Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/3f9087-572a-4c6c-80be-bc913466d43d/1/TOie3b1IBFR16gK-WTedeeSO5LU.roa
File:                     TOie3b1IBFR16gK-WTedeeSO5LU.roa (raw, json)
Hash identifier:          0wy9tWFTm8MUV6U2lFC4JyTDCJOGa9b8XtJUpLXcnGk=
Subject key identifier:   4C:E8:9E:DD:BD:48:04:54:75:EA:02:BE:59:37:9D:79:E4:8E:E4:B5
Certificate issuer:       /CN=ba515836af300f7c71f71dd18b9c3f51c252bb94
Certificate serial:       018CC94AA83CC3FE6B72BD5533D87DCB7DEA
Authority key identifier: BA:51:58:36:AF:30:0F:7C:71:F7:1D:D1:8B:9C:3F:51:C2:52:BB:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ulFYNq8wD3xx9x3Ri5w_UcJSu5Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/3f9087-572a-4c6c-80be-bc913466d43d/1/TOie3b1IBFR16gK-WTedeeSO5LU.roa
Signing time:             Tue 02 Jan 2024 08:29:22 +0000
ROA not before:           Tue 02 Jan 2024 08:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44486
IP address blocks:        62.68.75.0/24 maxlen: 24
                          2a12:edc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/3f9087-572a-4c6c-80be-bc913466d43d/1/ulFYNq8wD3xx9x3Ri5w_UcJSu5Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/3f9087-572a-4c6c-80be-bc913466d43d/1/ulFYNq8wD3xx9x3Ri5w_UcJSu5Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ulFYNq8wD3xx9x3Ri5w_UcJSu5Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:a8:3c:c3:fe:6b:72:bd:55:33:d8:7d:cb:7d:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba515836af300f7c71f71dd18b9c3f51c252bb94
        Validity
            Not Before: Jan  2 08:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4ce89eddbd48045475ea02be59379d79e48ee4b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:18:76:0a:9a:c7:13:15:c2:a4:65:cd:ba:3f:
                    b4:aa:10:2a:85:86:7c:6c:9c:08:bf:84:33:5d:6e:
                    75:1e:1f:f3:9f:05:5f:37:b7:49:ba:73:f4:99:8e:
                    f3:13:92:db:96:83:d1:46:fe:2c:c3:10:17:5e:fa:
                    9a:f8:59:9c:f7:6d:20:61:83:d4:90:4e:5f:05:80:
                    5a:f9:17:7b:ab:2b:e2:60:8e:19:f8:b9:43:cf:67:
                    67:3f:f3:cf:80:50:53:f3:fe:19:98:cb:3e:61:c4:
                    3e:bc:36:06:d7:d6:79:b8:3b:8e:d2:56:da:30:98:
                    e9:83:3a:23:cc:95:cd:4d:4b:45:88:bd:92:8a:2e:
                    93:7d:11:48:98:e9:19:fc:3b:27:3b:83:dd:97:2a:
                    9d:69:d0:b2:2b:3a:d3:dc:92:e6:e0:ba:14:dd:15:
                    1d:c2:85:86:87:4c:f4:1f:c9:81:5c:1a:44:96:c7:
                    34:9e:22:4c:28:f1:a5:d5:56:87:9c:d3:93:58:0f:
                    48:4b:65:9c:24:20:6b:13:ee:55:30:c0:5c:19:35:
                    bf:c9:83:3e:e8:5b:d5:da:ac:3d:33:e3:16:f1:21:
                    17:32:a0:4c:c6:d4:52:14:98:75:04:0d:2c:22:6a:
                    e0:37:b4:76:d8:ff:27:34:6a:89:95:6b:ec:fe:08:
                    80:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:E8:9E:DD:BD:48:04:54:75:EA:02:BE:59:37:9D:79:E4:8E:E4:B5
            X509v3 Authority Key Identifier:
                keyid:BA:51:58:36:AF:30:0F:7C:71:F7:1D:D1:8B:9C:3F:51:C2:52:BB:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ulFYNq8wD3xx9x3Ri5w_UcJSu5Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/3f9087-572a-4c6c-80be-bc913466d43d/1/TOie3b1IBFR16gK-WTedeeSO5LU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/3f9087-572a-4c6c-80be-bc913466d43d/1/ulFYNq8wD3xx9x3Ri5w_UcJSu5Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.68.75.0/24
                IPv6:
                  2a12:edc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         40:b7:9e:a6:ae:11:b2:ff:25:8c:aa:6f:f2:56:69:03:ff:fa:
         01:dc:45:3f:b5:29:5a:dc:23:6e:01:e8:fe:31:10:ae:a0:c2:
         82:65:94:b2:68:2e:2b:52:49:74:c7:72:3f:b0:b9:11:71:ef:
         36:81:b0:24:a8:d3:c3:02:24:c3:5e:c8:ed:63:01:55:33:bd:
         54:f2:eb:b8:58:e4:92:2e:16:7e:af:82:44:96:4d:29:c8:46:
         1b:87:3c:2d:3a:ee:41:e7:1c:b3:c9:91:6d:e5:c5:23:44:ea:
         9b:15:10:be:6c:4a:b1:9b:95:d5:75:d9:76:29:e3:b8:21:f5:
         c3:f7:8a:97:b0:aa:ab:fe:d7:e6:d9:8b:8e:b1:db:ea:0a:d9:
         12:be:4a:26:0e:74:f8:e1:5e:a4:a4:76:66:51:3c:b5:a8:7c:
         77:81:41:d8:59:b9:2e:e0:3c:af:7e:4f:6a:c6:2e:d7:79:53:
         48:16:dc:52:09:d3:3d:d0:dd:00:71:26:5a:7c:26:ab:22:09:
         e5:4f:5f:74:92:7f:43:94:5b:45:0a:df:c6:83:06:ac:26:7b:
         61:e7:04:74:15:4b:ce:0d:90:19:d6:f4:12:69:fb:6c:00:fb:
         1e:7d:f7:81:09:1b:ea:09:6e:e0:a4:9e:0d:1b:bb:e5:41:1e:
         10:ba:09:7d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJSqg8w/5rcr1VM9h9y33qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNTE1ODM2YWYzMDBmN2M3MWY3MWRkMThiOWMzZjUxYzI1
MmJiOTQwHhcNMjQwMTAyMDgyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2U4OWVkZGJkNDgwNDU0NzVlYTAyYmU1OTM3OWQ3OWU0OGVlNGI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Rh2CprHExXCpGXNuj+0qhAqhYZ8
bJwIv4QzXW51Hh/znwVfN7dJunP0mY7zE5LbloPRRv4swxAXXvqa+Fmc920gYYPU
kE5fBYBa+Rd7qyviYI4Z+LlDz2dnP/PPgFBT8/4ZmMs+YcQ+vDYG19Z5uDuO0lba
MJjpgzojzJXNTUtFiL2Sii6TfRFImOkZ/DsnO4PdlyqdadCyKzrT3JLm4LoU3RUd
woWGh0z0H8mBXBpElsc0niJMKPGl1VaHnNOTWA9IS2WcJCBrE+5VMMBcGTW/yYM+
6FvV2qw9M+MW8SEXMqBMxtRSFJh1BA0sImrgN7R22P8nNGqJlWvs/giAOwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEzont29SARUdeoCvlk3nXnkjuS1MB8GA1UdIwQY
MBaAFLpRWDavMA98cfcd0YucP1HCUruUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWxGWU5xOHdEM3h4OXgzUmk1d19VY0pTdTVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy8zZjkwODctNTcyYS00YzZjLTgwYmUt
YmM5MTM0NjZkNDNkLzEvVE9pZTNiMUlCRlIxNmdLLVdUZWRlZVNPNUxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy8zZjkwODctNTcyYS00YzZjLTgwYmUtYmM5MTM0NjZkNDNk
LzEvdWxGWU5xOHdEM3h4OXgzUmk1d19VY0pTdTVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAPkRLMA0E
AgACMAcDBQMqEu3AMA0GCSqGSIb3DQEBCwUAA4IBAQBAt56mrhGy/yWMqm/yVmkD
//oB3EU/tSla3CNuAej+MRCuoMKCZZSyaC4rUkl0x3I/sLkRce82gbAkqNPDAiTD
XsjtYwFVM71U8uu4WOSSLhZ+r4JElk0pyEYbhzwtOu5B5xyzyZFt5cUjROqbFRC+
bEqxm5XVddl2KeO4IfXD94qXsKqr/tfm2YuOsdvqCtkSvkomDnT44V6kpHZmUTy1
qHx3gUHYWbku4Dyvfk9qxi7XeVNIFtxSCdM90N0AcSZafCarIgnlT190kn9DlFtF
Ct/GgwasJnth5wR0FUvODZAZ1vQSaftsAPseffeBCRvqCW7gpJ4NG7vlQR4Qugl9
-----END CERTIFICATE-----