Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/XlhXwib5TQt_ovEbour6lLeAoic.roa
File:                     XlhXwib5TQt_ovEbour6lLeAoic.roa (raw, json)
Hash identifier:          hltDuam8urYZg63BQngYswqXi6aZAvzAWfbbeuYQvIo=
Subject key identifier:   5E:58:57:C2:26:F9:4D:0B:7F:A2:F1:1B:A2:EA:FA:94:B7:80:A2:27
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       018CC8DE968AB90D0D3FAF504C2BA9549003
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/XlhXwib5TQt_ovEbour6lLeAoic.roa
Signing time:             Tue 02 Jan 2024 06:31:19 +0000
ROA not before:           Tue 02 Jan 2024 06:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400529
IP address blocks:        45.8.201.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 12:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:96:8a:b9:0d:0d:3f:af:50:4c:2b:a9:54:90:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan  2 06:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e5857c226f94d0b7fa2f11ba2eafa94b780a227
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:73:fd:47:72:d6:9b:2d:16:49:72:a9:41:f6:
                    ea:22:71:9c:6d:cd:c2:94:8a:52:35:42:98:03:74:
                    b3:11:c1:20:70:8a:3c:b4:ba:30:d0:b4:00:7b:ba:
                    d1:c0:e1:8a:1b:5a:ad:86:e4:78:8d:3b:2a:04:28:
                    4d:5a:72:91:b4:e5:e6:d0:d5:b8:07:3e:a6:41:69:
                    73:31:77:72:a3:fe:d4:a3:bd:2c:5e:8c:71:83:5b:
                    d7:ac:33:0d:01:31:a3:4a:a7:39:57:7b:de:59:b5:
                    05:8f:79:b5:51:4b:0d:ec:7b:e8:05:95:d5:98:58:
                    da:ec:d7:ff:ee:a6:fa:5e:66:f9:5a:44:89:2b:c1:
                    7c:17:f7:14:61:12:d3:73:11:e6:eb:af:06:00:7a:
                    fc:89:05:66:99:df:4a:5a:ee:5c:78:b3:95:85:ee:
                    6e:14:b7:c0:2c:c3:96:f9:42:4d:a1:10:51:60:37:
                    df:e5:7c:41:3c:b8:07:74:f6:9b:b8:fe:9a:1e:41:
                    b9:92:2b:63:4b:ce:cb:50:1e:ae:00:f5:1f:02:ed:
                    4e:df:e4:69:80:52:55:c3:c3:24:95:6f:1a:82:f2:
                    0a:af:d1:37:b0:55:fc:0f:62:6c:74:4a:13:48:34:
                    56:fd:1a:09:6e:63:d7:b6:fb:59:8e:c1:8b:c2:9f:
                    dd:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:58:57:C2:26:F9:4D:0B:7F:A2:F1:1B:A2:EA:FA:94:B7:80:A2:27
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/XlhXwib5TQt_ovEbour6lLeAoic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:e9:b7:08:5d:99:5c:f2:30:99:9b:e2:02:85:26:93:07:41:
         34:b2:d1:82:18:4f:db:88:5e:3b:75:46:4d:79:71:37:6a:9a:
         8a:6d:4e:98:c0:6e:1c:80:28:80:1b:59:2e:ab:4f:b0:3b:84:
         8d:c2:08:f0:4d:0b:bc:36:67:f8:7a:74:c7:6a:66:6a:2f:12:
         71:fa:c6:6a:38:cc:47:cf:a3:73:fa:ec:d8:72:5e:c8:ce:0c:
         be:23:e5:da:61:e8:0f:b5:a7:9b:e7:dc:38:ba:f6:80:1a:5c:
         fd:2a:d0:71:aa:f0:fb:e0:db:31:69:0d:ba:c0:33:11:61:40:
         1e:5c:ba:7b:b1:3e:b3:c5:5b:37:d7:ed:f6:62:6c:6b:e3:77:
         4b:ad:23:5a:8c:a5:b7:29:33:e6:03:8c:f3:0d:4f:81:1d:30:
         1a:4a:c3:9e:f5:0c:62:c6:5b:3a:58:ff:51:ea:12:74:2f:0e:
         83:bf:52:21:17:d1:86:0c:aa:d5:e8:10:5b:f2:03:87:36:fb:
         cc:7c:cd:59:a9:e7:fe:bf:99:d3:ef:3a:2e:fc:43:a3:4e:39:
         df:8c:1e:d1:df:d3:3b:54:bb:c2:23:0d:53:5a:f5:ac:49:45:
         02:03:b1:f1:17:bf:8c:0d:05:a3:b6:4c:3a:61:1e:85:2b:fd:
         4e:91:e9:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3paKuQ0NP69QTCupVJADMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjQwMTAyMDYzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTU4NTdjMjI2Zjk0ZDBiN2ZhMmYxMWJhMmVhZmE5NGI3ODBhMjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhXP9R3LWmy0WSXKpQfbqInGcbc3C
lIpSNUKYA3SzEcEgcIo8tLow0LQAe7rRwOGKG1qthuR4jTsqBChNWnKRtOXm0NW4
Bz6mQWlzMXdyo/7Uo70sXoxxg1vXrDMNATGjSqc5V3veWbUFj3m1UUsN7HvoBZXV
mFja7Nf/7qb6Xmb5WkSJK8F8F/cUYRLTcxHm668GAHr8iQVmmd9KWu5ceLOVhe5u
FLfALMOW+UJNoRBRYDff5XxBPLgHdPabuP6aHkG5kitjS87LUB6uAPUfAu1O3+Rp
gFJVw8MklW8agvIKr9E3sFX8D2JsdEoTSDRW/RoJbmPXtvtZjsGLwp/dfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF5YV8Im+U0Lf6LxG6Lq+pS3gKInMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvWGxoWHdpYjVUUXRfb3ZFYm91cjZsTGVBb2ljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQjJMA0G
CSqGSIb3DQEBCwUAA4IBAQBD6bcIXZlc8jCZm+IChSaTB0E0stGCGE/biF47dUZN
eXE3apqKbU6YwG4cgCiAG1kuq0+wO4SNwgjwTQu8Nmf4enTHamZqLxJx+sZqOMxH
z6Nz+uzYcl7Izgy+I+XaYegPtaeb59w4uvaAGlz9KtBxqvD74NsxaQ26wDMRYUAe
XLp7sT6zxVs31+32Ymxr43dLrSNajKW3KTPmA4zzDU+BHTAaSsOe9Qxixls6WP9R
6hJ0Lw6Dv1IhF9GGDKrV6BBb8gOHNvvMfM1Zqef+v5nT7zou/EOjTjnfjB7R39M7
VLvCIw1TWvWsSUUCA7HxF7+MDQWjtkw6YR6FK/1Okemi
-----END CERTIFICATE-----