Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/b431ca-5275-42b5-8d54-d196f9291732/1/XI8GYNvzBktqANN3ULY6yNPZsp4.roa
File:                     XI8GYNvzBktqANN3ULY6yNPZsp4.roa (raw, json)
Hash identifier:          0Mxp84Xa3ZGuCVESuvLHwIOTltEO7ZBfIp1LcrOP0ho=
Subject key identifier:   5C:8F:06:60:DB:F3:06:4B:6A:00:D3:77:50:B6:3A:C8:D3:D9:B2:9E
Certificate issuer:       /CN=b9b0d33432eca77c054e8fa8707248da4e47db0b
Certificate serial:       019420D65451A58F4239483E83844CA439DE
Authority key identifier: B9:B0:D3:34:32:EC:A7:7C:05:4E:8F:A8:70:72:48:DA:4E:47:DB:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ubDTNDLsp3wFTo-ocHJI2k5H2ws.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/b431ca-5275-42b5-8d54-d196f9291732/1/XI8GYNvzBktqANN3ULY6yNPZsp4.roa
Signing time:             Wed 01 Jan 2025 07:48:24 +0000
ROA not before:           Wed 01 Jan 2025 07:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206492
IP address blocks:        62.65.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/b431ca-5275-42b5-8d54-d196f9291732/1/ubDTNDLsp3wFTo-ocHJI2k5H2ws.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/b431ca-5275-42b5-8d54-d196f9291732/1/ubDTNDLsp3wFTo-ocHJI2k5H2ws.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ubDTNDLsp3wFTo-ocHJI2k5H2ws.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 10:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:54:51:a5:8f:42:39:48:3e:83:84:4c:a4:39:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9b0d33432eca77c054e8fa8707248da4e47db0b
        Validity
            Not Before: Jan  1 07:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5c8f0660dbf3064b6a00d37750b63ac8d3d9b29e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:5a:44:81:73:0c:6d:ce:29:63:a2:03:2e:fa:
                    f0:a5:da:43:51:b8:19:d0:83:02:8e:a5:f2:00:b4:
                    bf:b1:7c:d9:3c:bd:08:8f:ff:65:79:f0:cb:3c:f2:
                    ef:86:c0:40:f5:d3:94:68:5e:4c:4e:e5:fa:9e:a2:
                    7a:d6:4f:6b:4b:55:31:89:4a:0d:c1:cc:a0:1b:34:
                    be:ba:13:b2:3e:8f:2b:89:08:c2:69:01:1f:9b:47:
                    a0:8e:22:f8:fa:76:35:92:ef:ec:ee:df:dd:74:4b:
                    f5:2d:fd:de:dd:2d:84:84:15:1b:dc:bd:dc:ac:28:
                    e3:a2:28:60:4d:f5:92:8c:cc:a1:66:be:20:1c:43:
                    f3:28:75:42:d0:6f:36:b8:50:47:2e:85:ef:ed:66:
                    3c:56:2f:e3:f5:0c:3e:be:54:1e:b9:42:36:ae:b0:
                    aa:7f:71:7d:bf:66:75:b4:4e:eb:df:46:66:07:fb:
                    ea:1c:6c:f7:ba:93:2c:d4:42:05:ed:bb:2f:4b:e2:
                    fd:07:4d:2e:06:76:71:32:bc:47:7b:6b:50:c2:14:
                    25:80:72:6c:d8:75:9a:69:b2:ae:4e:5f:92:f5:61:
                    7a:bb:94:99:91:b5:37:ae:6a:c6:ec:b5:ee:2d:17:
                    82:a3:2d:e5:30:33:78:a6:78:1f:ec:11:2c:5f:4c:
                    3c:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:8F:06:60:DB:F3:06:4B:6A:00:D3:77:50:B6:3A:C8:D3:D9:B2:9E
            X509v3 Authority Key Identifier:
