Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/5e9gPytjOPx1XW3-Md1-i-f0ZWI.roa
File:                     5e9gPytjOPx1XW3-Md1-i-f0ZWI.roa (raw, json)
Hash identifier:          tyQ//BNf4OXSq1Y3LWDwEiVwNA9gKpZBPGornCQPRDw=
Subject key identifier:   E5:EF:60:3F:2B:63:38:FC:75:5D:6D:FE:31:DD:7E:8B:E7:F4:65:62
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       018F4D9E15CBD8738689FB693A8A3DC438AD
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/5e9gPytjOPx1XW3-Md1-i-f0ZWI.roa
Signing time:             Mon 06 May 2024 11:15:56 +0000
ROA not before:           Mon 06 May 2024 11:15:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48357
IP address blocks:        45.89.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:4d:9e:15:cb:d8:73:86:89:fb:69:3a:8a:3d:c4:38:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: May  6 11:15:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e5ef603f2b6338fc755d6dfe31dd7e8be7f46562
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:eb:e6:e3:23:cf:2f:14:7a:2e:85:9c:cb:ee:
                    3b:e5:86:04:88:b0:0b:8a:55:0c:d9:4c:1d:a5:62:
                    50:f4:81:7d:07:24:0a:14:94:6f:38:39:16:cd:7f:
                    2a:c6:67:69:e0:a2:9e:a7:31:3c:01:7a:e4:11:5f:
                    5c:0b:4d:5a:25:a7:d4:ef:5b:72:19:26:95:55:48:
                    3a:d0:0a:1f:51:e5:df:0b:e8:48:58:08:56:75:0b:
                    c4:8c:6c:26:78:ad:f6:d1:10:25:92:5d:90:21:69:
                    ba:fe:19:29:a8:ff:8f:f0:e6:a1:81:d2:7e:bb:fd:
                    99:4c:0e:15:45:af:c9:13:36:d5:8f:f7:ac:99:f7:
                    3c:76:4d:1c:78:b9:2d:95:84:2b:06:1c:39:dc:d1:
                    1f:a9:4e:c1:42:29:3f:9a:73:d4:47:9c:ee:c6:53:
                    a7:94:30:9c:d7:ae:c3:e2:14:01:7c:e6:fc:44:b0:
                    d0:22:5d:c7:96:1f:59:7b:31:40:a6:b9:05:0c:5d:
                    e1:05:a1:7d:b7:88:43:ca:59:99:c0:a0:d8:eb:43:
                    fe:e7:93:9c:b0:1f:56:e5:a6:8d:a7:00:b1:24:46:
                    29:e1:a4:de:2b:99:e1:e3:17:ed:94:6d:e3:e8:d4:
                    9b:87:6d:e3:5b:ea:c0:e9:48:70:1d:1e:36:26:b4:
                    a4:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:EF:60:3F:2B:63:38:FC:75:5D:6D:FE:31:DD:7E:8B:E7:F4:65:62
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/5e9gPytjOPx1XW3-Md1-i-f0ZWI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:97:12:c9:fa:33:8c:b9:e4:bb:ff:37:91:f7:b9:37:39:95:
         97:7e:f2:d0:96:08:b6:83:60:f7:47:7d:b0:ae:c7:c4:c8:80:
         c4:71:30:04:0e:f6:fa:a4:78:ef:a3:94:86:0e:04:ee:2e:df:
         c3:c2:df:07:6e:e8:b1:a5:db:b7:30:b5:f4:f1:a3:9e:c7:67:
         7f:5f:2b:49:fd:59:0d:ad:c3:b5:b8:3c:82:08:2d:38:56:af:
         cc:a4:09:a8:47:7b:f9:65:53:ef:c3:d7:f4:7c:28:a0:3e:85:
         e6:55:bb:a5:bc:02:2f:d8:57:0d:d0:39:54:0a:72:27:54:6a:
         cd:5f:11:22:7b:95:a6:57:d9:97:c2:52:b4:98:36:5b:ac:17:
         83:aa:9f:2a:41:c7:0c:53:99:1c:92:2a:4e:36:bf:99:c3:15:
         22:bf:33:d1:29:4d:29:f9:20:f9:63:4d:f5:35:7f:d3:34:b2:
         70:53:d6:bc:b6:f6:b2:0b:b2:55:55:2b:d9:66:76:b8:62:57:
         d6:38:7a:a0:b5:d3:3d:9f:1d:bb:8c:34:45:46:3a:81:c2:94:
         1e:8f:e5:11:3e:2f:02:6b:3e:47:72:77:ef:d5:3f:db:24:38:
         cc:e6:ce:0b:a8:a3:6a:27:ed:e7:18:2b:ef:7f:95:f8:16:3a:
         bf:3b:f4:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9NnhXL2HOGiftpOoo9xDitMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjQwNTA2MTExNTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWVmNjAzZjJiNjMzOGZjNzU1ZDZkZmUzMWRkN2U4YmU3ZjQ2NTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyOvm4yPPLxR6LoWcy+475YYEiLAL
ilUM2UwdpWJQ9IF9ByQKFJRvODkWzX8qxmdp4KKepzE8AXrkEV9cC01aJafU71ty
GSaVVUg60AofUeXfC+hIWAhWdQvEjGwmeK320RAlkl2QIWm6/hkpqP+P8OahgdJ+
u/2ZTA4VRa/JEzbVj/esmfc8dk0ceLktlYQrBhw53NEfqU7BQik/mnPUR5zuxlOn
lDCc167D4hQBfOb8RLDQIl3Hlh9ZezFAprkFDF3hBaF9t4hDylmZwKDY60P+55Oc
sB9W5aaNpwCxJEYp4aTeK5nh4xftlG3j6NSbh23jW+rA6UhwHR42JrSktQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOXvYD8rYzj8dV1t/jHdfovn9GViMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvNWU5Z1B5dGpPUHgxWFczLU1kMS1pLWYwWldJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVlhMA0G
CSqGSIb3DQEBCwUAA4IBAQAolxLJ+jOMueS7/zeR97k3OZWXfvLQlgi2g2D3R32w
rsfEyIDEcTAEDvb6pHjvo5SGDgTuLt/Dwt8Hbuixpdu3MLX08aOex2d/XytJ/VkN
rcO1uDyCCC04Vq/MpAmoR3v5ZVPvw9f0fCigPoXmVbulvAIv2FcN0DlUCnInVGrN
XxEie5WmV9mXwlK0mDZbrBeDqp8qQccMU5kckipONr+ZwxUivzPRKU0p+SD5Y031
NX/TNLJwU9a8tvayC7JVVSvZZna4YlfWOHqgtdM9nx27jDRFRjqBwpQej+URPi8C
az5Hcnfv1T/bJDjM5s4LqKNqJ+3nGCvvf5X4Fjq/O/TL
-----END CERTIFICATE-----