Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/UptdswgTat8pKqfJn68y_n5rCpM.roa
File:                     UptdswgTat8pKqfJn68y_n5rCpM.roa (raw, json)
Hash identifier:          4RkFloFtwspeT5eVIuY0TYJl11PA5NcqByYwWxyt9pk=
Subject key identifier:   52:9B:5D:B3:08:13:6A:DF:29:2A:A7:C9:9F:AF:32:FE:7E:6B:0A:93
Certificate issuer:       /CN=6c03a2caf298019fbd668621516c8c6e1d10e83c
Certificate serial:       018CC6B8F02EB77DE6A986258483DAB5BE03
Authority key identifier: 6C:03:A2:CA:F2:98:01:9F:BD:66:86:21:51:6C:8C:6E:1D:10:E8:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/UptdswgTat8pKqfJn68y_n5rCpM.roa
Signing time:             Mon 01 Jan 2024 20:30:58 +0000
ROA not before:           Mon 01 Jan 2024 20:30:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6718
IP address blocks:        45.250.64.0/22 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:f0:2e:b7:7d:e6:a9:86:25:84:83:da:b5:be:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c03a2caf298019fbd668621516c8c6e1d10e83c
        Validity
            Not Before: Jan  1 20:30:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=529b5db308136adf292aa7c99faf32fe7e6b0a93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:2b:8f:dd:39:f2:c2:25:d3:e3:91:48:8a:f5:
                    17:8e:cb:1a:e7:10:38:88:37:1c:9a:3d:c2:51:ac:
                    61:20:d7:32:3f:2c:d1:86:fc:9e:98:03:8d:57:c7:
                    96:a5:d0:d4:c2:c0:24:0e:67:53:51:8f:4f:2f:35:
                    9c:f7:76:c3:a0:f5:ab:47:e2:c6:c7:8b:11:0b:8c:
                    56:9d:ea:47:41:d4:26:1c:ed:cf:81:a8:d9:8e:b1:
                    b5:62:63:77:38:f6:ac:80:57:13:4c:9f:2b:25:c9:
                    e2:66:29:0d:9a:b1:5b:6f:ce:02:3a:60:b3:6f:61:
                    7d:d7:1d:e4:f5:53:d1:5d:3a:03:2e:d0:9c:1a:a4:
                    2a:6a:51:3a:23:30:eb:b8:3b:75:b1:0a:18:d1:97:
                    e3:02:df:87:e3:c7:5c:7b:da:1d:3d:85:c0:7a:fe:
                    03:d3:a8:1c:b5:cb:ac:d0:52:bd:32:e0:a5:8a:4c:
                    79:2e:2f:52:08:ec:0e:e5:d1:5c:7c:2e:91:15:c2:
                    18:b1:d9:34:9c:ff:ae:08:45:83:75:ad:9a:0a:64:
                    c2:2d:4d:59:89:dd:2b:67:39:44:63:71:60:4f:24:
                    1b:c9:af:99:76:b5:5b:a1:79:eb:d9:f8:c7:fa:f3:
                    1b:17:30:1c:1d:13:40:dc:1b:fc:69:07:54:1a:d1:
                    d0:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:9B:5D:B3:08:13:6A:DF:29:2A:A7:C9:9F:AF:32:FE:7E:6B:0A:93
            X509v3 Authority Key Identifier:
                keyid:6C:03:A2:CA:F2:98:01:9F:BD:66:86:21:51:6C:8C:6E:1D:10:E8:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/UptdswgTat8pKqfJn68y_n5rCpM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.250.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         46:e8:cc:0b:d1:8a:95:8b:50:c0:7e:5b:9c:00:7c:9d:4e:23:
