Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/aNY8bkxMID99ZRagfzPTzvVrkq4.roa
File:                     aNY8bkxMID99ZRagfzPTzvVrkq4.roa (raw, json)
Hash identifier:          5hJp3fY8n8mgLXyHsQQLXiNMLZsOwq6WBDBUCXh9/DY=
Subject key identifier:   68:D6:3C:6E:4C:4C:20:3F:7D:65:16:A0:7F:33:D3:CE:F5:6B:92:AE
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       018CC8DE8CE3146311F1E52AA39D1FAE7BF6
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/aNY8bkxMID99ZRagfzPTzvVrkq4.roa
Signing time:             Tue 02 Jan 2024 06:31:17 +0000
ROA not before:           Tue 02 Jan 2024 06:31:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200181
IP address blocks:        45.8.200.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:8c:e3:14:63:11:f1:e5:2a:a3:9d:1f:ae:7b:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan  2 06:31:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68d63c6e4c4c203f7d6516a07f33d3cef56b92ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:6d:04:74:6d:11:8a:f3:b8:36:1e:5d:01:8f:
                    8c:e0:24:d7:cd:1e:61:62:b9:28:c9:ee:6d:4b:85:
                    63:8b:23:1a:8d:97:8d:03:9a:8b:84:68:eb:b3:be:
                    8b:07:b6:75:a4:b1:65:5e:a5:f0:6c:6b:ff:2f:38:
                    8d:ee:a6:0f:3a:01:81:85:54:7a:89:f5:a0:a8:29:
                    d4:4d:67:8c:c8:d5:b6:37:e8:a5:d4:5f:2f:eb:6c:
                    b9:9c:ef:9f:9b:a4:d6:7d:c8:12:2b:a3:eb:3c:13:
                    b7:6d:ef:d0:ea:e3:cd:72:9b:cd:ec:2e:dc:3a:9b:
                    76:80:2b:8f:01:a1:11:c0:b7:5d:58:2b:a8:50:4e:
                    2d:3d:9a:75:cd:d0:5f:bb:ef:2e:35:c2:ff:0b:42:
                    2c:44:15:af:f6:96:4e:76:aa:ce:94:93:b0:bc:50:
                    78:bb:3a:66:89:09:a2:29:be:ec:31:d7:f0:9f:1a:
                    20:0b:57:e0:c1:22:da:d3:5f:8a:7b:05:0b:ab:41:
                    9f:87:cc:66:5a:0d:82:e9:97:64:42:3d:49:e8:71:
                    73:32:c4:74:71:9c:e2:c2:93:5d:27:dc:66:d5:fa:
                    b3:ad:51:1d:e1:db:7a:f0:c1:f4:a3:7c:4b:f0:6e:
                    f3:6e:2b:4c:22:69:36:be:0b:78:34:cd:4f:f8:39:
                    7a:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:D6:3C:6E:4C:4C:20:3F:7D:65:16:A0:7F:33:D3:CE:F5:6B:92:AE
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/aNY8bkxMID99ZRagfzPTzvVrkq4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:95:8c:8b:83:b1:2f:f0:65:53:23:34:d9:78:5d:c1:3f:37:
         d9:31:91:72:fd:39:94:bd:b9:42:6b:9f:81:78:cc:a5:7f:61:
         9d:6f:b4:53:80:93:72:cf:d1:cc:c7:e3:c2:21:a3:95:66:c2:
         f3:93:84:8e:6f:e8:d1:8c:0e:67:d5:43:45:e3:6f:cd:af:f1:
         ad:f6:e1:b1:22:4b:23:bb:f8:d0:51:3f:08:3f:bc:a9:0c:ae:
         1f:0a:97:66:7b:80:dd:ea:89:2a:fc:d0:52:8f:0b:79:63:0a:
         ae:13:8e:30:8a:b4:53:96:f5:29:73:e9:fa:13:a7:66:e2:41:
         27:55:29:65:ec:cb:02:17:60:6f:72:ba:13:c6:ba:b2:d7:f0:
         60:17:b6:a2:78:3b:b8:e2:5a:d4:16:f1:d6:da:32:b8:cb:ba:
         b5:00:de:79:e6:e4:10:31:a2:17:b5:b1:f9:f8:d2:a2:ba:14:
         31:4c:68:43:76:d2:a1:e3:f4:82:a6:3b:af:f7:bc:1e:0a:03:
         29:b0:b2:9e:66:70:27:00:4a:f3:e1:9a:34:a5:0d:fc:77:2d:
         27:ed:56:97:d8:2d:d1:6d:3e:76:40:4b:fd:04:42:e9:a5:3e:
         cb:4d:4a:c5:f4:2b:af:07:97:a0:fe:92:ae:01:4c:57:23:8a:
         57:e5:62:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3ozjFGMR8eUqo50frnv2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjQwMTAyMDYzMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGQ2M2M2ZTRjNGMyMDNmN2Q2NTE2YTA3ZjMzZDNjZWY1NmI5MmFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApG0EdG0RivO4Nh5dAY+M4CTXzR5h
Yrkoye5tS4VjiyMajZeNA5qLhGjrs76LB7Z1pLFlXqXwbGv/LziN7qYPOgGBhVR6
ifWgqCnUTWeMyNW2N+il1F8v62y5nO+fm6TWfcgSK6PrPBO3be/Q6uPNcpvN7C7c
Opt2gCuPAaERwLddWCuoUE4tPZp1zdBfu+8uNcL/C0IsRBWv9pZOdqrOlJOwvFB4
uzpmiQmiKb7sMdfwnxogC1fgwSLa01+KewULq0Gfh8xmWg2C6ZdkQj1J6HFzMsR0
cZziwpNdJ9xm1fqzrVEd4dt68MH0o3xL8G7zbitMImk2vgt4NM1P+Dl6nwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGjWPG5MTCA/fWUWoH8z0871a5KuMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvYU5ZOGJreE1JRDk5WlJhZ2Z6UFR6dlZya3E0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQjIMA0G
CSqGSIb3DQEBCwUAA4IBAQAylYyLg7Ev8GVTIzTZeF3BPzfZMZFy/TmUvblCa5+B
eMylf2Gdb7RTgJNyz9HMx+PCIaOVZsLzk4SOb+jRjA5n1UNF42/Nr/Gt9uGxIksj
u/jQUT8IP7ypDK4fCpdme4Dd6okq/NBSjwt5YwquE44wirRTlvUpc+n6E6dm4kEn
VSll7MsCF2BvcroTxrqy1/BgF7aieDu44lrUFvHW2jK4y7q1AN555uQQMaIXtbH5
+NKiuhQxTGhDdtKh4/SCpjuv97weCgMpsLKeZnAnAErz4Zo0pQ38dy0n7VaX2C3R
bT52QEv9BELppT7LTUrF9CuvB5eg/pKuAUxXI4pX5WKf
-----END CERTIFICATE-----