Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/2i3Z2ACT7M_WWSf53-lPfSrwUDM.roa
File:                     2i3Z2ACT7M_WWSf53-lPfSrwUDM.roa (raw, json)
Hash identifier:          ZlylH1hwthKXcetf3bfouFAQcLopcrliv0+0nJJJCwc=
Subject key identifier:   DA:2D:D9:D8:00:93:EC:CF:D6:59:27:F9:DF:E9:4F:7D:2A:F0:50:33
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       01973228B4FACD98B889ECAFEB8B1EE2E647
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/2i3Z2ACT7M_WWSf53-lPfSrwUDM.roa
Signing time:             Mon 02 Jun 2025 19:40:17 +0000
ROA not before:           Mon 02 Jun 2025 19:40:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400529
IP address blocks:        45.8.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 16:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:32:28:b4:fa:cd:98:b8:89:ec:af:eb:8b:1e:e2:e6:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jun  2 19:40:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=da2dd9d80093eccfd65927f9dfe94f7d2af05033
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:02:e0:49:68:44:27:5e:91:f4:2f:b3:24:b3:
                    00:d0:41:ee:6d:b4:b4:bc:d8:54:6a:1e:f5:0a:56:
                    46:50:18:4f:ad:58:b3:5a:eb:5a:f8:2e:ed:da:4d:
                    63:e7:6b:72:38:aa:ee:ed:d7:ed:63:94:86:56:d8:
                    88:bb:25:a0:e0:78:10:94:9b:ba:0d:ff:b5:dc:8a:
                    78:9d:94:15:30:ad:a3:ed:33:63:76:68:27:b3:e7:
                    43:e8:58:6d:e1:af:99:31:bc:fe:f9:83:7d:a4:ea:
                    a4:56:c2:b0:84:d5:98:92:c8:a8:a1:ad:4b:e8:81:
                    91:32:58:4b:85:00:a4:7e:1b:52:fd:39:67:41:2a:
                    3d:b7:19:d0:f3:db:b3:45:81:5f:d5:0c:7d:67:bc:
                    b2:a4:6e:9d:69:2f:58:31:78:19:b9:f3:f4:3f:7e:
                    ce:a5:5d:eb:85:1f:54:19:34:2c:d5:dc:48:3e:29:
                    b5:0b:fb:93:20:4b:ef:8d:91:f2:eb:32:21:2e:e9:
                    c3:d0:e5:e8:ce:e1:48:e8:30:e3:c1:e7:c1:cc:28:
                    d5:14:3c:27:ea:7f:bc:a7:e1:e8:d9:db:63:4b:9f:
                    55:af:b1:5c:24:bb:94:f4:e4:4e:4c:94:cf:5c:af:
                    57:39:4f:73:8a:ea:43:45:19:72:d8:18:a7:e7:c0:
                    43:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:2D:D9:D8:00:93:EC:CF:D6:59:27:F9:DF:E9:4F:7D:2A:F0:50:33
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/2i3Z2ACT7M_WWSf53-lPfSrwUDM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:20:d8:ef:0e:42:68:6f:b3:5b:65:48:a3:d7:6d:01:68:85:
         8c:54:ca:37:05:34:69:06:29:81:04:14:70:2d:f7:cf:50:78:
         86:96:34:97:ce:1b:3a:10:d3:a2:b0:8f:b7:f5:88:9c:fe:f3:
         8e:c9:1f:5e:70:ff:80:2e:02:e3:6a:2d:2e:30:3c:fc:52:c6:
         dd:be:f0:4c:cb:5a:d9:eb:4d:72:88:92:54:70:e8:9d:76:a7:
         03:b4:a5:64:72:97:ba:92:8f:a1:1c:ce:47:e0:96:0c:de:31:
         03:e0:11:2c:ac:f2:77:0e:34:de:2e:79:52:fd:66:25:0c:04:
         ae:a4:be:8a:46:a0:31:e6:85:3d:92:71:ad:f0:f5:26:d4:0a:
         37:22:c8:c9:56:86:86:90:31:45:eb:c6:50:63:b4:7e:ab:d3:
         d1:83:20:30:7b:ed:8c:9f:bd:7d:df:cb:44:6a:72:15:42:2b:
         fe:d9:ce:e7:21:92:a1:f2:6e:9b:24:65:aa:bb:46:93:50:79:
         19:f7:b6:74:41:36:23:70:bd:53:37:18:a8:1b:e4:51:c6:c6:
         32:a4:20:16:b6:dc:f6:c1:f9:c6:05:1d:01:fb:a7:07:7b:c9:
         ea:a4:37:f4:9a:0d:a4:55:3e:b9:89:72:a6:a4:e9:1c:aa:11:
         a7:cf:26:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcyKLT6zZi4ieyv64se4uZHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjUwNjAyMTk0MDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTJkZDlkODAwOTNlY2NmZDY1OTI3ZjlkZmU5NGY3ZDJhZjA1MDMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqwLgSWhEJ16R9C+zJLMA0EHubbS0
vNhUah71ClZGUBhPrVizWuta+C7t2k1j52tyOKru7dftY5SGVtiIuyWg4HgQlJu6
Df+13Ip4nZQVMK2j7TNjdmgns+dD6Fht4a+ZMbz++YN9pOqkVsKwhNWYksiooa1L
6IGRMlhLhQCkfhtS/TlnQSo9txnQ89uzRYFf1Qx9Z7yypG6daS9YMXgZufP0P37O
pV3rhR9UGTQs1dxIPim1C/uTIEvvjZHy6zIhLunD0OXozuFI6DDjwefBzCjVFDwn
6n+8p+Ho2dtjS59Vr7FcJLuU9OROTJTPXK9XOU9ziupDRRly2Bin58BDtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNot2dgAk+zP1lkn+d/pT30q8FAzMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvMmkzWjJBQ1Q3TV9XV1NmNTMtbFBmU3J3VURNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQjJMA0G
CSqGSIb3DQEBCwUAA4IBAQAfINjvDkJob7NbZUij120BaIWMVMo3BTRpBimBBBRw
LffPUHiGljSXzhs6ENOisI+39Yic/vOOyR9ecP+ALgLjai0uMDz8UsbdvvBMy1rZ
601yiJJUcOiddqcDtKVkcpe6ko+hHM5H4JYM3jED4BEsrPJ3DjTeLnlS/WYlDASu
pL6KRqAx5oU9knGt8PUm1Ao3IsjJVoaGkDFF68ZQY7R+q9PRgyAwe+2Mn71938tE
anIVQiv+2c7nIZKh8m6bJGWqu0aTUHkZ97Z0QTYjcL1TNxioG+RRxsYypCAWttz2
wfnGBR0B+6cHe8nqpDf0mg2kVT65iXKmpOkcqhGnzybR
-----END CERTIFICATE-----