Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/HzWayWpzU2YxwbXLQj8eRTdINYo.roa
File:                     HzWayWpzU2YxwbXLQj8eRTdINYo.roa (raw, json)
Hash identifier:          Oy/BKaSQ3RtLz33EaNJuFpeomD6YdoYqucZjLQbtoWw=
Subject key identifier:   1F:35:9A:C9:6A:73:53:66:31:C1:B5:CB:42:3F:1E:45:37:48:35:8A
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       018CC79527D3407AC475A9384E9454327988
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/HzWayWpzU2YxwbXLQj8eRTdINYo.roa
Signing time:             Tue 02 Jan 2024 00:31:30 +0000
ROA not before:           Tue 02 Jan 2024 00:31:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62036
IP address blocks:        92.63.190.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 20:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:27:d3:40:7a:c4:75:a9:38:4e:94:54:32:79:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jan  2 00:31:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f359ac96a73536631c1b5cb423f1e453748358a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:92:47:98:79:a5:ac:ec:d8:10:03:69:9a:e5:
                    c2:4c:35:14:81:73:6a:43:86:4c:02:ed:10:11:bb:
                    2d:8b:74:c0:4d:01:13:d5:8a:60:9f:f2:e6:06:fe:
                    2c:e3:61:63:a6:5e:de:6f:cd:0c:45:2e:37:0f:7c:
                    a6:e0:c0:21:b7:43:1b:5e:6c:7f:26:ea:0d:95:7e:
                    d0:6e:f5:b7:63:a0:22:c5:a0:a7:96:da:5d:74:0e:
                    5a:d5:2b:27:6a:f4:5a:2c:2d:b2:5f:27:9b:bc:ba:
                    fb:e3:8f:f4:a8:c1:0d:d7:a2:42:f8:0b:36:a5:e7:
                    b1:5d:9c:88:3d:7b:83:7b:7e:76:d4:c4:e2:86:09:
                    89:f4:94:60:85:69:16:d2:d7:31:34:95:bc:c2:8b:
                    39:5a:d7:ff:4e:11:2f:16:58:5c:6e:5b:f7:12:a6:
                    03:14:7d:ff:bd:8d:ca:74:a4:6f:69:93:e6:a8:75:
                    35:5e:6b:f7:8f:e0:5b:a9:9b:25:41:59:38:2a:f9:
                    c2:c3:8f:7c:0f:0a:00:de:11:e9:99:61:28:b8:39:
                    f2:17:49:dd:4f:52:65:19:49:30:da:dd:2e:8b:e0:
                    25:28:71:4d:71:fa:2d:7b:f2:ac:3c:ae:da:13:81:
                    9c:60:3c:08:47:4e:5f:8d:80:3f:41:9f:24:4c:62:
                    c5:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:35:9A:C9:6A:73:53:66:31:C1:B5:CB:42:3F:1E:45:37:48:35:8A
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/HzWayWpzU2YxwbXLQj8eRTdINYo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.63.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:68:27:3c:8e:c5:2f:aa:59:d8:dd:03:bc:f7:e4:12:98:a7:
         78:53:67:da:87:4a:97:2f:0d:d1:81:99:54:f5:ca:f4:f5:10:
         9e:82:9d:1f:6a:36:cb:48:62:f3:a1:70:e8:01:06:de:80:fb:
         ce:52:8d:e9:d8:fc:08:02:48:28:d2:e1:40:74:b9:3a:30:df:
         3b:6a:d8:ac:d9:4b:c2:73:95:e6:9f:1d:8c:82:e0:67:04:50:
         bb:ef:c8:3d:e4:28:aa:24:46:13:3e:4b:b5:bb:40:4e:7e:dc:
         e6:18:d1:e3:98:ad:03:ae:69:5f:4a:86:bb:17:73:aa:a6:cf:
         ee:87:86:42:5a:21:9f:2d:3d:01:48:53:7e:86:60:da:4c:b3:
         7f:02:75:11:7c:cd:f7:ed:f7:99:34:45:a9:4b:25:ee:d0:90:
         72:61:ba:31:8e:6d:e8:bc:fe:67:6d:8d:ba:d3:f1:ba:53:98:
         d7:09:b3:ed:4e:dc:5e:58:cd:c8:e6:7b:a9:c1:bf:ae:41:ef:
         65:c9:e2:eb:af:df:18:b5:0e:e0:bd:e5:92:23:71:f5:57:fe:
         a8:82:4e:49:ee:55:df:e3:8a:74:18:14:a0:c6:e1:57:2c:4f:
         c3:db:db:cf:af:ca:77:a2:be:b5:71:c4:2d:2b:0e:fa:ca:4e:
         20:38:cf:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlSfTQHrEdak4TpRUMnmIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjQwMTAyMDAzMTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjM1OWFjOTZhNzM1MzY2MzFjMWI1Y2I0MjNmMWU0NTM3NDgzNThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsJJHmHmlrOzYEANpmuXCTDUUgXNq
Q4ZMAu0QEbsti3TATQET1Ypgn/LmBv4s42Fjpl7eb80MRS43D3ym4MAht0MbXmx/
JuoNlX7QbvW3Y6AixaCnltpddA5a1SsnavRaLC2yXyebvLr744/0qMEN16JC+As2
peexXZyIPXuDe3521MTihgmJ9JRghWkW0tcxNJW8wos5Wtf/ThEvFlhcblv3EqYD
FH3/vY3KdKRvaZPmqHU1Xmv3j+BbqZslQVk4KvnCw498DwoA3hHpmWEouDnyF0nd
T1JlGUkw2t0ui+AlKHFNcfote/KsPK7aE4GcYDwIR05fjYA/QZ8kTGLFJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB81mslqc1NmMcG1y0I/HkU3SDWKMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvSHpXYXlXcHpVMll4d2JYTFFqOGVSVGRJTllvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXD++MA0G
CSqGSIb3DQEBCwUAA4IBAQChaCc8jsUvqlnY3QO89+QSmKd4U2fah0qXLw3RgZlU
9cr09RCegp0fajbLSGLzoXDoAQbegPvOUo3p2PwIAkgo0uFAdLk6MN87atis2UvC
c5Xmnx2MguBnBFC778g95CiqJEYTPku1u0BOftzmGNHjmK0DrmlfSoa7F3Oqps/u
h4ZCWiGfLT0BSFN+hmDaTLN/AnURfM337feZNEWpSyXu0JByYboxjm3ovP5nbY26
0/G6U5jXCbPtTtxeWM3I5nupwb+uQe9lyeLrr98YtQ7gveWSI3H1V/6ogk5J7lXf
44p0GBSgxuFXLE/D29vPr8p3or61ccQtKw76yk4gOM+f
-----END CERTIFICATE-----