Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/c3Uje_50kq_ARgxgFJ48u1v31No.roa
File:                     c3Uje_50kq_ARgxgFJ48u1v31No.roa (raw, json)
Hash identifier:          jyUZ5Y6n8SNn8AMBYlPVxwDukkyWYLlHszILJMuiEUQ=
Subject key identifier:   73:75:23:7B:FE:74:92:AF:C0:46:0C:60:14:9E:3C:BB:5B:F7:D4:DA
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       019300FB2E17AEC26FF0D96C6EE9AABDD82A
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/c3Uje_50kq_ARgxgFJ48u1v31No.roa
Signing time:             Wed 06 Nov 2024 10:18:01 +0000
ROA not before:           Wed 06 Nov 2024 10:18:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     138156
IP address blocks:        45.8.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:00:fb:2e:17:ae:c2:6f:f0:d9:6c:6e:e9:aa:bd:d8:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Nov  6 10:18:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7375237bfe7492afc0460c60149e3cbb5bf7d4da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:81:32:99:6b:b4:f0:d5:57:62:21:8c:58:8c:
                    1e:20:77:f8:44:21:2e:ff:b3:14:fc:0b:1a:74:ea:
                    8a:9a:09:3e:33:42:16:77:9b:b5:25:09:81:5b:0d:
                    9f:0e:18:25:b5:a2:1e:81:9c:df:a5:6a:8c:da:cc:
                    32:60:67:ca:b3:03:5b:4b:ca:e5:b7:b1:c4:59:63:
                    1d:dc:83:5c:d2:95:e4:cc:28:e5:71:0f:ff:38:0b:
                    da:77:41:97:a0:bf:85:4a:ae:7b:68:2d:91:84:2a:
                    10:4d:2a:31:7d:a0:ad:08:d4:0c:11:97:8f:1a:69:
                    e0:9f:8f:b8:f8:29:84:b7:a3:74:b1:f3:13:96:a4:
                    6e:4b:76:92:98:b3:a7:ac:ab:75:dd:9e:25:d5:fa:
                    31:3d:f1:76:bc:9b:bb:51:2b:e7:f6:b5:5f:ba:e2:
                    7e:50:aa:12:67:90:08:05:e1:e1:f3:61:ab:90:b1:
                    bd:6c:7a:4e:0b:05:66:15:0f:85:0d:89:26:51:ee:
                    91:2e:ab:3a:9d:d7:2e:5a:c6:8b:6f:57:f8:f7:05:
                    15:6d:39:e2:c7:1e:55:c4:cc:8e:e6:08:7a:cb:17:
                    74:c8:22:ed:a5:1e:b1:ae:68:04:65:d2:32:25:07:
                    61:31:33:30:a1:11:f3:35:77:14:e8:f6:9b:f6:29:
                    a9:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:75:23:7B:FE:74:92:AF:C0:46:0C:60:14:9E:3C:BB:5B:F7:D4:DA
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/c3Uje_50kq_ARgxgFJ48u1v31No.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:3c:6b:14:90:41:48:e0:9f:8c:d3:79:b8:f2:59:e7:d1:1c:
         93:4e:40:4e:83:d1:7c:c0:97:64:d1:c6:20:42:eb:71:d9:02:
         69:55:41:00:6e:e1:00:d5:b8:2b:f0:81:00:9c:c9:43:fe:da:
         27:ef:cf:e0:e0:82:ac:31:1d:c2:b6:cf:26:95:d3:2c:b0:92:
         81:32:2d:5d:61:0e:6f:4a:fb:42:21:8f:bd:ce:8f:28:ca:61:
         46:09:cd:0b:ff:25:21:7f:21:8f:78:80:c9:04:a9:bd:13:ee:
         c8:ef:91:27:6a:f3:ae:54:e2:22:18:b4:9d:04:09:cb:45:b9:
         f6:27:34:ad:58:4d:87:4b:cf:63:90:89:e9:a2:c2:db:65:5c:
         5f:73:d1:b6:00:cb:16:93:b7:35:bb:fc:95:0d:f2:77:95:d7:
         66:2e:8d:5e:85:e7:c5:66:ae:64:36:3c:30:ed:1e:c2:2b:3a:
         0a:e6:f8:40:47:60:29:02:72:99:af:46:93:bc:a0:d9:c5:21:
         25:4f:8b:fe:18:e9:39:dc:86:7d:6f:1f:97:b2:3d:c6:b8:ed:
         ab:4f:92:b9:cc:62:45:03:45:4c:c4:09:ac:a6:c8:bd:c9:4f:
         62:72:66:55:b2:70:5e:93:c7:24:a9:6e:00:39:38:87:94:4c:
         3a:45:ef:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMA+y4XrsJv8NlsbumqvdgqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjQxMTA2MTAxODAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Mzc1MjM3YmZlNzQ5MmFmYzA0NjBjNjAxNDllM2NiYjViZjdkNGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh4EymWu08NVXYiGMWIweIHf4RCEu
/7MU/AsadOqKmgk+M0IWd5u1JQmBWw2fDhgltaIegZzfpWqM2swyYGfKswNbS8rl
t7HEWWMd3INc0pXkzCjlcQ//OAvad0GXoL+FSq57aC2RhCoQTSoxfaCtCNQMEZeP
Gmngn4+4+CmEt6N0sfMTlqRuS3aSmLOnrKt13Z4l1foxPfF2vJu7USvn9rVfuuJ+
UKoSZ5AIBeHh82GrkLG9bHpOCwVmFQ+FDYkmUe6RLqs6ndcuWsaLb1f49wUVbTni
xx5VxMyO5gh6yxd0yCLtpR6xrmgEZdIyJQdhMTMwoRHzNXcU6Pab9impbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHN1I3v+dJKvwEYMYBSePLtb99TaMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvYzNVamVfNTBrcV9BUmd4Z0ZKNDh1MXYzMU5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQj8MA0G
CSqGSIb3DQEBCwUAA4IBAQB9PGsUkEFI4J+M03m48lnn0RyTTkBOg9F8wJdk0cYg
Qutx2QJpVUEAbuEA1bgr8IEAnMlD/ton78/g4IKsMR3Cts8mldMssJKBMi1dYQ5v
SvtCIY+9zo8oymFGCc0L/yUhfyGPeIDJBKm9E+7I75EnavOuVOIiGLSdBAnLRbn2
JzStWE2HS89jkInposLbZVxfc9G2AMsWk7c1u/yVDfJ3lddmLo1ehefFZq5kNjww
7R7CKzoK5vhAR2ApAnKZr0aTvKDZxSElT4v+GOk53IZ9bx+Xsj3GuO2rT5K5zGJF
A0VMxAmspsi9yU9icmZVsnBek8ckqW4AOTiHlEw6Re+7
-----END CERTIFICATE-----