Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/TgouGyPZT4t4kxCKXBWXUgEvqKI.roa
File:                     TgouGyPZT4t4kxCKXBWXUgEvqKI.roa (raw, json)
Hash identifier:          XQ8jTxXPX2TRPa/WcKosBQhEmhGhDR9ig1lF+q2l6Ok=
Subject key identifier:   4E:0A:2E:1B:23:D9:4F:8B:78:93:10:8A:5C:15:97:52:01:2F:A8:A2
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       018D17450002E678CB6DF43188A5AFD94634
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/TgouGyPZT4t4kxCKXBWXUgEvqKI.roa
Signing time:             Wed 17 Jan 2024 11:53:34 +0000
ROA not before:           Wed 17 Jan 2024 11:53:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200131
IP address blocks:        5.180.48.0/24 maxlen: 24
                          45.8.200.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 12:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:17:45:00:02:e6:78:cb:6d:f4:31:88:a5:af:d9:46:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan 17 11:53:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e0a2e1b23d94f8b7893108a5c159752012fa8a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:b2:d6:c6:29:e4:bd:bb:dd:8b:02:3d:5c:f8:
                    8d:dc:e6:ef:13:b8:c8:26:32:54:9d:ed:d2:27:d5:
                    50:91:94:c7:d0:c7:43:8b:46:1e:79:7b:64:8c:6b:
                    ac:77:50:dd:c3:d7:fa:da:5c:fc:9d:4d:74:e6:04:
                    ec:3f:11:6b:3e:71:a1:cd:dd:4f:d7:ed:d9:92:55:
                    3c:80:76:2c:47:83:0f:38:ef:c6:4d:73:28:f3:57:
                    f8:9b:88:fb:af:8a:db:b2:a4:ef:db:b8:54:04:d3:
                    e8:3c:17:41:65:60:02:68:ec:0e:6e:24:0e:ba:d8:
                    93:5a:b8:63:c8:73:9f:31:b7:83:eb:fd:c1:6e:e2:
                    33:12:b4:6c:10:7d:46:05:07:79:bd:7e:c6:32:29:
                    0c:ce:35:70:ad:95:0d:6a:58:50:e5:e8:e4:96:ae:
                    65:e0:f6:8d:41:7a:d2:63:98:8a:9d:3a:1f:dd:da:
                    99:a7:ed:90:cb:29:52:36:92:70:b7:a0:03:e0:e8:
                    90:e9:5f:f0:78:a8:ca:89:46:d8:60:ba:a8:b2:4f:
                    ac:12:ad:04:4e:2c:21:65:71:de:ea:2d:d7:8e:65:
                    42:bf:77:e6:2d:87:2d:41:79:18:5a:3f:53:bc:76:
                    b0:95:7a:1d:bf:b7:0c:df:d2:76:72:1b:50:b8:10:
                    97:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:0A:2E:1B:23:D9:4F:8B:78:93:10:8A:5C:15:97:52:01:2F:A8:A2
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/TgouGyPZT4t4kxCKXBWXUgEvqKI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.48.0/24
                  45.8.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:2e:c5:47:55:b1:e5:fd:60:a4:c5:1d:1a:94:c6:78:86:10:
         3f:a5:e6:7d:e0:00:75:09:77:cb:8f:fb:88:ca:10:8e:f2:14:
         69:82:4b:4b:fa:d5:a3:c9:19:aa:9d:79:cd:3a:f4:c7:64:e1:
         19:55:33:f8:fa:06:ac:57:92:93:99:85:c5:9f:d8:91:5a:7a:
         97:35:e5:48:4f:77:46:b4:04:7c:cb:57:0e:f2:70:73:f7:54:
         88:79:18:9c:f8:d6:c0:ab:0d:a0:a4:86:dd:9f:97:e8:1d:4d:
         69:93:e5:ec:7d:5b:a8:ed:e3:1b:11:41:55:87:5b:0a:8a:3b:
         fb:5e:dd:eb:fd:6d:b2:86:0f:dc:80:13:d9:57:4b:5c:35:4f:
         c2:76:3e:34:e3:a5:10:a8:60:42:98:22:f5:e7:3b:b1:ba:67:
         3f:b2:a6:e9:eb:3b:c0:6b:0d:b3:c2:1e:f9:89:41:75:18:40:
         ed:ec:33:d1:05:3f:c5:66:34:a7:78:5b:9a:e5:12:e8:2b:71:
         b8:d2:11:80:fd:a9:12:78:53:4c:1c:4b:bb:16:34:44:fd:f7:
         9a:0e:d9:db:0d:7f:b9:ef:ee:f9:f6:39:5a:1c:96:dd:4b:b5:
         f9:2f:42:d2:fc:a5:dd:87:ef:5d:4b:b5:1b:26:c9:81:4f:ce:
         b5:0b:48:38
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY0XRQAC5njLbfQxiKWv2UY0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjQwMTE3MTE1MzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTBhMmUxYjIzZDk0ZjhiNzg5MzEwOGE1YzE1OTc1MjAxMmZhOGEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLLWxinkvbvdiwI9XPiN3ObvE7jI
JjJUne3SJ9VQkZTH0MdDi0YeeXtkjGusd1Ddw9f62lz8nU105gTsPxFrPnGhzd1P
1+3ZklU8gHYsR4MPOO/GTXMo81f4m4j7r4rbsqTv27hUBNPoPBdBZWACaOwObiQO
utiTWrhjyHOfMbeD6/3BbuIzErRsEH1GBQd5vX7GMikMzjVwrZUNalhQ5ejklq5l
4PaNQXrSY5iKnTof3dqZp+2QyylSNpJwt6AD4OiQ6V/weKjKiUbYYLqosk+sEq0E
TiwhZXHe6i3XjmVCv3fmLYctQXkYWj9TvHawlXodv7cM39J2chtQuBCXhQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFE4KLhsj2U+LeJMQilwVl1IBL6iiMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvVGdvdUd5UFpUNHQ0a3hDS1hCV1hVZ0V2cUtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABbQwAwQA
LQjIMA0GCSqGSIb3DQEBCwUAA4IBAQA/LsVHVbHl/WCkxR0alMZ4hhA/peZ94AB1
CXfLj/uIyhCO8hRpgktL+tWjyRmqnXnNOvTHZOEZVTP4+gasV5KTmYXFn9iRWnqX
NeVIT3dGtAR8y1cO8nBz91SIeRic+NbAqw2gpIbdn5foHU1pk+XsfVuo7eMbEUFV
h1sKijv7Xt3r/W2yhg/cgBPZV0tcNU/Cdj4046UQqGBCmCL15zuxumc/sqbp6zvA
aw2zwh75iUF1GEDt7DPRBT/FZjSneFua5RLoK3G40hGA/akSeFNMHEu7FjRE/fea
DtnbDX+57+759jlaHJbdS7X5L0LS/KXdh+9dS7UbJsmBT861C0g4
-----END CERTIFICATE-----