Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/3123b0-93e3-465d-80e4-040407a290d9/1/j1_Go95PJaOBBw7Mm_PARw_mMtE.roa
File:                     j1_Go95PJaOBBw7Mm_PARw_mMtE.roa (raw, json)
Hash identifier:          DnU2WyFU99svLQiMwixAZ0F3vP3hRQS+TaRWl71OmFk=
Subject key identifier:   8F:5F:C6:A3:DE:4F:25:A3:81:07:0E:CC:9B:F3:C0:47:0F:E6:32:D1
Certificate issuer:       /CN=62efff88bf665ec86a9e356b79d06ba5940c383c
Certificate serial:       01917ABD27C29FA97439671F0EDC089A2C36
Authority key identifier: 62:EF:FF:88:BF:66:5E:C8:6A:9E:35:6B:79:D0:6B:A5:94:0C:38:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yu__iL9mXshqnjVredBrpZQMODw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/3123b0-93e3-465d-80e4-040407a290d9/1/j1_Go95PJaOBBw7Mm_PARw_mMtE.roa
Signing time:             Thu 22 Aug 2024 15:38:22 +0000
ROA not before:           Thu 22 Aug 2024 15:38:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        170.62.190.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/3123b0-93e3-465d-80e4-040407a290d9/1/Yu__iL9mXshqnjVredBrpZQMODw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/3123b0-93e3-465d-80e4-040407a290d9/1/Yu__iL9mXshqnjVredBrpZQMODw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yu__iL9mXshqnjVredBrpZQMODw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 15:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:7a:bd:27:c2:9f:a9:74:39:67:1f:0e:dc:08:9a:2c:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62efff88bf665ec86a9e356b79d06ba5940c383c
        Validity
            Not Before: Aug 22 15:38:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f5fc6a3de4f25a381070ecc9bf3c0470fe632d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:0e:e8:dc:d1:5a:8b:2a:f9:7f:90:f5:39:dd:
                    64:d1:33:bb:60:57:dd:ba:28:36:d6:65:72:68:56:
                    ba:a2:72:0b:c5:33:a2:90:75:8b:ab:31:4a:63:b0:
                    0e:cc:ed:48:c2:92:2b:e5:88:e3:7d:4a:77:85:82:
                    3c:4e:a1:f3:f3:f1:93:03:e9:f0:ea:2d:91:9f:16:
                    d4:20:cf:8c:c3:db:e9:c1:3c:e4:00:b7:98:15:67:
                    fa:e2:a1:7d:b1:8b:94:2a:6a:64:ba:70:44:7e:14:
                    35:20:4c:0f:f4:d5:df:27:47:f6:20:6b:1e:c2:b0:
                    9c:c0:7b:88:1c:b6:a8:88:04:7f:0c:0f:ec:96:55:
                    8b:0a:c6:e2:a5:41:9f:34:ae:0b:3d:cb:dd:7b:2b:
                    07:84:10:bf:45:4c:85:f0:79:1b:0e:e2:35:4f:9e:
                    f6:00:c4:0a:c5:4d:ee:b4:4f:41:f3:d6:ef:ce:23:
                    77:f9:f7:4b:52:68:9f:74:f6:e3:1b:b8:64:37:36:
                    4c:1f:78:22:8d:cb:d2:a3:f5:27:0c:d2:34:f3:9f:
                    d4:6a:45:63:dc:eb:64:15:99:de:9f:1b:ad:91:ff:
                    e4:a3:d0:e5:69:e9:44:c5:9f:5d:1e:94:62:6b:72:
                    b1:80:6a:36:b0:77:f1:f1:fc:9e:68:54:a7:bc:5c:
                    b4:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:5F:C6:A3:DE:4F:25:A3:81:07:0E:CC:9B:F3:C0:47:0F:E6:32:D1
            X509v3 Authority Key Identifier:
