Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/aZ1_SEVy7cDZSIU0tWwY7b0gCx8.roa
File:                     aZ1_SEVy7cDZSIU0tWwY7b0gCx8.roa (raw, json)
Hash identifier:          edmkfrXntpT9Wxh48P0UMzBdTvamKMMiZR8dgP4g3ts=
Subject key identifier:   69:9D:7F:48:45:72:ED:C0:D9:48:85:34:B5:6C:18:ED:BD:20:0B:1F
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       018D6057B1DF52740FB3BDA25D6171DA24BF
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/aZ1_SEVy7cDZSIU0tWwY7b0gCx8.roa
Signing time:             Wed 31 Jan 2024 16:26:16 +0000
ROA not before:           Wed 31 Jan 2024 16:26:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215622
IP address blocks:        45.9.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:60:57:b1:df:52:74:0f:b3:bd:a2:5d:61:71:da:24:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan 31 16:26:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=699d7f484572edc0d9488534b56c18edbd200b1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:c8:c5:9d:6e:74:7b:50:58:e1:c9:dd:a4:5c:
                    78:ac:cf:54:d4:3f:ac:b8:28:24:04:a8:e1:4c:8c:
                    33:0e:13:b3:4d:2d:4e:7f:83:85:9b:41:1c:89:b4:
                    7d:8f:66:48:17:26:f6:01:7b:d3:38:e8:6f:8a:b7:
                    92:24:50:72:81:aa:b0:ed:f6:38:d0:9f:0c:07:30:
                    60:32:c5:01:b0:f9:2d:38:ab:33:57:25:21:95:05:
                    31:f1:45:b3:95:4c:06:fd:e5:77:b1:f5:1a:2a:b3:
                    a8:c8:45:ff:e0:89:5e:cb:a5:c0:a5:32:d3:c9:17:
                    a2:1c:91:69:b9:43:39:1d:66:3a:70:5f:41:e8:89:
                    7a:1f:c1:f3:44:8a:04:93:0a:66:1b:2b:d0:1a:ae:
                    52:01:0b:9e:ae:c0:14:97:30:63:7b:b5:be:ab:aa:
                    57:6b:11:38:5f:f0:77:1b:81:9f:ab:3d:51:7a:1a:
                    c7:45:d2:0d:eb:63:c4:8d:7c:12:8e:74:09:9b:c8:
                    51:eb:de:1f:82:95:30:c9:89:92:8a:2d:fb:c3:e9:
                    db:b4:18:62:60:42:f6:3c:86:bf:f3:ba:ee:86:f0:
                    82:df:c4:38:59:82:47:79:df:24:92:01:d3:26:4a:
                    49:8a:2c:88:75:d1:3a:c1:89:51:83:90:55:6b:07:
                    f6:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:9D:7F:48:45:72:ED:C0:D9:48:85:34:B5:6C:18:ED:BD:20:0B:1F
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/aZ1_SEVy7cDZSIU0tWwY7b0gCx8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:7e:9d:9f:44:56:c6:4c:40:b9:b1:70:c1:f0:83:78:dd:cb:
         db:eb:e4:42:60:31:cd:58:82:6a:e3:49:53:10:7b:e7:98:89:
         28:2e:30:e5:4a:1e:71:61:44:1a:0e:82:a6:bf:bc:7b:f0:b5:
         2b:d2:01:c6:bf:9d:76:f6:11:b3:f9:d9:ed:7c:74:31:8b:5f:
         ea:73:ad:83:23:9a:03:7c:03:60:d6:e9:98:5e:90:28:e2:29:
         cc:b7:26:c4:84:60:f5:b0:53:3c:60:0c:8f:4c:2e:b6:c4:b6:
         4a:c3:02:c6:fb:69:66:87:6f:9e:4d:20:3b:e9:12:99:aa:0c:
         5c:b3:2d:b9:0b:e6:8b:9d:1a:5e:09:0d:fc:ef:5b:4d:01:d2:
         61:f7:1f:9a:11:9f:ef:24:fd:6a:6b:0a:7e:1c:24:63:08:b3:
         f8:81:53:ec:a8:13:44:d5:79:d8:68:93:51:50:46:62:06:c1:
         b8:45:62:bd:7d:ce:73:ce:b9:8f:ab:98:32:e8:ba:be:2f:6f:
         06:75:27:e4:47:87:4c:70:14:19:da:a5:77:e5:f5:d7:4a:d3:
         67:d1:45:1c:ca:5b:68:f2:25:05:f1:14:e8:a2:92:4f:39:7e:
         eb:bf:5f:91:ad:8a:f3:15:57:71:d6:87:ae:46:68:a7:0c:e6:
         ed:a4:db:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1gV7HfUnQPs72iXWFx2iS/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjQwMTMxMTYyNjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTlkN2Y0ODQ1NzJlZGMwZDk0ODg1MzRiNTZjMThlZGJkMjAwYjFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlsjFnW50e1BY4cndpFx4rM9U1D+s
uCgkBKjhTIwzDhOzTS1Of4OFm0EcibR9j2ZIFyb2AXvTOOhvireSJFBygaqw7fY4
0J8MBzBgMsUBsPktOKszVyUhlQUx8UWzlUwG/eV3sfUaKrOoyEX/4Iley6XApTLT
yReiHJFpuUM5HWY6cF9B6Il6H8HzRIoEkwpmGyvQGq5SAQuersAUlzBje7W+q6pX
axE4X/B3G4Gfqz1RehrHRdIN62PEjXwSjnQJm8hR694fgpUwyYmSii37w+nbtBhi
YEL2PIa/87ruhvCC38Q4WYJHed8kkgHTJkpJiiyIddE6wYlRg5BVawf2KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGmdf0hFcu3A2UiFNLVsGO29IAsfMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvYVoxX1NFVnk3Y0RaU0lVMHRXd1k3YjBnQ3g4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQkFMA0G
CSqGSIb3DQEBCwUAA4IBAQALfp2fRFbGTEC5sXDB8IN43cvb6+RCYDHNWIJq40lT
EHvnmIkoLjDlSh5xYUQaDoKmv7x78LUr0gHGv5129hGz+dntfHQxi1/qc62DI5oD
fANg1umYXpAo4inMtybEhGD1sFM8YAyPTC62xLZKwwLG+2lmh2+eTSA76RKZqgxc
sy25C+aLnRpeCQ3871tNAdJh9x+aEZ/vJP1qawp+HCRjCLP4gVPsqBNE1XnYaJNR
UEZiBsG4RWK9fc5zzrmPq5gy6Lq+L28GdSfkR4dMcBQZ2qV35fXXStNn0UUcylto
8iUF8RToopJPOX7rv1+RrYrzFVdx1oeuRminDObtpNsU
-----END CERTIFICATE-----