Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/075377-e426-492f-a59c-ae4c95c94005/1/X5h9i-fuLAtcbwW30MufOHDVKpI.roa
File:                     X5h9i-fuLAtcbwW30MufOHDVKpI.roa (raw, json)
Hash identifier:          ohKLfC15c8NH5Ug1/wi+0U1CLl4qd32qrXiFvrNh/fw=
Subject key identifier:   5F:98:7D:8B:E7:EE:2C:0B:5C:6F:05:B7:D0:CB:9F:38:70:D5:2A:92
Certificate issuer:       /CN=dc1fd007dffa508f30063fbe4d53a2b2e1e8c4de
Certificate serial:       018CC26CFC6322B62B2919FDDC8E3134DE67
Authority key identifier: DC:1F:D0:07:DF:FA:50:8F:30:06:3F:BE:4D:53:A2:B2:E1:E8:C4:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3B_QB9_6UI8wBj--TVOisuHoxN4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/075377-e426-492f-a59c-ae4c95c94005/1/X5h9i-fuLAtcbwW30MufOHDVKpI.roa
Signing time:             Mon 01 Jan 2024 00:29:31 +0000
ROA not before:           Mon 01 Jan 2024 00:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30766
IP address blocks:        86.62.8.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/075377-e426-492f-a59c-ae4c95c94005/1/3B_QB9_6UI8wBj--TVOisuHoxN4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/075377-e426-492f-a59c-ae4c95c94005/1/3B_QB9_6UI8wBj--TVOisuHoxN4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3B_QB9_6UI8wBj--TVOisuHoxN4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 May 2024 07:03:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:fc:63:22:b6:2b:29:19:fd:dc:8e:31:34:de:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc1fd007dffa508f30063fbe4d53a2b2e1e8c4de
        Validity
            Not Before: Jan  1 00:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f987d8be7ee2c0b5c6f05b7d0cb9f3870d52a92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:5c:c1:51:cb:2a:23:79:2a:94:4b:b2:d7:c0:
                    8d:62:e7:fd:29:50:5b:89:29:e5:05:58:76:91:0e:
                    c8:bd:eb:55:94:cc:a8:20:cc:c7:9a:9b:a5:0c:9b:
                    0a:ac:7c:97:b9:ff:1d:3a:a4:35:af:d6:13:7e:22:
                    c5:74:0f:22:08:35:dc:5b:e5:84:e1:24:f1:a4:bf:
                    79:9e:d3:b8:c7:4f:47:9f:16:44:cc:1a:00:42:48:
                    72:3f:ad:e0:e6:60:5c:a4:6d:60:e8:1f:36:ef:4e:
                    27:1c:06:e0:01:33:2e:fc:1d:a0:c5:a2:72:97:39:
                    92:fe:bd:59:94:ac:55:bd:e6:ee:fd:ca:36:d1:f4:
                    da:cc:a2:de:75:cd:32:a4:d9:a6:e0:87:b5:b7:9a:
                    a6:ae:48:d8:cd:81:96:dc:63:db:ab:22:73:f7:2e:
                    35:19:7a:ae:39:b8:f2:a7:d5:c5:7f:53:e9:09:e3:
                    be:75:78:9c:ec:4f:37:b5:3d:10:43:33:4e:10:56:
                    1b:e9:8d:f1:5a:27:07:de:2b:9e:29:9a:c1:ba:00:
                    03:f2:69:06:79:2d:ba:39:9c:f3:86:28:ea:39:88:
                    22:01:9e:c4:1d:21:c8:f8:2a:13:6c:a8:4f:c6:bf:
                    f2:31:dd:ac:97:ff:c7:fb:4c:b8:6d:6f:25:1a:83:
                    95:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:98:7D:8B:E7:EE:2C:0B:5C:6F:05:B7:D0:CB:9F:38:70:D5:2A:92
            X509v3 Authority Key Identifier:
