Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/f70a9c-1528-4e66-b7a6-061639812c74/1/2SEzlpxDtC-mGNsA02Kb-3Th1DQ.roa
File:                     2SEzlpxDtC-mGNsA02Kb-3Th1DQ.roa (raw, json)
Hash identifier:          KdUVYYaFHh2tlkpP8/eY5BojR4hsPPDqnSfu2esveAQ=
Subject key identifier:   D9:21:33:96:9C:43:B4:2F:A6:18:DB:00:D3:62:9B:FB:74:E1:D4:34
Certificate issuer:       /CN=642794c2d2cfa054638ba950a5f668e87601412d
Certificate serial:       018CC2DAB688407CB41F69EB967F0296C8CF
Authority key identifier: 64:27:94:C2:D2:CF:A0:54:63:8B:A9:50:A5:F6:68:E8:76:01:41:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZCeUwtLPoFRji6lQpfZo6HYBQS0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/f70a9c-1528-4e66-b7a6-061639812c74/1/2SEzlpxDtC-mGNsA02Kb-3Th1DQ.roa
Signing time:             Mon 01 Jan 2024 02:29:22 +0000
ROA not before:           Mon 01 Jan 2024 02:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51815
IP address blocks:        62.102.151.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/f70a9c-1528-4e66-b7a6-061639812c74/1/ZCeUwtLPoFRji6lQpfZo6HYBQS0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/f70a9c-1528-4e66-b7a6-061639812c74/1/ZCeUwtLPoFRji6lQpfZo6HYBQS0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZCeUwtLPoFRji6lQpfZo6HYBQS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:b6:88:40:7c:b4:1f:69:eb:96:7f:02:96:c8:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=642794c2d2cfa054638ba950a5f668e87601412d
        Validity
            Not Before: Jan  1 02:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d92133969c43b42fa618db00d3629bfb74e1d434
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:df:a5:1c:c3:d2:ac:26:55:f7:4d:f4:fe:2f:
                    bf:a8:27:57:d1:a8:eb:b1:2f:54:69:ce:75:ad:1e:
                    de:6c:bc:67:75:1a:3e:58:50:2c:7c:0b:30:a7:a1:
                    91:ea:59:80:5f:94:c1:7d:74:98:7f:1d:89:03:84:
                    09:e1:62:64:47:9f:6b:69:e3:1b:2b:05:10:52:04:
                    64:61:55:82:3f:e9:0e:7b:0a:f5:e5:13:1f:40:25:
                    d2:f2:37:b6:8a:2f:35:a6:aa:40:bf:46:ba:a4:77:
                    5c:bd:ba:9e:94:4f:f2:40:d9:fa:05:3a:aa:f2:ba:
                    af:d9:a2:45:17:b7:39:e2:45:41:96:2b:03:a6:72:
                    8d:21:a5:f3:ea:5c:e6:7b:a0:de:f7:d6:2b:28:82:
                    00:cc:f1:72:01:04:eb:14:a2:49:02:3d:5a:06:bf:
                    46:b2:c3:3f:8d:1f:81:06:09:c0:b5:19:0a:86:65:
                    ae:a9:99:5a:e4:b0:ff:eb:e3:a8:06:71:0b:87:c8:
                    f9:9f:b2:53:a9:7a:6f:5d:5c:f8:df:06:65:2e:d3:
                    8c:36:81:17:cc:a9:97:54:a1:c0:ca:c0:37:8a:8b:
                    b3:53:47:91:be:c8:79:c9:81:fc:0b:ca:08:3b:b9:
                    85:b2:a7:d7:7f:ab:39:a4:f7:d1:db:3c:71:1c:a4:
                    45:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:21:33:96:9C:43:B4:2F:A6:18:DB:00:D3:62:9B:FB:74:E1:D4:34
            X509v3 Authority Key Identifier:
                keyid:64:27:94:C2:D2:CF:A0:54:63:8B:A9:50:A5:F6:68:E8:76:01:41:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZCeUwtLPoFRji6lQpfZo6HYBQS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/f70a9c-1528-4e66-b7a6-061639812c74/1/2SEzlpxDtC-mGNsA02Kb-3Th1DQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/f70a9c-1528-4e66-b7a6-061639812c74/1/ZCeUwtLPoFRji6lQpfZo6HYBQS0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.102.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:09:bd:06:61:5d:6c:5b:ad:18:4e:51:02:66:b3:6f:22:22:
         cb:52:96:40:10:16:6a:8d:4e:74:1c:aa:de:b0:91:74:f8:7a:
         c9:0e:c3:d0:15:eb:19:7a:75:b2:ba:4c:26:91:a9:7a:0c:04:
         e7:8a:51:cf:8d:74:65:fa:a7:4d:06:3f:f6:5a:23:8a:27:f3:
         e5:a3:c8:91:a8:09:a5:03:ff:c5:25:f6:8c:be:21:59:94:fe:
         17:b1:49:59:db:4a:45:e2:2b:70:1d:10:3a:ba:67:3e:d6:ca:
         25:9f:4e:13:45:3c:f6:73:f5:60:1c:27:f2:eb:98:02:c3:8b:
         e3:26:3b:3f:73:60:d9:d8:49:d7:9b:86:0e:9e:2a:f5:94:a0:
         a3:e7:b1:26:20:f8:57:7f:1a:e7:af:3d:30:c5:4d:d9:e1:bd:
         a3:1a:6a:fc:7a:78:d5:d4:99:39:c1:24:27:d8:12:de:50:8f:
         d9:ee:54:7a:8e:ca:4d:8f:ab:3d:fe:e6:a2:4a:ec:c7:8a:cf:
         60:8b:d5:89:79:af:67:b1:24:8c:00:93:d7:71:58:8a:48:0f:
         c7:f5:a3:47:43:75:f1:4d:12:4b:67:a9:9f:c7:e6:e8:5e:9c:
         88:9c:0d:60:06:23:7f:33:8e:ea:a0:4b:1d:6f:8f:6e:5f:ee:
         80:39:fa:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2raIQHy0H2nrln8ClsjPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0Mjc5NGMyZDJjZmEwNTQ2MzhiYTk1MGE1ZjY2OGU4NzYw
MTQxMmQwHhcNMjQwMTAxMDIyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTIxMzM5NjljNDNiNDJmYTYxOGRiMDBkMzYyOWJmYjc0ZTFkNDM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAld+lHMPSrCZV9030/i+/qCdX0ajr
sS9Uac51rR7ebLxndRo+WFAsfAswp6GR6lmAX5TBfXSYfx2JA4QJ4WJkR59raeMb
KwUQUgRkYVWCP+kOewr15RMfQCXS8je2ii81pqpAv0a6pHdcvbqelE/yQNn6BTqq
8rqv2aJFF7c54kVBlisDpnKNIaXz6lzme6De99YrKIIAzPFyAQTrFKJJAj1aBr9G
ssM/jR+BBgnAtRkKhmWuqZla5LD/6+OoBnELh8j5n7JTqXpvXVz43wZlLtOMNoEX
zKmXVKHAysA3iouzU0eRvsh5yYH8C8oIO7mFsqfXf6s5pPfR2zxxHKRFjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNkhM5acQ7QvphjbANNim/t04dQ0MB8GA1UdIwQY
MBaAFGQnlMLSz6BUY4upUKX2aOh2AUEtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkNlVXd0TFBvRlJqaTZsUXBmWm82SFlCUVMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9mNzBhOWMtMTUyOC00ZTY2LWI3YTYt
MDYxNjM5ODEyYzc0LzEvMlNFemxweER0Qy1tR05zQTAyS2ItM1RoMURRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9mNzBhOWMtMTUyOC00ZTY2LWI3YTYtMDYxNjM5ODEyYzc0
LzEvWkNlVXd0TFBvRlJqaTZsUXBmWm82SFlCUVMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPmaXMA0G
CSqGSIb3DQEBCwUAA4IBAQCvCb0GYV1sW60YTlECZrNvIiLLUpZAEBZqjU50HKre
sJF0+HrJDsPQFesZenWyukwmkal6DATnilHPjXRl+qdNBj/2WiOKJ/Plo8iRqAml
A//FJfaMviFZlP4XsUlZ20pF4itwHRA6umc+1soln04TRTz2c/VgHCfy65gCw4vj
Jjs/c2DZ2EnXm4YOnir1lKCj57EmIPhXfxrnrz0wxU3Z4b2jGmr8enjV1Jk5wSQn
2BLeUI/Z7lR6jspNj6s9/uaiSuzHis9gi9WJea9nsSSMAJPXcViKSA/H9aNHQ3Xx
TRJLZ6mfx+boXpyInA1gBiN/M47qoEsdb49uX+6AOfrs
-----END CERTIFICATE-----