Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/CpGM2PecfuOMsSDwtHqUh_F-hbI.roa
File:                     CpGM2PecfuOMsSDwtHqUh_F-hbI.roa (raw, json)
Hash identifier:          pB3oxtbNRIAtEK9hl20pYyBso9icvb1n20eHsfVO6Qg=
Subject key identifier:   0A:91:8C:D8:F7:9C:7E:E3:8C:B1:20:F0:B4:7A:94:87:F1:7E:85:B2
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       018CC8DE8F1A69627E13625368C89003DD4C
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/CpGM2PecfuOMsSDwtHqUh_F-hbI.roa
Signing time:             Tue 02 Jan 2024 06:31:17 +0000
ROA not before:           Tue 02 Jan 2024 06:31:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206092
IP address blocks:        5.180.35.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:8f:1a:69:62:7e:13:62:53:68:c8:90:03:dd:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan  2 06:31:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a918cd8f79c7ee38cb120f0b47a9487f17e85b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:35:fe:f3:c9:72:75:fc:95:ff:79:c6:6e:6c:
                    c2:b0:a7:4f:fd:21:2c:89:e6:94:0d:92:b6:7b:26:
                    1d:25:f6:bc:a4:4c:b5:ff:4e:92:4c:d3:47:e6:2a:
                    6c:68:8b:7a:fb:0d:86:1d:40:eb:eb:11:5a:40:d8:
                    2e:fe:14:07:01:4f:c3:36:8a:b1:e1:d7:1d:0b:16:
                    53:bb:e6:c8:b2:79:b8:f6:e2:0c:78:3b:65:e5:eb:
                    69:0d:81:ee:81:fe:01:78:bd:36:a3:c1:a8:00:97:
                    71:14:51:2e:64:43:70:35:61:b6:07:19:08:08:5d:
                    26:4c:3f:ba:a2:65:26:ec:86:c5:86:ba:18:b1:8e:
                    b4:8a:59:39:fe:56:82:ec:7e:ba:b6:74:19:a2:d0:
                    50:71:1a:a8:2c:af:a5:28:0f:09:da:69:8f:12:42:
                    ce:5a:6f:f9:61:92:5c:3a:c5:19:91:0d:7d:86:26:
                    36:f6:4e:61:81:8a:13:0a:bb:66:af:35:ae:a6:80:
                    b8:05:8d:47:f5:8e:41:3d:c5:da:d9:38:b2:60:c9:
                    46:6c:52:dc:aa:ff:a1:d3:63:c3:87:b9:a3:78:cb:
                    ae:24:bc:ca:66:71:02:0b:91:2f:71:97:71:80:fb:
                    be:e7:94:fb:2d:ff:83:73:e9:9e:a5:25:b1:8f:78:
                    83:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:91:8C:D8:F7:9C:7E:E3:8C:B1:20:F0:B4:7A:94:87:F1:7E:85:B2
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/CpGM2PecfuOMsSDwtHqUh_F-hbI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:1b:d0:76:6b:1e:67:58:9b:52:df:b3:61:7e:b6:aa:fd:21:
         d7:94:a6:8d:fa:ba:97:5e:61:72:3a:8e:21:37:a9:13:17:f8:
         be:88:bb:88:2d:e7:70:44:9d:e1:c6:a1:c3:0d:c3:35:bb:ca:
         3e:8d:93:cd:7f:06:7b:cd:56:ff:ef:fb:a0:20:f3:e4:76:a3:
         75:09:ed:9c:c8:33:1b:ea:c6:51:08:64:6a:02:19:bd:3c:c6:
         99:ae:b0:ec:3e:d9:fa:f4:50:d2:c9:b4:d5:0c:ef:9e:eb:ec:
         6c:14:7a:09:1d:91:a7:30:21:b2:51:23:39:d1:82:55:8a:17:
         3c:4b:11:d6:a3:e5:01:19:4c:5f:cf:11:b1:f5:3d:33:86:62:
         42:3c:39:4e:57:21:f0:1d:ee:13:a4:26:ea:74:db:b3:33:32:
         cf:e5:45:e3:81:e2:a8:e7:b5:1c:7f:25:39:ab:8e:7e:d2:aa:
         c5:d4:de:4b:cd:88:f0:0d:c1:de:6a:34:04:49:aa:2c:a9:5f:
         49:44:33:d0:8f:71:ce:ab:a7:80:8e:74:b7:b4:dd:c1:3f:da:
         b3:71:c4:41:1c:e7:62:c9:25:34:ec:ef:d7:81:b7:55:4e:65:
         47:6c:d0:12:af:12:98:f1:10:b9:1a:80:d7:c6:ce:6b:04:3f:
         31:56:4d:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3o8aaWJ+E2JTaMiQA91MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjQwMTAyMDYzMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTkxOGNkOGY3OWM3ZWUzOGNiMTIwZjBiNDdhOTQ4N2YxN2U4NWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApjX+88lydfyV/3nGbmzCsKdP/SEs
ieaUDZK2eyYdJfa8pEy1/06STNNH5ipsaIt6+w2GHUDr6xFaQNgu/hQHAU/DNoqx
4dcdCxZTu+bIsnm49uIMeDtl5etpDYHugf4BeL02o8GoAJdxFFEuZENwNWG2BxkI
CF0mTD+6omUm7IbFhroYsY60ilk5/laC7H66tnQZotBQcRqoLK+lKA8J2mmPEkLO
Wm/5YZJcOsUZkQ19hiY29k5hgYoTCrtmrzWupoC4BY1H9Y5BPcXa2TiyYMlGbFLc
qv+h02PDh7mjeMuuJLzKZnECC5EvcZdxgPu+55T7Lf+Dc+mepSWxj3iDdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAqRjNj3nH7jjLEg8LR6lIfxfoWyMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvQ3BHTTJQZWNmdU9Nc1NEd3RIcVVoX0YtaGJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbQjMA0G
CSqGSIb3DQEBCwUAA4IBAQBPG9B2ax5nWJtS37Nhfraq/SHXlKaN+rqXXmFyOo4h
N6kTF/i+iLuILedwRJ3hxqHDDcM1u8o+jZPNfwZ7zVb/7/ugIPPkdqN1Ce2cyDMb
6sZRCGRqAhm9PMaZrrDsPtn69FDSybTVDO+e6+xsFHoJHZGnMCGyUSM50YJVihc8
SxHWo+UBGUxfzxGx9T0zhmJCPDlOVyHwHe4TpCbqdNuzMzLP5UXjgeKo57UcfyU5
q45+0qrF1N5LzYjwDcHeajQESaosqV9JRDPQj3HOq6eAjnS3tN3BP9qzccRBHOdi
ySU07O/XgbdVTmVHbNASrxKY8RC5GoDXxs5rBD8xVk0m
-----END CERTIFICATE-----