Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/BG6pzITr7DpRf8wAhvmYmqCTRis.roa
File:                     BG6pzITr7DpRf8wAhvmYmqCTRis.roa (raw, json)
Hash identifier:          juhafHV4UrYTdhRevfORKZbACkHC1hU5/VE3gsAsJwM=
Subject key identifier:   04:6E:A9:CC:84:EB:EC:3A:51:7F:CC:00:86:F9:98:9A:A0:93:46:2B
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       019421B22F4CFDFF3C97C24FAE637224EBA4
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/BG6pzITr7DpRf8wAhvmYmqCTRis.roa
Signing time:             Wed 01 Jan 2025 11:48:33 +0000
ROA not before:           Wed 01 Jan 2025 11:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5065
IP address blocks:        45.9.2.0/24 maxlen: 24
                          45.9.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:2f:4c:fd:ff:3c:97:c2:4f:ae:63:72:24:eb:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan  1 11:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=046ea9cc84ebec3a517fcc0086f9989aa093462b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:31:ca:18:79:5a:39:b4:1a:d6:82:ac:39:53:
                    e1:8d:22:ab:a3:88:1a:51:b2:46:96:c8:06:a5:4a:
                    e7:1f:2c:dc:8d:81:87:30:77:3a:66:09:40:c1:3b:
                    46:6d:3b:75:f9:d0:f0:11:2e:a6:64:c1:b8:e4:93:
                    da:00:30:3f:2f:59:cb:a7:9e:de:33:22:0c:05:65:
                    56:53:42:b4:4e:19:6e:5a:cd:50:48:66:b6:d0:52:
                    28:bc:2b:49:c8:e5:a0:63:d8:03:4e:89:19:ad:cb:
                    8f:88:5d:be:22:9b:aa:39:54:be:79:e7:d1:1a:63:
                    e6:96:47:2d:85:a7:be:a1:87:4f:55:d9:18:0e:f0:
                    b6:7f:6c:d8:74:96:4b:6f:c3:58:cc:b4:74:3b:8d:
                    f1:a2:83:3f:ca:4a:3a:3c:7e:de:be:fb:72:64:e6:
                    11:57:ad:32:74:24:3e:a2:eb:e3:ab:c8:ce:91:83:
                    26:90:59:ab:70:d9:98:20:78:64:8f:f0:4c:a0:9c:
                    8e:a6:af:f3:5e:38:8e:10:19:eb:81:69:b8:56:49:
                    bf:68:6d:1e:c8:fe:26:36:68:36:e0:8b:3d:24:fd:
                    24:b9:99:4e:b3:3a:11:5f:23:02:e8:22:ba:d2:3e:
                    79:33:c8:48:85:97:4a:65:fb:43:91:6f:c1:73:d2:
                    95:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:6E:A9:CC:84:EB:EC:3A:51:7F:CC:00:86:F9:98:9A:A0:93:46:2B
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/BG6pzITr7DpRf8wAhvmYmqCTRis.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         62:62:12:c2:28:3d:27:8e:e4:a2:21:01:5c:ef:65:f5:28:a0:
         d3:f2:6a:7e:02:dc:75:45:3c:3a:3d:1c:c4:96:35:91:b1:ed:
         9f:a2:6b:1c:62:b3:85:66:9c:31:ab:40:34:e6:01:4a:08:32:
         07:78:c9:c6:88:6c:c3:51:f5:88:31:fa:f4:e0:9b:af:19:86:
         48:75:c2:e8:23:1f:f5:5c:04:7b:1e:89:67:3d:60:c0:29:04:
         cc:c6:ac:72:76:b9:84:8b:f4:e8:49:25:b5:8a:85:6c:5b:59:
         02:59:93:c1:cd:da:9d:48:cb:c1:fb:d4:df:06:f9:08:54:72:
         9c:ef:9f:61:42:3d:f6:7a:78:f2:90:4a:1a:1f:e7:8f:71:b7:
         e3:1e:7f:d2:9c:c9:16:eb:cb:bb:b5:c3:3f:77:e4:ce:31:e6:
         c0:4c:c5:e1:18:fe:57:ea:3e:4b:ca:b4:5f:a4:5a:ff:80:88:
         e4:e1:9e:9e:72:80:66:9a:eb:f7:be:b3:ba:6d:a4:de:04:13:
         16:98:54:69:bf:16:a4:9d:13:b6:bf:67:8d:a7:50:e4:ea:64:
         13:1c:57:4a:c0:39:ef:69:cf:4f:b9:da:c1:3f:6e:c4:6a:4f:
         24:43:6a:b4:08:38:e7:f2:86:b9:55:a8:b7:da:78:d8:ae:1b:
         b9:00:0f:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsi9M/f88l8JPrmNyJOukMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjUwMTAxMTE0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDZlYTljYzg0ZWJlYzNhNTE3ZmNjMDA4NmY5OTg5YWEwOTM0NjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhjHKGHlaObQa1oKsOVPhjSKro4ga
UbJGlsgGpUrnHyzcjYGHMHc6ZglAwTtGbTt1+dDwES6mZMG45JPaADA/L1nLp57e
MyIMBWVWU0K0ThluWs1QSGa20FIovCtJyOWgY9gDTokZrcuPiF2+IpuqOVS+eefR
GmPmlkcthae+oYdPVdkYDvC2f2zYdJZLb8NYzLR0O43xooM/yko6PH7evvtyZOYR
V60ydCQ+ouvjq8jOkYMmkFmrcNmYIHhkj/BMoJyOpq/zXjiOEBnrgWm4Vkm/aG0e
yP4mNmg24Is9JP0kuZlOszoRXyMC6CK60j55M8hIhZdKZftDkW/Bc9KVUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFARuqcyE6+w6UX/MAIb5mJqgk0YrMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvQkc2cHpJVHI3RHBSZjh3QWh2bVltcUNUUmlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLQkCMA0G
CSqGSIb3DQEBCwUAA4IBAQBiYhLCKD0njuSiIQFc72X1KKDT8mp+Atx1RTw6PRzE
ljWRse2fomscYrOFZpwxq0A05gFKCDIHeMnGiGzDUfWIMfr04JuvGYZIdcLoIx/1
XAR7HolnPWDAKQTMxqxydrmEi/ToSSW1ioVsW1kCWZPBzdqdSMvB+9TfBvkIVHKc
759hQj32enjykEoaH+ePcbfjHn/SnMkW68u7tcM/d+TOMebATMXhGP5X6j5LyrRf
pFr/gIjk4Z6ecoBmmuv3vrO6baTeBBMWmFRpvxaknRO2v2eNp1Dk6mQTHFdKwDnv
ac9PudrBP27Eak8kQ2q0CDjn8oa5Vai32njYrhu5AA+u
-----END CERTIFICATE-----