Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS62068.roa
File:                     AS62068.roa (raw, json)
Hash identifier:          zQA1/ftLhrZGrCa2J+GOd7duSu8r4ilWVlFvfH5SxbI=
Subject key identifier:   FC:18:9D:45:A2:A2:F3:D6:6E:59:9B:26:27:56:9B:EB:EB:F1:A4:EE
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       6618F268A8C22435D569220E32670BF5757653E5
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS62068.roa
Signing time:             Mon 13 Jan 2025 15:38:05 +0000
ROA not before:           Mon 13 Jan 2025 15:33:05 +0000
ROA not after:            Mon 12 Jan 2026 15:38:05 +0000
asID:                     62068
IP address blocks:        82.21.160.0/24 maxlen: 24
                          82.21.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:18:f2:68:a8:c2:24:35:d5:69:22:0e:32:67:0b:f5:75:76:53:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jan 13 15:33:05 2025 GMT
            Not After : Jan 12 15:38:05 2026 GMT
        Subject: CN=FC189D45A2A2F3D66E599B2627569BEBEBF1A4EE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:c0:c0:90:9a:04:43:0b:5d:b5:5b:1e:a2:a8:
                    bd:9c:03:4b:01:cf:06:a5:33:8e:80:95:de:bc:bb:
                    83:e7:a6:2a:ac:b6:cd:29:19:2d:21:08:1a:33:56:
                    96:8b:b0:c5:86:71:19:e7:71:bf:fb:13:d7:2e:d7:
                    e3:aa:8b:86:d3:02:f7:99:3e:a8:43:ac:27:67:0d:
                    e8:6c:13:72:1d:21:2a:64:b4:b0:25:25:af:80:97:
                    66:67:61:8c:e1:d2:91:cc:d7:1a:6e:97:f0:95:13:
                    3d:30:a6:29:62:ef:31:02:bc:ee:84:6a:b6:eb:88:
                    71:41:35:89:90:f6:d5:39:0e:43:4a:24:f7:0f:fc:
                    50:7a:9a:9f:5a:6f:5b:d4:9b:4a:96:e0:52:e9:10:
                    60:ee:bb:c3:e1:34:56:28:ef:3c:65:00:68:8c:2f:
                    84:f5:7b:96:40:a9:b9:2d:83:3d:9e:c9:bb:2b:29:
                    bd:e2:99:f1:53:7a:c5:9e:ac:2c:78:d3:64:02:ce:
                    6f:4b:87:87:89:b0:75:04:7c:38:7d:5c:a9:47:f8:
                    7e:47:70:7b:26:f9:aa:c5:e0:13:93:3d:f2:fa:13:
                    b8:41:46:f6:36:d0:74:f4:d8:e1:35:30:3b:12:0c:
                    80:97:cb:a8:79:60:25:75:f8:19:87:4c:9f:95:c1:
                    d2:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:18:9D:45:A2:A2:F3:D6:6E:59:9B:26:27:56:9B:EB:EB:F1:A4:EE
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS62068.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.21.160.0/23

    Signature Algorithm: sha256WithRSAEncryption
         42:c2:2e:4a:c3:91:66:7d:e5:a8:fb:2c:6d:14:87:e9:8c:b4:
         48:b4:04:cb:a5:6a:bc:ac:a9:3c:d6:67:76:05:fc:17:06:ed:
         22:6f:9e:bb:6d:dd:f6:37:75:44:72:4a:6a:4e:d4:33:27:a9:
         3f:63:e9:d1:91:5f:c6:7e:09:6a:f2:d0:3e:52:61:21:2c:d9:
         3c:03:cf:ec:b0:e7:d1:03:14:28:72:1b:62:19:2c:6b:6c:81:
         e7:a1:64:07:e3:66:14:84:92:fe:0e:f2:b4:e9:06:c8:de:70:
         48:61:6d:a8:0b:89:ff:58:60:76:85:b2:96:68:69:5e:ef:42:
         97:a0:32:50:5c:de:c5:93:95:9c:f4:c9:8e:50:33:1e:89:19:
         50:4d:d8:5b:01:14:cc:48:31:ed:db:0d:a1:ab:27:fb:2e:a5:
         39:36:1b:3b:6e:41:91:49:7d:a7:ec:27:b0:9c:6d:14:02:e1:
         aa:e2:e9:2e:5a:bb:b9:33:56:7b:80:5b:d9:c5:cb:f1:fd:b2:
         9c:0e:5c:16:84:2a:ac:6a:44:4a:5b:39:59:d3:bb:cf:e9:6e:
         9b:fb:ef:92:1b:50:9d:b9:79:f3:66:9b:fd:68:53:61:d2:c2:
         ca:fc:46:82:d1:36:17:36:37:67:44:26:e2:7d:42:8a:55:87:
         b1:b7:05:5b
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUZhjyaKjCJDXVaSIOMmcL9XV2U+UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTAxMTMxNTMzMDVaFw0yNjAxMTIxNTM4MDVaMDMxMTAvBgNV
BAMTKEZDMTg5RDQ1QTJBMkYzRDY2RTU5OUIyNjI3NTY5QkVCRUJGMUE0RUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLwMCQmgRDC121Wx6iqL2cA0sB
zwalM46Ald68u4Pnpiqsts0pGS0hCBozVpaLsMWGcRnncb/7E9cu1+Oqi4bTAveZ
PqhDrCdnDehsE3IdISpktLAlJa+Al2ZnYYzh0pHM1xpul/CVEz0wpili7zECvO6E
arbriHFBNYmQ9tU5DkNKJPcP/FB6mp9ab1vUm0qW4FLpEGDuu8PhNFYo7zxlAGiM
L4T1e5ZAqbktgz2eybsrKb3imfFTesWerCx402QCzm9Lh4eJsHUEfDh9XKlH+H5H
cHsm+arF4BOTPfL6E7hBRvY20HT02OE1MDsSDICXy6h5YCV1+BmHTJ+VwdJbAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU/BidRaKi89ZuWZsmJ1ab6+vxpO4wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNjIwNjgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAFSFaAw
DQYJKoZIhvcNAQELBQADggEBAELCLkrDkWZ95aj7LG0Uh+mMtEi0BMularysqTzW
Z3YF/BcG7SJvnrtt3fY3dURySmpO1DMnqT9j6dGRX8Z+CWry0D5SYSEs2TwDz+yw
59EDFChyG2IZLGtsgeehZAfjZhSEkv4O8rTpBsjecEhhbagLif9YYHaFspZoaV7v
QpegMlBc3sWTlZz0yY5QMx6JGVBN2FsBFMxIMe3bDaGrJ/supTk2GztuQZFJfafs
J7CcbRQC4ari6S5au7kzVnuAW9nFy/H9spwOXBaEKqxqREpbOVnTu8/pbpv775Ib
UJ25efNmm/1oU2HSwsr8RoLRNhc2N2dEJuJ9QopVh7G3BVs=
-----END CERTIFICATE-----