Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/Y81fJoWgWovg7DEd79ICrz0gWuo.roa
File:                     Y81fJoWgWovg7DEd79ICrz0gWuo.roa (raw, json)
Hash identifier:          9Ouac1AZGRjwugaHm2lHTMUN7KE2XNy9dvBbbaIqeQM=
Subject key identifier:   63:CD:5F:26:85:A0:5A:8B:E0:EC:31:1D:EF:D2:02:AF:3D:20:5A:EA
Certificate issuer:       /CN=746365355b665564a210c358c68a0117b7fbeb9a
Certificate serial:       018CC5DCC1F2FA57A558EFAACC6CC858CB0C
Authority key identifier: 74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/Y81fJoWgWovg7DEd79ICrz0gWuo.roa
Signing time:             Mon 01 Jan 2024 16:30:28 +0000
ROA not before:           Mon 01 Jan 2024 16:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200733
IP address blocks:        212.22.90.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:c1:f2:fa:57:a5:58:ef:aa:cc:6c:c8:58:cb:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746365355b665564a210c358c68a0117b7fbeb9a
        Validity
            Not Before: Jan  1 16:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63cd5f2685a05a8be0ec311defd202af3d205aea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:0d:36:b0:25:4b:0d:76:f6:7d:04:f0:0c:cd:
                    af:d2:2e:d0:0a:72:18:1e:ec:dd:12:1d:9a:84:59:
                    15:31:6d:b4:4b:ec:b6:b2:bd:f9:27:48:26:cf:1e:
                    ec:d2:aa:52:b9:a9:f4:63:6d:46:72:7e:7b:c3:42:
                    df:7e:94:a6:96:b2:dd:b5:f4:ae:ae:fa:d7:be:89:
                    51:9f:d2:c9:2c:22:31:93:d6:95:b3:90:e8:b0:ac:
                    14:0d:7d:67:cb:63:06:d6:0b:24:16:74:35:38:fa:
                    3d:bc:d4:59:ff:01:b1:0a:c2:a5:1c:72:1d:b9:35:
                    f7:25:3c:31:43:7d:fa:20:3d:7f:22:19:57:c9:61:
                    b8:03:38:cd:85:a1:c6:a7:4a:1f:ba:a6:60:c9:1a:
                    d6:da:90:bb:4c:b2:f2:6c:b3:7a:ed:de:18:3f:1b:
                    11:61:9f:83:84:51:1d:a0:be:26:69:96:4f:1c:67:
                    fd:08:ce:a5:1b:10:a4:99:70:c9:d7:b9:da:3c:c3:
                    36:d1:33:97:aa:2b:4d:7c:67:af:4d:4d:60:1e:a9:
                    3e:96:b1:12:7f:37:69:e1:93:96:6b:8b:f5:af:98:
                    9a:55:80:fc:77:08:19:07:86:d6:2b:b3:ac:37:0d:
                    2a:89:3b:36:18:c5:89:ce:2d:7b:3b:6e:95:70:85:
                    64:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:CD:5F:26:85:A0:5A:8B:E0:EC:31:1D:EF:D2:02:AF:3D:20:5A:EA
            X509v3 Authority Key Identifier:
                keyid:74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/Y81fJoWgWovg7DEd79ICrz0gWuo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.22.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:58:26:1c:33:10:c9:33:34:55:18:93:bb:2c:70:83:92:05:
         fe:8a:f0:88:e5:44:40:65:73:36:2e:29:e2:4d:09:6f:e6:f4:
         e2:ae:f3:15:5f:ed:7f:15:53:bf:f3:b9:e3:84:65:db:b5:f9:
         2c:fb:75:48:42:c4:fe:30:21:10:e3:b3:a4:a8:d6:2d:ac:42:
         3a:23:72:a4:77:be:a7:a1:52:d7:4f:f9:2d:2a:c4:af:0d:19:
         98:1a:c6:bf:b1:ea:39:48:56:e9:05:84:a2:b8:bd:1c:a7:12:
         9c:b9:81:be:cc:bd:85:fd:a4:8f:9b:1f:4c:4c:3d:b2:8d:b2:
         c3:86:26:b7:c5:49:80:ba:ef:de:c9:77:61:33:38:ed:6e:9d:
         55:38:3c:52:81:00:4f:e3:18:fe:37:94:fa:67:1c:ea:89:60:
         a0:07:42:ca:06:5f:db:24:02:5a:b5:65:c2:c8:f6:6a:a4:93:
         b4:0e:22:ba:21:55:1d:d3:9a:08:d8:35:b0:52:b7:7e:bf:43:
         85:97:46:63:1b:9e:6e:06:0a:6b:16:ce:8b:23:70:df:74:df:
         af:64:cf:2b:40:a7:d5:c9:30:1a:d6:50:5b:ed:cb:7e:ed:d4:
         e9:3b:5b:23:e1:a4:87:57:e2:3c:90:b7:74:36:b5:65:27:92:
         60:63:6c:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3MHy+lelWO+qzGzIWMsMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NjM2NTM1NWI2NjU1NjRhMjEwYzM1OGM2OGEwMTE3Yjdm
YmViOWEwHhcNMjQwMTAxMTYzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2NkNWYyNjg1YTA1YThiZTBlYzMxMWRlZmQyMDJhZjNkMjA1YWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQ02sCVLDXb2fQTwDM2v0i7QCnIY
HuzdEh2ahFkVMW20S+y2sr35J0gmzx7s0qpSuan0Y21Gcn57w0LffpSmlrLdtfSu
rvrXvolRn9LJLCIxk9aVs5DosKwUDX1ny2MG1gskFnQ1OPo9vNRZ/wGxCsKlHHId
uTX3JTwxQ336ID1/IhlXyWG4AzjNhaHGp0ofuqZgyRrW2pC7TLLybLN67d4YPxsR
YZ+DhFEdoL4maZZPHGf9CM6lGxCkmXDJ17naPMM20TOXqitNfGevTU1gHqk+lrES
fzdp4ZOWa4v1r5iaVYD8dwgZB4bWK7OsNw0qiTs2GMWJzi17O26VcIVk0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGPNXyaFoFqL4OwxHe/SAq89IFrqMB8GA1UdIwQY
MBaAFHRjZTVbZlVkohDDWMaKARe3++uaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGIt
NmE0ZWNhZjhiM2IxLzEvWTgxZkpvV2dXb3ZnN0RFZDc5SUNyejBnV3VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGItNmE0ZWNhZjhiM2Ix
LzEvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1BZaMA0G
CSqGSIb3DQEBCwUAA4IBAQAwWCYcMxDJMzRVGJO7LHCDkgX+ivCI5URAZXM2Lini
TQlv5vTirvMVX+1/FVO/87njhGXbtfks+3VIQsT+MCEQ47OkqNYtrEI6I3Kkd76n
oVLXT/ktKsSvDRmYGsa/seo5SFbpBYSiuL0cpxKcuYG+zL2F/aSPmx9MTD2yjbLD
hia3xUmAuu/eyXdhMzjtbp1VODxSgQBP4xj+N5T6ZxzqiWCgB0LKBl/bJAJatWXC
yPZqpJO0DiK6IVUd05oI2DWwUrd+v0OFl0ZjG55uBgprFs6LI3DfdN+vZM8rQKfV
yTAa1lBb7ct+7dTpO1sj4aSHV+I8kLd0NrVlJ5JgY2w8
-----END CERTIFICATE-----