                keyid:62:EF:FF:88:BF:66:5E:C8:6A:9E:35:6B:79:D0:6B:A5:94:0C:38:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yu__iL9mXshqnjVredBrpZQMODw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/3123b0-93e3-465d-80e4-040407a290d9/1/j1_Go95PJaOBBw7Mm_PARw_mMtE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/3123b0-93e3-465d-80e4-040407a290d9/1/Yu__iL9mXshqnjVredBrpZQMODw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.62.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:a4:1a:bb:90:0f:77:28:1e:eb:8f:14:be:55:88:45:bf:0f:
         3b:3d:a2:ae:58:ab:ff:0c:36:91:94:09:64:cb:5f:56:6d:11:
         3e:ce:17:e8:a3:8e:33:75:cf:8a:67:13:66:64:68:e0:3e:23:
         2f:62:57:60:7a:68:52:ba:d5:18:75:52:63:51:bb:eb:f4:93:
         dd:31:e6:88:c6:55:7d:90:b1:c4:2e:4f:52:0a:74:ee:bf:81:
         5a:a9:35:ed:b9:37:b3:67:ec:dd:e0:95:bb:0a:b7:62:59:28:
         b5:18:87:37:36:56:a8:c9:d7:8c:fa:2a:7c:0c:dc:27:e0:5e:
         f5:d9:ed:3a:89:84:05:12:be:61:b9:e1:5d:a8:55:23:0a:8a:
         b1:ea:a3:ac:bb:ed:50:59:1f:bd:22:81:36:34:6c:67:d4:f8:
         26:64:92:3d:3c:37:5b:49:52:bf:81:5f:9c:dc:29:61:c3:9c:
         75:13:36:83:1b:5b:75:70:e1:8e:46:03:10:5b:1f:93:2f:46:
         6f:11:b2:f3:de:2f:36:b5:b9:d0:08:be:5d:f4:e3:33:09:fa:
         7f:f5:79:56:47:73:00:06:10:a0:3d:5d:db:22:d0:cc:b6:d7:
         8a:d5:8d:1b:05:b6:94:72:16:45:09:06:8c:d6:c1:65:19:55:
         a9:5f:d0:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZF6vSfCn6l0OWcfDtwImiw2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZWZmZjg4YmY2NjVlYzg2YTllMzU2Yjc5ZDA2YmE1OTQw
YzM4M2MwHhcNMjQwODIyMTUzODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjVmYzZhM2RlNGYyNWEzODEwNzBlY2M5YmYzYzA0NzBmZTYzMmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Q7o3NFaiyr5f5D1Od1k0TO7YFfd
uig21mVyaFa6onILxTOikHWLqzFKY7AOzO1IwpIr5YjjfUp3hYI8TqHz8/GTA+nw
6i2RnxbUIM+Mw9vpwTzkALeYFWf64qF9sYuUKmpkunBEfhQ1IEwP9NXfJ0f2IGse
wrCcwHuIHLaoiAR/DA/sllWLCsbipUGfNK4LPcvdeysHhBC/RUyF8HkbDuI1T572
AMQKxU3utE9B89bvziN3+fdLUmifdPbjG7hkNzZMH3gijcvSo/UnDNI085/UakVj
3OtkFZnenxutkf/ko9DlaelExZ9dHpRia3KxgGo2sHfx8fyeaFSnvFy01wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI9fxqPeTyWjgQcOzJvzwEcP5jLRMB8GA1UdIwQY
MBaAFGLv/4i/Zl7Iap41a3nQa6WUDDg8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXVfX2lMOW1Yc2hxbmpWcmVkQnJwWlFNT0R3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zMTIzYjAtOTNlMy00NjVkLTgwZTQt
MDQwNDA3YTI5MGQ5LzEvajFfR285NVBKYU9CQnc3TW1fUEFSd19tTXRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zMTIzYjAtOTNlMy00NjVkLTgwZTQtMDQwNDA3YTI5MGQ5
LzEvWXVfX2lMOW1Yc2hxbmpWcmVkQnJwWlFNT0R3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqj6+MA0G
CSqGSIb3DQEBCwUAA4IBAQB4pBq7kA93KB7rjxS+VYhFvw87PaKuWKv/DDaRlAlk
y19WbRE+zhfoo44zdc+KZxNmZGjgPiMvYldgemhSutUYdVJjUbvr9JPdMeaIxlV9
kLHELk9SCnTuv4FaqTXtuTezZ+zd4JW7CrdiWSi1GIc3NlaoydeM+ip8DNwn4F71
2e06iYQFEr5hueFdqFUjCoqx6qOsu+1QWR+9IoE2NGxn1PgmZJI9PDdbSVK/gV+c
3Clhw5x1EzaDG1t1cOGORgMQWx+TL0ZvEbLz3i82tbnQCL5d9OMzCfp/9XlWR3MA
BhCgPV3bItDMtteK1Y0bBbaUchZFCQaM1sFlGVWpX9BX
-----END CERTIFICATE-----