Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/u2YP42CcwDHaIlW0eVcEcLGTkoI.roa
File:                     u2YP42CcwDHaIlW0eVcEcLGTkoI.roa (raw, json)
Hash identifier:          ntzj6ZYZSfpEvLoMsUU5nfrMzyNrTfWu3roCCE3PSrY=
Subject key identifier:   BB:66:0F:E3:60:9C:C0:31:DA:22:55:B4:79:57:04:70:B1:93:92:82
Certificate issuer:       /CN=746365355b665564a210c358c68a0117b7fbeb9a
Certificate serial:       018CC5DCBEB5A5C8EFCDA867F2B85D01E966
Authority key identifier: 74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/u2YP42CcwDHaIlW0eVcEcLGTkoI.roa
Signing time:             Mon 01 Jan 2024 16:30:27 +0000
ROA not before:           Mon 01 Jan 2024 16:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48528
IP address blocks:        212.22.71.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 14:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:be:b5:a5:c8:ef:cd:a8:67:f2:b8:5d:01:e9:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746365355b665564a210c358c68a0117b7fbeb9a
        Validity
            Not Before: Jan  1 16:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb660fe3609cc031da2255b479570470b1939282
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:70:3c:9a:0b:50:07:4d:b3:aa:3c:2f:01:59:
                    f0:11:af:9e:87:bf:b6:76:58:3f:c7:0e:9b:86:e8:
                    f5:a2:da:62:e0:85:fc:f5:49:22:92:d2:a0:4d:1d:
                    26:a6:9e:2a:ab:59:1c:1d:dd:99:29:12:cb:5b:35:
                    e3:32:d7:8f:00:3c:1f:ca:7c:97:63:2b:d9:14:d3:
                    c4:6a:d7:54:3b:bb:b3:cc:8b:ea:95:63:91:a6:50:
                    d9:03:2a:55:a1:64:11:e0:22:d5:40:3c:16:f8:58:
                    02:4a:6f:b3:1b:93:54:e5:a2:35:45:dc:62:a1:72:
                    5c:5f:1b:42:89:39:be:0e:cc:5c:72:0f:c0:33:53:
                    f0:cc:b6:5c:75:b0:c5:f6:84:65:a1:cd:cc:72:75:
                    6c:ba:f5:5b:c4:9d:01:db:9d:96:c6:0f:09:57:6d:
                    01:96:48:83:79:b9:b6:5d:48:7c:62:3e:7f:8e:4b:
                    44:15:06:c3:ec:28:9b:30:06:af:c2:f6:6c:1e:6a:
                    aa:64:ce:5a:f7:d5:13:9d:54:37:89:d2:7b:b8:5e:
                    d4:27:c3:4f:08:d3:0b:61:ae:e4:d6:8c:95:4c:e6:
                    1d:4f:f7:06:e7:41:c8:92:7f:33:6b:72:92:aa:1e:
                    dd:68:c2:9d:c8:37:7a:b3:a6:f2:8c:37:fd:a3:bc:
                    80:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:66:0F:E3:60:9C:C0:31:DA:22:55:B4:79:57:04:70:B1:93:92:82
            X509v3 Authority Key Identifier:
                keyid:74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/u2YP42CcwDHaIlW0eVcEcLGTkoI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.22.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:f6:8b:d9:1e:30:11:ce:ed:87:3e:28:65:0d:52:8a:2c:4b:
         44:bc:e2:68:df:0b:63:59:50:3d:d3:16:22:74:1e:ae:77:74:
         3f:c3:6b:68:93:ac:69:f0:2a:50:47:72:ec:3f:f0:2a:08:90:
         5d:df:08:fc:25:61:03:f4:cd:15:9b:8b:ba:0e:69:da:09:70:
         76:df:bf:55:42:b7:70:56:b1:93:84:51:79:dd:0e:0c:e5:d4:
         3f:01:34:22:3d:7e:6c:6c:87:ef:27:a7:43:d2:d0:b8:40:53:
         48:5b:77:01:04:30:de:25:4a:46:39:59:a7:5f:8f:a7:d5:93:
         b9:cb:10:4f:47:5e:f9:75:4e:02:db:40:b3:b3:dc:a3:01:e0:
         34:9a:6d:95:c0:09:5c:21:e9:c1:40:ee:af:1f:d7:12:4c:e2:
         4c:9c:eb:f1:2d:57:e7:23:f8:1e:14:99:4a:e7:62:28:10:61:
         56:d5:60:f5:77:ee:70:be:6f:16:1f:a8:5c:72:15:41:c7:ed:
         d8:1d:97:06:e8:a4:f1:79:64:d5:ae:a1:04:cc:c8:7f:ce:13:
         b8:34:db:99:09:af:d5:ca:a7:d7:cc:30:7d:6d:06:54:a8:e0:
         f7:27:46:ef:2d:d3:82:09:eb:13:2a:ca:77:f6:a9:08:b3:a3:
         a9:0b:94:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3L61pcjvzahn8rhdAelmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NjM2NTM1NWI2NjU1NjRhMjEwYzM1OGM2OGEwMTE3Yjdm
YmViOWEwHhcNMjQwMTAxMTYzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjY2MGZlMzYwOWNjMDMxZGEyMjU1YjQ3OTU3MDQ3MGIxOTM5MjgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAinA8mgtQB02zqjwvAVnwEa+eh7+2
dlg/xw6bhuj1otpi4IX89UkiktKgTR0mpp4qq1kcHd2ZKRLLWzXjMtePADwfynyX
YyvZFNPEatdUO7uzzIvqlWORplDZAypVoWQR4CLVQDwW+FgCSm+zG5NU5aI1Rdxi
oXJcXxtCiTm+Dsxccg/AM1PwzLZcdbDF9oRloc3McnVsuvVbxJ0B252Wxg8JV20B
lkiDebm2XUh8Yj5/jktEFQbD7CibMAavwvZsHmqqZM5a99UTnVQ3idJ7uF7UJ8NP
CNMLYa7k1oyVTOYdT/cG50HIkn8za3KSqh7daMKdyDd6s6byjDf9o7yAAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLtmD+NgnMAx2iJVtHlXBHCxk5KCMB8GA1UdIwQY
MBaAFHRjZTVbZlVkohDDWMaKARe3++uaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGIt
NmE0ZWNhZjhiM2IxLzEvdTJZUDQyQ2N3REhhSWxXMGVWY0VjTEdUa29JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGItNmE0ZWNhZjhiM2Ix
LzEvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1BZHMA0G
CSqGSIb3DQEBCwUAA4IBAQBX9ovZHjARzu2HPihlDVKKLEtEvOJo3wtjWVA90xYi
dB6ud3Q/w2tok6xp8CpQR3LsP/AqCJBd3wj8JWED9M0Vm4u6DmnaCXB2379VQrdw
VrGThFF53Q4M5dQ/ATQiPX5sbIfvJ6dD0tC4QFNIW3cBBDDeJUpGOVmnX4+n1ZO5
yxBPR175dU4C20Czs9yjAeA0mm2VwAlcIenBQO6vH9cSTOJMnOvxLVfnI/geFJlK
52IoEGFW1WD1d+5wvm8WH6hcchVBx+3YHZcG6KTxeWTVrqEEzMh/zhO4NNuZCa/V
yqfXzDB9bQZUqOD3J0bvLdOCCesTKsp39qkIs6OpC5To
-----END CERTIFICATE-----