Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/b2e1ef-75b4-4fe9-871b-3bc3df7a298a/1/OEbGjeOs2HtCa9NSMDgN8wq0UIw.roa
File:                     OEbGjeOs2HtCa9NSMDgN8wq0UIw.roa (raw, json)
Hash identifier:          GbxcUo0xE2YhZN46cyfMgtG7LhHnh1Am7HsaUOUrumg=
Subject key identifier:   38:46:C6:8D:E3:AC:D8:7B:42:6B:D3:52:30:38:0D:F3:0A:B4:50:8C
Certificate issuer:       /CN=65aa451b783fc91a04b82f82f156f0b489715dc9
Certificate serial:       018CC86F8E9E3AC79A20A4A596F562467DBB
Authority key identifier: 65:AA:45:1B:78:3F:C9:1A:04:B8:2F:82:F1:56:F0:B4:89:71:5D:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZapFG3g_yRoEuC-C8VbwtIlxXck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/b2e1ef-75b4-4fe9-871b-3bc3df7a298a/1/OEbGjeOs2HtCa9NSMDgN8wq0UIw.roa
Signing time:             Tue 02 Jan 2024 04:30:03 +0000
ROA not before:           Tue 02 Jan 2024 04:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60631
IP address blocks:        62.3.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/b2e1ef-75b4-4fe9-871b-3bc3df7a298a/1/ZapFG3g_yRoEuC-C8VbwtIlxXck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/b2e1ef-75b4-4fe9-871b-3bc3df7a298a/1/ZapFG3g_yRoEuC-C8VbwtIlxXck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZapFG3g_yRoEuC-C8VbwtIlxXck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 07:02:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:8e:9e:3a:c7:9a:20:a4:a5:96:f5:62:46:7d:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65aa451b783fc91a04b82f82f156f0b489715dc9
        Validity
            Not Before: Jan  2 04:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3846c68de3acd87b426bd35230380df30ab4508c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:65:b8:e0:33:9d:65:88:88:54:99:18:75:b8:
                    ea:47:52:7f:16:61:ac:a3:fe:96:90:dd:03:8d:91:
                    3c:40:2e:fc:da:8d:4c:9b:f1:82:f0:22:c0:75:2e:
                    cd:90:d4:03:92:be:b5:3a:66:71:fa:28:3a:e3:82:
                    ac:48:37:62:9d:32:71:cd:69:2d:34:68:09:85:07:
                    dd:0b:c9:ef:b0:41:84:92:9b:84:d6:cf:10:f6:f2:
                    10:3b:7a:0d:42:8a:cd:e6:86:05:11:44:f1:69:2c:
                    27:6d:ec:72:bb:c1:62:d0:df:98:15:a7:b7:8d:ca:
                    b6:4a:ab:88:a1:86:6d:f5:f2:51:68:18:ec:00:d0:
                    13:17:e3:96:b9:0b:e3:13:7f:e7:c5:80:4d:56:29:
                    81:45:77:25:76:b9:e9:34:d3:ed:d3:51:87:74:c6:
                    91:2f:13:2d:60:3a:ca:ce:c3:5b:fc:b4:11:02:97:
                    ed:3b:ce:a8:b8:53:e9:70:cb:0b:c7:db:09:bd:90:
                    8c:4e:36:ae:91:dd:6d:82:1b:84:8c:4d:a9:1c:5a:
                    c1:47:f3:a7:af:16:a1:43:e5:bc:db:a8:78:0b:41:
                    a9:50:b9:07:0f:16:02:5e:5f:ca:d9:8b:b3:3e:a5:
                    ce:76:75:32:83:84:2b:f8:10:21:4e:54:b7:80:87:
                    d6:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:46:C6:8D:E3:AC:D8:7B:42:6B:D3:52:30:38:0D:F3:0A:B4:50:8C
            X509v3 Authority Key Identifier:
