Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/xQeXYcQOW9N1mKLH-saCXpGvNpI.roa
File:                     xQeXYcQOW9N1mKLH-saCXpGvNpI.roa (raw, json)
Hash identifier:          qYLrrHxyqcz5DpuUApgK2EURFdjxk5R9KwnDlIYIHAM=
Subject key identifier:   C5:07:97:61:C4:0E:5B:D3:75:98:A2:C7:FA:C6:82:5E:91:AF:36:92
Certificate issuer:       /CN=12fd558a64e97586a43dc7ee50a8d6b292365b60
Certificate serial:       018F7206976EB3CC01B8A8785C3935C0F6C7
Authority key identifier: 12:FD:55:8A:64:E9:75:86:A4:3D:C7:EE:50:A8:D6:B2:92:36:5B:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/xQeXYcQOW9N1mKLH-saCXpGvNpI.roa
Signing time:             Mon 13 May 2024 12:56:25 +0000
ROA not before:           Mon 13 May 2024 12:56:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215287
IP address blocks:        62.3.54.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Jun 2024 05:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:72:06:97:6e:b3:cc:01:b8:a8:78:5c:39:35:c0:f6:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12fd558a64e97586a43dc7ee50a8d6b292365b60
        Validity
            Not Before: May 13 12:56:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c5079761c40e5bd37598a2c7fac6825e91af3692
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:92:d8:63:64:57:e5:b8:cd:22:75:33:35:e5:
                    0b:d1:22:a9:f8:3f:e0:ec:82:40:f9:e8:ee:41:eb:
                    3f:f6:40:13:04:a4:54:fb:4c:cd:22:08:b1:de:0d:
                    c4:a7:f6:33:b7:b9:13:9e:6e:9d:09:e3:d4:89:21:
                    c9:fc:97:52:de:36:6e:fd:6c:6a:cc:55:ac:56:de:
                    40:da:0a:10:cb:b5:93:a4:c1:c9:d1:f4:4a:17:8d:
                    33:54:99:99:95:ab:ac:53:46:96:16:99:cb:dc:63:
                    5a:8a:5c:cf:19:cf:a9:dd:dc:32:ba:52:fd:fe:42:
                    62:8a:2d:4f:1d:25:8c:f2:7f:73:44:4f:49:46:6a:
                    8c:59:0d:51:37:c4:1b:71:bc:6f:13:6d:14:1f:8a:
                    01:d4:88:24:ea:b8:84:b2:fc:7d:ef:e3:06:0c:a8:
                    8e:c2:d0:fd:6c:9d:ec:b9:a2:d0:e1:2e:2f:b1:48:
                    23:4c:5f:12:b0:45:ff:53:bf:bb:87:ec:46:04:e6:
                    6b:05:ce:5f:e2:27:7f:08:06:84:0e:80:7e:ee:cd:
                    8b:4d:2c:b7:a0:f2:06:2c:98:33:9f:f4:48:06:fb:
                    65:0c:76:57:c6:ad:e1:d8:fd:f0:4f:40:fd:76:29:
                    00:fd:05:5e:3c:f1:7c:93:ad:e7:ca:16:1b:32:df:
                    df:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:07:97:61:C4:0E:5B:D3:75:98:A2:C7:FA:C6:82:5E:91:AF:36:92
            X509v3 Authority Key Identifier:
