Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/atFhyi7gWxV2La5_lU9KIlieNIU.roa
File:                     atFhyi7gWxV2La5_lU9KIlieNIU.roa (raw, json)
Hash identifier:          JEn4qsPWhY9F+xrVjW60O5AHPawjuz+5mrlZBPNXMos=
Subject key identifier:   6A:D1:61:CA:2E:E0:5B:15:76:2D:AE:7F:95:4F:4A:22:58:9E:34:85
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       01930AEF17A08C08E9FC6A78F34B97F25989
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/atFhyi7gWxV2La5_lU9KIlieNIU.roa
Signing time:             Fri 08 Nov 2024 08:41:01 +0000
ROA not before:           Fri 08 Nov 2024 08:41:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     45671
IP address blocks:        170.62.88.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:0a:ef:17:a0:8c:08:e9:fc:6a:78:f3:4b:97:f2:59:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Nov  8 08:41:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ad161ca2ee05b15762dae7f954f4a22589e3485
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:94:a8:a5:af:44:58:6d:55:4c:95:0d:cc:02:
                    79:83:81:4f:a9:96:46:33:4b:f1:8b:a8:e2:09:d1:
                    2a:a0:c2:c6:27:5b:79:9b:a0:5f:a1:12:b3:c0:ac:
                    be:0f:39:a4:c0:5c:25:08:35:1e:01:13:3f:5b:3b:
                    98:55:29:a1:55:d4:b3:8c:5f:6f:bf:bb:b0:30:37:
                    65:46:59:d0:f0:07:00:45:32:f6:9b:28:32:94:c3:
                    13:1f:0d:d5:d9:f0:91:f1:c8:2b:53:d2:0a:a4:0f:
                    28:dd:27:39:da:ec:2f:3f:f2:ed:6b:54:0f:1c:2d:
                    b8:83:22:ea:81:e0:79:e0:50:61:0e:dc:16:fa:15:
                    4a:7f:bc:16:c3:fe:62:05:e2:1d:e1:85:df:87:1d:
                    d0:9b:0c:13:3c:26:92:91:96:39:af:c9:d5:fc:16:
                    bf:00:37:7c:19:33:e6:b3:82:23:c3:f6:bf:d5:7e:
                    87:a0:04:73:56:17:c0:dc:39:17:49:fa:33:97:ca:
                    40:6c:9e:9e:a6:ad:74:c1:62:1c:5f:2b:83:14:36:
                    78:28:c6:74:c9:b4:a9:fd:0d:0f:da:ad:52:9d:9a:
                    40:01:c5:93:3f:c2:e4:aa:57:1b:a7:27:c7:53:98:
                    4c:fa:0e:b6:4f:3b:37:78:d3:93:be:40:6b:be:2e:
                    87:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:D1:61:CA:2E:E0:5B:15:76:2D:AE:7F:95:4F:4A:22:58:9E:34:85
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/atFhyi7gWxV2La5_lU9KIlieNIU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.62.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:55:11:cb:a7:58:fc:b3:fb:e2:32:91:95:34:43:3d:5e:80:
         4a:28:72:25:17:d2:a9:c2:91:5e:99:e1:3a:e0:45:9c:e2:26:
         8d:c2:2a:94:28:fa:15:08:37:62:95:e3:2d:94:e2:55:bc:d9:
         5f:5a:18:b3:60:ef:44:38:e1:f5:61:db:10:70:12:a0:da:bf:
         76:61:7e:48:cb:a6:14:c6:ba:84:d7:07:b0:48:f0:a2:58:4a:
         46:e6:93:92:03:6a:02:0d:78:09:08:f9:ea:2d:41:60:8c:8f:
         e5:db:65:8d:b4:7e:48:6d:0c:0e:03:7e:d0:d5:f9:e2:c8:21:
         18:38:63:83:9a:8b:73:dd:a2:34:67:e9:49:47:26:93:a0:19:
         6d:d1:cc:f5:c2:1c:9c:47:98:a8:cb:74:b7:19:79:00:8b:33:
         b5:4f:4a:20:b4:4d:65:e1:b9:9b:77:c3:94:2a:a8:52:1c:98:
         84:61:8c:20:77:81:13:90:25:a6:7a:3c:20:5d:9e:c8:c7:f2:
         5d:f8:3a:58:5f:72:93:58:92:79:62:e9:b6:44:53:a8:3d:18:
         3b:d8:3a:74:aa:2e:ad:97:77:6f:6c:a8:a1:68:c6:f7:1a:a7:
         23:0f:b0:8a:53:fc:35:17:e5:55:d4:a6:0d:03:16:28:27:1b:
         56:6f:dd:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMK7xegjAjp/Gp480uX8lmJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjQxMTA4MDg0MTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWQxNjFjYTJlZTA1YjE1NzYyZGFlN2Y5NTRmNGEyMjU4OWUzNDg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuZSopa9EWG1VTJUNzAJ5g4FPqZZG
M0vxi6jiCdEqoMLGJ1t5m6BfoRKzwKy+DzmkwFwlCDUeARM/WzuYVSmhVdSzjF9v
v7uwMDdlRlnQ8AcARTL2mygylMMTHw3V2fCR8cgrU9IKpA8o3Sc52uwvP/Lta1QP
HC24gyLqgeB54FBhDtwW+hVKf7wWw/5iBeId4YXfhx3QmwwTPCaSkZY5r8nV/Ba/
ADd8GTPms4Ijw/a/1X6HoARzVhfA3DkXSfozl8pAbJ6epq10wWIcXyuDFDZ4KMZ0
ybSp/Q0P2q1SnZpAAcWTP8LkqlcbpyfHU5hM+g62Tzs3eNOTvkBrvi6HYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGrRYcou4FsVdi2uf5VPSiJYnjSFMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvYXRGaHlpN2dXeFYyTGE1X2xVOUtJbGllTklVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqj5YMA0G
CSqGSIb3DQEBCwUAA4IBAQC1VRHLp1j8s/viMpGVNEM9XoBKKHIlF9KpwpFemeE6
4EWc4iaNwiqUKPoVCDdileMtlOJVvNlfWhizYO9EOOH1YdsQcBKg2r92YX5Iy6YU
xrqE1wewSPCiWEpG5pOSA2oCDXgJCPnqLUFgjI/l22WNtH5IbQwOA37Q1fniyCEY
OGODmotz3aI0Z+lJRyaToBlt0cz1whycR5ioy3S3GXkAizO1T0ogtE1l4bmbd8OU
KqhSHJiEYYwgd4ETkCWmejwgXZ7Ix/Jd+DpYX3KTWJJ5Yum2RFOoPRg72Dp0qi6t
l3dvbKihaMb3GqcjD7CKU/w1F+VV1KYNAxYoJxtWb92j
-----END CERTIFICATE-----