Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/2c2817-3701-4783-8fbd-eec4885c4f8d/1/pYhICl89Ls11vtEswoMsnUNSRuQ.roa
File:                     pYhICl89Ls11vtEswoMsnUNSRuQ.roa (raw, json)
Hash identifier:          fQ5yFNa9lxcOfLBJ7cM3WnpRj9cJzZm0OE0+CUsUxM4=
Subject key identifier:   A5:88:48:0A:5F:3D:2E:CD:75:BE:D1:2C:C2:83:2C:9D:43:52:46:E4
Certificate issuer:       /CN=20ca2d4cb3e56b5d29970a97fc645eb2fd6876a1
Certificate serial:       019145670385DC90C72CBD832BB2D485915F
Authority key identifier: 20:CA:2D:4C:B3:E5:6B:5D:29:97:0A:97:FC:64:5E:B2:FD:68:76:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IMotTLPla10plwqX_GResv1odqE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/2c2817-3701-4783-8fbd-eec4885c4f8d/1/pYhICl89Ls11vtEswoMsnUNSRuQ.roa
Signing time:             Mon 12 Aug 2024 07:04:24 +0000
ROA not before:           Mon 12 Aug 2024 07:04:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214461
IP address blocks:        62.113.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/2c2817-3701-4783-8fbd-eec4885c4f8d/1/IMotTLPla10plwqX_GResv1odqE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/2c2817-3701-4783-8fbd-eec4885c4f8d/1/IMotTLPla10plwqX_GResv1odqE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IMotTLPla10plwqX_GResv1odqE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:45:67:03:85:dc:90:c7:2c:bd:83:2b:b2:d4:85:91:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20ca2d4cb3e56b5d29970a97fc645eb2fd6876a1
        Validity
            Not Before: Aug 12 07:04:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a588480a5f3d2ecd75bed12cc2832c9d435246e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:6b:c5:cc:20:2a:0b:3d:93:ff:14:cb:e4:14:
                    25:04:8b:55:1e:bc:f5:be:1d:1d:98:82:65:ba:11:
                    a0:31:98:1c:1e:c4:cd:74:2c:3d:6e:ae:82:0d:85:
                    53:98:83:43:bc:66:c5:1a:06:2c:ed:a6:bd:30:95:
                    39:f1:06:c8:8b:0b:04:7b:ef:94:35:41:68:d2:7c:
                    f1:8d:b3:b9:ea:e6:c0:51:2d:53:4a:5b:e2:ce:1a:
                    f1:2c:74:a0:37:bc:5f:83:e9:3b:83:6b:04:c1:e5:
                    3b:18:37:f5:cc:8b:e0:74:c5:d3:0b:fe:a8:12:8c:
                    57:d3:bc:bd:e7:aa:03:19:5e:e3:20:89:69:8e:a9:
                    2c:d9:ca:95:6e:2b:32:3c:41:cb:9f:85:a1:34:b8:
                    88:94:bb:0a:67:92:f7:e8:0f:b7:89:39:16:8b:e5:
                    e5:ff:44:06:b8:9f:1f:41:e7:23:f9:d7:52:1d:5e:
                    f7:2e:27:5b:a7:f2:9a:dd:6c:a3:50:20:1a:56:e7:
                    03:68:85:6f:35:ca:c2:d1:eb:f3:4a:ed:d3:8c:e7:
                    6b:d9:9f:3d:5a:99:eb:b8:ac:34:06:de:80:f9:ad:
                    01:cd:33:73:e6:31:83:08:f6:59:eb:3d:7e:34:9f:
                    46:b0:5b:46:a6:3a:22:62:e5:eb:71:3b:0a:76:b7:
                    81:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:88:48:0A:5F:3D:2E:CD:75:BE:D1:2C:C2:83:2C:9D:43:52:46:E4
            X509v3 Authority Key Identifier:
                keyid:20:CA:2D:4C:B3:E5:6B:5D:29:97:0A:97:FC:64:5E:B2:FD:68:76:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IMotTLPla10plwqX_GResv1odqE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/2c2817-3701-4783-8fbd-eec4885c4f8d/1/pYhICl89Ls11vtEswoMsnUNSRuQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/2c2817-3701-4783-8fbd-eec4885c4f8d/1/IMotTLPla10plwqX_GResv1odqE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.113.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:fa:9d:af:54:c0:ca:45:7f:f3:dc:8f:0a:0c:a8:dd:ad:0d:
         7f:72:41:79:de:b6:32:62:44:58:c2:95:07:b7:63:cc:3d:27:
         6f:cf:a2:ea:96:e6:12:90:8f:80:ef:58:ca:ab:91:e4:63:9f:
         20:d0:76:47:c4:b0:cf:2c:e4:d3:aa:08:e7:98:31:1a:41:b3:
         e7:2c:54:6a:2f:b6:91:31:a4:e7:d9:e0:44:b5:fd:cf:96:88:
         ac:d4:23:10:ed:46:76:ed:3a:4f:63:24:19:d6:bb:5d:dd:fd:
         fa:3c:3c:90:8e:86:c3:1d:1e:54:26:56:3d:96:07:fb:f3:5b:
         6f:9e:e8:e7:06:c7:06:5d:2c:81:de:4d:22:e9:41:b3:7f:cd:
         3a:5a:e6:79:fe:dd:c7:42:a8:8b:c1:8f:fb:c0:99:b8:93:a4:
         57:f2:05:06:68:9d:11:60:23:ca:62:ec:bc:54:be:7e:a3:39:
         23:9b:8e:3e:11:0b:e4:3d:f8:0d:32:b5:1c:3b:e0:08:d0:a2:
         00:ee:5c:bb:5f:ce:b9:3c:24:c3:e6:12:ae:80:85:c2:7b:6d:
         0a:41:04:01:e3:13:b7:5d:c9:be:0e:1b:f5:70:34:5b:39:1b:
         45:e0:b5:08:da:ba:85:f0:5f:ed:6b:af:bf:b1:38:85:30:bc:
         f0:6b:90:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFFZwOF3JDHLL2DK7LUhZFfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwY2EyZDRjYjNlNTZiNWQyOTk3MGE5N2ZjNjQ1ZWIyZmQ2
ODc2YTEwHhcNMjQwODEyMDcwNDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTg4NDgwYTVmM2QyZWNkNzViZWQxMmNjMjgzMmM5ZDQzNTI0NmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzmvFzCAqCz2T/xTL5BQlBItVHrz1
vh0dmIJluhGgMZgcHsTNdCw9bq6CDYVTmINDvGbFGgYs7aa9MJU58QbIiwsEe++U
NUFo0nzxjbO56ubAUS1TSlvizhrxLHSgN7xfg+k7g2sEweU7GDf1zIvgdMXTC/6o
EoxX07y956oDGV7jIIlpjqks2cqVbisyPEHLn4WhNLiIlLsKZ5L36A+3iTkWi+Xl
/0QGuJ8fQecj+ddSHV73Lidbp/Ka3WyjUCAaVucDaIVvNcrC0evzSu3TjOdr2Z89
WpnruKw0Bt6A+a0BzTNz5jGDCPZZ6z1+NJ9GsFtGpjoiYuXrcTsKdreBFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKWISApfPS7Ndb7RLMKDLJ1DUkbkMB8GA1UdIwQY
MBaAFCDKLUyz5WtdKZcKl/xkXrL9aHahMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSU1vdFRMUGxhMTBwbHdxWF9HUmVzdjFvZHFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC8yYzI4MTctMzcwMS00NzgzLThmYmQt
ZWVjNDg4NWM0ZjhkLzEvcFloSUNsODlMczExdnRFc3dvTXNuVU5TUnVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC8yYzI4MTctMzcwMS00NzgzLThmYmQtZWVjNDg4NWM0Zjhk
LzEvSU1vdFRMUGxhMTBwbHdxWF9HUmVzdjFvZHFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPnE7MA0G
CSqGSIb3DQEBCwUAA4IBAQCH+p2vVMDKRX/z3I8KDKjdrQ1/ckF53rYyYkRYwpUH
t2PMPSdvz6LqluYSkI+A71jKq5HkY58g0HZHxLDPLOTTqgjnmDEaQbPnLFRqL7aR
MaTn2eBEtf3Plois1CMQ7UZ27TpPYyQZ1rtd3f36PDyQjobDHR5UJlY9lgf781tv
nujnBscGXSyB3k0i6UGzf806WuZ5/t3HQqiLwY/7wJm4k6RX8gUGaJ0RYCPKYuy8
VL5+ozkjm44+EQvkPfgNMrUcO+AI0KIA7ly7X865PCTD5hKugIXCe20KQQQB4xO3
Xcm+Dhv1cDRbORtF4LUI2rqF8F/ta6+/sTiFMLzwa5BX
-----END CERTIFICATE-----