                keyid:65:AA:45:1B:78:3F:C9:1A:04:B8:2F:82:F1:56:F0:B4:89:71:5D:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZapFG3g_yRoEuC-C8VbwtIlxXck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/b2e1ef-75b4-4fe9-871b-3bc3df7a298a/1/OEbGjeOs2HtCa9NSMDgN8wq0UIw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/b2e1ef-75b4-4fe9-871b-3bc3df7a298a/1/ZapFG3g_yRoEuC-C8VbwtIlxXck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.3.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:7c:32:6c:84:8d:1f:7a:be:bb:e6:aa:8a:be:14:d3:24:aa:
         a6:d4:3e:6d:97:ec:a1:a6:cc:e6:c2:f7:16:f3:4e:3a:b9:62:
         c9:59:7d:07:56:6f:cf:ab:f5:d4:6a:c0:86:73:20:6c:5c:f1:
         02:00:9a:14:30:69:41:a5:7a:86:2d:23:97:68:2c:21:98:d6:
         77:a8:e5:38:7d:75:64:e6:f7:29:ee:05:92:71:44:89:21:e4:
         35:a7:c1:a7:80:75:7f:91:a0:51:d1:59:a1:0e:cc:63:ca:a9:
         bd:dc:8d:1d:fb:52:9e:66:1c:4c:d1:5c:76:e5:70:a4:4c:ee:
         33:3a:fa:1d:4e:7d:9a:1e:77:f5:a8:86:43:73:aa:c8:24:56:
         68:c6:63:44:79:de:87:4f:3d:a4:63:12:40:71:70:a7:d4:b5:
         b5:8b:8e:1b:9c:91:96:e5:eb:31:07:47:32:28:44:00:81:31:
         a2:5e:4e:57:f2:38:7f:14:07:00:78:45:0d:e1:b5:f2:a0:18:
         b4:73:00:66:13:72:35:44:68:4e:ba:e9:03:60:10:99:4a:eb:
         48:b6:4a:ca:07:e0:5b:28:e8:67:dc:5e:66:37:8e:ba:25:3e:
         f2:c0:8a:9f:29:90:b5:9c:d6:15:90:51:51:3c:f4:7e:97:6b:
         1d:25:3e:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb46eOseaIKSllvViRn27MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YWE0NTFiNzgzZmM5MWEwNGI4MmY4MmYxNTZmMGI0ODk3
MTVkYzkwHhcNMjQwMTAyMDQzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODQ2YzY4ZGUzYWNkODdiNDI2YmQzNTIzMDM4MGRmMzBhYjQ1MDhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgGW44DOdZYiIVJkYdbjqR1J/FmGs
o/6WkN0DjZE8QC782o1Mm/GC8CLAdS7NkNQDkr61OmZx+ig644KsSDdinTJxzWkt
NGgJhQfdC8nvsEGEkpuE1s8Q9vIQO3oNQorN5oYFEUTxaSwnbexyu8Fi0N+YFae3
jcq2SquIoYZt9fJRaBjsANATF+OWuQvjE3/nxYBNVimBRXcldrnpNNPt01GHdMaR
LxMtYDrKzsNb/LQRApftO86ouFPpcMsLx9sJvZCMTjaukd1tghuEjE2pHFrBR/On
rxahQ+W826h4C0GpULkHDxYCXl/K2YuzPqXOdnUyg4Qr+BAhTlS3gIfWEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDhGxo3jrNh7QmvTUjA4DfMKtFCMMB8GA1UdIwQY
MBaAFGWqRRt4P8kaBLgvgvFW8LSJcV3JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmFwRkczZ195Um9FdUMtQzhWYnd0SWx4WGNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi9iMmUxZWYtNzViNC00ZmU5LTg3MWIt
M2JjM2RmN2EyOThhLzEvT0ViR2plT3MySHRDYTlOU01EZ044d3EwVUl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi9iMmUxZWYtNzViNC00ZmU5LTg3MWItM2JjM2RmN2EyOThh
LzEvWmFwRkczZ195Um9FdUMtQzhWYnd0SWx4WGNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPgMpMA0G
CSqGSIb3DQEBCwUAA4IBAQB6fDJshI0fer675qqKvhTTJKqm1D5tl+yhpszmwvcW
8046uWLJWX0HVm/Pq/XUasCGcyBsXPECAJoUMGlBpXqGLSOXaCwhmNZ3qOU4fXVk
5vcp7gWScUSJIeQ1p8GngHV/kaBR0VmhDsxjyqm93I0d+1KeZhxM0Vx25XCkTO4z
OvodTn2aHnf1qIZDc6rIJFZoxmNEed6HTz2kYxJAcXCn1LW1i44bnJGW5esxB0cy
KEQAgTGiXk5X8jh/FAcAeEUN4bXyoBi0cwBmE3I1RGhOuukDYBCZSutItkrKB+Bb
KOhn3F5mN466JT7ywIqfKZC1nNYVkFFRPPR+l2sdJT4I
-----END CERTIFICATE-----