Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/abd12f-1d66-412f-9be2-28cb3bbf05ae/1/sZu2vx-WnN_r00ooyD4IdUOlHRc.roa
File:                     sZu2vx-WnN_r00ooyD4IdUOlHRc.roa (raw, json)
Hash identifier:          JlxQXKYvhYVQmWIu9JlWwtoYNo30aW2OsvkzrpvaECw=
Subject key identifier:   B1:9B:B6:BF:1F:96:9C:DF:EB:D3:4A:28:C8:3E:08:75:43:A5:1D:17
Certificate issuer:       /CN=df9c64e170b7f255d7ca30035d6532c8957eb169
Certificate serial:       018CC5000B4A8B3F7FFA4DE2704D565B5F09
Authority key identifier: DF:9C:64:E1:70:B7:F2:55:D7:CA:30:03:5D:65:32:C8:95:7E:B1:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/35xk4XC38lXXyjADXWUyyJV-sWk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/abd12f-1d66-412f-9be2-28cb3bbf05ae/1/sZu2vx-WnN_r00ooyD4IdUOlHRc.roa
Signing time:             Mon 01 Jan 2024 12:29:23 +0000
ROA not before:           Mon 01 Jan 2024 12:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57208
IP address blocks:        62.201.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/abd12f-1d66-412f-9be2-28cb3bbf05ae/1/35xk4XC38lXXyjADXWUyyJV-sWk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/abd12f-1d66-412f-9be2-28cb3bbf05ae/1/35xk4XC38lXXyjADXWUyyJV-sWk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/35xk4XC38lXXyjADXWUyyJV-sWk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 22:26:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:0b:4a:8b:3f:7f:fa:4d:e2:70:4d:56:5b:5f:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df9c64e170b7f255d7ca30035d6532c8957eb169
        Validity
            Not Before: Jan  1 12:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b19bb6bf1f969cdfebd34a28c83e087543a51d17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:28:95:ee:7b:42:33:37:4c:c3:92:c3:61:50:
                    62:06:c4:10:6e:ca:1e:2f:bd:c0:1b:42:45:a8:0d:
                    1b:a4:ca:4f:e4:42:ce:61:5b:8e:37:5c:ee:13:aa:
                    04:01:36:db:22:83:ad:be:06:d3:db:cc:e5:98:4d:
                    52:42:bf:2d:fb:a4:fc:5f:97:b1:e4:61:42:ef:8b:
                    32:59:4e:30:4c:38:20:75:36:c4:d5:54:2c:5d:6c:
                    8a:9b:20:52:de:44:17:5b:0e:7d:6f:68:96:08:ea:
                    b6:9e:54:43:a5:56:4e:cc:f0:85:16:5d:7f:a3:7b:
                    10:4c:07:97:f2:13:68:89:68:48:cb:bd:62:2a:2c:
                    9a:51:45:6a:ab:ba:71:b5:15:41:53:b2:44:01:d5:
                    29:1a:22:f5:b1:5c:c1:c9:1a:4a:30:2d:0b:08:f3:
                    b0:90:36:b2:c3:03:5e:46:5d:16:c1:5f:9e:a5:d2:
                    9e:06:de:1a:95:dd:a1:77:b1:6a:de:96:65:b4:03:
                    ee:6e:6b:aa:22:b3:a3:17:aa:21:67:c4:e7:cc:10:
                    69:b7:70:5a:20:53:fe:19:c1:75:f6:7f:cc:85:f1:
                    68:21:d1:83:7a:18:83:06:59:39:37:e1:ba:50:2c:
                    db:49:af:4c:0a:d8:4d:05:1e:d5:bb:a7:f2:d6:98:
                    4b:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:9B:B6:BF:1F:96:9C:DF:EB:D3:4A:28:C8:3E:08:75:43:A5:1D:17
            X509v3 Authority Key Identifier:
