Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Xbr9DPWiaa-yQ_SBueZbF9LpmX4.roa
File:                     Xbr9DPWiaa-yQ_SBueZbF9LpmX4.roa (raw, json)
Hash identifier:          FYXcgsfdnxJ6zf9od1cDTKRVU+zrSE6X2yN/Opg8tHQ=
Subject key identifier:   5D:BA:FD:0C:F5:A2:69:AF:B2:43:F4:81:B9:E6:5B:17:D2:E9:99:7E
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       018CC8DE8D9337A1D23EC94EEF9F4AB62800
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Xbr9DPWiaa-yQ_SBueZbF9LpmX4.roa
Signing time:             Tue 02 Jan 2024 06:31:17 +0000
ROA not before:           Tue 02 Jan 2024 06:31:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202673
IP address blocks:        85.208.114.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:8d:93:37:a1:d2:3e:c9:4e:ef:9f:4a:b6:28:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan  2 06:31:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5dbafd0cf5a269afb243f481b9e65b17d2e9997e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:5a:59:54:d1:d7:35:47:fb:d0:9a:41:4b:f0:
                    55:94:ba:50:67:38:e6:c0:d3:78:b6:f4:b1:51:dc:
                    9b:9d:38:a5:0e:6c:2b:11:aa:4c:49:fa:97:96:a6:
                    ea:32:0a:6f:82:ef:7a:9f:7d:34:54:f7:9c:0c:b9:
                    49:43:ca:af:2c:df:7d:f3:dd:f2:2d:53:46:38:2b:
                    ee:96:48:56:75:c5:8b:da:53:df:5a:6c:29:7f:87:
                    98:25:81:9c:12:5a:6b:7f:6c:33:7a:c7:c5:65:2e:
                    68:b5:db:71:d9:d9:bc:b1:d4:0b:9e:4d:30:92:e3:
                    9d:57:55:b5:f7:95:e7:d5:50:92:20:cb:23:5a:8d:
                    df:f2:48:3f:38:a5:6f:9e:81:7f:0e:b6:9f:a9:c6:
                    58:7d:d8:7c:32:b2:ef:d9:e8:7b:7e:3a:e3:bb:91:
                    3b:1d:c7:e5:fe:6b:43:ba:7e:53:98:4f:06:58:31:
                    f5:5d:0a:2c:28:32:3b:f6:31:5a:62:42:3c:78:ad:
                    ae:80:0d:0b:6b:c8:ef:72:59:68:8d:d5:d9:4f:ce:
                    a5:4c:76:b2:2a:8e:9c:07:3c:b9:0b:17:8a:ea:01:
                    32:37:d4:ac:a3:83:53:b9:3e:31:b5:1a:6e:a6:96:
                    e1:e1:8e:83:2d:89:3c:ee:cb:20:ce:49:7b:bd:5c:
                    c9:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:BA:FD:0C:F5:A2:69:AF:B2:43:F4:81:B9:E6:5B:17:D2:E9:99:7E
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Xbr9DPWiaa-yQ_SBueZbF9LpmX4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:a3:ad:30:38:d8:9d:ca:d2:32:05:3e:27:55:5c:17:3f:f7:
         3f:92:60:1e:f8:bc:07:c6:83:c0:d5:95:de:d9:55:fd:ce:c8:
         21:e4:97:cb:3a:36:f4:08:7d:a6:71:e7:dc:14:c2:aa:81:b6:
         07:ec:01:00:7f:7b:27:f3:16:b4:6f:6a:30:ec:c8:fa:93:cb:
         29:f1:11:67:49:d7:c1:84:bb:f5:fd:81:b1:46:23:94:66:27:
         99:f2:b9:33:22:d7:fd:20:b3:a6:37:df:76:fe:1e:96:ef:da:
         2d:37:01:54:b3:72:26:a9:80:2b:2f:21:dc:08:c7:64:15:6a:
         32:98:fa:be:76:ef:9c:5e:96:c1:55:87:4e:e1:c9:aa:97:66:
         74:3b:71:41:56:e7:f1:32:3d:80:34:8c:43:c4:dc:a4:c3:98:
         8b:3c:3f:3b:53:11:b5:8d:e3:ba:e9:11:4b:37:cb:70:91:ad:
         32:bc:9f:44:94:9a:bc:93:01:3e:1d:5d:39:47:ae:17:64:6f:
         11:19:3a:c2:0a:bd:20:a5:1d:69:36:3f:27:35:62:e0:79:c8:
         22:87:16:98:21:6f:3e:e4:2f:83:94:01:af:13:ff:b2:f9:1c:
         c4:70:41:d5:95:d7:c0:00:74:f7:42:3c:94:9b:53:0d:4b:ef:
         a3:56:86:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3o2TN6HSPslO759KtigAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjQwMTAyMDYzMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGJhZmQwY2Y1YTI2OWFmYjI0M2Y0ODFiOWU2NWIxN2QyZTk5OTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxVpZVNHXNUf70JpBS/BVlLpQZzjm
wNN4tvSxUdybnTilDmwrEapMSfqXlqbqMgpvgu96n300VPecDLlJQ8qvLN99893y
LVNGOCvulkhWdcWL2lPfWmwpf4eYJYGcElprf2wzesfFZS5otdtx2dm8sdQLnk0w
kuOdV1W195Xn1VCSIMsjWo3f8kg/OKVvnoF/DrafqcZYfdh8MrLv2eh7fjrju5E7
Hcfl/mtDun5TmE8GWDH1XQosKDI79jFaYkI8eK2ugA0La8jvcllojdXZT86lTHay
Ko6cBzy5CxeK6gEyN9Sso4NTuT4xtRpuppbh4Y6DLYk87ssgzkl7vVzJiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF26/Qz1ommvskP0gbnmWxfS6Zl+MB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvWGJyOURQV2lhYS15UV9TQnVlWmJGOUxwbVg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdByMA0G
CSqGSIb3DQEBCwUAA4IBAQBno60wONidytIyBT4nVVwXP/c/kmAe+LwHxoPA1ZXe
2VX9zsgh5JfLOjb0CH2mcefcFMKqgbYH7AEAf3sn8xa0b2ow7Mj6k8sp8RFnSdfB
hLv1/YGxRiOUZieZ8rkzItf9ILOmN992/h6W79otNwFUs3ImqYArLyHcCMdkFWoy
mPq+du+cXpbBVYdO4cmql2Z0O3FBVufxMj2ANIxDxNykw5iLPD87UxG1jeO66RFL
N8twka0yvJ9ElJq8kwE+HV05R64XZG8RGTrCCr0gpR1pNj8nNWLgecgihxaYIW8+
5C+DlAGvE/+y+RzEcEHVldfAAHT3QjyUm1MNS++jVobZ
-----END CERTIFICATE-----