                keyid:12:FD:55:8A:64:E9:75:86:A4:3D:C7:EE:50:A8:D6:B2:92:36:5B:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/xQeXYcQOW9N1mKLH-saCXpGvNpI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.3.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:c9:90:9f:3c:3b:b7:ca:47:e2:37:87:04:40:ff:a8:c0:80:
         8c:27:07:2f:a6:16:a2:77:cc:18:2e:0e:5e:e2:60:68:7a:f2:
         e1:3a:12:8c:db:90:5e:4a:c5:17:4c:ac:e1:31:04:03:2a:e3:
         f3:ac:ac:b7:c3:a5:ab:4f:8c:9e:86:9b:c1:15:30:f8:8e:7d:
         bc:66:e3:0d:69:2e:12:6f:0f:f4:83:f8:5e:3e:a1:40:81:1f:
         9f:ef:7d:52:1f:b2:ee:5a:4b:d3:fd:8d:bd:29:ba:a7:33:17:
         52:f3:ae:19:42:80:d1:8d:8e:7d:a7:a4:cb:bd:ea:74:a6:33:
         19:0c:75:29:c5:bc:16:1d:fc:07:e1:b3:8e:54:bf:4b:3a:f7:
         05:90:96:ee:c2:78:a8:f1:ce:c7:0e:d0:dd:fd:93:24:9e:ed:
         a2:30:74:2e:7f:ea:47:a3:11:e8:b8:07:04:3c:45:22:6b:bf:
         93:c4:20:86:55:5e:8f:88:16:75:0e:e4:54:49:23:a3:4e:1d:
         d1:88:93:d6:3a:1e:52:e5:93:a1:d4:4e:17:0d:45:cf:eb:61:
         98:3b:fb:b8:0e:1e:3c:f6:e1:d6:23:ac:db:cd:c5:a0:65:c0:
         80:75:69:40:a7:18:79:f3:26:20:97:7e:95:7f:05:64:8d:a9:
         1b:b7:89:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9yBpdus8wBuKh4XDk1wPbHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyZmQ1NThhNjRlOTc1ODZhNDNkYzdlZTUwYThkNmIyOTIz
NjViNjAwHhcNMjQwNTEzMTI1NjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTA3OTc2MWM0MGU1YmQzNzU5OGEyYzdmYWM2ODI1ZTkxYWYzNjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwpLYY2RX5bjNInUzNeUL0SKp+D/g
7IJA+ejuQes/9kATBKRU+0zNIgix3g3Ep/Yzt7kTnm6dCePUiSHJ/JdS3jZu/Wxq
zFWsVt5A2goQy7WTpMHJ0fRKF40zVJmZlausU0aWFpnL3GNailzPGc+p3dwyulL9
/kJiii1PHSWM8n9zRE9JRmqMWQ1RN8QbcbxvE20UH4oB1Igk6riEsvx97+MGDKiO
wtD9bJ3suaLQ4S4vsUgjTF8SsEX/U7+7h+xGBOZrBc5f4id/CAaEDoB+7s2LTSy3
oPIGLJgzn/RIBvtlDHZXxq3h2P3wT0D9dikA/QVePPF8k63nyhYbMt/fuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMUHl2HEDlvTdZiix/rGgl6RrzaSMB8GA1UdIwQY
MBaAFBL9VYpk6XWGpD3H7lCo1rKSNltgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXYxVmltVHBkWWFrUGNmdVVLaldzcEkyVzJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9hZjk2ZGYtYTRkNS00OGY5LWFjMGMt
MjRkOGU3NDdjMzhmLzEveFFlWFljUU9XOU4xbUtMSC1zYUNYcEd2TnBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS9hZjk2ZGYtYTRkNS00OGY5LWFjMGMtMjRkOGU3NDdjMzhm
LzEvRXYxVmltVHBkWWFrUGNmdVVLaldzcEkyVzJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPgM2MA0G
CSqGSIb3DQEBCwUAA4IBAQAoyZCfPDu3ykfiN4cEQP+owICMJwcvphaid8wYLg5e
4mBoevLhOhKM25BeSsUXTKzhMQQDKuPzrKy3w6WrT4yehpvBFTD4jn28ZuMNaS4S
bw/0g/hePqFAgR+f731SH7LuWkvT/Y29KbqnMxdS864ZQoDRjY59p6TLvep0pjMZ
DHUpxbwWHfwH4bOOVL9LOvcFkJbuwnio8c7HDtDd/ZMknu2iMHQuf+pHoxHouAcE
PEUia7+TxCCGVV6PiBZ1DuRUSSOjTh3RiJPWOh5S5ZOh1E4XDUXP62GYO/u4Dh48
9uHWI6zbzcWgZcCAdWlApxh58yYgl36VfwVkjakbt4mL
-----END CERTIFICATE-----