Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/1-4E2CNSQm_25rq_4ftzW2uSjVN8.roa
File:                     1-4E2CNSQm_25rq_4ftzW2uSjVN8.roa (raw, json)
Hash identifier:          6QQ6fLNXAZJHn1jjRQUSxvBlpOq8ZKJChCV24SEnvSc=
Subject key identifier:   FB:81:36:08:D4:90:9B:FD:B9:AE:AF:F8:7E:DC:D6:DA:E4:A3:54:DF
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       018CC8DE8EDFAA4D8699A94A4E6819602CB6
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/1-4E2CNSQm_25rq_4ftzW2uSjVN8.roa
Signing time:             Tue 02 Jan 2024 06:31:17 +0000
ROA not before:           Tue 02 Jan 2024 06:31:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205361
IP address blocks:        45.8.200.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:8e:df:aa:4d:86:99:a9:4a:4e:68:19:60:2c:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan  2 06:31:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fb813608d4909bfdb9aeaff87edcd6dae4a354df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:8e:27:5d:a2:28:60:bb:4d:d1:2e:2c:7a:18:
                    22:5e:c2:57:8c:ab:24:0b:c1:b2:ff:94:1a:c4:41:
                    c5:e2:7d:41:7e:34:b3:11:6d:cc:c0:07:df:06:2f:
                    b0:ac:fd:8a:e8:60:72:66:bc:26:c8:1e:68:56:b5:
                    6b:44:8c:2d:29:da:af:b6:fc:ec:a6:48:1f:f4:c2:
                    40:e8:f0:aa:01:04:32:f4:03:9d:5f:18:c2:bf:ba:
                    0e:bc:87:d1:07:23:b7:ae:30:e5:65:09:ee:c9:b0:
                    89:20:9b:4a:56:ab:ac:20:a7:6d:91:f6:83:4a:41:
                    30:8a:51:40:91:da:e2:08:8e:88:14:7a:04:d8:9a:
                    69:4d:fa:c9:d9:80:21:95:c1:c6:e4:df:de:d4:ee:
                    01:0e:5e:a0:f0:2e:25:8e:45:e1:fd:73:ab:4e:6b:
                    3b:6d:bc:64:9d:d3:20:63:76:42:07:0b:1f:7e:29:
                    7a:cd:18:9d:e5:90:3f:bd:63:34:f7:5e:69:94:8a:
                    88:06:25:17:5e:1a:1f:13:d1:bb:bd:d7:6f:e3:27:
                    4e:25:dc:29:e5:cc:d4:27:fc:ac:48:fd:a2:eb:ac:
                    60:ed:11:14:29:c1:3f:ba:89:a3:6b:88:82:6f:2a:
                    17:80:dc:71:d5:c4:ba:f7:af:85:a3:43:4a:71:32:
                    df:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:81:36:08:D4:90:9B:FD:B9:AE:AF:F8:7E:DC:D6:DA:E4:A3:54:DF
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/1-4E2CNSQm_25rq_4ftzW2uSjVN8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:e8:5e:4b:08:47:7c:a4:10:de:2a:11:99:48:2b:6d:66:ce:
         02:7f:d6:90:df:7d:8a:2a:4a:d5:fd:4e:5e:2b:60:21:1c:68:
         e4:1d:d9:7e:f5:69:c0:02:bc:0d:9b:60:92:d3:e8:5e:db:77:
         e6:6c:8a:b2:c3:78:7f:7c:7b:eb:ec:2d:2d:45:4b:da:79:c2:
         73:24:a8:c2:76:72:6e:18:df:1f:95:44:aa:d3:60:f0:59:7f:
         ba:67:ea:b5:3b:41:0a:90:a6:b1:30:64:a5:2d:54:df:34:a9:
         0e:d9:12:45:5f:30:bd:e1:30:65:3f:30:04:f3:ee:44:b4:3a:
         00:20:10:72:82:ed:f2:7e:1e:34:57:b0:b4:38:e8:af:a9:2c:
         60:5d:44:10:df:6b:f7:b3:99:83:a8:16:42:2e:f5:7e:31:9b:
         1c:5c:62:27:80:53:3f:af:69:25:af:b5:0a:56:45:1c:ed:06:
         62:6c:9b:94:86:18:4a:7f:ca:82:45:be:8b:05:c9:0b:8c:c1:
         98:c0:a8:18:7e:8a:8b:74:2e:65:bb:f9:05:6c:d3:0b:87:d7:
         f3:dd:b1:94:66:ac:fa:05:83:95:2b:0a:8b:f8:e0:46:85:ef:
         f2:6b:5a:f1:b1:ec:a5:5f:30:72:6c:53:a6:53:6a:8a:ed:6c:
         47:ec:71:38
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzI3o7fqk2GmalKTmgZYCy2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjQwMTAyMDYzMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjgxMzYwOGQ0OTA5YmZkYjlhZWFmZjg3ZWRjZDZkYWU0YTM1NGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxY4nXaIoYLtN0S4sehgiXsJXjKsk
C8Gy/5QaxEHF4n1BfjSzEW3MwAffBi+wrP2K6GByZrwmyB5oVrVrRIwtKdqvtvzs
pkgf9MJA6PCqAQQy9AOdXxjCv7oOvIfRByO3rjDlZQnuybCJIJtKVqusIKdtkfaD
SkEwilFAkdriCI6IFHoE2JppTfrJ2YAhlcHG5N/e1O4BDl6g8C4ljkXh/XOrTms7
bbxkndMgY3ZCBwsffil6zRid5ZA/vWM0915plIqIBiUXXhofE9G7vddv4ydOJdwp
5czUJ/ysSP2i66xg7REUKcE/uomja4iCbyoXgNxx1cS696+Fo0NKcTLfuQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPuBNgjUkJv9ua6v+H7c1trko1TfMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvMS00RTJDTlNRbV8yNXJxXzRmdHpXMnVTalZOOC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYjIvNzA0MDcxLThkYzAtNGVkNi05NDU3LWU4NjEyMWM1OTRk
Zi8xL1l2MjJkbFRmWVlUbjFneEJVT3FWTThMUGx3US5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0IyDAN
BgkqhkiG9w0BAQsFAAOCAQEAH+heSwhHfKQQ3ioRmUgrbWbOAn/WkN99iipK1f1O
XitgIRxo5B3ZfvVpwAK8DZtgktPoXtt35myKssN4f3x76+wtLUVL2nnCcySownZy
bhjfH5VEqtNg8Fl/umfqtTtBCpCmsTBkpS1U3zSpDtkSRV8wveEwZT8wBPPuRLQ6
ACAQcoLt8n4eNFewtDjor6ksYF1EEN9r97OZg6gWQi71fjGbHFxiJ4BTP69pJa+1
ClZFHO0GYmyblIYYSn/KgkW+iwXJC4zBmMCoGH6Ki3QuZbv5BWzTC4fX892xlGas
+gWDlSsKi/jgRoXv8mta8bHspV8wcmxTplNqiu1sR+xxOA==
-----END CERTIFICATE-----