Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/1-uEe4tCvpv9TXogVnzKuyk4EkVA.roa
File:                     1-uEe4tCvpv9TXogVnzKuyk4EkVA.roa (raw, json)
Hash identifier:          JFATtxle7Ua5lbhgcJmA/cH/I23jCep4XKv8WL93ym0=
Subject key identifier:   FA:E1:1E:E2:D0:AF:A6:FF:53:5E:88:15:9F:32:AE:CA:4E:04:91:50
Certificate issuer:       /CN=746365355b665564a210c358c68a0117b7fbeb9a
Certificate serial:       018CC5DCBF703CC171EDF47CF26C574659F5
Authority key identifier: 74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/1-uEe4tCvpv9TXogVnzKuyk4EkVA.roa
Signing time:             Mon 01 Jan 2024 16:30:27 +0000
ROA not before:           Mon 01 Jan 2024 16:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51559
IP address blocks:        212.22.69.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 17:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:bf:70:3c:c1:71:ed:f4:7c:f2:6c:57:46:59:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746365355b665564a210c358c68a0117b7fbeb9a
        Validity
            Not Before: Jan  1 16:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fae11ee2d0afa6ff535e88159f32aeca4e049150
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:31:45:83:80:fe:05:16:09:ba:61:14:72:74:
                    fc:4a:87:90:20:98:d0:73:d9:c4:c2:56:b8:d9:7b:
                    8b:a6:42:1d:df:c2:8d:e7:a1:5f:86:c4:8f:81:c5:
                    f2:4e:48:fc:19:12:1f:27:a0:b8:28:9d:18:71:a7:
                    25:5c:e2:af:79:87:30:29:ac:24:b7:87:de:74:e1:
                    ed:51:5e:fd:25:86:02:3c:ed:a4:46:d9:2a:b5:59:
                    d7:2b:ad:9a:1d:4e:07:76:e0:96:49:a9:f0:da:13:
                    27:91:5d:66:a1:66:b3:00:55:5c:b4:39:69:bf:fd:
                    9d:9e:c7:ce:62:fa:3a:9f:db:f4:b8:9e:eb:fa:3c:
                    c3:ba:82:b4:ea:16:64:9c:74:17:a9:ef:09:43:ab:
                    9b:df:15:2c:89:01:3d:9e:e1:3d:ab:dc:19:ab:29:
                    1a:0c:e7:ed:e7:d6:58:04:68:4a:34:74:58:0a:a9:
                    28:c4:d7:14:80:f9:fe:be:52:e9:06:6e:67:a8:42:
                    1b:9a:30:c6:b9:24:ed:29:3a:00:5e:19:ef:f9:a7:
                    cf:a8:47:0d:a3:01:aa:8a:73:9f:c8:5c:40:d4:a6:
                    ce:30:4d:7c:f1:3e:42:bb:d3:ef:b1:34:fa:30:54:
                    22:e9:b3:85:33:2b:22:20:c4:c2:8a:66:48:36:71:
                    65:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:E1:1E:E2:D0:AF:A6:FF:53:5E:88:15:9F:32:AE:CA:4E:04:91:50
            X509v3 Authority Key Identifier:
                keyid:74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/1-uEe4tCvpv9TXogVnzKuyk4EkVA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.22.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:dc:73:83:67:8e:77:83:fc:9c:4d:f9:d3:64:0c:ea:04:71:
         06:55:0d:be:e4:80:7a:c5:12:d6:4b:2b:a9:d4:e2:5c:57:d2:
         fc:66:ae:57:de:7b:f8:1c:0b:4e:2a:de:ca:d8:01:f2:05:54:
         d1:f4:df:f5:30:fd:a5:c3:90:58:a3:8c:56:7c:a8:b9:3e:ba:
         3d:14:6e:89:ba:23:63:fa:49:c3:4b:98:16:d2:9e:ef:9f:ea:
         cc:ab:3f:37:2f:98:f1:77:b8:25:37:11:c0:44:d4:f5:5a:bd:
         27:ce:7a:c0:f8:1a:28:65:e3:49:1e:9f:97:8d:87:4c:f5:5b:
         37:60:e1:d7:b5:2f:67:68:e2:d4:24:6e:ad:da:09:48:18:af:
         49:b2:cf:1f:ef:da:04:03:08:29:58:c8:f6:04:b3:0f:75:72:
         20:53:38:95:26:79:9c:99:5b:7d:9e:2d:9d:7d:9b:7f:82:94:
         47:bc:bf:de:03:a4:d1:ef:92:8a:fe:19:48:c9:1e:b6:73:ce:
         2a:23:e6:2f:11:d5:7f:20:5f:a9:b8:42:2d:21:ff:bd:02:51:
         28:7c:8a:2b:80:37:f3:1c:a7:0a:5c:33:5c:b0:d0:41:83:5c:
         63:c7:7a:47:e5:e5:7d:a9:b8:84:ec:e9:27:fd:60:8c:88:31:
         bf:ea:65:73
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzF3L9wPMFx7fR88mxXRln1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NjM2NTM1NWI2NjU1NjRhMjEwYzM1OGM2OGEwMTE3Yjdm
YmViOWEwHhcNMjQwMTAxMTYzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWUxMWVlMmQwYWZhNmZmNTM1ZTg4MTU5ZjMyYWVjYTRlMDQ5MTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsDFFg4D+BRYJumEUcnT8SoeQIJjQ
c9nEwla42XuLpkId38KN56FfhsSPgcXyTkj8GRIfJ6C4KJ0YcaclXOKveYcwKawk
t4fedOHtUV79JYYCPO2kRtkqtVnXK62aHU4HduCWSanw2hMnkV1moWazAFVctDlp
v/2dnsfOYvo6n9v0uJ7r+jzDuoK06hZknHQXqe8JQ6ub3xUsiQE9nuE9q9wZqyka
DOft59ZYBGhKNHRYCqkoxNcUgPn+vlLpBm5nqEIbmjDGuSTtKToAXhnv+afPqEcN
owGqinOfyFxA1KbOME188T5Cu9PvsTT6MFQi6bOFMysiIMTCimZINnFlvQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPrhHuLQr6b/U16IFZ8yrspOBJFQMB8GA1UdIwQY
MBaAFHRjZTVbZlVkohDDWMaKARe3++uaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGIt
NmE0ZWNhZjhiM2IxLzEvMS11RWU0dEN2cHY5VFhvZ1Zuekt1eWs0RWtWQS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjIvYWVhMzZkLWJhYmYtNDQ3NC1hNzhiLTZhNGVjYWY4YjNi
MS8xL2RHTmxOVnRtVldTaUVNTll4b29CRjdmNzY1by5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANQWRTAN
BgkqhkiG9w0BAQsFAAOCAQEAXdxzg2eOd4P8nE3502QM6gRxBlUNvuSAesUS1ksr
qdTiXFfS/GauV957+BwLTireytgB8gVU0fTf9TD9pcOQWKOMVnyouT66PRRuiboj
Y/pJw0uYFtKe75/qzKs/Ny+Y8Xe4JTcRwETU9Vq9J856wPgaKGXjSR6fl42HTPVb
N2Dh17UvZ2ji1CRurdoJSBivSbLPH+/aBAMIKVjI9gSzD3VyIFM4lSZ5nJlbfZ4t
nX2bf4KUR7y/3gOk0e+Siv4ZSMketnPOKiPmLxHVfyBfqbhCLSH/vQJRKHyKK4A3
8xynClwzXLDQQYNcY8d6R+Xlfam4hOzpJ/1gjIgxv+plcw==
-----END CERTIFICATE-----