         d1:34:50:fb:cd:07:0f:e3:cd:d1:6d:4b:a7:63:75:b7:46:64:
         92:93:30:ea:bf:8a:3a:04:36:7a:07:54:20:ec:62:8c:5d:46:
         b5:e9:1d:4f:42:9f:3a:75:c4:20:0e:8b:a6:aa:3b:7f:bf:12:
         28:20:66:33:a4:d1:63:8d:8c:08:19:93:4d:71:e9:2e:2a:68:
         e9:d1:cb:eb:ce:0d:98:70:47:7f:1b:6b:85:5d:e1:59:5b:b0:
         88:7b:19:99:1f:25:2c:26:e1:bd:f6:65:9c:fd:00:d3:a2:7d:
         46:82:9e:50:fc:ba:dc:f9:a8:fc:e5:ae:cb:17:97:45:8f:e7:
         e6:92:e9:9b:fe:d3:d6:fe:b8:2a:e1:9b:36:16:0d:d3:e0:31:
         4d:bf:06:c2:8f:b6:17:cf:47:c1:8a:0e:85:ce:b2:93:67:98:
         1b:9c:73:3d:e1:c5:79:27:1a:cb:25:94:d7:cc:7d:d1:34:35:
         f2:6d:f1:42:a0:37:bb:cb:8f:44:64:d4:1d:ff:5d:4f:c3:25:
         57:e2:12:59:78:11:b0:e3:7c:40:77:9b:ed:23:5f:70:85:dd:
         48:78:ae:4b:49:58:ca:59:99:52:31:5c:ea:6c:d1:11:62:25:
         87:6b:bd:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuPAut33mqYYlhIPatb4DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjMDNhMmNhZjI5ODAxOWZiZDY2ODYyMTUxNmM4YzZlMWQx
MGU4M2MwHhcNMjQwMTAxMjAzMDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjliNWRiMzA4MTM2YWRmMjkyYWE3Yzk5ZmFmMzJmZTdlNmIwYTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqyuP3TnywiXT45FIivUXjssa5xA4
iDccmj3CUaxhINcyPyzRhvyemAONV8eWpdDUwsAkDmdTUY9PLzWc93bDoPWrR+LG
x4sRC4xWnepHQdQmHO3PgajZjrG1YmN3OPasgFcTTJ8rJcniZikNmrFbb84COmCz
b2F91x3k9VPRXToDLtCcGqQqalE6IzDruDt1sQoY0ZfjAt+H48dce9odPYXAev4D
06gctcus0FK9MuClikx5Li9SCOwO5dFcfC6RFcIYsdk0nP+uCEWDda2aCmTCLU1Z
id0rZzlEY3FgTyQbya+ZdrVboXnr2fjH+vMbFzAcHRNA3Bv8aQdUGtHQfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFKbXbMIE2rfKSqnyZ+vMv5+awqTMB8GA1UdIwQY
MBaAFGwDosrymAGfvWaGIVFsjG4dEOg8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkFPaXl2S1lBWi05Wm9ZaFVXeU1iaDBRNkR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny8xNmI4ZTQtMTI1My00ZDllLWJkNDkt
ZmMzN2ZiMGNkNDNiLzEvVXB0ZHN3Z1RhdDhwS3FmSm42OHlfbjVyQ3BNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny8xNmI4ZTQtMTI1My00ZDllLWJkNDktZmMzN2ZiMGNkNDNi
LzEvYkFPaXl2S1lBWi05Wm9ZaFVXeU1iaDBRNkR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLfpAMA0G
CSqGSIb3DQEBCwUAA4IBAQBG6MwL0YqVi1DAflucAHydTiPRNFD7zQcP483RbUun
Y3W3RmSSkzDqv4o6BDZ6B1Qg7GKMXUa16R1PQp86dcQgDoumqjt/vxIoIGYzpNFj
jYwIGZNNcekuKmjp0cvrzg2YcEd/G2uFXeFZW7CIexmZHyUsJuG99mWc/QDTon1G
gp5Q/Lrc+aj85a7LF5dFj+fmkumb/tPW/rgq4Zs2Fg3T4DFNvwbCj7YXz0fBig6F
zrKTZ5gbnHM94cV5JxrLJZTXzH3RNDXybfFCoDe7y49EZNQd/11PwyVX4hJZeBGw
43xAd5vtI19whd1IeK5LSVjKWZlSMVzqbNERYiWHa70m
-----END CERTIFICATE-----