Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/4ef680-7c55-4a5b-8568-336ac9456464/1/Upd12Ekzfa6jkbOcwDhBhOfBk50.roa
File:                     Upd12Ekzfa6jkbOcwDhBhOfBk50.roa (raw, json)
Hash identifier:          kw2Ztg2T92gqKCIQM4QATf2tn/K4WVpZk17I5y+TDxY=
Subject key identifier:   52:97:75:D8:49:33:7D:AE:A3:91:B3:9C:C0:38:41:84:E7:C1:93:9D
Certificate issuer:       /CN=3a4945e46764029d2581d820c3373fa445855539
Certificate serial:       018CC72591C5CBBAD15FBD7D67B87A8090F7
Authority key identifier: 3A:49:45:E4:67:64:02:9D:25:81:D8:20:C3:37:3F:A4:45:85:55:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OklF5GdkAp0lgdggwzc_pEWFVTk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/4ef680-7c55-4a5b-8568-336ac9456464/1/Upd12Ekzfa6jkbOcwDhBhOfBk50.roa
Signing time:             Mon 01 Jan 2024 22:29:37 +0000
ROA not before:           Mon 01 Jan 2024 22:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3254
IP address blocks:        62.244.0.0/18 maxlen: 18
                          62.244.48.0/22 maxlen: 22
                          193.193.192.0/19 maxlen: 19
                          193.193.212.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/4ef680-7c55-4a5b-8568-336ac9456464/1/OklF5GdkAp0lgdggwzc_pEWFVTk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/4ef680-7c55-4a5b-8568-336ac9456464/1/OklF5GdkAp0lgdggwzc_pEWFVTk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OklF5GdkAp0lgdggwzc_pEWFVTk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 10:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:91:c5:cb:ba:d1:5f:bd:7d:67:b8:7a:80:90:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a4945e46764029d2581d820c3373fa445855539
        Validity
            Not Before: Jan  1 22:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=529775d849337daea391b39cc0384184e7c1939d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:d2:0b:33:36:09:cf:6b:6f:11:44:0d:d0:54:
                    b6:19:a0:0d:26:69:1a:b1:a7:6f:d3:f2:a4:21:9a:
                    ae:e4:e8:c2:3f:ce:71:d9:de:fb:aa:85:a1:ce:ef:
                    bf:f9:c2:b5:70:b2:1b:5f:0d:5d:41:bd:b0:da:a9:
                    bb:a0:cd:b7:19:4e:5d:b6:28:47:b6:4b:41:02:5b:
                    c4:52:6f:a9:7e:e2:12:f3:e4:ca:d8:50:d9:9a:5d:
                    2f:2c:07:ba:41:17:02:05:cf:3f:35:5b:5c:1e:c2:
                    40:16:9d:5c:3a:7d:de:11:ee:11:a5:26:24:ed:e5:
                    5e:29:d2:c6:8a:2a:14:f4:d5:15:7e:2c:4e:7a:76:
                    29:69:ef:f1:a5:7e:dc:0f:b1:17:ef:2f:77:3f:4e:
                    7e:de:08:5e:3f:1f:6c:f3:e3:b9:e2:c6:dd:ae:00:
                    05:dc:e4:30:d4:56:2c:1d:50:61:f8:96:ab:93:e2:
                    fc:5e:a4:2b:e4:76:79:b6:52:f0:b3:31:4f:95:79:
                    3a:08:18:40:a0:db:3f:3d:a3:9c:c8:d7:e6:c8:9a:
                    27:ea:bd:e9:c1:ce:46:fd:8c:91:3f:b0:c8:ed:48:
                    f0:6a:f0:09:cd:ea:0e:fd:0a:d7:db:f1:db:19:d3:
                    ce:05:06:a6:cc:df:a6:3d:03:00:b3:70:f2:88:54:
                    27:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:97:75:D8:49:33:7D:AE:A3:91:B3:9C:C0:38:41:84:E7:C1:93:9D