                keyid:DC:1F:D0:07:DF:FA:50:8F:30:06:3F:BE:4D:53:A2:B2:E1:E8:C4:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3B_QB9_6UI8wBj--TVOisuHoxN4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/075377-e426-492f-a59c-ae4c95c94005/1/X5h9i-fuLAtcbwW30MufOHDVKpI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/075377-e426-492f-a59c-ae4c95c94005/1/3B_QB9_6UI8wBj--TVOisuHoxN4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.62.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1b:ef:3a:1d:0d:18:98:7a:6d:c1:12:08:c4:70:cc:4e:b6:91:
         29:c6:91:60:e5:67:da:b7:6d:5b:62:c7:9a:52:e1:ae:bf:4d:
         24:f9:71:5d:f7:4b:3a:23:3a:8b:03:44:94:da:0f:7d:37:77:
         3c:8b:99:9b:f6:b3:63:f5:76:f9:42:29:19:87:4e:f7:9e:ea:
         42:c5:5c:ea:95:88:bf:da:72:83:44:2c:ab:5d:63:97:24:a7:
         67:15:10:68:b1:87:76:d3:81:22:90:cd:e9:50:fc:fd:ee:9f:
         54:26:17:79:dc:e2:89:c8:48:1a:11:ec:f1:39:5a:20:96:8e:
         df:d6:09:c6:8a:96:14:c5:62:86:75:83:c8:bd:af:64:ae:3c:
         96:db:98:80:98:a2:bc:53:5b:26:af:ce:8b:b8:70:f5:7f:7c:
         1b:10:fd:5a:70:50:1f:88:53:83:ef:11:34:82:31:28:20:48:
         36:eb:67:e2:b5:2f:b0:76:bb:fa:6b:cd:0f:9c:d1:e8:d6:f1:
         2e:e8:81:bd:0a:42:99:e9:6e:af:4b:66:ae:0d:ff:8c:ba:eb:
         13:57:51:59:dd:3b:17:1b:1b:dd:13:35:37:ee:c5:df:4c:59:
         4e:4e:48:b7:0a:c7:8d:b7:01:c4:49:cd:6e:28:18:c9:e1:66:
         a9:12:64:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbPxjIrYrKRn93I4xNN5nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMWZkMDA3ZGZmYTUwOGYzMDA2M2ZiZTRkNTNhMmIyZTFl
OGM0ZGUwHhcNMjQwMTAxMDAyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Zjk4N2Q4YmU3ZWUyYzBiNWM2ZjA1YjdkMGNiOWYzODcwZDUyYTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkVzBUcsqI3kqlEuy18CNYuf9KVBb
iSnlBVh2kQ7IvetVlMyoIMzHmpulDJsKrHyXuf8dOqQ1r9YTfiLFdA8iCDXcW+WE
4STxpL95ntO4x09HnxZEzBoAQkhyP63g5mBcpG1g6B82704nHAbgATMu/B2gxaJy
lzmS/r1ZlKxVvebu/co20fTazKLedc0ypNmm4Ie1t5qmrkjYzYGW3GPbqyJz9y41
GXquObjyp9XFf1PpCeO+dXic7E83tT0QQzNOEFYb6Y3xWicH3iueKZrBugAD8mkG
eS26OZzzhijqOYgiAZ7EHSHI+CoTbKhPxr/yMd2sl//H+0y4bW8lGoOVUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF+YfYvn7iwLXG8Ft9DLnzhw1SqSMB8GA1UdIwQY
MBaAFNwf0Aff+lCPMAY/vk1TorLh6MTeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0JfUUI5XzZVSTh3QmotLVRWT2lzdUhveE40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy8wNzUzNzctZTQyNi00OTJmLWE1OWMt
YWU0Yzk1Yzk0MDA1LzEvWDVoOWktZnVMQXRjYndXMzBNdWZPSERWS3BJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy8wNzUzNzctZTQyNi00OTJmLWE1OWMtYWU0Yzk1Yzk0MDA1
LzEvM0JfUUI5XzZVSTh3QmotLVRWT2lzdUhveE40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVj4IMA0G
CSqGSIb3DQEBCwUAA4IBAQAb7zodDRiYem3BEgjEcMxOtpEpxpFg5Wfat21bYsea
UuGuv00k+XFd90s6IzqLA0SU2g99N3c8i5mb9rNj9Xb5QikZh073nupCxVzqlYi/
2nKDRCyrXWOXJKdnFRBosYd204EikM3pUPz97p9UJhd53OKJyEgaEezxOVoglo7f
1gnGipYUxWKGdYPIva9krjyW25iAmKK8U1smr86LuHD1f3wbEP1acFAfiFOD7xE0
gjEoIEg262fitS+wdrv6a80PnNHo1vEu6IG9CkKZ6W6vS2auDf+MuusTV1FZ3TsX
GxvdEzU37sXfTFlOTki3CseNtwHESc1uKBjJ4WapEmSX
-----END CERTIFICATE-----