                keyid:DF:9C:64:E1:70:B7:F2:55:D7:CA:30:03:5D:65:32:C8:95:7E:B1:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/35xk4XC38lXXyjADXWUyyJV-sWk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/abd12f-1d66-412f-9be2-28cb3bbf05ae/1/sZu2vx-WnN_r00ooyD4IdUOlHRc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/abd12f-1d66-412f-9be2-28cb3bbf05ae/1/35xk4XC38lXXyjADXWUyyJV-sWk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.201.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:1a:76:ff:a1:09:02:0f:9d:f2:35:d0:5b:e8:5a:a3:af:18:
         17:36:24:8d:ce:f9:8e:79:72:e7:75:f1:09:b5:7e:17:7d:e7:
         c1:63:88:18:41:c3:71:fd:18:9c:7a:b8:49:87:9b:d5:40:8c:
         9c:67:ab:7f:28:1c:cb:2d:1e:05:45:a1:92:f2:07:1f:f3:2d:
         49:58:67:0c:d5:11:43:a3:a4:dd:33:43:e5:b7:4b:7c:77:f8:
         96:c0:4e:80:e4:93:23:92:5b:33:c6:11:da:d3:c4:43:ff:87:
         69:e8:17:55:e7:49:25:4d:49:5d:f5:79:a9:45:f5:d4:62:fe:
         19:c5:e6:36:eb:8c:0f:a5:05:7d:8e:6d:e1:ab:f3:04:49:48:
         8c:9f:7c:62:63:e7:22:ab:1f:f9:dd:fe:43:a3:4f:95:84:52:
         08:76:05:cd:75:0f:81:02:62:91:8f:73:2a:f2:81:cb:27:a0:
         16:1a:56:8a:85:44:be:30:48:a1:0f:12:c5:89:93:ad:27:4f:
         e6:b0:ff:ba:e1:ff:2b:85:52:df:6a:f8:43:64:5a:cb:54:99:
         89:3a:6e:41:91:6e:56:32:3a:29:06:a1:fd:2b:b0:7d:a9:fa:
         d0:92:c6:46:fd:34:be:03:40:c4:17:98:ac:18:b3:a9:46:f1:
         45:ce:34:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAAtKiz9/+k3icE1WW18JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmOWM2NGUxNzBiN2YyNTVkN2NhMzAwMzVkNjUzMmM4OTU3
ZWIxNjkwHhcNMjQwMTAxMTIyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTliYjZiZjFmOTY5Y2RmZWJkMzRhMjhjODNlMDg3NTQzYTUxZDE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCiV7ntCMzdMw5LDYVBiBsQQbsoe
L73AG0JFqA0bpMpP5ELOYVuON1zuE6oEATbbIoOtvgbT28zlmE1SQr8t+6T8X5ex
5GFC74syWU4wTDggdTbE1VQsXWyKmyBS3kQXWw59b2iWCOq2nlRDpVZOzPCFFl1/
o3sQTAeX8hNoiWhIy71iKiyaUUVqq7pxtRVBU7JEAdUpGiL1sVzByRpKMC0LCPOw
kDaywwNeRl0WwV+epdKeBt4ald2hd7Fq3pZltAPubmuqIrOjF6ohZ8TnzBBpt3Ba
IFP+GcF19n/MhfFoIdGDehiDBlk5N+G6UCzbSa9MCthNBR7Vu6fy1phLmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLGbtr8flpzf69NKKMg+CHVDpR0XMB8GA1UdIwQY
MBaAFN+cZOFwt/JV18owA11lMsiVfrFpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzV4azRYQzM4bFhYeWpBRFhXVXl5SlYtc1drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9hYmQxMmYtMWQ2Ni00MTJmLTliZTIt
MjhjYjNiYmYwNWFlLzEvc1p1MnZ4LVduTl9yMDBvb3lENElkVU9sSFJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9hYmQxMmYtMWQ2Ni00MTJmLTliZTItMjhjYjNiYmYwNWFl
LzEvMzV4azRYQzM4bFhYeWpBRFhXVXl5SlYtc1drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPskqMA0G
CSqGSIb3DQEBCwUAA4IBAQAoGnb/oQkCD53yNdBb6FqjrxgXNiSNzvmOeXLndfEJ
tX4XfefBY4gYQcNx/RicerhJh5vVQIycZ6t/KBzLLR4FRaGS8gcf8y1JWGcM1RFD
o6TdM0Plt0t8d/iWwE6A5JMjklszxhHa08RD/4dp6BdV50klTUld9XmpRfXUYv4Z
xeY264wPpQV9jm3hq/MESUiMn3xiY+ciqx/53f5Do0+VhFIIdgXNdQ+BAmKRj3Mq
8oHLJ6AWGlaKhUS+MEihDxLFiZOtJ0/msP+64f8rhVLfavhDZFrLVJmJOm5BkW5W
MjopBqH9K7B9qfrQksZG/TS+A0DEF5isGLOpRvFFzjTl
-----END CERTIFICATE-----