Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/AGshgnJH7MLgqzq5K_ITa4w1NQw.roa
File:                     AGshgnJH7MLgqzq5K_ITa4w1NQw.roa (raw, json)
Hash identifier:          4YHhGAMz7b3fvCH/3LWzQ2ba45l3gwWbd/0XamSY2WI=
Subject key identifier:   00:6B:21:82:72:47:EC:C2:E0:AB:3A:B9:2B:F2:13:6B:8C:35:35:0C
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       018CC8DE89875BB12AE2A96653E97E04642F
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/AGshgnJH7MLgqzq5K_ITa4w1NQw.roa
Signing time:             Tue 02 Jan 2024 06:31:16 +0000
ROA not before:           Tue 02 Jan 2024 06:31:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     139989
IP address blocks:        45.8.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:89:87:5b:b1:2a:e2:a9:66:53:e9:7e:04:64:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan  2 06:31:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=006b21827247ecc2e0ab3ab92bf2136b8c35350c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:05:6d:69:85:01:a2:73:9b:78:ed:b3:82:cc:
                    7a:04:ad:c4:12:d9:10:09:bf:19:65:61:b8:c0:73:
                    75:5e:dc:9d:e7:10:75:df:37:26:56:69:d7:5b:75:
                    98:3e:fb:38:e8:ae:0d:1e:e3:08:4e:91:60:53:d7:
                    39:65:fc:ee:cb:23:fb:f6:56:e8:cb:5a:00:eb:b4:
                    1e:bd:b8:b1:42:3f:e0:ee:13:b7:e5:4b:f7:9b:2d:
                    ec:0c:40:98:a3:73:2e:a4:e7:e6:a3:0c:43:be:13:
                    be:66:c3:3e:9f:cd:91:14:f3:29:2d:95:10:23:58:
                    40:99:18:97:36:33:8b:8c:d1:b0:fe:e7:21:10:93:
                    a0:67:5b:1d:9f:73:c0:aa:ff:ab:2c:bb:9b:e0:81:
                    64:b0:48:af:a9:50:9a:44:18:0e:0d:e3:77:81:86:
                    45:57:7b:0a:96:00:5b:59:2b:79:57:1a:21:28:ed:
                    47:4d:2a:aa:98:d7:5f:9e:fe:c0:a5:07:3c:a9:59:
                    96:e4:d2:21:62:8a:ea:f2:f3:e3:94:8f:d9:54:de:
                    ec:7b:62:38:3c:20:79:fc:ea:5e:23:e6:0a:88:8e:
                    7f:92:93:4a:ac:4e:b2:19:01:8d:62:b1:e0:4c:5e:
                    9b:4d:ca:6d:23:d6:9c:dd:11:d6:ac:5a:85:62:53:
                    fb:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:6B:21:82:72:47:EC:C2:E0:AB:3A:B9:2B:F2:13:6B:8C:35:35:0C
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/AGshgnJH7MLgqzq5K_ITa4w1NQw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:cf:46:fe:95:76:34:51:d4:46:c0:79:ea:1a:30:51:9a:36:
         4c:e9:d0:9f:cb:ca:40:85:d9:68:32:8a:8e:e9:6a:76:78:83:
         5d:67:8e:66:b0:87:8a:c6:63:c3:b4:5f:97:cf:be:b2:3b:f2:
         83:c0:e4:0b:24:61:65:f3:bb:30:e8:5c:69:e2:05:fd:e0:1c:
         7d:2e:19:c1:0a:be:93:18:a9:24:da:28:d1:5f:3c:4e:b3:a2:
         76:e1:e9:e0:49:5a:21:c1:fd:c8:c0:c0:dd:83:8d:e5:f3:24:
         a6:ba:c7:d4:13:7a:ce:da:b5:6e:20:b8:1a:50:8c:74:81:1f:
         93:51:78:2e:ee:9b:39:3a:f5:1f:ed:64:03:55:a4:c0:41:0d:
         4e:eb:36:3c:3f:f8:0a:49:76:9c:3e:05:56:be:12:d8:16:7e:
         c6:7f:5f:55:b2:31:60:97:3b:38:37:9d:4a:c8:51:70:50:60:
         56:8d:5c:e5:eb:b6:3f:cb:34:6a:2a:e4:3d:6f:03:de:92:fc:
         36:2d:be:a5:b8:64:ec:2e:60:ab:f6:a3:5a:e8:48:7d:2c:11:
         e0:75:fb:c5:a5:04:18:cd:89:0d:22:dd:3f:59:11:a0:73:bc:
         7a:e0:ae:6b:11:01:a1:d5:a2:21:30:6b:69:5a:5d:a9:f5:c6:
         97:4b:7a:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3omHW7Eq4qlmU+l+BGQvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjQwMTAyMDYzMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDZiMjE4MjcyNDdlY2MyZTBhYjNhYjkyYmYyMTM2YjhjMzUzNTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAswVtaYUBonObeO2zgsx6BK3EEtkQ
Cb8ZZWG4wHN1Xtyd5xB13zcmVmnXW3WYPvs46K4NHuMITpFgU9c5ZfzuyyP79lbo
y1oA67QevbixQj/g7hO35Uv3my3sDECYo3MupOfmowxDvhO+ZsM+n82RFPMpLZUQ
I1hAmRiXNjOLjNGw/uchEJOgZ1sdn3PAqv+rLLub4IFksEivqVCaRBgODeN3gYZF
V3sKlgBbWSt5VxohKO1HTSqqmNdfnv7ApQc8qVmW5NIhYorq8vPjlI/ZVN7se2I4
PCB5/OpeI+YKiI5/kpNKrE6yGQGNYrHgTF6bTcptI9ac3RHWrFqFYlP7cwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFABrIYJyR+zC4Ks6uSvyE2uMNTUMMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvQUdzaGduSkg3TUxncXpxNUtfSVRhNHcxTlF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQi5MA0G
CSqGSIb3DQEBCwUAA4IBAQBdz0b+lXY0UdRGwHnqGjBRmjZM6dCfy8pAhdloMoqO
6Wp2eINdZ45msIeKxmPDtF+Xz76yO/KDwOQLJGFl87sw6Fxp4gX94Bx9LhnBCr6T
GKkk2ijRXzxOs6J24engSVohwf3IwMDdg43l8ySmusfUE3rO2rVuILgaUIx0gR+T
UXgu7ps5OvUf7WQDVaTAQQ1O6zY8P/gKSXacPgVWvhLYFn7Gf19VsjFglzs4N51K
yFFwUGBWjVzl67Y/yzRqKuQ9bwPekvw2Lb6luGTsLmCr9qNa6Eh9LBHgdfvFpQQY
zYkNIt0/WRGgc7x64K5rEQGh1aIhMGtpWl2p9caXS3rr
-----END CERTIFICATE-----