Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/7fa943-9ea6-4068-b6ae-a4d413d7f89c/1/huKOtgGt02ZY1frlYU6RtdUCNJ4.roa
File:                     huKOtgGt02ZY1frlYU6RtdUCNJ4.roa (raw, json)
Hash identifier:          wqdiNUkTUCUL0bvwliDo1jsS1T49LH2rytzDcKyavEA=
Subject key identifier:   86:E2:8E:B6:01:AD:D3:66:58:D5:FA:E5:61:4E:91:B5:D5:02:34:9E
Certificate issuer:       /CN=93ece780dfda43ab4a841727eb20d71fc76528bc
Certificate serial:       01902F9640AEDB5EFEBEBDE638BF5120E839
Authority key identifier: 93:EC:E7:80:DF:DA:43:AB:4A:84:17:27:EB:20:D7:1F:C7:65:28:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k-zngN_aQ6tKhBcn6yDXH8dlKLw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/7fa943-9ea6-4068-b6ae-a4d413d7f89c/1/huKOtgGt02ZY1frlYU6RtdUCNJ4.roa
Signing time:             Wed 19 Jun 2024 08:21:34 +0000
ROA not before:           Wed 19 Jun 2024 08:21:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     36666
IP address blocks:        62.169.158.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/7fa943-9ea6-4068-b6ae-a4d413d7f89c/1/k-zngN_aQ6tKhBcn6yDXH8dlKLw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/7fa943-9ea6-4068-b6ae-a4d413d7f89c/1/k-zngN_aQ6tKhBcn6yDXH8dlKLw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k-zngN_aQ6tKhBcn6yDXH8dlKLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 19:02:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:2f:96:40:ae:db:5e:fe:be:bd:e6:38:bf:51:20:e8:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93ece780dfda43ab4a841727eb20d71fc76528bc
        Validity
            Not Before: Jun 19 08:21:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86e28eb601add36658d5fae5614e91b5d502349e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:da:84:d6:08:16:3e:48:e4:1b:c6:aa:3f:03:
                    f1:12:64:f9:bf:ff:49:c9:a5:6b:1a:6b:97:ce:a2:
                    32:a4:c1:0f:61:3f:c7:df:82:e4:58:6c:55:83:14:
                    55:00:40:50:1e:88:45:ec:18:2a:c3:e6:93:15:e1:
                    89:d2:1b:e4:09:e2:71:33:4b:a4:da:2f:23:4c:21:
                    29:4a:a9:aa:90:9e:b0:fe:16:14:12:29:d1:95:23:
                    97:4a:7c:8f:a7:a7:cd:f2:41:e3:de:8c:8a:26:13:
                    2a:b1:48:68:c6:12:d4:f8:05:d1:c2:b2:0c:6a:bd:
                    5d:64:4f:bd:e4:e9:4d:47:2c:74:c3:0a:ab:ad:0f:
                    07:9f:1f:39:eb:23:68:6e:55:73:40:75:28:64:87:
                    86:b4:34:16:80:ad:3f:18:ee:56:8b:55:ea:52:61:
                    74:9b:e4:ff:49:61:b8:f0:64:78:39:44:7e:c8:ff:
                    7c:08:a9:e3:b9:5d:b6:0a:b6:ac:01:40:01:d5:2e:
                    1c:f6:ba:8b:ca:38:df:47:56:50:ba:f2:01:8b:c2:
                    35:61:17:18:50:aa:69:2c:7b:fc:b4:4b:e4:0c:0e:
                    05:ff:88:0e:63:8f:cd:91:f1:52:72:b5:66:d1:16:
                    3e:9f:59:81:d1:59:e7:e2:b2:1f:92:26:6a:ce:96:
                    c9:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:E2:8E:B6:01:AD:D3:66:58:D5:FA:E5:61:4E:91:B5:D5:02:34:9E
            X509v3 Authority Key Identifier:
                keyid:93:EC:E7:80:DF:DA:43:AB:4A:84:17:27:EB:20:D7:1F:C7:65:28:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k-zngN_aQ6tKhBcn6yDXH8dlKLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/7fa943-9ea6-4068-b6ae-a4d413d7f89c/1/huKOtgGt02ZY1frlYU6RtdUCNJ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/7fa943-9ea6-4068-b6ae-a4d413d7f89c/1/k-zngN_aQ6tKhBcn6yDXH8dlKLw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.169.158.0/23

    Signature Algorithm: sha256WithRSAEncryption
         71:57:54:0a:14:6a:4b:4b:30:b6:4f:54:a1:a2:05:a3:f8:52:
         a6:e3:46:6e:ac:f0:a9:8d:80:b6:36:87:73:f1:1c:95:36:44:
         fc:7d:49:62:d0:21:29:11:6c:30:b1:a9:a9:ec:3b:ab:86:7e:
         78:5f:96:fb:1c:28:c0:14:a4:5f:58:58:63:76:8f:3b:db:b1:
         a3:38:d1:38:b4:79:1b:9c:de:0c:02:e5:db:3d:7c:58:ec:e6:
         04:a5:da:ce:71:76:04:9b:19:4d:cd:57:4c:c3:4a:c5:26:31:
         fe:c6:c5:d6:c9:e4:75:5c:2f:31:69:b6:80:e3:4c:44:db:48:
         cf:92:14:d6:92:ed:60:97:c9:b1:94:3c:00:7d:46:5f:f5:84:
         b1:9b:56:56:38:dd:72:ad:07:29:9f:b8:65:ed:92:3f:3d:dc:
         9b:3c:d1:88:0c:c4:1a:80:ba:57:22:a3:44:a4:21:61:42:18:
         d6:32:e5:35:a2:cb:fd:ab:a2:d7:f1:1e:ab:35:6b:6c:ae:a1:
         f0:33:8e:65:3d:30:81:d2:3d:e6:7f:89:4b:97:a2:e9:46:42:
         57:07:f4:2e:df:7e:6f:0b:6d:6a:82:73:bd:22:39:da:2e:af:
         9e:24:34:b2:35:51:1a:9b:38:dd:6e:b7:a9:97:b4:11:8d:d8:
         bd:a6:d6:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAvlkCu217+vr3mOL9RIOg5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZWNlNzgwZGZkYTQzYWI0YTg0MTcyN2ViMjBkNzFmYzc2
NTI4YmMwHhcNMjQwNjE5MDgyMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmUyOGViNjAxYWRkMzY2NThkNWZhZTU2MTRlOTFiNWQ1MDIzNDllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwtqE1ggWPkjkG8aqPwPxEmT5v/9J
yaVrGmuXzqIypMEPYT/H34LkWGxVgxRVAEBQHohF7Bgqw+aTFeGJ0hvkCeJxM0uk
2i8jTCEpSqmqkJ6w/hYUEinRlSOXSnyPp6fN8kHj3oyKJhMqsUhoxhLU+AXRwrIM
ar1dZE+95OlNRyx0wwqrrQ8Hnx856yNoblVzQHUoZIeGtDQWgK0/GO5Wi1XqUmF0
m+T/SWG48GR4OUR+yP98CKnjuV22CrasAUAB1S4c9rqLyjjfR1ZQuvIBi8I1YRcY
UKppLHv8tEvkDA4F/4gOY4/NkfFScrVm0RY+n1mB0Vnn4rIfkiZqzpbJqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIbijrYBrdNmWNX65WFOkbXVAjSeMB8GA1UdIwQY
MBaAFJPs54Df2kOrSoQXJ+sg1x/HZSi8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvay16bmdOX2FRNnRLaEJjbjZ5RFhIOGRsS0x3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy83ZmE5NDMtOWVhNi00MDY4LWI2YWUt
YTRkNDEzZDdmODljLzEvaHVLT3RnR3QwMlpZMWZybFlVNlJ0ZFVDTko0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy83ZmE5NDMtOWVhNi00MDY4LWI2YWUtYTRkNDEzZDdmODlj
LzEvay16bmdOX2FRNnRLaEJjbjZ5RFhIOGRsS0x3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBPqmeMA0G
CSqGSIb3DQEBCwUAA4IBAQBxV1QKFGpLSzC2T1ShogWj+FKm40ZurPCpjYC2Nodz
8RyVNkT8fUli0CEpEWwwsamp7Durhn54X5b7HCjAFKRfWFhjdo8727GjONE4tHkb
nN4MAuXbPXxY7OYEpdrOcXYEmxlNzVdMw0rFJjH+xsXWyeR1XC8xabaA40xE20jP
khTWku1gl8mxlDwAfUZf9YSxm1ZWON1yrQcpn7hl7ZI/PdybPNGIDMQagLpXIqNE
pCFhQhjWMuU1osv9q6LX8R6rNWtsrqHwM45lPTCB0j3mf4lLl6LpRkJXB/Qu335v
C21qgnO9IjnaLq+eJDSyNVEamzjdbrepl7QRjdi9ptZD
-----END CERTIFICATE-----