Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/VcqxJB7Hfwu15mYzwts2Bkn0PBY.roa
File:                     VcqxJB7Hfwu15mYzwts2Bkn0PBY.roa (raw, json)
Hash identifier:          1+ibcyFH+UcaU2T0H/v4CeCA0Qcg85d5C6bq6Pw3WPY=
Subject key identifier:   55:CA:B1:24:1E:C7:7F:0B:B5:E6:66:33:C2:DB:36:06:49:F4:3C:16
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       01926E02D52DE91358F595BF60DE1EC7814B
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/VcqxJB7Hfwu15mYzwts2Bkn0PBY.roa
Signing time:             Tue 08 Oct 2024 21:22:12 +0000
ROA not before:           Tue 08 Oct 2024 21:22:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6453
IP address blocks:        85.208.112.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 04:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:6e:02:d5:2d:e9:13:58:f5:95:bf:60:de:1e:c7:81:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Oct  8 21:22:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55cab1241ec77f0bb5e66633c2db360649f43c16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:5b:a8:5f:b8:d9:78:4e:d5:ec:7d:26:a6:65:
                    27:d5:fa:19:24:26:17:cf:7d:a1:89:2c:cd:69:08:
                    86:16:13:24:be:00:f3:ad:1d:bc:fa:3a:5b:f1:e9:
                    31:da:55:07:b0:fc:4e:d5:f6:cf:a0:d3:52:07:cb:
                    47:2b:18:d6:e8:db:5e:10:5f:7b:68:6f:b1:f9:fc:
                    f5:ed:53:4e:7b:33:da:0e:1b:46:7f:d4:3b:d5:d2:
                    4f:4f:8b:5f:a3:66:6a:54:85:fa:8f:49:98:41:86:
                    0e:95:88:5d:24:5b:d1:3d:67:72:ca:41:6e:60:99:
                    39:53:c6:97:0d:8c:c1:53:0a:52:c1:1d:52:55:72:
                    dc:9e:97:6b:b1:93:ac:4a:3c:0c:ce:08:4c:12:c5:
                    5f:81:83:ff:c5:0a:62:ee:bc:c8:a0:47:86:60:be:
                    4b:cb:b7:31:d7:a5:7b:bf:1c:9e:6f:34:48:86:e5:
                    87:85:24:04:c1:4a:af:99:1a:00:1c:d8:05:a0:5e:
                    d1:f6:72:6f:d4:9c:b7:86:f0:87:d4:73:be:14:dd:
                    67:33:4a:4a:2d:af:0c:bc:ee:52:5e:2b:bc:20:de:
                    07:81:58:2d:a3:94:aa:19:76:37:fd:6a:fc:b8:47:
                    4e:00:d6:ec:3d:47:b3:83:21:89:29:7f:83:6e:db:
                    1a:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:CA:B1:24:1E:C7:7F:0B:B5:E6:66:33:C2:DB:36:06:49:F4:3C:16
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/VcqxJB7Hfwu15mYzwts2Bkn0PBY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:58:e8:ad:77:61:20:82:0d:ad:0c:b5:41:5d:a6:9d:41:ee:
         58:8f:9c:ec:a4:97:ef:59:5c:20:1b:74:de:49:39:6b:2d:0c:
         6f:0f:f7:dd:d7:b7:1e:78:fa:1f:a2:37:51:37:d9:10:dc:0c:
         9b:d7:91:54:33:a9:a1:f5:25:b8:43:52:62:c0:60:83:a7:97:
         48:bd:2a:94:ad:08:da:45:8e:7f:cc:43:2b:3b:03:1b:95:0e:
         12:4e:e4:0a:26:52:1c:24:55:07:c6:b2:17:f9:a6:1f:af:50:
         55:34:8f:d5:aa:96:86:b2:46:2f:c3:d5:a0:6b:ee:b6:f7:14:
         4c:02:41:ef:bc:e7:fe:8a:a2:cf:68:fd:5a:55:3c:cf:c4:95:
         90:23:42:1c:d2:35:0a:99:31:6d:2d:32:1e:c7:56:ca:12:49:
         e1:9f:e0:02:3e:0a:5e:99:b5:00:8f:5a:e8:03:43:bf:5d:7b:
         c5:74:a7:0e:d4:02:ff:f3:bb:3a:9a:33:91:37:fb:99:13:fb:
         43:cd:30:a7:5f:d1:58:dc:25:6e:08:77:de:90:ae:89:5f:7a:
         05:3d:5c:8b:6d:be:e9:05:5d:f5:3c:dc:4c:8b:21:21:bd:c4:
         d3:6a:13:6f:be:53:0d:48:15:62:73:25:35:c4:13:8d:64:cf:
         ca:95:41:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJuAtUt6RNY9ZW/YN4ex4FLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjQxMDA4MjEyMjEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWNhYjEyNDFlYzc3ZjBiYjVlNjY2MzNjMmRiMzYwNjQ5ZjQzYzE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtluoX7jZeE7V7H0mpmUn1foZJCYX
z32hiSzNaQiGFhMkvgDzrR28+jpb8ekx2lUHsPxO1fbPoNNSB8tHKxjW6NteEF97
aG+x+fz17VNOezPaDhtGf9Q71dJPT4tfo2ZqVIX6j0mYQYYOlYhdJFvRPWdyykFu
YJk5U8aXDYzBUwpSwR1SVXLcnpdrsZOsSjwMzghMEsVfgYP/xQpi7rzIoEeGYL5L
y7cx16V7vxyebzRIhuWHhSQEwUqvmRoAHNgFoF7R9nJv1Jy3hvCH1HO+FN1nM0pK
La8MvO5SXiu8IN4HgVgto5SqGXY3/Wr8uEdOANbsPUezgyGJKX+DbtsaqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFXKsSQex38LteZmM8LbNgZJ9DwWMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvVmNxeEpCN0hmd3UxNW1Zend0czJCa24wUEJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdBwMA0G
CSqGSIb3DQEBCwUAA4IBAQCRWOitd2Eggg2tDLVBXaadQe5Yj5zspJfvWVwgG3Te
STlrLQxvD/fd17ceePofojdRN9kQ3Ayb15FUM6mh9SW4Q1JiwGCDp5dIvSqUrQja
RY5/zEMrOwMblQ4STuQKJlIcJFUHxrIX+aYfr1BVNI/VqpaGskYvw9Wga+629xRM
AkHvvOf+iqLPaP1aVTzPxJWQI0Ic0jUKmTFtLTIex1bKEknhn+ACPgpembUAj1ro
A0O/XXvFdKcO1AL/87s6mjORN/uZE/tDzTCnX9FY3CVuCHfekK6JX3oFPVyLbb7p
BV31PNxMiyEhvcTTahNvvlMNSBVicyU1xBONZM/KlUF/
-----END CERTIFICATE-----