Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/bcafd8-8014-4131-b71b-74c3a9789a1c/1/hcmW2wEtmTwysNsiCtApEiYaPbo.roa
File:                     hcmW2wEtmTwysNsiCtApEiYaPbo.roa (raw, json)
Hash identifier:          GInK+nUAKiEO1zwkEG1wx51N+X7p+Rx4pjsW68DiQZs=
Subject key identifier:   85:C9:96:DB:01:2D:99:3C:32:B0:DB:22:0A:D0:29:12:26:1A:3D:BA
Certificate issuer:       /CN=14405d209aecc384929a0ad964b4dbcd5c0468c2
Certificate serial:       018CC26D810794F92A9DF2284BE1EA5F3864
Authority key identifier: 14:40:5D:20:9A:EC:C3:84:92:9A:0A:D9:64:B4:DB:CD:5C:04:68:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FEBdIJrsw4SSmgrZZLTbzVwEaMI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/bcafd8-8014-4131-b71b-74c3a9789a1c/1/hcmW2wEtmTwysNsiCtApEiYaPbo.roa
Signing time:             Mon 01 Jan 2024 00:30:05 +0000
ROA not before:           Mon 01 Jan 2024 00:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34863
IP address blocks:        62.106.77.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/bcafd8-8014-4131-b71b-74c3a9789a1c/1/FEBdIJrsw4SSmgrZZLTbzVwEaMI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/bcafd8-8014-4131-b71b-74c3a9789a1c/1/FEBdIJrsw4SSmgrZZLTbzVwEaMI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FEBdIJrsw4SSmgrZZLTbzVwEaMI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 04:03:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:81:07:94:f9:2a:9d:f2:28:4b:e1:ea:5f:38:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=14405d209aecc384929a0ad964b4dbcd5c0468c2
        Validity
            Not Before: Jan  1 00:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=85c996db012d993c32b0db220ad02912261a3dba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:7e:ff:60:5a:12:3c:fc:75:09:7c:a1:c8:f5:
                    07:f4:23:bc:70:d4:17:19:62:c2:21:f7:e0:30:f1:
                    ca:00:fb:8d:c5:20:53:50:b4:d7:44:b1:05:6f:1e:
                    09:c4:62:57:4a:73:57:1e:61:17:51:2d:7a:f1:ef:
                    55:f6:6c:77:33:fc:17:d4:13:ce:13:4e:17:1d:02:
                    1b:89:15:07:17:f4:d7:50:34:fd:a5:6d:4e:84:ca:
                    d1:7c:7e:2b:a6:e5:6b:85:f2:36:fd:35:12:e9:0a:
                    f8:01:40:4b:e9:72:e1:ac:06:cb:76:fe:90:13:89:
                    7d:08:b9:06:74:aa:41:d7:af:2f:76:98:94:02:6f:
                    85:c7:66:58:ff:20:69:9e:e2:46:5b:98:3f:66:73:
                    67:5b:24:4f:1b:99:a1:a0:2d:83:68:a5:1c:bc:22:
                    a1:b8:13:7c:b1:b0:1c:3a:c8:72:cd:14:d6:7b:1c:
                    cf:d8:4c:92:fb:fb:f3:69:eb:de:e9:0d:41:f8:57:
                    fc:40:8a:9b:3a:cb:5f:4f:bb:59:27:aa:a5:dc:a7:
                    55:e5:24:cf:19:a3:5c:6f:9e:28:ab:16:4e:c7:22:
                    f2:13:36:a4:fc:17:a2:54:2c:90:5c:7b:f1:19:28:
                    be:32:fc:f3:bc:bc:db:67:41:6c:48:07:94:0e:cb:
                    ea:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:C9:96:DB:01:2D:99:3C:32:B0:DB:22:0A:D0:29:12:26:1A:3D:BA
            X509v3 Authority Key Identifier:
                keyid:14:40:5D:20:9A:EC:C3:84:92:9A:0A:D9:64:B4:DB:CD:5C:04:68:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FEBdIJrsw4SSmgrZZLTbzVwEaMI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/bcafd8-8014-4131-b71b-74c3a9789a1c/1/hcmW2wEtmTwysNsiCtApEiYaPbo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/bcafd8-8014-4131-b71b-74c3a9789a1c/1/FEBdIJrsw4SSmgrZZLTbzVwEaMI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.106.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:66:a3:a8:6c:2b:a0:f5:dd:02:d1:f1:5c:58:e7:87:1d:41:
         92:a2:2d:b3:d9:0a:d6:83:bd:ad:10:db:22:42:17:5f:c5:eb:
         79:33:50:de:17:0d:be:b9:e8:82:18:38:9d:1a:c9:45:eb:08:
         77:64:5a:4a:37:fc:cb:7b:b7:6a:74:62:31:4d:fb:d2:44:82:
         77:e8:0d:a1:d2:66:48:dd:cd:0f:95:84:8e:7b:9e:ed:72:c5:
         77:b5:88:69:9f:0c:87:66:ba:0a:0a:f5:c4:62:be:72:82:04:
         15:95:50:f6:7f:38:24:5a:10:00:01:cf:75:a0:ef:49:b8:37:
         46:38:82:c4:66:4f:46:14:1e:98:75:9e:13:34:ad:29:2a:19:
         22:6e:9f:47:0e:90:44:85:16:b4:b3:6e:82:76:2d:80:d7:df:
         0c:a6:ce:55:86:2f:c1:59:0f:f1:87:31:65:1e:4e:e2:ce:39:
         7d:f8:f5:da:54:3c:d7:f1:cf:5f:96:cd:00:df:1f:18:f1:54:
         13:30:e8:16:74:5b:77:c5:b9:5d:08:23:a2:54:36:69:f3:f6:
         c3:7e:64:20:f9:83:57:f7:9b:a4:ce:38:b1:71:88:75:55:90:
         46:2e:87:56:a5:4d:3f:d7:8a:b6:7e:f6:97:2d:4b:f9:38:dd:
         bf:14:57:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbYEHlPkqnfIoS+HqXzhkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0NDA1ZDIwOWFlY2MzODQ5MjlhMGFkOTY0YjRkYmNkNWMw
NDY4YzIwHhcNMjQwMTAxMDAzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWM5OTZkYjAxMmQ5OTNjMzJiMGRiMjIwYWQwMjkxMjI2MWEzZGJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoH7/YFoSPPx1CXyhyPUH9CO8cNQX
GWLCIffgMPHKAPuNxSBTULTXRLEFbx4JxGJXSnNXHmEXUS168e9V9mx3M/wX1BPO
E04XHQIbiRUHF/TXUDT9pW1OhMrRfH4rpuVrhfI2/TUS6Qr4AUBL6XLhrAbLdv6Q
E4l9CLkGdKpB168vdpiUAm+Fx2ZY/yBpnuJGW5g/ZnNnWyRPG5mhoC2DaKUcvCKh
uBN8sbAcOshyzRTWexzP2EyS+/vzaeve6Q1B+Ff8QIqbOstfT7tZJ6ql3KdV5STP
GaNcb54oqxZOxyLyEzak/BeiVCyQXHvxGSi+MvzzvLzbZ0FsSAeUDsvqxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIXJltsBLZk8MrDbIgrQKRImGj26MB8GA1UdIwQY
MBaAFBRAXSCa7MOEkpoK2WS0281cBGjCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRkVCZElKcnN3NFNTbWdyWlpMVGJ6VndFYU1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9iY2FmZDgtODAxNC00MTMxLWI3MWIt
NzRjM2E5Nzg5YTFjLzEvaGNtVzJ3RXRtVHd5c05zaUN0QXBFaVlhUGJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9iY2FmZDgtODAxNC00MTMxLWI3MWItNzRjM2E5Nzg5YTFj
LzEvRkVCZElKcnN3NFNTbWdyWlpMVGJ6VndFYU1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPmpNMA0G
CSqGSIb3DQEBCwUAA4IBAQBsZqOobCug9d0C0fFcWOeHHUGSoi2z2QrWg72tENsi
Qhdfxet5M1DeFw2+ueiCGDidGslF6wh3ZFpKN/zLe7dqdGIxTfvSRIJ36A2h0mZI
3c0PlYSOe57tcsV3tYhpnwyHZroKCvXEYr5yggQVlVD2fzgkWhAAAc91oO9JuDdG
OILEZk9GFB6YdZ4TNK0pKhkibp9HDpBEhRa0s26Cdi2A198Mps5Vhi/BWQ/xhzFl
Hk7izjl9+PXaVDzX8c9fls0A3x8Y8VQTMOgWdFt3xbldCCOiVDZp8/bDfmQg+YNX
95ukzjixcYh1VZBGLodWpU0/14q2fvaXLUv5ON2/FFfO
-----END CERTIFICATE-----