Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/MpNWby9xzU9G79a-Du6LQpa-VJc.roa
File:                     MpNWby9xzU9G79a-Du6LQpa-VJc.roa (raw, json)
Hash identifier:          AK2wjbGe24NyjKSik2owll+J/zFyI7x2wNTDc4fJJM4=
Subject key identifier:   32:93:56:6F:2F:71:CD:4F:46:EF:D6:BE:0E:EE:8B:42:96:BE:54:97
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       018CC8DE9629194C368D1D79C29B4F8C484A
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/MpNWby9xzU9G79a-Du6LQpa-VJc.roa
Signing time:             Tue 02 Jan 2024 06:31:19 +0000
ROA not before:           Tue 02 Jan 2024 06:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396356
IP address blocks:        45.8.206.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:96:29:19:4c:36:8d:1d:79:c2:9b:4f:8c:48:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan  2 06:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3293566f2f71cd4f46efd6be0eee8b4296be5497
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:54:bb:0d:5f:30:b1:0d:56:cc:41:41:2e:e4:
                    14:cf:a4:8d:6e:ef:76:43:68:61:40:83:5b:a4:b1:
                    9b:96:64:4b:c1:81:28:42:f9:54:b0:95:dc:0d:e6:
                    21:51:04:ad:45:2f:82:13:23:61:4b:fd:ae:d1:d6:
                    14:75:84:b4:a4:fb:b1:1a:59:f6:29:57:14:5d:89:
                    8c:0e:f3:35:ac:9c:66:7d:ce:27:60:73:7a:83:b5:
                    9b:66:4b:7e:46:22:2a:51:7c:bc:24:aa:0c:53:e9:
                    12:bd:a9:c2:df:00:4d:9d:36:1f:ed:88:62:cf:85:
                    32:3d:4a:0e:57:ae:5f:24:df:a1:12:bd:b3:15:a3:
                    d7:91:ab:8e:34:d1:82:c7:b3:be:99:e4:55:da:98:
                    22:65:3f:67:a9:18:22:62:21:fb:86:72:27:05:4a:
                    41:d3:3c:e1:10:ec:a2:da:52:0c:93:b5:51:e5:b2:
                    0e:8f:31:20:ac:f8:b6:cf:05:ab:c0:95:0a:cb:53:
                    47:df:f4:f1:ee:47:97:22:f1:a7:b1:1f:9e:b8:b6:
                    09:cd:3b:a9:03:6a:43:41:ff:c3:85:7e:e3:fc:2d:
                    21:b5:25:3d:75:5d:6d:66:95:0a:47:6a:d4:b6:56:
                    d2:c5:6d:87:b4:62:7a:2b:82:03:de:9f:16:bb:3a:
                    91:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:93:56:6F:2F:71:CD:4F:46:EF:D6:BE:0E:EE:8B:42:96:BE:54:97
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/MpNWby9xzU9G79a-Du6LQpa-VJc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:71:30:a4:d8:a2:fe:87:35:df:3f:76:40:c4:b8:d2:29:4e:
         80:39:de:39:d0:bd:28:2b:55:3d:54:1e:2e:ad:ab:ee:4c:6f:
         60:02:1d:e7:9d:da:4e:6f:76:c3:ce:68:49:d2:87:a6:01:98:
         5b:8c:47:35:c8:41:18:c4:22:61:f9:cf:8b:b8:9e:ce:9e:35:
         2a:d2:5e:88:76:e5:1d:42:a2:1d:85:a8:45:e9:b5:10:36:ab:
         1d:61:d8:35:a7:47:0c:ec:ad:4b:fa:44:24:a1:cd:dd:59:1a:
         92:c3:68:32:ab:55:ee:5b:dc:75:6a:20:cf:2c:a3:0e:3e:02:
         df:52:bc:96:38:60:7b:4d:1e:e8:c5:20:84:b7:b7:15:b3:14:
         ed:b1:39:b2:80:19:9f:5c:55:93:fb:87:75:bf:c4:c9:61:8f:
         f0:02:38:6c:93:13:50:11:d1:c4:7c:76:83:84:ba:9c:92:33:
         67:95:51:4d:47:08:ed:64:0a:64:a2:17:36:2b:1a:28:e5:05:
         3d:34:bf:5c:ca:4a:f0:ae:0e:b0:08:6a:39:b6:db:64:12:d1:
         16:f2:93:5f:a4:c9:7f:5e:f8:17:ee:41:f5:ce:1f:08:1a:1c:
         b5:ab:b5:92:8f:b2:68:9c:d0:43:d4:d7:fe:e1:48:40:7c:b2:
         fa:76:bc:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3pYpGUw2jR15wptPjEhKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjQwMTAyMDYzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjkzNTY2ZjJmNzFjZDRmNDZlZmQ2YmUwZWVlOGI0Mjk2YmU1NDk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzVS7DV8wsQ1WzEFBLuQUz6SNbu92
Q2hhQINbpLGblmRLwYEoQvlUsJXcDeYhUQStRS+CEyNhS/2u0dYUdYS0pPuxGln2
KVcUXYmMDvM1rJxmfc4nYHN6g7WbZkt+RiIqUXy8JKoMU+kSvanC3wBNnTYf7Yhi
z4UyPUoOV65fJN+hEr2zFaPXkauONNGCx7O+meRV2pgiZT9nqRgiYiH7hnInBUpB
0zzhEOyi2lIMk7VR5bIOjzEgrPi2zwWrwJUKy1NH3/Tx7keXIvGnsR+euLYJzTup
A2pDQf/DhX7j/C0htSU9dV1tZpUKR2rUtlbSxW2HtGJ6K4ID3p8WuzqRpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDKTVm8vcc1PRu/Wvg7ui0KWvlSXMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvTXBOV2J5OXh6VTlHNzlhLUR1NkxRcGEtVkpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQjOMA0G
CSqGSIb3DQEBCwUAA4IBAQCXcTCk2KL+hzXfP3ZAxLjSKU6AOd450L0oK1U9VB4u
ravuTG9gAh3nndpOb3bDzmhJ0oemAZhbjEc1yEEYxCJh+c+LuJ7OnjUq0l6IduUd
QqIdhahF6bUQNqsdYdg1p0cM7K1L+kQkoc3dWRqSw2gyq1XuW9x1aiDPLKMOPgLf
UryWOGB7TR7oxSCEt7cVsxTtsTmygBmfXFWT+4d1v8TJYY/wAjhskxNQEdHEfHaD
hLqckjNnlVFNRwjtZApkohc2Kxoo5QU9NL9cykrwrg6wCGo5tttkEtEW8pNfpMl/
XvgX7kH1zh8IGhy1q7WSj7JonNBD1Nf+4UhAfLL6drzQ
-----END CERTIFICATE-----