Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/XpDUn4qL6bNHEeRWEjHenTvlqaQ.roa
File:                     XpDUn4qL6bNHEeRWEjHenTvlqaQ.roa (raw, json)
Hash identifier:          0yKZKYq2F8xqcjf11d84vAQgknuZ632HcnRaTYBjDTo=
Subject key identifier:   5E:90:D4:9F:8A:8B:E9:B3:47:11:E4:56:12:31:DE:9D:3B:E5:A9:A4
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       018CC8DE8F9B967820C8AB76AF97ED9EAB0F
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/XpDUn4qL6bNHEeRWEjHenTvlqaQ.roa
Signing time:             Tue 02 Jan 2024 06:31:18 +0000
ROA not before:           Tue 02 Jan 2024 06:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207633
IP address blocks:        5.180.32.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 12:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:8f:9b:96:78:20:c8:ab:76:af:97:ed:9e:ab:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan  2 06:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e90d49f8a8be9b34711e4561231de9d3be5a9a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:5a:4d:ef:5a:b1:5d:eb:8f:97:b9:32:8a:9b:
                    5c:bf:3c:03:6c:12:fb:91:f3:69:a7:31:f2:a6:ce:
                    cd:cf:13:a2:e2:83:93:0d:ca:3d:11:dd:30:0c:ba:
                    c0:7b:9a:5d:f2:fe:cc:28:af:89:74:57:67:ac:e4:
                    9f:e1:18:e4:f4:21:4d:56:2b:96:a7:54:8e:32:53:
                    06:13:4d:6f:00:86:dc:fc:0c:a5:e4:e4:ae:56:b2:
                    99:73:b8:22:c2:21:9e:c6:73:fc:88:18:00:49:2f:
                    7e:9e:54:f4:a3:83:c8:b4:8b:4a:4e:84:ab:69:d7:
                    c1:45:b1:e4:e3:43:02:7f:a5:6f:5e:6e:d6:79:63:
                    96:aa:0d:e6:24:b0:64:4c:bd:bb:00:54:5c:14:f0:
                    b8:59:ef:9a:af:26:c6:df:6a:c9:8e:98:db:7d:72:
                    0e:a3:98:56:6b:e6:2b:25:66:5b:e0:90:38:37:87:
                    a5:58:d2:14:63:de:c6:7f:d7:00:89:d7:7d:f1:1d:
                    14:42:eb:a3:4b:2a:d1:79:f4:c0:72:e9:47:51:cf:
                    f5:91:42:21:b2:97:bc:de:d3:89:7e:af:72:e3:17:
                    78:bf:20:c9:f8:18:e9:77:eb:96:51:e3:b2:10:03:
                    4c:0d:a5:af:57:1e:20:3c:27:bb:06:fe:e4:9e:d6:
                    6b:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:90:D4:9F:8A:8B:E9:B3:47:11:E4:56:12:31:DE:9D:3B:E5:A9:A4
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/XpDUn4qL6bNHEeRWEjHenTvlqaQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:02:8e:b3:04:f9:d5:d4:49:96:2f:77:9f:f2:70:f1:8b:4f:
         f9:dd:0b:f7:82:18:05:1c:32:64:24:c2:71:49:5e:14:f3:fe:
         cb:23:a0:0e:04:01:f6:27:2d:6c:60:9c:a4:65:ed:c9:07:80:
         19:31:cf:35:10:f2:2b:d2:cf:2c:2e:ce:a4:8e:47:ab:0a:e5:
         27:3e:ef:64:ea:32:fb:16:6e:c1:e5:9f:7c:34:54:34:3d:15:
         30:99:ef:a7:f5:a7:79:bf:e7:d7:be:29:f3:86:a0:f8:c2:90:
         5d:c1:5a:58:e6:b4:33:32:78:05:c2:cf:38:23:ae:7d:6c:a0:
         50:47:d5:25:0c:36:2d:25:24:68:84:b3:9f:6d:b5:6e:71:2c:
         10:64:d0:a4:c4:45:e0:4b:50:b1:84:d7:4f:3d:f9:96:0e:05:
         b6:65:75:50:fc:d3:c5:0f:1a:c7:af:19:a2:2c:9d:cf:65:83:
         c7:ac:0b:69:b1:1c:42:05:70:da:c2:97:a8:cf:d5:f2:e2:7e:
         6f:ec:e4:ee:b7:31:13:b1:b0:d8:6a:a9:7f:28:48:21:5a:bd:
         8a:74:ed:f7:1d:93:57:92:55:4d:ec:ef:08:b4:43:33:6a:b8:
         af:fa:c4:d5:35:06:d1:34:c7:a6:1e:ad:4e:b8:36:15:5f:f3:
         19:91:fb:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3o+blnggyKt2r5ftnqsPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjQwMTAyMDYzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTkwZDQ5ZjhhOGJlOWIzNDcxMWU0NTYxMjMxZGU5ZDNiZTVhOWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmlpN71qxXeuPl7kyiptcvzwDbBL7
kfNppzHyps7NzxOi4oOTDco9Ed0wDLrAe5pd8v7MKK+JdFdnrOSf4Rjk9CFNViuW
p1SOMlMGE01vAIbc/Ayl5OSuVrKZc7giwiGexnP8iBgASS9+nlT0o4PItItKToSr
adfBRbHk40MCf6VvXm7WeWOWqg3mJLBkTL27AFRcFPC4We+arybG32rJjpjbfXIO
o5hWa+YrJWZb4JA4N4elWNIUY97Gf9cAidd98R0UQuujSyrRefTAculHUc/1kUIh
spe83tOJfq9y4xd4vyDJ+Bjpd+uWUeOyEANMDaWvVx4gPCe7Bv7kntZrNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF6Q1J+Ki+mzRxHkVhIx3p075amkMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvWHBEVW40cUw2Yk5IRWVSV0VqSGVuVHZscWFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbQgMA0G
CSqGSIb3DQEBCwUAA4IBAQBcAo6zBPnV1EmWL3ef8nDxi0/53Qv3ghgFHDJkJMJx
SV4U8/7LI6AOBAH2Jy1sYJykZe3JB4AZMc81EPIr0s8sLs6kjkerCuUnPu9k6jL7
Fm7B5Z98NFQ0PRUwme+n9ad5v+fXvinzhqD4wpBdwVpY5rQzMngFws84I659bKBQ
R9UlDDYtJSRohLOfbbVucSwQZNCkxEXgS1CxhNdPPfmWDgW2ZXVQ/NPFDxrHrxmi
LJ3PZYPHrAtpsRxCBXDawpeoz9Xy4n5v7OTutzETsbDYaql/KEghWr2KdO33HZNX
klVN7O8ItEMzariv+sTVNQbRNMemHq1OuDYVX/MZkfsd
-----END CERTIFICATE-----