            X509v3 Authority Key Identifier:
                keyid:3A:49:45:E4:67:64:02:9D:25:81:D8:20:C3:37:3F:A4:45:85:55:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OklF5GdkAp0lgdggwzc_pEWFVTk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/4ef680-7c55-4a5b-8568-336ac9456464/1/Upd12Ekzfa6jkbOcwDhBhOfBk50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/4ef680-7c55-4a5b-8568-336ac9456464/1/OklF5GdkAp0lgdggwzc_pEWFVTk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.244.0.0/18
                  193.193.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         1b:6e:5b:85:51:f9:42:4b:4f:26:c2:54:f9:4b:60:4f:44:a6:
         cd:37:04:f8:ae:ee:d2:82:5d:93:e0:66:30:f0:17:82:4e:28:
         87:71:b2:4e:12:b8:af:50:fd:5b:5f:65:14:5a:7e:57:4a:9f:
         e2:7f:fb:fe:ad:04:5e:90:f9:b5:2a:8b:15:fb:43:ee:93:55:
         0a:f3:a3:7b:c0:af:95:6f:40:bb:e3:e5:f5:bf:34:82:6c:23:
         60:1e:91:2e:43:bc:d2:3d:71:4e:b8:ca:bd:9e:87:c4:b7:22:
         33:5f:f2:1a:b0:a8:c4:1f:38:51:2c:70:b0:4d:e6:8c:63:eb:
         08:a3:9d:c9:78:71:c7:c6:d5:79:2e:bd:91:2d:e2:b3:a0:00:
         bc:36:77:76:d9:da:2c:9b:92:6e:04:15:33:04:51:b4:fc:8c:
         1f:58:ff:84:c8:3a:cb:40:6b:5f:40:3a:44:37:e3:b2:cf:69:
         8d:a4:32:b1:34:d1:4e:0e:28:31:ae:b5:f5:1d:61:5e:28:95:
         12:db:81:48:f2:78:90:ba:19:c6:17:12:4a:0e:ed:61:80:63:
         a6:76:3c:59:86:97:fd:24:b6:de:eb:19:55:91:3c:74:63:2b:
         96:21:27:28:2a:18:4b:1d:dc:2f:42:1b:a6:12:31:b3:2e:99:
         17:32:ba:2c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHJZHFy7rRX719Z7h6gJD3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhNDk0NWU0Njc2NDAyOWQyNTgxZDgyMGMzMzczZmE0NDU4
NTU1MzkwHhcNMjQwMTAxMjIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Mjk3NzVkODQ5MzM3ZGFlYTM5MWIzOWNjMDM4NDE4NGU3YzE5MzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgdILMzYJz2tvEUQN0FS2GaANJmka
sadv0/KkIZqu5OjCP85x2d77qoWhzu+/+cK1cLIbXw1dQb2w2qm7oM23GU5dtihH
tktBAlvEUm+pfuIS8+TK2FDZml0vLAe6QRcCBc8/NVtcHsJAFp1cOn3eEe4RpSYk
7eVeKdLGiioU9NUVfixOenYpae/xpX7cD7EX7y93P05+3ghePx9s8+O54sbdrgAF
3OQw1FYsHVBh+Jark+L8XqQr5HZ5tlLwszFPlXk6CBhAoNs/PaOcyNfmyJon6r3p
wc5G/YyRP7DI7UjwavAJzeoO/QrX2/HbGdPOBQamzN+mPQMAs3DyiFQnZQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFKXddhJM32uo5GznMA4QYTnwZOdMB8GA1UdIwQY
MBaAFDpJReRnZAKdJYHYIMM3P6RFhVU5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2tsRjVHZGtBcDBsZ2RnZ3d6Y19wRVdGVlRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS80ZWY2ODAtN2M1NS00YTViLTg1Njgt
MzM2YWM5NDU2NDY0LzEvVXBkMTJFa3pmYTZqa2JPY3dEaEJoT2ZCazUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS80ZWY2ODAtN2M1NS00YTViLTg1NjgtMzM2YWM5NDU2NDY0
LzEvT2tsRjVHZGtBcDBsZ2RnZ3d6Y19wRVdGVlRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQGPvQAAwQF
wcHAMA0GCSqGSIb3DQEBCwUAA4IBAQAbbluFUflCS08mwlT5S2BPRKbNNwT4ru7S
gl2T4GYw8BeCTiiHcbJOErivUP1bX2UUWn5XSp/if/v+rQRekPm1KosV+0Puk1UK
86N7wK+Vb0C74+X1vzSCbCNgHpEuQ7zSPXFOuMq9nofEtyIzX/IasKjEHzhRLHCw
TeaMY+sIo53JeHHHxtV5Lr2RLeKzoAC8Nnd22dosm5JuBBUzBFG0/IwfWP+EyDrL
QGtfQDpEN+Oyz2mNpDKxNNFODigxrrX1HWFeKJUS24FI8niQuhnGFxJKDu1hgGOm
djxZhpf9JLbe6xlVkTx0YyuWIScoKhhLHdwvQhumEjGzLpkXMros
-----END CERTIFICATE-----