Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/3123b0-93e3-465d-80e4-040407a290d9/1/S8IL9e1RiQU-j8mHVtOzhHrSv7Q.roa
File:                     S8IL9e1RiQU-j8mHVtOzhHrSv7Q.roa (raw, json)
Hash identifier:          oCw4qcprieP4sbyG81NnbWf6DLw4nvREBlEznHPhwZs=
Subject key identifier:   4B:C2:0B:F5:ED:51:89:05:3E:8F:C9:87:56:D3:B3:84:7A:D2:BF:B4
Certificate issuer:       /CN=62efff88bf665ec86a9e356b79d06ba5940c383c
Certificate serial:       0192B305D66B8567D88BB87589915CC9A428
Authority key identifier: 62:EF:FF:88:BF:66:5E:C8:6A:9E:35:6B:79:D0:6B:A5:94:0C:38:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yu__iL9mXshqnjVredBrpZQMODw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/3123b0-93e3-465d-80e4-040407a290d9/1/S8IL9e1RiQU-j8mHVtOzhHrSv7Q.roa
Signing time:             Tue 22 Oct 2024 06:59:17 +0000
ROA not before:           Tue 22 Oct 2024 06:59:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48678
IP address blocks:        213.254.170.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/3123b0-93e3-465d-80e4-040407a290d9/1/Yu__iL9mXshqnjVredBrpZQMODw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/3123b0-93e3-465d-80e4-040407a290d9/1/Yu__iL9mXshqnjVredBrpZQMODw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yu__iL9mXshqnjVredBrpZQMODw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Nov 2024 14:58:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b3:05:d6:6b:85:67:d8:8b:b8:75:89:91:5c:c9:a4:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62efff88bf665ec86a9e356b79d06ba5940c383c
        Validity
            Not Before: Oct 22 06:59:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4bc20bf5ed5189053e8fc98756d3b3847ad2bfb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:b9:98:ce:d5:6c:70:2d:08:58:f6:ff:b3:58:
                    95:8b:b0:f0:fe:66:13:66:1c:d9:d9:d5:85:b7:02:
                    08:55:e0:42:69:b1:21:f0:c9:65:eb:e6:35:1a:ea:
                    6d:14:87:5c:74:a3:7f:26:07:32:4c:14:b4:3e:38:
                    5f:d3:34:f0:b4:5c:70:09:6c:b5:f6:5e:26:e1:2c:
                    6b:fe:9a:2b:72:ba:36:a8:3f:4a:6e:a6:59:3f:29:
                    fc:d9:88:fb:c8:79:35:c5:b9:46:cb:8e:90:ba:97:
                    00:79:1a:e7:35:1e:6e:1b:4f:ed:68:02:2d:91:e6:
                    39:d9:ba:28:dd:2f:42:0e:46:3c:7b:eb:4a:58:c4:
                    0f:74:f1:1f:11:b0:a7:26:44:05:18:7f:c6:50:4d:
                    e2:c2:fa:96:cf:75:02:9d:68:cb:70:18:a4:41:67:
                    13:6f:54:0d:dd:53:a1:4b:6c:51:9b:9c:96:39:b7:
                    16:9f:61:36:c4:59:10:25:82:cc:f5:9b:a5:ee:23:
                    aa:c6:5d:2a:17:2f:82:05:11:6b:55:bc:6f:24:d4:
                    bd:d0:64:f8:ad:9b:bc:5a:d1:3b:db:51:af:24:0a:
                    40:7e:5d:a5:2d:24:cd:95:e6:04:76:d6:d2:43:5d:
                    4c:09:ee:ca:ee:5f:c1:01:14:c0:fa:08:2c:0e:5c:
                    39:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:C2:0B:F5:ED:51:89:05:3E:8F:C9:87:56:D3:B3:84:7A:D2:BF:B4
            X509v3 Authority Key Identifier:
