Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/2undUVYxuDsrHGSQRstCe9sSSJo.roa
File:                     2undUVYxuDsrHGSQRstCe9sSSJo.roa (raw, json)
Hash identifier:          hFG5avDrHl7OLE+JEykZmE5M15Dpw7aS7Uks//Gs33U=
Subject key identifier:   DA:E9:DD:51:56:31:B8:3B:2B:1C:64:90:46:CB:42:7B:DB:12:48:9A
Certificate issuer:       /CN=12fd558a64e97586a43dc7ee50a8d6b292365b60
Certificate serial:       01902675D36DEF1AEB0FDEC5520B9D1ADB63
Authority key identifier: 12:FD:55:8A:64:E9:75:86:A4:3D:C7:EE:50:A8:D6:B2:92:36:5B:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/2undUVYxuDsrHGSQRstCe9sSSJo.roa
Signing time:             Mon 17 Jun 2024 13:49:34 +0000
ROA not before:           Mon 17 Jun 2024 13:49:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216183
IP address blocks:        62.3.54.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:26:75:d3:6d:ef:1a:eb:0f:de:c5:52:0b:9d:1a:db:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12fd558a64e97586a43dc7ee50a8d6b292365b60
        Validity
            Not Before: Jun 17 13:49:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dae9dd515631b83b2b1c649046cb427bdb12489a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:12:70:6e:b5:b0:35:12:8f:fe:01:16:44:db:
                    0e:39:0c:9f:b4:9f:76:ab:36:2f:c6:99:82:42:d6:
                    3d:14:41:84:23:81:9a:d1:55:de:ec:1c:d3:69:2c:
                    73:de:90:5a:eb:8f:c4:1b:60:fd:20:3d:13:28:53:
                    0a:b1:fa:8e:59:1c:99:ca:78:fc:ec:92:68:52:06:
                    2e:35:93:80:b5:47:f5:c3:42:2a:ba:9b:7d:41:50:
                    8f:33:b1:d5:e5:fc:fb:5c:a6:29:0a:85:ba:3e:ed:
                    60:72:95:0a:39:31:af:bf:2c:a4:34:c2:dc:7c:3e:
                    1c:10:62:ce:20:f5:e8:5b:ec:96:94:59:e8:64:fc:
                    35:fb:6a:00:e5:f9:f4:4c:64:fa:8f:99:b2:4b:c0:
                    c6:40:68:a8:08:14:fb:13:a9:08:ca:b1:fa:fa:b9:
                    97:3a:c9:b1:29:39:ef:62:92:51:3c:b7:2d:66:f4:
                    ac:b3:57:7c:17:76:1f:53:ec:b8:a8:f3:5a:6a:72:
                    ad:b2:b5:1a:7a:70:8a:c5:da:72:ec:b7:b6:d4:23:
                    f8:4c:18:77:b5:32:88:4e:00:d2:9a:b2:2e:92:c8:
                    44:72:de:1d:30:27:e7:75:08:25:1f:49:cd:69:34:
                    38:5e:51:8b:fd:17:ce:6f:38:69:5e:9b:9f:3b:2c:
                    4e:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:E9:DD:51:56:31:B8:3B:2B:1C:64:90:46:CB:42:7B:DB:12:48:9A
            X509v3 Authority Key Identifier:
                keyid:12:FD:55:8A:64:E9:75:86:A4:3D:C7:EE:50:A8:D6:B2:92:36:5B:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/2undUVYxuDsrHGSQRstCe9sSSJo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.3.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:eb:b5:8a:cb:78:78:f2:3c:ef:9b:67:8f:af:27:81:12:44:
