Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/abd12f-1d66-412f-9be2-28cb3bbf05ae/1/MsrsF8pu_X6hSowibd-lhWOOCKA.roa
File:                     MsrsF8pu_X6hSowibd-lhWOOCKA.roa (raw, json)
Hash identifier:          JCLDVY9xV2IE9hzTIL0wKWXYDNMHsEQ8mpgNNxEAizw=
Subject key identifier:   32:CA:EC:17:CA:6E:FD:7E:A1:4A:8C:22:6D:DF:A5:85:63:8E:08:A0
Certificate issuer:       /CN=df9c64e170b7f255d7ca30035d6532c8957eb169
Certificate serial:       018CC5000BBA332FB84D9A0FF0BCD2E3182D
Authority key identifier: DF:9C:64:E1:70:B7:F2:55:D7:CA:30:03:5D:65:32:C8:95:7E:B1:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/35xk4XC38lXXyjADXWUyyJV-sWk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/abd12f-1d66-412f-9be2-28cb3bbf05ae/1/MsrsF8pu_X6hSowibd-lhWOOCKA.roa
Signing time:             Mon 01 Jan 2024 12:29:23 +0000
ROA not before:           Mon 01 Jan 2024 12:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58343
IP address blocks:        62.201.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/abd12f-1d66-412f-9be2-28cb3bbf05ae/1/35xk4XC38lXXyjADXWUyyJV-sWk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/abd12f-1d66-412f-9be2-28cb3bbf05ae/1/35xk4XC38lXXyjADXWUyyJV-sWk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/35xk4XC38lXXyjADXWUyyJV-sWk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:0b:ba:33:2f:b8:4d:9a:0f:f0:bc:d2:e3:18:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df9c64e170b7f255d7ca30035d6532c8957eb169
        Validity
            Not Before: Jan  1 12:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=32caec17ca6efd7ea14a8c226ddfa585638e08a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:79:ee:93:ca:0f:01:26:1e:8b:03:88:2f:2a:
                    26:64:e6:4a:c8:4e:b1:bc:2d:27:d1:54:13:c1:9c:
                    3e:1e:a9:64:4c:b2:d7:75:ba:cc:7c:ef:13:e5:7d:
                    93:e6:f6:e6:f1:18:52:f7:ce:80:a4:f5:4f:cf:08:
                    f2:b9:24:fc:2b:fc:42:a7:a3:b1:0f:f6:35:3c:c7:
                    4f:de:cc:49:30:2c:5e:fc:da:bb:65:00:81:b5:fc:
                    05:f0:5b:46:8f:7d:99:1a:12:5b:83:36:36:99:26:
                    2e:7f:2f:36:3e:41:da:76:67:2a:86:71:65:b1:c9:
                    2d:6d:44:e9:b0:d7:2d:50:be:4d:85:26:d4:41:a6:
                    8e:79:a6:ca:ba:e6:00:df:0e:cf:e8:2e:21:bc:2d:
                    54:4e:10:a9:d3:06:d1:fd:ec:49:87:a1:e6:8b:da:
                    1e:46:05:49:02:81:2e:e6:a4:6a:89:e8:23:96:d5:
                    ff:90:fd:38:e9:ad:5d:4a:8e:c6:36:dc:76:4a:01:
                    aa:51:7a:f6:3f:9b:e9:d5:30:35:a2:84:5b:10:1b:
                    6e:f9:06:84:e6:38:74:a3:10:34:2b:04:a0:c6:87:
                    d3:0d:a3:ce:e6:17:e5:a0:68:f9:63:ed:f4:73:67:
                    ef:16:a7:7d:e5:3a:78:55:f7:b9:13:47:9d:c4:96:
                    7b:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:CA:EC:17:CA:6E:FD:7E:A1:4A:8C:22:6D:DF:A5:85:63:8E:08:A0
            X509v3 Authority Key Identifier:
