Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/18ae02-e72d-4430-85d8-473c5ba55362/1/5qS1Yj09Li5AHNZZ3iqrTgsvOlY.roa
File:                     5qS1Yj09Li5AHNZZ3iqrTgsvOlY.roa (raw, json)
Hash identifier:          VSfbff50nHRsV+cCJuo1MXLnBVK3Djft+xeRYGfSBmg=
Subject key identifier:   E6:A4:B5:62:3D:3D:2E:2E:40:1C:D6:59:DE:2A:AB:4E:0B:2F:3A:56
Certificate issuer:       /CN=64ee0489158fe95e1991fd5ce725ea067e11a1fb
Certificate serial:       018CC794669BDC21656E08C60BC6FC4F9E77
Authority key identifier: 64:EE:04:89:15:8F:E9:5E:19:91:FD:5C:E7:25:EA:06:7E:11:A1:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZO4EiRWP6V4Zkf1c5yXqBn4Rofs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/18ae02-e72d-4430-85d8-473c5ba55362/1/5qS1Yj09Li5AHNZZ3iqrTgsvOlY.roa
Signing time:             Tue 02 Jan 2024 00:30:40 +0000
ROA not before:           Tue 02 Jan 2024 00:30:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3257
IP address blocks:        62.3.61.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/18ae02-e72d-4430-85d8-473c5ba55362/1/ZO4EiRWP6V4Zkf1c5yXqBn4Rofs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/18ae02-e72d-4430-85d8-473c5ba55362/1/ZO4EiRWP6V4Zkf1c5yXqBn4Rofs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZO4EiRWP6V4Zkf1c5yXqBn4Rofs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:66:9b:dc:21:65:6e:08:c6:0b:c6:fc:4f:9e:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64ee0489158fe95e1991fd5ce725ea067e11a1fb
        Validity
            Not Before: Jan  2 00:30:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e6a4b5623d3d2e2e401cd659de2aab4e0b2f3a56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:6a:d8:8c:07:70:fc:7b:bc:8d:20:0b:eb:ea:
                    01:6e:13:49:32:13:ef:ea:c9:0b:86:13:b3:a2:63:
                    9c:39:df:c3:4e:3f:66:e9:b0:1e:2e:fe:3a:73:00:
                    cd:9f:f8:c8:8e:a9:bc:cf:63:2f:2a:5b:eb:7f:bb:
                    1e:bf:70:7c:56:4a:50:9b:a5:ff:7a:c3:f1:ab:dc:
                    7e:74:7c:98:d1:1d:9d:4f:fa:6e:69:3c:0b:f9:73:
                    bc:68:1c:c9:ac:29:e3:6a:49:ef:be:56:97:e8:56:
                    9b:97:94:ed:97:f6:07:5f:23:ed:0b:1b:53:98:6f:
                    d1:69:86:bc:71:bf:a0:9b:3f:61:81:6f:15:d9:a0:
                    9e:f5:b8:3b:d6:c2:fd:67:55:72:2d:bc:6e:12:ce:
                    00:c4:1f:4d:b8:60:fb:4a:df:10:e7:58:3b:40:c6:
                    20:9c:d3:ac:f6:8f:0e:e0:2b:12:91:9c:d8:2e:31:
                    11:ab:a0:0d:f3:7f:c3:b6:77:85:25:bd:94:5c:64:
                    af:8c:4a:d7:c9:2a:7c:4a:38:bb:ba:8d:33:86:54:
                    3f:6d:cf:ec:ca:99:48:b7:d1:cc:95:b4:98:07:2c:
                    6a:df:3b:c3:2d:2d:7e:05:b6:70:bb:28:af:c4:43:
                    df:6a:ca:8a:71:ca:5d:41:c9:10:13:35:92:48:ce:
                    59:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:A4:B5:62:3D:3D:2E:2E:40:1C:D6:59:DE:2A:AB:4E:0B:2F:3A:56
            X509v3 Authority Key Identifier:
                keyid:64:EE:04:89:15:8F:E9:5E:19:91:FD:5C:E7:25:EA:06:7E:11:A1:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZO4EiRWP6V4Zkf1c5yXqBn4Rofs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/18ae02-e72d-4430-85d8-473c5ba55362/1/5qS1Yj09Li5AHNZZ3iqrTgsvOlY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/18ae02-e72d-4430-85d8-473c5ba55362/1/ZO4EiRWP6V4Zkf1c5yXqBn4Rofs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.3.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:83:b3:19:80:69:e6:74:2d:3a:f7:85:e7:3e:02:c5:25:68:
         07:de:25:be:64:f4:4d:2f:c0:09:fe:ee:0a:82:86:70:e0:63:
         3e:f7:e2:79:fa:69:ee:a7:bf:71:83:4b:ce:00:0f:ea:79:60:
         24:53:dd:1c:41:7c:9d:48:bd:22:bb:ac:7b:41:64:b7:9d:65:
         ea:ad:07:53:f9:99:b4:31:61:af:bf:26:54:e1:40:35:3b:1a:
         5e:5e:92:90:e4:a7:7a:71:88:2d:e9:79:fe:47:cf:4a:8a:87:
         e3:2c:ef:c0:45:9d:95:47:42:52:76:a5:57:a5:87:46:bd:c2:
         5e:82:a9:d5:a1:2a:31:3b:82:db:0a:55:87:cb:5c:87:dc:2b:
         47:c8:0e:7a:7e:df:11:72:38:02:93:67:89:8b:83:99:5b:c3:
         e1:71:5c:28:84:02:1e:07:f8:b9:89:5e:ba:63:d6:30:22:e1:
         cc:b1:d0:8f:d4:5d:33:34:98:2e:ec:2c:d5:3c:d0:55:ac:38:
         df:a1:e1:51:63:18:6e:9d:8a:a5:15:82:78:74:22:76:5c:58:
         74:bd:09:f3:4d:3d:45:02:43:a2:04:a6:85:5b:4c:81:ac:75:
         a3:ba:07:73:e7:6b:58:29:89:05:c8:50:12:4f:0c:de:35:36:
         db:77:39:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlGab3CFlbgjGC8b8T553MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0ZWUwNDg5MTU4ZmU5NWUxOTkxZmQ1Y2U3MjVlYTA2N2Ux
MWExZmIwHhcNMjQwMTAyMDAzMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmE0YjU2MjNkM2QyZTJlNDAxY2Q2NTlkZTJhYWI0ZTBiMmYzYTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp2rYjAdw/Hu8jSAL6+oBbhNJMhPv
6skLhhOzomOcOd/DTj9m6bAeLv46cwDNn/jIjqm8z2MvKlvrf7sev3B8VkpQm6X/
esPxq9x+dHyY0R2dT/puaTwL+XO8aBzJrCnjaknvvlaX6Fabl5Ttl/YHXyPtCxtT
mG/RaYa8cb+gmz9hgW8V2aCe9bg71sL9Z1VyLbxuEs4AxB9NuGD7St8Q51g7QMYg
nNOs9o8O4CsSkZzYLjERq6AN83/DtneFJb2UXGSvjErXySp8Sji7uo0zhlQ/bc/s
yplIt9HMlbSYByxq3zvDLS1+BbZwuyivxEPfasqKccpdQckQEzWSSM5ZZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOaktWI9PS4uQBzWWd4qq04LLzpWMB8GA1UdIwQY
MBaAFGTuBIkVj+leGZH9XOcl6gZ+EaH7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWk80RWlSV1A2VjRaa2YxYzV5WHFCbjRSb2ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy8xOGFlMDItZTcyZC00NDMwLTg1ZDgt
NDczYzViYTU1MzYyLzEvNXFTMVlqMDlMaTVBSE5aWjNpcXJUZ3N2T2xZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy8xOGFlMDItZTcyZC00NDMwLTg1ZDgtNDczYzViYTU1MzYy
LzEvWk80RWlSV1A2VjRaa2YxYzV5WHFCbjRSb2ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPgM9MA0G
CSqGSIb3DQEBCwUAA4IBAQBvg7MZgGnmdC0694XnPgLFJWgH3iW+ZPRNL8AJ/u4K
goZw4GM+9+J5+mnup79xg0vOAA/qeWAkU90cQXydSL0iu6x7QWS3nWXqrQdT+Zm0
MWGvvyZU4UA1OxpeXpKQ5Kd6cYgt6Xn+R89KiofjLO/ARZ2VR0JSdqVXpYdGvcJe
gqnVoSoxO4LbClWHy1yH3CtHyA56ft8RcjgCk2eJi4OZW8PhcVwohAIeB/i5iV66
Y9YwIuHMsdCP1F0zNJgu7CzVPNBVrDjfoeFRYxhunYqlFYJ4dCJ2XFh0vQnzTT1F
AkOiBKaFW0yBrHWjugdz52tYKYkFyFASTwzeNTbbdzkU
-----END CERTIFICATE-----