Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/148c6c-ba10-43a3-8482-5a1daa94de42/1/7k2l86v_fGsAzHLQnEwtyrqNsXE.roa
File:                     7k2l86v_fGsAzHLQnEwtyrqNsXE.roa (raw, json)
Hash identifier:          oDIYhM05cdDr0oh2sXXqWmCnSmja/SXzTSWxMRJzgSs=
Subject key identifier:   EE:4D:A5:F3:AB:FF:7C:6B:00:CC:72:D0:9C:4C:2D:CA:BA:8D:B1:71
Certificate issuer:       /CN=c14d63d39707d45a8c683cb52e47171d136ce508
Certificate serial:       018CC56DE6B1531B834CC5D607E1F02343C5
Authority key identifier: C1:4D:63:D3:97:07:D4:5A:8C:68:3C:B5:2E:47:17:1D:13:6C:E5:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wU1j05cH1FqMaDy1LkcXHRNs5Qg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/148c6c-ba10-43a3-8482-5a1daa94de42/1/7k2l86v_fGsAzHLQnEwtyrqNsXE.roa
Signing time:             Mon 01 Jan 2024 14:29:23 +0000
ROA not before:           Mon 01 Jan 2024 14:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47886
IP address blocks:        62.3.19.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/148c6c-ba10-43a3-8482-5a1daa94de42/1/wU1j05cH1FqMaDy1LkcXHRNs5Qg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/148c6c-ba10-43a3-8482-5a1daa94de42/1/wU1j05cH1FqMaDy1LkcXHRNs5Qg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wU1j05cH1FqMaDy1LkcXHRNs5Qg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:03:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:e6:b1:53:1b:83:4c:c5:d6:07:e1:f0:23:43:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c14d63d39707d45a8c683cb52e47171d136ce508
        Validity
            Not Before: Jan  1 14:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee4da5f3abff7c6b00cc72d09c4c2dcaba8db171
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:7b:05:24:f0:10:00:5d:0f:9e:c8:cb:a2:50:
                    01:11:48:33:3c:e5:79:af:13:56:a6:71:9f:db:8a:
                    eb:9f:e8:c1:04:25:1d:cc:e5:99:f1:64:aa:b0:ee:
                    16:dd:9c:3d:00:37:0f:eb:e4:75:5d:e6:1a:d0:a9:
                    07:54:63:a4:ff:42:eb:4d:8e:a5:b5:90:0d:f1:77:
                    35:93:36:a5:8f:b0:d6:08:34:dd:91:aa:70:66:0e:
                    6d:d7:3f:03:9d:b6:37:18:5f:07:e2:3a:69:a9:52:
                    35:0e:a8:62:0c:f7:a1:d3:c2:17:ae:29:cc:2b:c7:
                    48:7b:1e:70:c4:9c:46:da:a0:31:63:08:ba:2d:da:
                    75:e6:0a:7b:8f:f1:22:72:c8:a8:e8:16:b5:50:0c:
                    2a:8c:a2:74:ca:51:50:5a:74:40:1d:5c:e9:0f:62:
                    d8:1d:ac:cb:62:58:bf:1c:1f:65:81:1a:c4:29:5a:
                    eb:20:57:ec:de:ba:5d:d1:03:a6:58:f2:7f:65:1a:
                    d3:e3:af:39:01:24:30:c4:45:9b:a0:91:68:22:f6:
                    40:c3:7c:39:b9:49:b4:d5:9e:ff:35:68:75:b8:a6:
                    c3:2c:34:84:8b:79:10:15:42:af:56:cd:87:17:1d:
                    33:61:23:e7:ac:7c:cc:75:2f:97:09:7e:41:0c:06:
                    7f:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:4D:A5:F3:AB:FF:7C:6B:00:CC:72:D0:9C:4C:2D:CA:BA:8D:B1:71
            X509v3 Authority Key Identifier:
                keyid:C1:4D:63:D3:97:07:D4:5A:8C:68:3C:B5:2E:47:17:1D:13:6C:E5:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wU1j05cH1FqMaDy1LkcXHRNs5Qg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/148c6c-ba10-43a3-8482-5a1daa94de42/1/7k2l86v_fGsAzHLQnEwtyrqNsXE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/148c6c-ba10-43a3-8482-5a1daa94de42/1/wU1j05cH1FqMaDy1LkcXHRNs5Qg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.3.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:1c:61:df:cc:cd:f8:45:fb:89:00:62:8a:96:3c:4f:9b:6d:
         12:3c:e9:8f:fe:47:71:81:f7:3b:ff:f2:da:28:af:3e:cc:1c:
         05:86:0b:0d:8b:35:2e:36:a5:e4:a1:97:21:5b:1b:a5:0e:5c:
         d3:f4:4a:cd:89:32:9e:dc:27:c8:c6:63:6e:ef:bc:73:98:75:
         34:9d:5e:ba:44:98:b6:11:0b:6a:9a:66:02:a0:2e:b9:c0:9b:
         57:2a:02:5e:ac:69:2d:85:80:12:28:7e:c9:22:47:ee:cc:8f:
         69:83:9b:e7:9f:6f:27:8f:0d:bb:76:76:6e:c3:f5:a4:fd:df:
         f0:a3:4a:6a:fd:16:23:ef:17:cf:28:9f:07:4f:2a:ef:62:b6:
         59:f1:92:59:6e:56:64:da:59:a0:f2:68:1b:7d:9e:c1:0f:bb:
         ab:26:a1:79:df:00:48:88:1a:70:64:00:a0:69:36:95:80:99:
         e5:92:c6:44:26:5d:2b:3f:af:27:9d:c4:d7:9f:85:62:90:24:
         95:84:8b:07:9e:c1:2a:d2:7e:fa:fb:5f:58:e6:26:05:ff:2f:
         a2:e3:49:96:b8:5a:dd:11:d7:6f:8a:cb:88:bf:45:0c:af:5d:
         d4:f6:c6:60:a9:ae:82:ca:68:ef:c9:30:e7:14:d4:34:c1:a1:
         c6:06:e7:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbeaxUxuDTMXWB+HwI0PFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxNGQ2M2QzOTcwN2Q0NWE4YzY4M2NiNTJlNDcxNzFkMTM2
Y2U1MDgwHhcNMjQwMTAxMTQyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTRkYTVmM2FiZmY3YzZiMDBjYzcyZDA5YzRjMmRjYWJhOGRiMTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqHsFJPAQAF0PnsjLolABEUgzPOV5
rxNWpnGf24rrn+jBBCUdzOWZ8WSqsO4W3Zw9ADcP6+R1XeYa0KkHVGOk/0LrTY6l
tZAN8Xc1kzalj7DWCDTdkapwZg5t1z8DnbY3GF8H4jppqVI1DqhiDPeh08IXrinM
K8dIex5wxJxG2qAxYwi6Ldp15gp7j/Eicsio6Ba1UAwqjKJ0ylFQWnRAHVzpD2LY
HazLYli/HB9lgRrEKVrrIFfs3rpd0QOmWPJ/ZRrT4685ASQwxEWboJFoIvZAw3w5
uUm01Z7/NWh1uKbDLDSEi3kQFUKvVs2HFx0zYSPnrHzMdS+XCX5BDAZ/GwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO5NpfOr/3xrAMxy0JxMLcq6jbFxMB8GA1UdIwQY
MBaAFMFNY9OXB9RajGg8tS5HFx0TbOUIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1UxajA1Y0gxRnFNYUR5MUxrY1hIUk5zNVFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8xNDhjNmMtYmExMC00M2EzLTg0ODIt
NWExZGFhOTRkZTQyLzEvN2sybDg2dl9mR3NBekhMUW5Fd3R5cnFOc1hFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8xNDhjNmMtYmExMC00M2EzLTg0ODItNWExZGFhOTRkZTQy
LzEvd1UxajA1Y0gxRnFNYUR5MUxrY1hIUk5zNVFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPgMTMA0G
CSqGSIb3DQEBCwUAA4IBAQAmHGHfzM34RfuJAGKKljxPm20SPOmP/kdxgfc7//La
KK8+zBwFhgsNizUuNqXkoZchWxulDlzT9ErNiTKe3CfIxmNu77xzmHU0nV66RJi2
EQtqmmYCoC65wJtXKgJerGkthYASKH7JIkfuzI9pg5vnn28njw27dnZuw/Wk/d/w
o0pq/RYj7xfPKJ8HTyrvYrZZ8ZJZblZk2lmg8mgbfZ7BD7urJqF53wBIiBpwZACg
aTaVgJnlksZEJl0rP68nncTXn4VikCSVhIsHnsEq0n76+19Y5iYF/y+i40mWuFrd
EddvisuIv0UMr13U9sZgqa6CymjvyTDnFNQ0waHGBucs
-----END CERTIFICATE-----