                keyid:DF:9C:64:E1:70:B7:F2:55:D7:CA:30:03:5D:65:32:C8:95:7E:B1:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/35xk4XC38lXXyjADXWUyyJV-sWk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/abd12f-1d66-412f-9be2-28cb3bbf05ae/1/MsrsF8pu_X6hSowibd-lhWOOCKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/abd12f-1d66-412f-9be2-28cb3bbf05ae/1/35xk4XC38lXXyjADXWUyyJV-sWk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.201.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:a0:d7:b5:12:d2:7c:24:f9:66:a4:63:79:b7:07:c9:0d:e7:
         aa:67:6c:c9:d2:14:59:dc:1a:aa:3b:d9:28:30:84:4d:14:f9:
         8e:77:ee:e1:9c:5a:3f:0a:87:21:44:78:07:34:a6:53:16:0d:
         fb:42:1f:5c:1a:01:ed:c4:83:2e:b4:28:c9:a7:ec:48:24:f3:
         90:c5:34:ee:45:55:53:c7:49:2a:b3:24:d5:c1:96:51:5b:b4:
         23:e2:7b:df:a5:a2:d4:63:43:23:7e:ac:a2:43:29:11:08:89:
         e1:b3:9c:76:1e:36:de:ba:db:e6:12:08:bc:b6:8b:9f:d1:a0:
         7c:62:cc:3e:bf:7a:92:94:63:42:6b:b9:ff:6e:3e:0a:f0:ec:
         8e:69:b2:ad:2a:48:c5:71:ca:c1:5b:97:e0:72:7e:5c:24:2c:
         6e:0f:1b:c4:89:2e:b8:62:82:ac:3a:2a:7e:ad:fc:7a:e4:e6:
         b8:6e:6e:6c:21:9b:90:13:3b:9c:da:de:8f:2d:92:08:7b:bd:
         80:35:a0:40:d8:ed:5e:ad:a0:55:32:a3:4d:df:5e:74:6f:96:
         92:0e:84:95:ae:2f:2b:d4:2c:2a:aa:20:5d:23:a2:d4:7b:77:
         90:5c:f3:63:da:60:49:67:b6:ab:e3:09:f2:85:67:89:26:f2:
         0f:07:c4:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAAu6My+4TZoP8LzS4xgtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmOWM2NGUxNzBiN2YyNTVkN2NhMzAwMzVkNjUzMmM4OTU3
ZWIxNjkwHhcNMjQwMTAxMTIyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmNhZWMxN2NhNmVmZDdlYTE0YThjMjI2ZGRmYTU4NTYzOGUwOGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxHnuk8oPASYeiwOILyomZOZKyE6x
vC0n0VQTwZw+HqlkTLLXdbrMfO8T5X2T5vbm8RhS986ApPVPzwjyuST8K/xCp6Ox
D/Y1PMdP3sxJMCxe/Nq7ZQCBtfwF8FtGj32ZGhJbgzY2mSYufy82PkHadmcqhnFl
scktbUTpsNctUL5NhSbUQaaOeabKuuYA3w7P6C4hvC1UThCp0wbR/exJh6Hmi9oe
RgVJAoEu5qRqiegjltX/kP046a1dSo7GNtx2SgGqUXr2P5vp1TA1ooRbEBtu+QaE
5jh0oxA0KwSgxofTDaPO5hfloGj5Y+30c2fvFqd95Tp4Vfe5E0edxJZ7twIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDLK7BfKbv1+oUqMIm3fpYVjjgigMB8GA1UdIwQY
MBaAFN+cZOFwt/JV18owA11lMsiVfrFpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzV4azRYQzM4bFhYeWpBRFhXVXl5SlYtc1drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9hYmQxMmYtMWQ2Ni00MTJmLTliZTIt
MjhjYjNiYmYwNWFlLzEvTXNyc0Y4cHVfWDZoU293aWJkLWxoV09PQ0tBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9hYmQxMmYtMWQ2Ni00MTJmLTliZTItMjhjYjNiYmYwNWFl
LzEvMzV4azRYQzM4bFhYeWpBRFhXVXl5SlYtc1drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPskqMA0G
CSqGSIb3DQEBCwUAA4IBAQAooNe1EtJ8JPlmpGN5twfJDeeqZ2zJ0hRZ3BqqO9ko
MIRNFPmOd+7hnFo/CochRHgHNKZTFg37Qh9cGgHtxIMutCjJp+xIJPOQxTTuRVVT
x0kqsyTVwZZRW7Qj4nvfpaLUY0MjfqyiQykRCInhs5x2HjbeutvmEgi8touf0aB8
Ysw+v3qSlGNCa7n/bj4K8OyOabKtKkjFccrBW5fgcn5cJCxuDxvEiS64YoKsOip+
rfx65Oa4bm5sIZuQEzuc2t6PLZIIe72ANaBA2O1eraBVMqNN3150b5aSDoSVri8r
1CwqqiBdI6LUe3eQXPNj2mBJZ7ar4wnyhWeJJvIPB8R+
-----END CERTIFICATE-----