                keyid:62:EF:FF:88:BF:66:5E:C8:6A:9E:35:6B:79:D0:6B:A5:94:0C:38:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yu__iL9mXshqnjVredBrpZQMODw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/3123b0-93e3-465d-80e4-040407a290d9/1/S8IL9e1RiQU-j8mHVtOzhHrSv7Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/3123b0-93e3-465d-80e4-040407a290d9/1/Yu__iL9mXshqnjVredBrpZQMODw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.254.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:79:e1:61:49:41:02:30:e5:e3:b7:67:dd:54:cc:db:c7:a2:
         7e:0c:cb:10:90:15:76:9a:94:be:e6:eb:ed:63:08:02:af:9a:
         10:d1:0b:32:f2:12:f4:ff:0b:c5:17:43:56:b9:7b:ae:d2:3a:
         ef:95:66:b7:32:ed:1d:d3:c2:0c:87:fb:b8:8b:2a:7b:73:f3:
         91:61:07:2f:02:5f:5f:14:3a:60:48:66:9c:96:4b:13:73:d0:
         5d:dd:79:5d:e8:7b:9c:9c:17:1c:ee:63:e8:df:b6:17:a1:cb:
         1b:75:07:df:62:0f:9f:3b:fc:76:e3:f3:29:e0:57:ae:c4:45:
         44:93:c8:34:49:7f:73:7c:45:14:62:2d:21:0e:0c:f2:23:13:
         82:f5:4a:f1:d8:a6:2f:cb:0a:07:6d:57:7d:19:c2:ae:92:9d:
         52:87:8b:ed:91:2a:43:ed:74:93:66:51:48:b5:70:4b:4b:b4:
         38:5d:66:db:fa:de:db:e5:0e:fd:b7:62:22:c1:76:72:63:3d:
         9f:6c:e8:4f:e5:73:99:e4:a1:67:24:8e:f9:60:c1:f7:2f:dd:
         fb:cd:90:ad:eb:fc:14:a6:c4:cc:c2:35:c6:1d:70:73:40:54:
         0a:42:3c:ee:1e:cf:cc:bd:ce:88:29:11:3d:c0:7e:54:1b:1b:
         aa:70:37:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKzBdZrhWfYi7h1iZFcyaQoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZWZmZjg4YmY2NjVlYzg2YTllMzU2Yjc5ZDA2YmE1OTQw
YzM4M2MwHhcNMjQxMDIyMDY1OTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmMyMGJmNWVkNTE4OTA1M2U4ZmM5ODc1NmQzYjM4NDdhZDJiZmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjrmYztVscC0IWPb/s1iVi7Dw/mYT
ZhzZ2dWFtwIIVeBCabEh8Mll6+Y1GuptFIdcdKN/JgcyTBS0Pjhf0zTwtFxwCWy1
9l4m4Sxr/porcro2qD9KbqZZPyn82Yj7yHk1xblGy46QupcAeRrnNR5uG0/taAIt
keY52boo3S9CDkY8e+tKWMQPdPEfEbCnJkQFGH/GUE3iwvqWz3UCnWjLcBikQWcT
b1QN3VOhS2xRm5yWObcWn2E2xFkQJYLM9Zul7iOqxl0qFy+CBRFrVbxvJNS90GT4
rZu8WtE721GvJApAfl2lLSTNleYEdtbSQ11MCe7K7l/BARTA+ggsDlw55QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEvCC/XtUYkFPo/Jh1bTs4R60r+0MB8GA1UdIwQY
MBaAFGLv/4i/Zl7Iap41a3nQa6WUDDg8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXVfX2lMOW1Yc2hxbmpWcmVkQnJwWlFNT0R3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zMTIzYjAtOTNlMy00NjVkLTgwZTQt
MDQwNDA3YTI5MGQ5LzEvUzhJTDllMVJpUVUtajhtSFZ0T3poSHJTdjdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zMTIzYjAtOTNlMy00NjVkLTgwZTQtMDQwNDA3YTI5MGQ5
LzEvWXVfX2lMOW1Yc2hxbmpWcmVkQnJwWlFNT0R3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1f6qMA0G
CSqGSIb3DQEBCwUAA4IBAQAleeFhSUECMOXjt2fdVMzbx6J+DMsQkBV2mpS+5uvt
YwgCr5oQ0Qsy8hL0/wvFF0NWuXuu0jrvlWa3Mu0d08IMh/u4iyp7c/ORYQcvAl9f
FDpgSGaclksTc9Bd3Xld6HucnBcc7mPo37YXocsbdQffYg+fO/x24/Mp4FeuxEVE
k8g0SX9zfEUUYi0hDgzyIxOC9Urx2KYvywoHbVd9GcKukp1Sh4vtkSpD7XSTZlFI
tXBLS7Q4XWbb+t7b5Q79t2IiwXZyYz2fbOhP5XOZ5KFnJI75YMH3L937zZCt6/wU
psTMwjXGHXBzQFQKQjzuHs/Mvc6IKRE9wH5UGxuqcDdx
-----END CERTIFICATE-----