Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/iIZ4BeX46IEbILEBBzhpOPlBZBk.roa
File:                     iIZ4BeX46IEbILEBBzhpOPlBZBk.roa (raw, json)
Hash identifier:          N58qjEuQuVEZl66GQEp3q6fnc1MWVBJr4w8n46juM44=
Subject key identifier:   88:86:78:05:E5:F8:E8:81:1B:20:B1:01:07:38:69:38:F9:41:64:19
Certificate issuer:       /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial:       018CC56EFDBCF627B1286AA75DD709F85D74
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/iIZ4BeX46IEbILEBBzhpOPlBZBk.roa
Signing time:             Mon 01 Jan 2024 14:30:34 +0000
ROA not before:           Mon 01 Jan 2024 14:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58061
IP address blocks:        62.112.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 May 2024 10:03:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:fd:bc:f6:27:b1:28:6a:a7:5d:d7:09:f8:5d:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
        Validity
            Not Before: Jan  1 14:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=88867805e5f8e8811b20b10107386938f9416419
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:aa:36:ad:bb:0c:28:b9:e4:2f:2b:a7:f1:54:
                    fa:d0:33:79:ab:ff:7e:42:58:36:9a:7a:de:f5:c8:
                    1c:3f:2e:af:1b:16:b9:72:c7:6a:5c:e1:0f:40:78:
                    61:d5:35:af:a3:3f:d3:15:95:a6:8a:14:66:2a:05:
                    64:f8:0f:c0:a0:78:62:50:cf:47:78:f1:29:f5:bd:
                    9b:2f:59:4a:ba:55:c4:f1:5f:20:ae:22:f9:e2:93:
                    c5:75:e1:95:12:de:3c:b2:02:c8:87:8f:a1:d0:9a:
                    71:10:19:1d:a1:73:be:30:13:94:db:f0:9b:37:c3:
                    f9:a2:90:ea:6f:3d:16:49:ee:dc:fd:54:63:0b:db:
                    9a:74:40:5b:11:4f:fb:0f:e4:97:60:c2:89:89:bc:
                    49:1c:fb:29:7a:28:aa:72:18:29:53:02:e5:c6:40:
                    6b:1a:2a:c2:a6:cb:77:5c:fe:31:97:64:e0:41:a8:
                    79:81:98:ae:96:36:2e:14:4a:8e:2a:2a:bb:34:9d:
                    82:9d:f7:8c:ed:6b:d9:f0:cc:c9:30:8d:f4:6e:84:
                    98:51:82:a5:d8:ed:6e:8d:58:b7:9c:e5:cf:00:60:
                    df:d4:05:d0:cd:c2:bd:9a:3b:c3:62:f4:3f:c5:1d:
                    94:17:e6:1f:8d:03:03:f9:1f:6f:16:5f:85:a7:95:
                    35:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:86:78:05:E5:F8:E8:81:1B:20:B1:01:07:38:69:38:F9:41:64:19
            X509v3 Authority Key Identifier:
                keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/iIZ4BeX46IEbILEBBzhpOPlBZBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.112.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:b9:5f:2e:99:6a:5f:b6:3b:12:a3:71:37:15:78:ef:77:73:
         97:e7:1b:61:3f:38:9d:72:c5:65:0e:93:ec:65:ab:0e:81:3f:
         f9:b2:e4:6d:1d:3d:9e:0d:4c:a7:ff:c7:c9:30:0a:fb:9f:c0:
         eb:14:d7:00:6b:8c:1e:3f:f1:55:b5:91:2d:52:55:7f:34:d4:
         9c:63:cc:11:5b:e6:a0:08:bb:ec:42:a2:46:22:9d:e5:43:57:
         56:48:92:bb:2b:19:b7:28:9e:f9:d6:62:f7:71:0c:fd:48:90:
         bd:23:d1:2f:73:02:c2:3d:c5:32:e3:5a:c0:bb:9c:8c:1b:ca:
         ff:44:00:70:9e:af:6b:6e:bc:90:32:55:f9:3e:81:ec:07:eb:
         ef:83:91:b6:c1:9a:72:2c:fa:c0:bd:1d:8b:18:7d:53:4e:3d:
         91:e7:2c:24:dc:50:64:19:06:61:c3:6c:b4:57:41:12:33:20:
         18:c8:d9:6a:c2:8f:4f:f8:b3:d7:8e:d1:f3:50:6b:aa:a8:e0:
         f3:a3:4e:b5:51:23:79:e8:1b:7f:e5:eb:1a:98:93:60:2a:62:
         e3:86:4c:4c:5d:45:43:fc:c1:1d:b0:d9:04:eb:6e:1c:f4:eb:
         f8:d1:3c:58:04:d4:2c:5b:7c:0d:7d:2d:31:4d:70:85:9f:0d:
         58:f5:e9:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbv289iexKGqnXdcJ+F10MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjQwMTAxMTQzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODg2NzgwNWU1ZjhlODgxMWIyMGIxMDEwNzM4NjkzOGY5NDE2NDE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoqo2rbsMKLnkLyun8VT60DN5q/9+
Qlg2mnre9cgcPy6vGxa5csdqXOEPQHhh1TWvoz/TFZWmihRmKgVk+A/AoHhiUM9H
ePEp9b2bL1lKulXE8V8griL54pPFdeGVEt48sgLIh4+h0JpxEBkdoXO+MBOU2/Cb
N8P5opDqbz0WSe7c/VRjC9uadEBbEU/7D+SXYMKJibxJHPspeiiqchgpUwLlxkBr
GirCpst3XP4xl2TgQah5gZiuljYuFEqOKiq7NJ2CnfeM7WvZ8MzJMI30boSYUYKl
2O1ujVi3nOXPAGDf1AXQzcK9mjvDYvQ/xR2UF+YfjQMD+R9vFl+Fp5U1GwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIiGeAXl+OiBGyCxAQc4aTj5QWQZMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvaUlaNEJlWDQ2SUViSUxFQkJ6aHBPUGxCWkJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPnAeMA0G
CSqGSIb3DQEBCwUAA4IBAQAyuV8umWpftjsSo3E3FXjvd3OX5xthPzidcsVlDpPs
ZasOgT/5suRtHT2eDUyn/8fJMAr7n8DrFNcAa4weP/FVtZEtUlV/NNScY8wRW+ag
CLvsQqJGIp3lQ1dWSJK7Kxm3KJ751mL3cQz9SJC9I9EvcwLCPcUy41rAu5yMG8r/
RABwnq9rbryQMlX5PoHsB+vvg5G2wZpyLPrAvR2LGH1TTj2R5ywk3FBkGQZhw2y0
V0ESMyAYyNlqwo9P+LPXjtHzUGuqqODzo061USN56Bt/5esamJNgKmLjhkxMXUVD
/MEdsNkE624c9Ov40TxYBNQsW3wNfS0xTXCFnw1Y9ekg
-----END CERTIFICATE-----