Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/OUj15eVulx1UPlRJFzeyxWa9wqo.roa
File:                     OUj15eVulx1UPlRJFzeyxWa9wqo.roa (raw, json)
Hash identifier:          1CssuGlVwR38X5+EVRx0H00WiqRpGGfLJEqxaM9EJhU=
Subject key identifier:   39:48:F5:E5:E5:6E:97:1D:54:3E:54:49:17:37:B2:C5:66:BD:C2:AA
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       018CC8DE952C550D623EEDB8C5505CB34218
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/OUj15eVulx1UPlRJFzeyxWa9wqo.roa
Signing time:             Tue 02 Jan 2024 06:31:19 +0000
ROA not before:           Tue 02 Jan 2024 06:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216183
IP address blocks:        45.9.2.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 12:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:95:2c:55:0d:62:3e:ed:b8:c5:50:5c:b3:42:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan  2 06:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3948f5e5e56e971d543e54491737b2c566bdc2aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:70:4a:39:7c:36:5c:35:23:06:a3:6c:19:f3:
                    a9:63:3c:e2:f1:ec:03:64:63:b8:0f:c7:16:ce:9b:
                    06:f9:d5:85:6b:16:0f:47:30:d5:76:63:90:28:a4:
                    57:e4:41:98:99:65:80:7d:f0:7a:d7:d4:15:a2:e4:
                    1b:16:a1:63:00:23:69:47:46:32:6a:0c:cd:a5:af:
                    22:6f:d9:29:88:89:8a:31:40:8e:1b:6b:e0:95:75:
                    0c:56:8a:c6:48:ba:33:de:ff:2e:50:1b:bb:cb:ae:
                    63:a9:50:2c:c5:47:91:61:23:b9:87:5c:30:5f:d1:
                    40:e2:c7:0a:55:19:9d:42:ec:87:c5:a8:b6:99:96:
                    fb:35:35:2f:da:9b:15:46:31:4b:18:70:a3:6f:f1:
                    23:01:74:5a:a1:6f:2f:f0:cd:99:a8:a7:e5:24:29:
                    a5:b6:83:d8:b5:02:5e:e2:c9:f2:cb:bd:be:6a:ee:
                    c7:b9:16:18:dd:70:9c:8a:a6:a2:c8:b2:47:12:dd:
                    bf:20:83:44:6d:3b:5a:d9:f1:a8:f4:79:2f:06:c3:
                    43:24:02:6f:ee:9d:4c:e4:52:02:c2:e1:bc:9c:1b:
                    7c:82:72:0b:bc:f6:65:d6:f2:7b:15:12:e4:b9:7b:
                    05:2f:cd:e1:49:50:6c:37:bc:d7:9d:49:4e:59:9c:
                    55:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:48:F5:E5:E5:6E:97:1D:54:3E:54:49:17:37:B2:C5:66:BD:C2:AA
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/OUj15eVulx1UPlRJFzeyxWa9wqo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:8b:42:cc:94:df:08:76:b5:69:79:10:3d:97:9a:e8:eb:af:
         57:d3:c9:f9:21:a8:aa:90:f9:7d:d0:84:53:dd:f8:af:b4:da:
         a8:c5:b2:5c:28:9d:20:50:66:13:f5:65:22:bd:c0:ae:95:b6:
         17:e8:22:70:03:16:69:5e:06:a1:56:05:8b:19:a6:0c:f6:54:
         91:b9:3d:28:c8:69:31:6f:ee:ad:77:b3:67:96:57:57:15:47:
         96:bd:ef:61:3b:70:98:d9:e4:71:e6:c6:f9:13:74:92:01:c2:
         97:6e:a6:c7:50:9e:64:a5:ae:c3:0f:7d:01:3d:7a:48:d7:49:
         d6:ae:75:2b:c4:f0:21:11:41:24:70:ab:7c:38:df:66:1f:ec:
         f4:33:38:c1:8e:8e:0c:db:77:a5:1d:a2:a8:82:85:05:cc:86:
         06:26:14:de:3e:b3:8f:fb:7b:64:63:49:4d:62:6b:29:3c:f5:
         a8:6e:2b:f5:d8:cb:51:6d:79:8d:82:f6:50:8d:6c:50:09:2c:
         bf:95:50:1d:07:a0:13:59:33:91:f5:c5:e0:73:f9:d3:60:a2:
         94:f2:90:f8:12:99:d0:22:57:00:2a:f1:d5:f7:ea:60:4d:25:
         89:13:cd:b8:15:0e:c3:cd:a8:27:af:08:70:6b:ba:d1:da:fe:
         56:74:28:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3pUsVQ1iPu24xVBcs0IYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjQwMTAyMDYzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTQ4ZjVlNWU1NmU5NzFkNTQzZTU0NDkxNzM3YjJjNTY2YmRjMmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj3BKOXw2XDUjBqNsGfOpYzzi8ewD
ZGO4D8cWzpsG+dWFaxYPRzDVdmOQKKRX5EGYmWWAffB619QVouQbFqFjACNpR0Yy
agzNpa8ib9kpiImKMUCOG2vglXUMVorGSLoz3v8uUBu7y65jqVAsxUeRYSO5h1ww
X9FA4scKVRmdQuyHxai2mZb7NTUv2psVRjFLGHCjb/EjAXRaoW8v8M2ZqKflJCml
toPYtQJe4snyy72+au7HuRYY3XCciqaiyLJHEt2/IINEbTta2fGo9HkvBsNDJAJv
7p1M5FICwuG8nBt8gnILvPZl1vJ7FRLkuXsFL83hSVBsN7zXnUlOWZxVFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDlI9eXlbpcdVD5USRc3ssVmvcKqMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvT1VqMTVlVnVseDFVUGxSSkZ6ZXl4V2E5d3FvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQkCMA0G
CSqGSIb3DQEBCwUAA4IBAQCWi0LMlN8IdrVpeRA9l5ro669X08n5IaiqkPl90IRT
3fivtNqoxbJcKJ0gUGYT9WUivcCulbYX6CJwAxZpXgahVgWLGaYM9lSRuT0oyGkx
b+6td7NnlldXFUeWve9hO3CY2eRx5sb5E3SSAcKXbqbHUJ5kpa7DD30BPXpI10nW
rnUrxPAhEUEkcKt8ON9mH+z0MzjBjo4M23elHaKogoUFzIYGJhTePrOP+3tkY0lN
YmspPPWobiv12MtRbXmNgvZQjWxQCSy/lVAdB6ATWTOR9cXgc/nTYKKU8pD4EpnQ
IlcAKvHV9+pgTSWJE824FQ7Dzagnrwhwa7rR2v5WdChF
-----END CERTIFICATE-----