Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/K4b6Pe8FNa_Jhu8w3McSuNCcEog.roa
File:                     K4b6Pe8FNa_Jhu8w3McSuNCcEog.roa (raw, json)
Hash identifier:          Z3I8fhphokgQ9HqCCFMokEEIW3oDKILRHez9NlDp2dg=
Subject key identifier:   2B:86:FA:3D:EF:05:35:AF:C9:86:EF:30:DC:C7:12:B8:D0:9C:12:88
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       018CC8DE9412BF6CDBECAAC4126159EF70F2
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/K4b6Pe8FNa_Jhu8w3McSuNCcEog.roa
Signing time:             Tue 02 Jan 2024 06:31:19 +0000
ROA not before:           Tue 02 Jan 2024 06:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212514
IP address blocks:        5.180.83.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 03:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:94:12:bf:6c:db:ec:aa:c4:12:61:59:ef:70:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan  2 06:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2b86fa3def0535afc986ef30dcc712b8d09c1288
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:c2:b1:cd:ca:f2:b9:36:3e:85:16:32:ff:03:
                    10:fd:fa:8b:98:72:a4:af:2a:9c:ae:c2:0a:11:7f:
                    c9:87:95:c8:54:82:93:01:52:a4:62:79:55:6e:53:
                    ab:b3:c9:b5:aa:89:6f:c7:2a:44:8f:ec:50:83:f4:
                    69:5d:af:0d:42:f3:bd:ad:0a:39:e3:aa:0b:f1:2e:
                    38:e7:dd:7c:eb:dd:93:fe:b7:78:e4:cb:3d:45:91:
                    89:df:a8:25:67:60:b2:00:5c:5d:e2:ae:a1:29:dd:
                    a5:ad:ec:df:35:97:81:91:72:83:50:cf:36:58:9e:
                    2c:25:99:c2:88:64:73:03:0a:a3:2a:64:74:0c:70:
                    f0:26:a0:67:81:06:2c:85:2c:f1:e9:1a:ed:14:fa:
                    26:dd:52:69:6e:ce:1f:ea:5e:3d:00:b8:8a:bf:e3:
                    06:ff:c0:29:7f:6f:a2:b7:78:78:1e:1b:c7:72:98:
                    bd:6d:12:75:cd:49:81:55:27:19:8e:17:1a:92:79:
                    9b:08:78:0f:20:e0:99:00:2a:c4:d6:d9:ff:f0:7f:
                    7f:87:25:ec:bb:9a:07:f3:f4:71:6a:e0:77:ee:ea:
                    5f:a3:7e:e8:28:cd:fc:1c:09:27:48:9c:51:01:82:
                    e3:81:45:42:5e:e1:30:8f:64:ee:0f:5c:fc:af:c0:
                    99:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:86:FA:3D:EF:05:35:AF:C9:86:EF:30:DC:C7:12:B8:D0:9C:12:88
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/K4b6Pe8FNa_Jhu8w3McSuNCcEog.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:09:79:d1:0e:e1:c9:11:de:2b:d8:0f:8a:0d:5d:c0:4f:8e:
         e3:df:96:33:d2:6c:9d:40:23:51:bf:77:75:98:0c:90:76:86:
         e5:44:c8:21:e0:6d:62:ca:98:44:96:55:96:88:1d:84:0e:ed:
         d1:64:3d:da:61:cb:ec:c5:07:82:17:ac:28:0a:a1:93:0d:e6:
         ce:81:e2:9e:fe:6e:b8:11:45:d0:d8:0b:37:5b:a8:83:70:6d:
         27:62:1b:f3:37:4a:88:70:83:66:88:c7:78:85:90:a5:22:5e:
         17:55:36:b8:67:00:68:ea:c4:a9:26:e0:76:33:8b:bd:e8:9c:
         f9:93:fc:63:df:45:64:db:8a:5b:a5:25:8a:9b:2b:74:08:4b:
         a6:7d:1a:47:54:8c:0a:18:a7:8c:24:8d:4d:c5:b8:09:ec:6f:
         a6:df:b9:95:9e:08:f3:0e:4f:4b:94:99:4f:6d:73:21:78:10:
         93:28:d8:54:81:00:43:14:85:43:08:8d:f6:b5:0d:3b:86:67:
         00:a0:2e:66:4c:31:71:5f:9e:63:ec:39:97:d6:f8:3b:e2:19:
         d6:97:66:d2:85:fd:8c:f5:da:76:6f:18:8d:8b:60:2b:4e:a1:
         bf:65:16:46:7b:5e:24:81:2a:51:e7:2f:a5:a4:19:f8:c7:09:
         bf:84:61:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3pQSv2zb7KrEEmFZ73DyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjQwMTAyMDYzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjg2ZmEzZGVmMDUzNWFmYzk4NmVmMzBkY2M3MTJiOGQwOWMxMjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnsKxzcryuTY+hRYy/wMQ/fqLmHKk
ryqcrsIKEX/Jh5XIVIKTAVKkYnlVblOrs8m1qolvxypEj+xQg/RpXa8NQvO9rQo5
46oL8S445918692T/rd45Ms9RZGJ36glZ2CyAFxd4q6hKd2lrezfNZeBkXKDUM82
WJ4sJZnCiGRzAwqjKmR0DHDwJqBngQYshSzx6RrtFPom3VJpbs4f6l49ALiKv+MG
/8Apf2+it3h4HhvHcpi9bRJ1zUmBVScZjhcaknmbCHgPIOCZACrE1tn/8H9/hyXs
u5oH8/RxauB37upfo37oKM38HAknSJxRAYLjgUVCXuEwj2TuD1z8r8CZrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCuG+j3vBTWvyYbvMNzHErjQnBKIMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvSzRiNlBlOEZOYV9KaHU4dzNNY1N1TkNjRW9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbRTMA0G
CSqGSIb3DQEBCwUAA4IBAQA7CXnRDuHJEd4r2A+KDV3AT47j35Yz0mydQCNRv3d1
mAyQdoblRMgh4G1iyphEllWWiB2EDu3RZD3aYcvsxQeCF6woCqGTDebOgeKe/m64
EUXQ2As3W6iDcG0nYhvzN0qIcINmiMd4hZClIl4XVTa4ZwBo6sSpJuB2M4u96Jz5
k/xj30Vk24pbpSWKmyt0CEumfRpHVIwKGKeMJI1NxbgJ7G+m37mVngjzDk9LlJlP
bXMheBCTKNhUgQBDFIVDCI32tQ07hmcAoC5mTDFxX55j7DmX1vg74hnWl2bShf2M
9dp2bxiNi2ArTqG/ZRZGe14kgSpR5y+lpBn4xwm/hGFb
-----END CERTIFICATE-----