Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Y9geqpNsiFqtz2Iv5qv91glDoYI.roa
File:                     Y9geqpNsiFqtz2Iv5qv91glDoYI.roa (raw, json)
Hash identifier:          0Zg6lVrTxjH0ZPncInq8A9ysuAXuPJzXVqCvryMOlBk=
Subject key identifier:   63:D8:1E:AA:93:6C:88:5A:AD:CF:62:2F:E6:AB:FD:D6:09:43:A1:82
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       018CC8DE93270FC8394AF8B6FC1774B1B3A0
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Y9geqpNsiFqtz2Iv5qv91glDoYI.roa
Signing time:             Tue 02 Jan 2024 06:31:18 +0000
ROA not before:           Tue 02 Jan 2024 06:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211826
IP address blocks:        5.253.46.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:93:27:0f:c8:39:4a:f8:b6:fc:17:74:b1:b3:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan  2 06:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63d81eaa936c885aadcf622fe6abfdd60943a182
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:ca:75:4c:99:3f:85:38:81:b0:a8:26:60:75:
                    a4:5b:07:83:9a:32:40:96:81:15:35:36:f9:94:7a:
                    1e:c9:3b:5f:d8:19:62:9b:95:11:d2:60:6a:8f:b2:
                    5f:97:87:53:62:e6:41:12:dc:49:07:9f:f5:ed:08:
                    c1:48:c2:16:d4:c3:be:04:5e:a9:7c:40:32:8d:ca:
                    c1:3c:ec:8c:9f:e1:76:a0:c8:72:4d:a7:25:48:1a:
                    af:1d:4f:19:cf:cf:5f:a4:4f:94:38:60:c2:e0:d7:
                    3b:55:09:93:2a:9e:39:56:18:79:64:f6:4c:aa:80:
                    ef:eb:30:4c:56:bc:dd:38:c8:b9:04:39:a0:a9:91:
                    f6:7a:6f:80:77:96:a4:fb:6d:f2:e8:55:3c:15:75:
                    c9:c4:e0:9e:76:4f:2e:93:e0:dd:61:78:eb:62:fd:
                    75:f5:b5:a8:a9:62:f1:83:e3:8d:0b:ff:f6:dc:60:
                    8c:9c:3e:42:b9:b3:01:a5:2b:6a:fa:20:74:75:9e:
                    27:73:bf:28:8e:10:fe:04:a4:0d:65:40:71:9f:a0:
                    7b:6a:75:f2:81:d4:86:92:fb:d0:a8:8f:66:50:79:
                    0f:cb:08:a8:88:44:e8:94:0c:ef:a0:85:9f:0a:fa:
                    b5:ac:25:c7:c0:b8:4e:99:86:66:15:65:87:08:cf:
                    90:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:D8:1E:AA:93:6C:88:5A:AD:CF:62:2F:E6:AB:FD:D6:09:43:A1:82
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Y9geqpNsiFqtz2Iv5qv91glDoYI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:c8:fa:78:b7:6c:d3:05:5b:65:c1:62:47:3d:9b:52:01:d3:
         b7:d5:8d:cf:d9:d5:ce:a5:57:dc:43:ff:17:27:12:94:d8:71:
         c6:82:07:fe:6e:dd:3b:75:5a:82:e4:20:bd:33:dc:96:23:c7:
         69:a4:0c:aa:c6:57:4f:ce:80:2f:f0:df:02:fb:79:fa:8a:dd:
         af:85:2c:90:38:74:03:e3:4c:87:5b:4d:ee:58:84:08:10:56:
         ea:b8:65:3a:60:0b:97:be:92:75:d8:22:8a:b0:70:63:bd:c9:
         6c:5e:32:99:7d:67:47:4a:48:ed:c3:d6:63:95:3d:4c:ef:c8:
         fb:5f:c9:24:14:86:1f:69:e5:a0:c1:74:b3:bb:19:93:4c:4a:
         1a:c1:1b:cc:a1:f4:2a:9d:33:5d:36:6e:c5:79:d5:83:c0:50:
         af:58:c0:98:ab:e4:01:7d:79:9b:ef:9b:ea:93:0d:d3:dc:db:
         9f:51:e7:48:01:39:64:0c:87:c9:dc:e5:b1:02:4a:66:a7:4c:
         f9:cd:13:4a:98:5b:01:47:a9:0c:65:49:b1:39:dc:69:01:2f:
         f5:73:d1:07:e0:02:3c:95:bd:0d:77:05:cb:ba:e9:66:48:8a:
         04:6a:d2:dc:8d:06:61:bb:01:6c:4e:75:c6:99:00:ce:c3:8b:
         fa:fb:52:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3pMnD8g5Svi2/Bd0sbOgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjQwMTAyMDYzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2Q4MWVhYTkzNmM4ODVhYWRjZjYyMmZlNmFiZmRkNjA5NDNhMTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvMp1TJk/hTiBsKgmYHWkWweDmjJA
loEVNTb5lHoeyTtf2Blim5UR0mBqj7Jfl4dTYuZBEtxJB5/17QjBSMIW1MO+BF6p
fEAyjcrBPOyMn+F2oMhyTaclSBqvHU8Zz89fpE+UOGDC4Nc7VQmTKp45Vhh5ZPZM
qoDv6zBMVrzdOMi5BDmgqZH2em+Ad5ak+23y6FU8FXXJxOCedk8uk+DdYXjrYv11
9bWoqWLxg+ONC//23GCMnD5CubMBpStq+iB0dZ4nc78ojhD+BKQNZUBxn6B7anXy
gdSGkvvQqI9mUHkPywioiETolAzvoIWfCvq1rCXHwLhOmYZmFWWHCM+QZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGPYHqqTbIharc9iL+ar/dYJQ6GCMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvWTlnZXFwTnNpRnF0ejJJdjVxdjkxZ2xEb1lJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABf0uMA0G
CSqGSIb3DQEBCwUAA4IBAQBgyPp4t2zTBVtlwWJHPZtSAdO31Y3P2dXOpVfcQ/8X
JxKU2HHGggf+bt07dVqC5CC9M9yWI8dppAyqxldPzoAv8N8C+3n6it2vhSyQOHQD
40yHW03uWIQIEFbquGU6YAuXvpJ12CKKsHBjvclsXjKZfWdHSkjtw9ZjlT1M78j7
X8kkFIYfaeWgwXSzuxmTTEoawRvMofQqnTNdNm7FedWDwFCvWMCYq+QBfXmb75vq
kw3T3NufUedIATlkDIfJ3OWxAkpmp0z5zRNKmFsBR6kMZUmxOdxpAS/1c9EH4AI8
lb0NdwXLuulmSIoEatLcjQZhuwFsTnXGmQDOw4v6+1Jo
-----END CERTIFICATE-----