                keyid:B9:B0:D3:34:32:EC:A7:7C:05:4E:8F:A8:70:72:48:DA:4E:47:DB:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ubDTNDLsp3wFTo-ocHJI2k5H2ws.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/b431ca-5275-42b5-8d54-d196f9291732/1/XI8GYNvzBktqANN3ULY6yNPZsp4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/b431ca-5275-42b5-8d54-d196f9291732/1/ubDTNDLsp3wFTo-ocHJI2k5H2ws.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.65.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:81:b1:8f:a8:5f:4f:3f:df:7d:5f:4c:10:33:80:6b:c9:40:
         70:24:11:f4:31:9c:c2:ca:10:31:c4:cb:ad:71:9f:bb:d1:3e:
         3e:b5:3e:05:86:22:81:34:6b:9c:fd:ac:af:a9:ef:60:dc:2f:
         dc:59:25:8a:bb:95:e2:76:71:0a:a9:0e:61:a5:0e:22:b2:09:
         7f:c4:28:b8:44:57:83:68:15:43:b0:cf:ca:72:15:99:07:8b:
         10:df:1d:e7:1d:4c:a5:bb:6d:ae:c8:ea:7f:58:5d:48:61:5a:
         e9:e9:de:36:3a:2d:39:86:74:86:76:5d:d8:8c:e1:1f:91:94:
         e7:8f:41:0e:34:1c:39:c0:5f:65:4b:57:e4:1a:fd:91:25:20:
         3e:f8:b5:1b:8e:25:8f:ed:a3:b9:05:44:77:02:5a:bb:c5:d5:
         67:a1:09:f0:d0:cc:c3:08:53:c7:bf:90:57:71:35:48:87:76:
         30:07:52:3d:f3:d1:d5:b3:66:5c:36:3d:7c:fd:aa:dc:a0:46:
         13:2d:91:ff:a5:71:2c:9d:bb:bf:df:45:be:3c:aa:0f:f0:11:
         c3:bd:2c:0a:20:7f:53:03:b4:8c:c1:cb:9d:9d:dd:ef:14:0a:
         8f:19:2d:8c:ad:62:2a:8f:d9:4a:94:46:e4:4e:e5:49:8d:81:
         27:b3:26:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1lRRpY9COUg+g4RMpDneMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5YjBkMzM0MzJlY2E3N2MwNTRlOGZhODcwNzI0OGRhNGU0
N2RiMGIwHhcNMjUwMTAxMDc0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzhmMDY2MGRiZjMwNjRiNmEwMGQzNzc1MGI2M2FjOGQzZDliMjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlpEgXMMbc4pY6IDLvrwpdpDUbgZ
0IMCjqXyALS/sXzZPL0Ij/9lefDLPPLvhsBA9dOUaF5MTuX6nqJ61k9rS1UxiUoN
wcygGzS+uhOyPo8riQjCaQEfm0egjiL4+nY1ku/s7t/ddEv1Lf3e3S2EhBUb3L3c
rCjjoihgTfWSjMyhZr4gHEPzKHVC0G82uFBHLoXv7WY8Vi/j9Qw+vlQeuUI2rrCq
f3F9v2Z1tE7r30ZmB/vqHGz3upMs1EIF7bsvS+L9B00uBnZxMrxHe2tQwhQlgHJs
2HWaabKuTl+S9WF6u5SZkbU3rmrG7LXuLReCoy3lMDN4pngf7BEsX0w8yQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFyPBmDb8wZLagDTd1C2OsjT2bKeMB8GA1UdIwQY
MBaAFLmw0zQy7Kd8BU6PqHBySNpOR9sLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWJEVE5ETHNwM3dGVG8tb2NISkkyazVIMndzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9iNDMxY2EtNTI3NS00MmI1LThkNTQt
ZDE5NmY5MjkxNzMyLzEvWEk4R1lOdnpCa3RxQU5OM1VMWTZ5TlBac3A0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9iNDMxY2EtNTI3NS00MmI1LThkNTQtZDE5NmY5MjkxNzMy
LzEvdWJEVE5ETHNwM3dGVG8tb2NISkkyazVIMndzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPkGJMA0G
CSqGSIb3DQEBCwUAA4IBAQBRgbGPqF9PP999X0wQM4BryUBwJBH0MZzCyhAxxMut
cZ+70T4+tT4FhiKBNGuc/ayvqe9g3C/cWSWKu5XidnEKqQ5hpQ4isgl/xCi4RFeD
aBVDsM/KchWZB4sQ3x3nHUylu22uyOp/WF1IYVrp6d42Oi05hnSGdl3YjOEfkZTn
j0EONBw5wF9lS1fkGv2RJSA++LUbjiWP7aO5BUR3Alq7xdVnoQnw0MzDCFPHv5BX
cTVIh3YwB1I989HVs2ZcNj18/arcoEYTLZH/pXEsnbu/30W+PKoP8BHDvSwKIH9T
A7SMwcudnd3vFAqPGS2MrWIqj9lKlEbkTuVJjYEnsyaq
-----END CERTIFICATE-----