Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/5c5ad0-d2da-40db-95d1-e7be5e30ad2d/1/Y924OVgloYlMoRdOWJ-EwA1bblQ.roa
File:                     Y924OVgloYlMoRdOWJ-EwA1bblQ.roa (raw, json)
Hash identifier:          bUDa5iut7/Z0Xqm0fs3CLvy6ChJwyNoaz3TbedH3qpk=
Subject key identifier:   63:DD:B8:39:58:25:A1:89:4C:A1:17:4E:58:9F:84:C0:0D:5B:6E:54
Certificate issuer:       /CN=3692fedf59c60d3254e37a9c8ecde11c9ba1282a
Certificate serial:       018CC4253E2F69B8C597E30EF85A2CD88B01
Authority key identifier: 36:92:FE:DF:59:C6:0D:32:54:E3:7A:9C:8E:CD:E1:1C:9B:A1:28:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NpL-31nGDTJU43qcjs3hHJuhKCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/5c5ad0-d2da-40db-95d1-e7be5e30ad2d/1/Y924OVgloYlMoRdOWJ-EwA1bblQ.roa
Signing time:             Mon 01 Jan 2024 08:30:24 +0000
ROA not before:           Mon 01 Jan 2024 08:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48492
IP address blocks:        62.201.239.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/5c5ad0-d2da-40db-95d1-e7be5e30ad2d/1/NpL-31nGDTJU43qcjs3hHJuhKCo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/5c5ad0-d2da-40db-95d1-e7be5e30ad2d/1/NpL-31nGDTJU43qcjs3hHJuhKCo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NpL-31nGDTJU43qcjs3hHJuhKCo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:3e:2f:69:b8:c5:97:e3:0e:f8:5a:2c:d8:8b:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3692fedf59c60d3254e37a9c8ecde11c9ba1282a
        Validity
            Not Before: Jan  1 08:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63ddb8395825a1894ca1174e589f84c00d5b6e54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:09:48:d7:76:ca:36:d6:1f:48:b0:05:8b:58:
                    76:93:4d:2a:cc:8d:04:78:c8:78:77:04:eb:c3:b2:
                    2d:89:73:00:50:b3:f3:72:f7:d8:18:ee:dc:70:59:
                    ab:da:f2:29:1a:b6:18:23:a4:76:7b:6b:f3:0a:02:
                    e6:6d:f9:3c:8f:3c:5b:7c:e0:29:80:0e:d5:bc:b9:
                    f4:7e:9f:07:7a:9f:c5:12:bb:cd:9c:ef:f4:e1:57:
                    6b:db:2e:bb:a2:bc:b1:2f:83:fa:cd:3f:33:91:19:
                    9c:15:ff:87:53:7b:6f:86:bf:0e:c4:27:b8:aa:42:
                    24:a3:ef:9c:1e:f5:93:97:90:84:34:62:b4:54:2f:
                    99:a5:14:9b:ee:a6:ec:c0:bf:d0:58:d9:fe:20:ef:
                    54:d4:9f:d3:80:c3:1f:e3:8e:29:1c:ea:86:d7:25:
                    eb:63:5a:7d:25:d0:d8:c4:07:09:d1:a8:2b:1d:5d:
                    04:7f:c4:3c:b5:cd:a0:33:94:d4:12:7b:56:14:bd:
                    b4:ef:bf:83:62:df:f5:9d:0f:1d:56:cd:08:6e:08:
                    55:33:38:cf:81:1e:ce:e1:8b:ed:63:a1:87:e7:b1:
                    26:e6:0f:b3:a0:0d:60:a9:a2:49:80:b2:6a:b3:6d:
                    9f:6f:eb:c4:92:6c:e8:b8:73:ad:45:d5:cd:75:d5:
                    91:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:DD:B8:39:58:25:A1:89:4C:A1:17:4E:58:9F:84:C0:0D:5B:6E:54
            X509v3 Authority Key Identifier:
                keyid:36:92:FE:DF:59:C6:0D:32:54:E3:7A:9C:8E:CD:E1:1C:9B:A1:28:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NpL-31nGDTJU43qcjs3hHJuhKCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/5c5ad0-d2da-40db-95d1-e7be5e30ad2d/1/Y924OVgloYlMoRdOWJ-EwA1bblQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/5c5ad0-d2da-40db-95d1-e7be5e30ad2d/1/NpL-31nGDTJU43qcjs3hHJuhKCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.201.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:7c:c0:b1:63:a1:6c:45:0c:cb:71:bb:fc:2b:37:ee:bd:2b:
         d8:82:80:7c:05:f5:8f:ad:49:22:00:89:54:43:ad:61:aa:35:
         5c:c8:da:cd:a7:50:12:0c:90:96:8b:fb:b1:bd:fe:dc:e4:b9:
         af:fd:b3:27:60:67:b6:2c:ef:21:99:0f:0c:61:79:19:60:89:
         38:90:6e:b8:cd:0b:ff:af:7d:6d:9d:a8:c2:8f:bd:ea:c4:0b:
         09:5e:2d:73:e6:9d:03:80:ef:e4:de:14:3a:fb:5e:91:2f:8d:
         46:ca:21:bc:87:c2:40:e8:32:6e:39:1f:0e:df:5d:08:a6:54:
         da:14:8a:37:d6:5f:dc:9b:be:5c:00:dc:94:fd:cb:ab:59:ca:
         63:83:20:a3:ae:72:b9:e2:86:dd:fd:c4:98:3e:7d:7f:1d:6d:
         ac:f7:b4:8e:8e:7b:f7:84:43:d8:37:ac:21:3d:3f:33:4e:dd:
         82:e3:bc:8a:bc:46:14:42:2c:5e:2f:fc:66:90:d4:33:b1:a4:
         7c:da:3b:4d:ac:84:3e:cb:57:93:3e:a2:32:aa:60:13:cf:fb:
         8a:05:f9:47:5d:b4:c1:0a:4d:a1:25:c1:2e:d5:d1:8c:d0:e0:
         5a:45:7e:da:6a:54:0a:14:09:89:e2:81:12:a9:f7:98:18:b0:
         28:fc:dd:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJT4vabjFl+MO+Fos2IsBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OTJmZWRmNTljNjBkMzI1NGUzN2E5YzhlY2RlMTFjOWJh
MTI4MmEwHhcNMjQwMTAxMDgzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2RkYjgzOTU4MjVhMTg5NGNhMTE3NGU1ODlmODRjMDBkNWI2ZTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyQlI13bKNtYfSLAFi1h2k00qzI0E
eMh4dwTrw7ItiXMAULPzcvfYGO7ccFmr2vIpGrYYI6R2e2vzCgLmbfk8jzxbfOAp
gA7VvLn0fp8Hep/FErvNnO/04Vdr2y67oryxL4P6zT8zkRmcFf+HU3tvhr8OxCe4
qkIko++cHvWTl5CENGK0VC+ZpRSb7qbswL/QWNn+IO9U1J/TgMMf444pHOqG1yXr
Y1p9JdDYxAcJ0agrHV0Ef8Q8tc2gM5TUEntWFL2077+DYt/1nQ8dVs0IbghVMzjP
gR7O4YvtY6GH57Em5g+zoA1gqaJJgLJqs22fb+vEkmzouHOtRdXNddWRXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGPduDlYJaGJTKEXTlifhMANW25UMB8GA1UdIwQY
MBaAFDaS/t9Zxg0yVON6nI7N4RyboSgqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnBMLTMxbkdEVEpVNDNxY2pzM2hISnVoS0NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi81YzVhZDAtZDJkYS00MGRiLTk1ZDEt
ZTdiZTVlMzBhZDJkLzEvWTkyNE9WZ2xvWWxNb1JkT1dKLUV3QTFiYmxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi81YzVhZDAtZDJkYS00MGRiLTk1ZDEtZTdiZTVlMzBhZDJk
LzEvTnBMLTMxbkdEVEpVNDNxY2pzM2hISnVoS0NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPsnvMA0G
CSqGSIb3DQEBCwUAA4IBAQAefMCxY6FsRQzLcbv8KzfuvSvYgoB8BfWPrUkiAIlU
Q61hqjVcyNrNp1ASDJCWi/uxvf7c5Lmv/bMnYGe2LO8hmQ8MYXkZYIk4kG64zQv/
r31tnajCj73qxAsJXi1z5p0DgO/k3hQ6+16RL41GyiG8h8JA6DJuOR8O310IplTa
FIo31l/cm75cANyU/curWcpjgyCjrnK54obd/cSYPn1/HW2s97SOjnv3hEPYN6wh
PT8zTt2C47yKvEYUQixeL/xmkNQzsaR82jtNrIQ+y1eTPqIyqmATz/uKBflHXbTB
Ck2hJcEu1dGM0OBaRX7aalQKFAmJ4oESqfeYGLAo/N1B
-----END CERTIFICATE-----