         a4:8f:9d:71:94:31:21:6d:1f:72:a5:a0:82:11:23:1e:02:19:
         61:62:9f:78:27:22:46:52:f8:1e:ea:0f:4e:26:e8:90:cf:40:
         50:88:a9:4d:49:97:78:6c:46:f7:81:a4:84:80:7b:ec:7b:42:
         42:93:73:5a:b6:3a:a4:20:8b:b0:52:67:b1:77:56:cf:c6:ca:
         4d:e0:2e:5b:f7:e4:1c:57:7d:2a:41:e3:5d:25:6b:bd:92:e5:
         80:bf:cf:d0:54:48:b7:c8:de:d6:a9:16:cb:be:7c:65:04:ec:
         2b:23:a9:a2:7f:d7:2f:e3:86:51:30:46:24:e5:2a:b9:7c:9f:
         11:a6:8d:5f:4f:bf:14:10:b3:69:e9:fd:55:1b:80:4d:b9:29:
         43:2a:fc:19:78:13:7c:9e:28:5b:b0:3c:a8:68:02:d8:3e:72:
         1e:9d:cc:f8:5f:1b:9b:3b:04:a7:d8:1b:4b:00:53:ec:ae:07:
         5d:15:f9:26:0e:e5:9a:5d:6c:a2:cc:23:ce:c6:19:e7:dd:7f:
         b9:46:5d:08:08:76:4e:56:ca:d6:19:40:39:5c:30:ed:e5:a0:
         f4:23:51:c6:7b:80:33:de:79:ba:0b:60:97:f6:e6:46:34:a0:
         03:e8:e2:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAmddNt7xrrD97FUgudGttjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyZmQ1NThhNjRlOTc1ODZhNDNkYzdlZTUwYThkNmIyOTIz
NjViNjAwHhcNMjQwNjE3MTM0OTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWU5ZGQ1MTU2MzFiODNiMmIxYzY0OTA0NmNiNDI3YmRiMTI0ODlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArhJwbrWwNRKP/gEWRNsOOQyftJ92
qzYvxpmCQtY9FEGEI4Ga0VXe7BzTaSxz3pBa64/EG2D9ID0TKFMKsfqOWRyZynj8
7JJoUgYuNZOAtUf1w0Iqupt9QVCPM7HV5fz7XKYpCoW6Pu1gcpUKOTGvvyykNMLc
fD4cEGLOIPXoW+yWlFnoZPw1+2oA5fn0TGT6j5myS8DGQGioCBT7E6kIyrH6+rmX
OsmxKTnvYpJRPLctZvSss1d8F3YfU+y4qPNaanKtsrUaenCKxdpy7Le21CP4TBh3
tTKITgDSmrIukshEct4dMCfndQglH0nNaTQ4XlGL/RfObzhpXpufOyxO2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNrp3VFWMbg7KxxkkEbLQnvbEkiaMB8GA1UdIwQY
MBaAFBL9VYpk6XWGpD3H7lCo1rKSNltgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXYxVmltVHBkWWFrUGNmdVVLaldzcEkyVzJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9hZjk2ZGYtYTRkNS00OGY5LWFjMGMt
MjRkOGU3NDdjMzhmLzEvMnVuZFVWWXh1RHNySEdTUVJzdENlOXNTU0pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS9hZjk2ZGYtYTRkNS00OGY5LWFjMGMtMjRkOGU3NDdjMzhm
LzEvRXYxVmltVHBkWWFrUGNmdVVLaldzcEkyVzJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPgM2MA0G
CSqGSIb3DQEBCwUAA4IBAQBm67WKy3h48jzvm2ePryeBEkSkj51xlDEhbR9ypaCC
ESMeAhlhYp94JyJGUvge6g9OJuiQz0BQiKlNSZd4bEb3gaSEgHvse0JCk3Natjqk
IIuwUmexd1bPxspN4C5b9+QcV30qQeNdJWu9kuWAv8/QVEi3yN7WqRbLvnxlBOwr
I6mif9cv44ZRMEYk5Sq5fJ8Rpo1fT78UELNp6f1VG4BNuSlDKvwZeBN8nihbsDyo
aALYPnIencz4XxubOwSn2BtLAFPsrgddFfkmDuWaXWyizCPOxhnn3X+5Rl0ICHZO
VsrWGUA5XDDt5aD0I1HGe4Az3nm6C2CX9uZGNKAD6OKA
-----END CERTIFICATE-----