Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/0e7e28-a829-47d2-80e6-8ba6888669cf/1/oWPO9pA2PMQaqcYA1YBd3-hnamQ.roa
File:                     oWPO9pA2PMQaqcYA1YBd3-hnamQ.roa (raw, json)
Hash identifier:          tND8+Yq3PYb4FRuNmt1cnXJXUuf3hyQ4CAd31+zATG4=
Subject key identifier:   A1:63:CE:F6:90:36:3C:C4:1A:A9:C6:00:D5:80:5D:DF:E8:67:6A:64
Certificate issuer:       /CN=d6aa89f7b722279c032942dcf24865f6d72d6501
Certificate serial:       018CC64B7EE7F0FA6F1665ECEC28624AD22B
Authority key identifier: D6:AA:89:F7:B7:22:27:9C:03:29:42:DC:F2:48:65:F6:D7:2D:65:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1qqJ97ciJ5wDKULc8khl9tctZQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/0e7e28-a829-47d2-80e6-8ba6888669cf/1/oWPO9pA2PMQaqcYA1YBd3-hnamQ.roa
Signing time:             Mon 01 Jan 2024 18:31:25 +0000
ROA not before:           Mon 01 Jan 2024 18:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        62.12.56.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/0e7e28-a829-47d2-80e6-8ba6888669cf/1/1qqJ97ciJ5wDKULc8khl9tctZQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/0e7e28-a829-47d2-80e6-8ba6888669cf/1/1qqJ97ciJ5wDKULc8khl9tctZQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1qqJ97ciJ5wDKULc8khl9tctZQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:7e:e7:f0:fa:6f:16:65:ec:ec:28:62:4a:d2:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6aa89f7b722279c032942dcf24865f6d72d6501
        Validity
            Not Before: Jan  1 18:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a163cef690363cc41aa9c600d5805ddfe8676a64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:6c:58:f1:e4:b6:05:2f:f2:07:94:62:56:49:
                    42:25:7e:82:02:6f:0c:ba:3c:08:2d:7a:8b:85:0e:
                    ec:0e:67:9f:61:8a:02:87:74:74:f8:78:a9:b2:70:
                    6f:23:f8:ac:fa:aa:84:f0:1b:2b:5d:6a:1a:32:36:
                    52:7c:40:59:5f:48:53:3c:d6:7b:99:3b:23:54:6a:
                    42:8d:f0:7b:be:be:c9:c8:77:08:5e:bf:e3:b6:e0:
                    60:05:69:30:1c:86:83:5d:2f:7b:5c:10:b9:b2:a0:
                    2f:27:b9:82:de:1a:fb:f1:da:6b:90:79:d8:09:6a:
                    54:5f:bd:3e:8a:e7:f7:c4:98:f7:63:a3:90:ba:a7:
                    06:7d:9d:e2:0c:21:82:82:e7:ec:b5:32:58:71:c0:
                    cf:31:d3:e9:b8:b3:a1:a0:3a:4f:2c:2e:27:8e:96:
                    84:36:16:fd:03:95:9c:4e:ce:1e:43:0a:83:b4:1e:
                    41:3f:a8:d2:dc:fc:32:a4:55:c3:b5:3e:42:46:1e:
                    c7:e9:11:30:a3:ae:e6:b4:72:3d:5a:7d:2e:eb:6b:
                    d6:03:64:c4:33:0b:73:56:3d:c8:aa:c1:49:b0:7f:
                    7f:dc:03:ae:ea:d9:af:85:b0:52:e3:38:d0:81:cb:
                    5f:37:36:08:a6:4f:34:b8:62:c0:df:13:05:36:ea:
                    be:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:63:CE:F6:90:36:3C:C4:1A:A9:C6:00:D5:80:5D:DF:E8:67:6A:64
            X509v3 Authority Key Identifier:
