Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/UiYLKpPjK4bHqyIwPJ3Rzg3wZVw.roa
File:                     UiYLKpPjK4bHqyIwPJ3Rzg3wZVw.roa (raw, json)
Hash identifier:          4NYv8ddXGZzdVSXXcWaWa1isqwySjZqp4Zh2CsiWWIY=
Subject key identifier:   52:26:0B:2A:93:E3:2B:86:C7:AB:22:30:3C:9D:D1:CE:0D:F0:65:5C
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       018CC8DE88751981976599AEA5461DE9C5A4
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/UiYLKpPjK4bHqyIwPJ3Rzg3wZVw.roa
Signing time:             Tue 02 Jan 2024 06:31:16 +0000
ROA not before:           Tue 02 Jan 2024 06:31:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     63018
IP address blocks:        45.128.59.0/24 maxlen: 24
                          171.22.108.0/24 maxlen: 24
                          92.118.235.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 03:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:88:75:19:81:97:65:99:ae:a5:46:1d:e9:c5:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan  2 06:31:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=52260b2a93e32b86c7ab22303c9dd1ce0df0655c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:3c:5b:9e:df:8e:6c:22:7e:0d:91:03:ab:c2:
                    47:84:6e:20:e0:1a:dc:a8:be:d5:3d:64:91:32:3c:
                    e9:a3:61:1a:4c:a2:2d:7b:a2:4c:e9:41:fe:2c:f0:
                    12:9c:50:03:e4:f1:48:e7:e7:79:a4:a6:97:fc:f7:
                    4c:62:37:5b:24:ce:e6:20:9b:70:1f:2f:75:d8:b1:
                    33:70:2a:bc:dd:97:52:b3:84:dc:f0:10:bb:2e:39:
                    e0:f3:1a:d2:78:35:27:0d:cc:7c:3c:97:c0:64:54:
                    c3:fe:f2:ac:47:72:94:b4:9e:89:aa:45:19:3d:8c:
                    58:e9:58:b1:8c:10:5d:dd:59:fe:b7:b1:71:a0:ad:
                    83:7c:5b:97:b2:4e:f2:61:e6:16:d1:92:e8:29:21:
                    46:9a:f5:7e:cb:06:8e:02:da:c4:c2:9f:97:04:e1:
                    c3:a4:4e:7f:89:ac:01:02:6b:f2:b6:7f:39:14:84:
                    13:f2:18:85:df:f2:49:25:c1:a2:f7:c7:da:90:cd:
                    96:11:ce:d1:66:49:c4:63:7a:09:4a:52:59:f4:68:
                    6c:19:14:52:44:f9:9f:35:46:89:f8:4a:73:b7:1a:
                    4a:b9:59:32:44:d8:69:4b:3d:08:6d:fa:fb:be:42:
                    58:19:e5:bf:7d:54:69:f7:c0:23:b8:5d:96:48:36:
                    d5:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:26:0B:2A:93:E3:2B:86:C7:AB:22:30:3C:9D:D1:CE:0D:F0:65:5C
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/UiYLKpPjK4bHqyIwPJ3Rzg3wZVw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.59.0/24
                  92.118.235.0/24
                  171.22.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:db:75:5a:4f:e7:8b:47:dc:33:95:67:fd:bb:05:f0:8f:b7:
         c7:97:03:8f:0c:b2:a8:59:ee:47:63:66:7d:c0:79:e4:3a:55:
         48:c4:10:5e:56:5b:c7:38:d2:5c:35:98:59:2d:35:b2:a2:88:
         c4:2d:67:29:30:57:fa:c4:84:a9:b7:26:e0:0f:59:7d:30:6d:
         31:b9:85:35:f8:a8:49:9e:05:35:57:55:bb:7c:df:69:ad:76:
         e2:89:9c:82:d9:c4:cd:0c:59:8e:8d:74:70:0a:7f:60:41:fa:
         52:03:3c:72:dd:f9:83:31:68:d0:74:43:26:d5:fe:f5:91:3b:
         a5:13:c0:bb:2a:51:51:e8:36:c8:ac:10:62:a4:5e:be:d2:30:
         af:4b:f5:d2:03:12:95:9a:f5:36:15:0c:c3:db:b9:66:01:f2:
         a5:d5:57:3f:94:b6:11:a4:15:95:c4:26:2b:e0:71:d4:db:05:
         0e:59:67:4c:8b:59:8e:da:34:30:7c:c9:93:a4:bb:79:62:e2:
         b8:d4:07:b5:3b:92:cd:cf:84:ca:a5:61:0d:8c:d3:81:c9:08:
         b8:f2:62:be:db:6c:4b:94:ae:f3:5e:52:f7:c4:51:ee:16:02:
         90:15:d1:0e:f2:a6:30:aa:2d:5b:21:62:bc:42:68:4a:c8:3c:
         07:18:c4:5b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzI3oh1GYGXZZmupUYd6cWkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjQwMTAyMDYzMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjI2MGIyYTkzZTMyYjg2YzdhYjIyMzAzYzlkZDFjZTBkZjA2NTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvDxbnt+ObCJ+DZEDq8JHhG4g4Brc
qL7VPWSRMjzpo2EaTKIte6JM6UH+LPASnFAD5PFI5+d5pKaX/PdMYjdbJM7mIJtw
Hy912LEzcCq83ZdSs4Tc8BC7Ljng8xrSeDUnDcx8PJfAZFTD/vKsR3KUtJ6JqkUZ
PYxY6VixjBBd3Vn+t7FxoK2DfFuXsk7yYeYW0ZLoKSFGmvV+ywaOAtrEwp+XBOHD
pE5/iawBAmvytn85FIQT8hiF3/JJJcGi98fakM2WEc7RZknEY3oJSlJZ9GhsGRRS
RPmfNUaJ+EpztxpKuVkyRNhpSz0Ibfr7vkJYGeW/fVRp98AjuF2WSDbVDwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFImCyqT4yuGx6siMDyd0c4N8GVcMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvVWlZTEtwUGpLNGJIcXlJd1BKM1J6ZzN3WlZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALYA7AwQA
XHbrAwQAqxZsMA0GCSqGSIb3DQEBCwUAA4IBAQAZ23VaT+eLR9wzlWf9uwXwj7fH
lwOPDLKoWe5HY2Z9wHnkOlVIxBBeVlvHONJcNZhZLTWyoojELWcpMFf6xISptybg
D1l9MG0xuYU1+KhJngU1V1W7fN9prXbiiZyC2cTNDFmOjXRwCn9gQfpSAzxy3fmD
MWjQdEMm1f71kTulE8C7KlFR6DbIrBBipF6+0jCvS/XSAxKVmvU2FQzD27lmAfKl
1Vc/lLYRpBWVxCYr4HHU2wUOWWdMi1mO2jQwfMmTpLt5YuK41Ae1O5LNz4TKpWEN
jNOByQi48mK+22xLlK7zXlL3xFHuFgKQFdEO8qYwqi1bIWK8QmhKyDwHGMRb
-----END CERTIFICATE-----