Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yj3OCX9SI2Y7u_ldKcB40H9Xirc.roa
File:                     Yj3OCX9SI2Y7u_ldKcB40H9Xirc.roa (raw, json)
Hash identifier:          v35E3sAh7JkJgX5/z9XUlOcg2kVxjHGYPV7prOjfyCo=
Subject key identifier:   62:3D:CE:09:7F:52:23:66:3B:BB:F9:5D:29:C0:78:D0:7F:57:8A:B7
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       018CC8DE8A59FFA211747BBADF4B6914A340
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yj3OCX9SI2Y7u_ldKcB40H9Xirc.roa
Signing time:             Tue 02 Jan 2024 06:31:16 +0000
ROA not before:           Tue 02 Jan 2024 06:31:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198351
IP address blocks:        5.180.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 03:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:8a:59:ff:a2:11:74:7b:ba:df:4b:69:14:a3:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan  2 06:31:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=623dce097f5223663bbbf95d29c078d07f578ab7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:b0:55:b8:f6:f8:71:81:6a:70:9d:4c:45:01:
                    3d:ba:a3:69:e5:80:91:11:21:be:19:92:66:8e:65:
                    59:4a:a2:c5:22:1c:39:4f:1c:4c:f5:84:61:cb:21:
                    03:6d:45:05:fb:c1:80:01:52:4b:83:35:38:c4:e6:
                    62:f2:25:30:2b:24:a1:5b:0c:fe:41:9f:14:95:1e:
                    72:31:97:0c:86:c8:00:87:4d:a3:ab:84:71:60:e6:
                    28:2a:38:d8:01:ee:56:85:ba:0f:ec:77:f6:2c:fc:
                    ad:5f:01:c8:ef:a6:f6:36:93:78:b7:a3:d8:55:f9:
                    08:3a:1c:85:db:87:53:ed:d3:a6:87:fc:dd:48:a1:
                    35:c7:03:d6:92:56:99:bb:ec:e7:e3:f4:aa:c7:6b:
                    28:8c:5c:56:ee:93:76:9d:b9:fe:10:c8:29:1f:23:
                    14:3f:06:eb:13:09:a1:01:94:4f:de:83:32:17:c6:
                    ad:65:09:f2:cd:14:58:35:e7:e9:4d:b5:e4:af:8a:
                    2f:62:ac:e6:f1:57:ed:6b:d2:4c:00:95:15:14:fd:
                    29:22:b5:86:5d:8a:d3:8c:12:44:1a:95:a0:c2:55:
                    29:ee:bf:36:c2:37:3b:63:80:e7:15:76:8d:1d:52:
                    ef:95:d3:24:eb:6a:41:58:14:fe:9d:8b:76:1c:7a:
                    28:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:3D:CE:09:7F:52:23:66:3B:BB:F9:5D:29:C0:78:D0:7F:57:8A:B7
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yj3OCX9SI2Y7u_ldKcB40H9Xirc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:b6:b9:e9:c7:5a:0f:55:25:46:17:5c:36:4e:ca:6d:cb:c3:
         ef:92:39:be:ce:de:da:1c:cf:6c:05:29:57:4c:6d:f3:1d:98:
         ce:f4:a2:83:51:6e:9d:e3:9b:db:f6:46:fe:cd:4b:62:28:94:
         82:96:15:4a:96:47:73:0a:af:56:c0:cd:43:6c:0b:8c:e9:c2:
         78:31:e6:66:03:ad:68:4f:9e:8b:2d:3d:1d:f4:24:cb:5e:d8:
         de:a0:5f:18:23:b9:8b:9c:e2:f2:dc:d1:1b:53:4d:4e:d5:fe:
         7d:a1:f2:f8:0f:03:7f:7b:a7:4c:5d:62:c5:5a:2c:e1:1d:3f:
         0d:51:a8:7a:40:b7:3c:01:0d:2f:e9:42:0f:06:9b:29:7f:7f:
         4e:e0:c2:c0:11:c1:3e:bc:31:dd:e1:84:3b:7f:57:7c:73:5b:
         43:00:d6:20:59:ca:0d:a0:25:61:05:00:8b:e7:cb:2b:83:2d:
         1b:eb:35:5b:c5:77:b6:99:ea:30:79:a4:cd:19:5f:76:51:64:
         bf:95:7e:2e:b6:28:19:c2:50:e0:b2:33:fa:3e:ca:f6:90:62:
         9b:f0:55:c8:65:25:ed:4a:3a:ad:68:f8:45:bf:ec:49:53:41:
         fd:f6:55:31:55:e7:bf:6f:71:3b:4e:50:08:65:82:1e:36:b7:
         52:54:dd:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3opZ/6IRdHu630tpFKNAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjQwMTAyMDYzMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjNkY2UwOTdmNTIyMzY2M2JiYmY5NWQyOWMwNzhkMDdmNTc4YWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2rBVuPb4cYFqcJ1MRQE9uqNp5YCR
ESG+GZJmjmVZSqLFIhw5TxxM9YRhyyEDbUUF+8GAAVJLgzU4xOZi8iUwKyShWwz+
QZ8UlR5yMZcMhsgAh02jq4RxYOYoKjjYAe5WhboP7Hf2LPytXwHI76b2NpN4t6PY
VfkIOhyF24dT7dOmh/zdSKE1xwPWklaZu+zn4/Sqx2sojFxW7pN2nbn+EMgpHyMU
PwbrEwmhAZRP3oMyF8atZQnyzRRYNefpTbXkr4ovYqzm8Vfta9JMAJUVFP0pIrWG
XYrTjBJEGpWgwlUp7r82wjc7Y4DnFXaNHVLvldMk62pBWBT+nYt2HHoo3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGI9zgl/UiNmO7v5XSnAeNB/V4q3MB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvWWozT0NYOVNJMlk3dV9sZEtjQjQwSDlYaXJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbToMA0G
CSqGSIb3DQEBCwUAA4IBAQArtrnpx1oPVSVGF1w2Tspty8Pvkjm+zt7aHM9sBSlX
TG3zHZjO9KKDUW6d45vb9kb+zUtiKJSClhVKlkdzCq9WwM1DbAuM6cJ4MeZmA61o
T56LLT0d9CTLXtjeoF8YI7mLnOLy3NEbU01O1f59ofL4DwN/e6dMXWLFWizhHT8N
Uah6QLc8AQ0v6UIPBpspf39O4MLAEcE+vDHd4YQ7f1d8c1tDANYgWcoNoCVhBQCL
58srgy0b6zVbxXe2meoweaTNGV92UWS/lX4utigZwlDgsjP6Psr2kGKb8FXIZSXt
SjqtaPhFv+xJU0H99lUxVee/b3E7TlAIZYIeNrdSVN1s
-----END CERTIFICATE-----