Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/V4QPp2g0f85bf-WXCCSAcSCIAJ4.roa
File:                     V4QPp2g0f85bf-WXCCSAcSCIAJ4.roa (raw, json)
Hash identifier:          CzoTnk7x+x5z46u5kzuuXhbx3BSTsIn+F4UdOQNY2AE=
Subject key identifier:   57:84:0F:A7:68:34:7F:CE:5B:7F:E5:97:08:24:80:71:20:88:00:9E
Certificate issuer:       /CN=746365355b665564a210c358c68a0117b7fbeb9a
Certificate serial:       019227E590BBB609EBFB8DAEFA43D6B1952B
Authority key identifier: 74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/V4QPp2g0f85bf-WXCCSAcSCIAJ4.roa
Signing time:             Wed 25 Sep 2024 06:36:49 +0000
ROA not before:           Wed 25 Sep 2024 06:36:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47256
IP address blocks:        212.22.68.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:27:e5:90:bb:b6:09:eb:fb:8d:ae:fa:43:d6:b1:95:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746365355b665564a210c358c68a0117b7fbeb9a
        Validity
            Not Before: Sep 25 06:36:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=57840fa768347fce5b7fe597082480712088009e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:4b:44:f9:bc:76:5f:60:bb:c8:ab:53:fd:cb:
                    52:5b:a1:f6:9d:98:22:2b:e3:45:81:3c:62:01:02:
                    f6:0a:9f:51:0a:99:c7:6f:16:31:62:42:8c:07:b8:
                    f8:4d:9c:84:91:5d:b9:05:48:f1:05:94:ad:17:40:
                    bd:b5:0e:f8:21:76:08:8b:6e:90:2b:eb:e4:23:58:
                    a9:17:32:f3:cf:15:f3:74:93:ae:38:d2:a5:94:2a:
                    a5:cb:60:33:eb:35:10:67:67:dc:cc:c5:30:a2:79:
                    83:fc:61:99:ea:cc:a6:af:77:7c:c6:33:f8:65:5d:
                    18:6b:ad:5d:86:ba:32:cc:c3:e9:f4:82:46:c6:d4:
                    95:7d:42:41:4a:ed:67:67:5b:cb:1a:e7:32:f5:e0:
                    6b:cb:a5:0b:c3:0c:b2:4f:ab:fc:cd:eb:d4:89:44:
                    61:5e:40:c1:e2:76:b5:c9:77:3f:56:f7:9b:c3:c2:
                    5c:d9:42:1a:2c:98:3c:0f:47:51:42:d4:2b:1a:a0:
                    bb:1f:57:a3:81:87:c4:4d:21:54:dd:69:66:da:8b:
                    14:2b:a5:16:39:6d:b7:27:a3:00:67:4f:db:b0:59:
                    b5:9d:f4:8b:c7:b3:3b:f1:dc:73:62:70:18:57:1e:
                    03:b7:f9:88:0c:4b:26:a7:6c:fb:55:04:75:8d:0d:
                    e8:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:84:0F:A7:68:34:7F:CE:5B:7F:E5:97:08:24:80:71:20:88:00:9E
            X509v3 Authority Key Identifier:
                keyid:74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/V4QPp2g0f85bf-WXCCSAcSCIAJ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.22.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:ed:d7:da:da:0f:d8:1b:41:e6:0d:bf:15:f3:80:c6:5f:16:
         9b:8f:eb:3f:44:4d:be:78:a4:58:8a:d8:24:e7:a5:24:f5:9e:
         48:fb:40:cd:d9:ef:b0:51:b2:8a:fb:ef:0e:01:4a:25:c0:98:
         8c:a1:7a:6e:55:74:3c:5a:61:e7:16:44:c5:b0:ba:b9:68:61:
         aa:c7:a8:21:44:f8:76:36:07:a9:69:c2:40:b7:0c:b4:58:84:
         68:ef:4f:21:bb:cc:ec:15:61:1f:e6:8a:3b:8f:ba:bd:b5:30:
         86:03:d5:05:2d:54:25:1c:0a:50:c4:99:0c:57:d7:47:44:82:
         8f:40:2c:3b:20:15:c1:c5:0b:24:f2:9e:66:c1:27:ab:40:04:
         30:a2:12:95:79:b5:12:ee:63:67:26:5c:1a:2e:6b:66:7b:b3:
         ec:56:98:a7:83:cc:f5:e9:e9:d2:03:44:fb:87:55:de:1c:0d:
         77:2f:4e:7a:0e:4c:c7:a2:75:79:c5:02:53:14:24:00:f0:1e:
         34:f7:eb:9f:c4:93:1b:47:a8:ef:27:88:f6:74:b4:f2:57:57:
         b6:ec:b8:25:cb:da:bf:07:88:1a:c8:be:95:94:e4:cc:48:49:
         e6:d2:15:57:4f:22:e4:5f:ab:2e:5e:9e:1f:67:61:f2:cc:be:
         4c:4c:9f:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIn5ZC7tgnr+42u+kPWsZUrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NjM2NTM1NWI2NjU1NjRhMjEwYzM1OGM2OGEwMTE3Yjdm
YmViOWEwHhcNMjQwOTI1MDYzNjQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Nzg0MGZhNzY4MzQ3ZmNlNWI3ZmU1OTcwODI0ODA3MTIwODgwMDllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuEtE+bx2X2C7yKtT/ctSW6H2nZgi
K+NFgTxiAQL2Cp9RCpnHbxYxYkKMB7j4TZyEkV25BUjxBZStF0C9tQ74IXYIi26Q
K+vkI1ipFzLzzxXzdJOuONKllCqly2Az6zUQZ2fczMUwonmD/GGZ6symr3d8xjP4
ZV0Ya61dhroyzMPp9IJGxtSVfUJBSu1nZ1vLGucy9eBry6ULwwyyT6v8zevUiURh
XkDB4na1yXc/Vvebw8Jc2UIaLJg8D0dRQtQrGqC7H1ejgYfETSFU3Wlm2osUK6UW
OW23J6MAZ0/bsFm1nfSLx7M78dxzYnAYVx4Dt/mIDEsmp2z7VQR1jQ3ogwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFeED6doNH/OW3/llwgkgHEgiACeMB8GA1UdIwQY
MBaAFHRjZTVbZlVkohDDWMaKARe3++uaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGIt
NmE0ZWNhZjhiM2IxLzEvVjRRUHAyZzBmODViZi1XWENDU0FjU0NJQUo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGItNmE0ZWNhZjhiM2Ix
LzEvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1BZEMA0G
CSqGSIb3DQEBCwUAA4IBAQB77dfa2g/YG0HmDb8V84DGXxabj+s/RE2+eKRYitgk
56Uk9Z5I+0DN2e+wUbKK++8OAUolwJiMoXpuVXQ8WmHnFkTFsLq5aGGqx6ghRPh2
NgepacJAtwy0WIRo708hu8zsFWEf5oo7j7q9tTCGA9UFLVQlHApQxJkMV9dHRIKP
QCw7IBXBxQsk8p5mwSerQAQwohKVebUS7mNnJlwaLmtme7PsVping8z16enSA0T7
h1XeHA13L056DkzHonV5xQJTFCQA8B409+ufxJMbR6jvJ4j2dLTyV1e27Lgly9q/
B4gayL6VlOTMSEnm0hVXTyLkX6suXp4fZ2HyzL5MTJ8T
-----END CERTIFICATE-----