                keyid:D6:AA:89:F7:B7:22:27:9C:03:29:42:DC:F2:48:65:F6:D7:2D:65:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1qqJ97ciJ5wDKULc8khl9tctZQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/0e7e28-a829-47d2-80e6-8ba6888669cf/1/oWPO9pA2PMQaqcYA1YBd3-hnamQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/0e7e28-a829-47d2-80e6-8ba6888669cf/1/1qqJ97ciJ5wDKULc8khl9tctZQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.12.56.0/21

    Signature Algorithm: sha256WithRSAEncryption
         73:50:cb:8b:a9:04:ac:1f:09:55:ba:f2:0a:8f:b7:61:14:89:
         cf:97:c2:44:d7:e4:a6:73:bc:37:5a:e2:1d:93:ba:58:a2:e8:
         55:58:2f:04:1f:23:b0:f8:71:26:8c:92:8c:07:69:94:7d:98:
         c5:50:b7:fb:3a:0b:87:a4:cc:7c:94:e7:e9:70:8d:6c:70:98:
         c1:ce:b6:de:f4:9a:c0:f7:5a:6d:87:c3:fa:53:b8:86:b3:57:
         d9:a5:01:2d:11:fd:a4:63:ad:d2:7a:a7:69:17:10:81:40:1e:
         c6:66:25:ed:e7:bc:0a:ad:fc:77:f2:d4:c6:5a:17:8b:99:7f:
         5b:60:98:2c:e4:84:0d:6a:b3:4a:55:48:fc:36:53:0c:aa:ca:
         67:5a:37:35:bb:e5:3b:e8:d0:6f:d5:17:a4:50:39:39:f9:4d:
         af:f7:9c:83:48:26:cb:09:d3:04:5c:21:fb:9f:c5:38:85:e1:
         00:7a:e7:27:a5:af:36:ce:b3:0a:bf:ce:c5:b2:d3:fd:47:fb:
         d6:22:ff:3f:f1:bf:84:14:82:7c:7d:83:ba:fa:16:27:a5:77:
         3a:2c:ac:16:c4:5d:6b:bb:4c:cc:6a:9d:32:b1:40:37:f9:e0:
         53:78:bb:f2:be:8e:9f:84:12:d0:0c:f9:8c:5f:7a:61:20:76:
         df:3a:bf:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS37n8PpvFmXs7ChiStIrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2YWE4OWY3YjcyMjI3OWMwMzI5NDJkY2YyNDg2NWY2ZDcy
ZDY1MDEwHhcNMjQwMTAxMTgzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTYzY2VmNjkwMzYzY2M0MWFhOWM2MDBkNTgwNWRkZmU4Njc2YTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAimxY8eS2BS/yB5RiVklCJX6CAm8M
ujwILXqLhQ7sDmefYYoCh3R0+HipsnBvI/is+qqE8BsrXWoaMjZSfEBZX0hTPNZ7
mTsjVGpCjfB7vr7JyHcIXr/jtuBgBWkwHIaDXS97XBC5sqAvJ7mC3hr78dprkHnY
CWpUX70+iuf3xJj3Y6OQuqcGfZ3iDCGCgufstTJYccDPMdPpuLOhoDpPLC4njpaE
Nhb9A5WcTs4eQwqDtB5BP6jS3PwypFXDtT5CRh7H6REwo67mtHI9Wn0u62vWA2TE
MwtzVj3IqsFJsH9/3AOu6tmvhbBS4zjQgctfNzYIpk80uGLA3xMFNuq+WQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKFjzvaQNjzEGqnGANWAXd/oZ2pkMB8GA1UdIwQY
MBaAFNaqife3IiecAylC3PJIZfbXLWUBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXFxSjk3Y2lKNXdES1VMYzhraGw5dGN0WlFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8wZTdlMjgtYTgyOS00N2QyLTgwZTYt
OGJhNjg4ODY2OWNmLzEvb1dQTzlwQTJQTVFhcWNZQTFZQmQzLWhuYW1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8wZTdlMjgtYTgyOS00N2QyLTgwZTYtOGJhNjg4ODY2OWNm
LzEvMXFxSjk3Y2lKNXdES1VMYzhraGw5dGN0WlFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDPgw4MA0G
CSqGSIb3DQEBCwUAA4IBAQBzUMuLqQSsHwlVuvIKj7dhFInPl8JE1+Smc7w3WuId
k7pYouhVWC8EHyOw+HEmjJKMB2mUfZjFULf7OguHpMx8lOfpcI1scJjBzrbe9JrA
91pth8P6U7iGs1fZpQEtEf2kY63SeqdpFxCBQB7GZiXt57wKrfx38tTGWheLmX9b
YJgs5IQNarNKVUj8NlMMqspnWjc1u+U76NBv1RekUDk5+U2v95yDSCbLCdMEXCH7
n8U4heEAeucnpa82zrMKv87FstP9R/vWIv8/8b+EFIJ8fYO6+hYnpXc6LKwWxF1r
u0zMap0ysUA3+eBTeLvyvo6fhBLQDPmMX3phIHbfOr+m
-----END CERTIFICATE-----