B:98:72:DC:C4:92:FC:97:07:F9:EC:7C:16:11:2F:45:B8:53:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YZuYctzEkvyXB_nsfBYRL0W4U18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c0ec5b-fce5-49fa-80b5-5561c5a62d4c/1/rOCrrjaWzqaeh5UoZU0eiYBArxM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c0ec5b-fce5-49fa-80b5-5561c5a62d4c/1/YZuYctzEkvyXB_nsfBYRL0W4U18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.220.224.0/22
                  93.90.48.0/20
                IPv6:
                  2a01:b5a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         aa:49:3f:f2:d7:d9:b2:df:b1:1d:da:67:2e:9c:b5:db:23:77:
         f6:f4:b6:6c:02:84:d5:3d:9d:fe:7f:a0:1d:a4:80:d4:61:11:
         4e:e9:6f:65:ae:90:85:c5:ed:fc:c3:79:20:97:e1:64:0d:d9:
         1c:36:6c:16:f9:d1:ca:a3:c1:f7:5c:d3:d0:20:8c:3e:23:14:
         26:5a:d6:8f:00:19:d2:cb:bb:46:61:47:90:81:0f:3d:12:20:
         58:8f:50:1d:74:d5:30:3d:6d:17:62:47:35:61:9a:c3:b8:bb:
         17:1c:98:d1:67:10:d4:c8:d1:68:1d:f6:29:c9:cd:b9:6d:0b:
         c7:6c:49:90:3e:80:b8:f7:f8:17:77:31:8a:1a:ca:bb:41:6e:
         23:f7:84:84:6a:f9:b3:ec:7e:0c:a1:5e:40:43:0b:c6:09:d8:
         9c:69:4c:c0:bc:00:0e:fd:09:b3:6b:13:0a:3d:e4:fb:e6:43:
         dc:98:32:38:30:6d:ed:71:9e:66:37:ee:c3:85:39:ae:b4:d5:
         a7:3a:bf:54:17:69:b3:77:c1:72:b8:e3:8b:af:7a:86:c9:94:
         57:5f:94:fd:fe:cc:3b:b1:c9:1f:bc:2c:6e:17:4b:62:8d:cd:
         1b:91:e3:5b:da:21:e9:4b:91:ca:bb:3b:c8:9a:63:9b:27:98:
         99:1e:78:f0
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzIAqYqBUSYOIR2SztPnudOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxOWI5ODcyZGNjNDkyZmM5NzA3ZjllYzdjMTYxMTJmNDVi
ODUzNWYwHhcNMjQwMTAyMDIzMTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2UwYWJhZTM2OTZjZWE2OWU4Nzk1Mjg2NTRkMWU4OTgwNDBhZjEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgYZTFvpBZ/NNSmD76XzPCLIrbGoI
Iks6JJeAq7e3bbnMNWCkOlrN+QLa7D1tWUOn9szUsNb8Wz3ZM0bqnXtFlOkGHsMX
cfc9e8tAV963OfBZkk9EixPXFWCCQwa2eqzgYuY6AoZYShUu8NHWH/7TV1+sL5St
/NyKqvo8+vBFhNaX3WyvhWkry64aawfPQovjzFGOI0Bzd/+a7lVniqZqsoonGca6
jJr/VKjCbdy1fTRPzOuILXo87cPzWUfNaf8mtg2CjcoL9gcBaAhekL8PcsrGHjXo
LIsKCiq+Yv/Iq8Wd/aYJWX6mCZFqIqQgiVrMvJ/46Urg79JfN2ygQBumsQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFKzgq642ls6mnoeVKGVNHomAQK8TMB8GA1UdIwQY
MBaAFGGbmHLcxJL8lwf57HwWES9FuFNfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVp1WWN0ekVrdnlYQl9uc2ZCWVJMMFc0VTE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jMGVjNWItZmNlNS00OWZhLTgwYjUt
NTU2MWM1YTYyZDRjLzEvck9DcnJqYVd6cWFlaDVVb1pVMGVpWUJBcnhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jMGVjNWItZmNlNS00OWZhLTgwYjUtNTU2MWM1YTYyZDRj
LzEvWVp1WWN0ekVrdnlYQl9uc2ZCWVJMMFc0VTE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCPtzgAwQE
XVowMA0EAgACMAcDBQAqAbWgMA0GCSqGSIb3DQEBCwUAA4IBAQCqST/y19my37Ed
2mcunLXbI3f29LZsAoTVPZ3+f6AdpIDUYRFO6W9lrpCFxe38w3kgl+FkDdkcNmwW
+dHKo8H3XNPQIIw+IxQmWtaPABnSy7tGYUeQgQ89EiBYj1AddNUwPW0XYkc1YZrD
uLsXHJjRZxDUyNFoHfYpyc25bQvHbEmQPoC49/gXdzGKGsq7QW4j94SEavmz7H4M
oV5AQwvGCdicaUzAvAAO/QmzaxMKPeT75kPcmDI4MG3tcZ5mN+7DhTmutNWnOr9U
F2mzd8FyuOOLr3qGyZRXX5T9/sw7sckfvCxuF0tijc0bkeNb2iHpS5HKuzvImmOb
J5iZHnjw
-----END CERTIFICATE-----