Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/cXvVHTRXQExmaStdRZNySvJoXe8.roa
File:                     cXvVHTRXQExmaStdRZNySvJoXe8.roa (raw, json)
Hash identifier:          wVFFy25CZ7ZkYPvHrxJae5h9lUop5vlIxopvMXnaH2g=
Subject key identifier:   71:7B:D5:1D:34:57:40:4C:66:69:2B:5D:45:93:72:4A:F2:68:5D:EF
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       0190BFDB8AE0A77EDEE8A09DD97ABBBAE290
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/cXvVHTRXQExmaStdRZNySvJoXe8.roa
Signing time:             Wed 17 Jul 2024 08:42:34 +0000
ROA not before:           Wed 17 Jul 2024 08:42:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210542
IP address blocks:        45.8.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:bf:db:8a:e0:a7:7e:de:e8:a0:9d:d9:7a:bb:ba:e2:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jul 17 08:42:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=717bd51d3457404c66692b5d4593724af2685def
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:91:22:ca:79:54:5d:dc:9c:93:2d:7c:01:79:
                    a3:f7:3c:d0:97:a5:50:43:11:72:be:16:02:5d:09:
                    79:ef:b6:46:2a:03:85:c5:de:9b:c6:67:37:3c:75:
                    07:b8:ec:f8:f8:5b:93:50:35:03:08:fd:96:fd:8b:
                    03:68:56:f1:ef:be:75:6a:ba:0e:d9:e7:1f:4b:5e:
                    49:34:f1:72:b3:6f:7d:00:4d:3c:eb:a6:c2:b1:41:
                    a0:ec:14:af:e9:fa:4e:8c:c9:b8:98:d1:ea:c2:35:
                    ee:ba:f8:92:01:51:9c:27:39:ed:4c:48:23:a9:72:
                    18:ab:ee:fb:7f:c9:83:de:3f:22:99:e2:fc:de:f5:
                    7b:d9:0c:01:28:12:cf:0c:5c:b2:98:4d:0a:c6:76:
                    f7:63:48:3d:21:39:de:aa:63:08:83:f9:7e:b8:09:
                    db:e2:59:f8:a8:9b:1d:8f:04:1b:b7:43:69:0d:e9:
                    77:d5:ed:39:fe:20:2d:ac:6d:f6:ae:8e:a1:b3:1a:
                    41:b8:18:10:54:33:f6:95:98:7d:5e:e4:d4:fc:e7:
                    73:90:cd:b3:e1:c8:bc:d9:ac:1c:f3:1d:e9:4b:f3:
                    35:99:70:9e:d3:65:a0:eb:71:31:b6:02:1d:b7:31:
                    9b:e3:c0:7e:1d:ae:93:73:89:41:f8:38:13:33:77:
                    c1:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:7B:D5:1D:34:57:40:4C:66:69:2B:5D:45:93:72:4A:F2:68:5D:EF
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/cXvVHTRXQExmaStdRZNySvJoXe8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:b2:a4:7a:4c:79:5e:4b:47:e5:1f:a0:92:5b:32:85:4f:4f:
         5e:b2:b6:4c:4f:bd:50:87:0c:d9:86:2e:8f:db:2e:83:0f:e8:
         f9:d4:ef:70:40:0e:c0:69:55:db:92:f8:6f:80:e3:9b:e3:e6:
         92:9a:0f:cf:23:24:6d:78:61:cb:fb:0c:54:33:9d:f2:9c:8c:
         03:a7:b2:69:54:1c:ab:5f:ed:c9:af:b4:5c:b8:30:93:b1:6f:
         0d:94:5c:d5:c9:dc:7a:98:8e:2e:5b:2e:86:1b:54:b5:d1:29:
         bd:88:ee:69:40:9e:06:ed:ab:30:72:a1:36:72:8f:c7:b7:d5:
         f1:1a:bf:8e:fb:eb:9c:e6:1a:4c:91:59:4b:96:ab:56:ff:02:
         65:3e:7e:48:b0:c1:eb:ca:63:06:48:c8:47:b9:ed:d8:93:80:
         85:67:50:5f:13:08:f4:51:0c:55:29:28:7c:2e:6d:ed:fb:ea:
         87:a8:64:81:74:65:1f:56:28:47:d3:3d:c0:71:33:86:9b:75:
         8f:f9:a3:2e:6a:f0:8e:f5:e9:a5:fc:ff:fd:df:eb:94:79:b3:
         a9:7f:14:5c:5c:f2:2d:a3:73:9a:b2:83:ef:a1:72:a4:43:14:
         a6:e7:2c:8b:8e:1c:49:87:ef:3a:9e:b5:b2:84:cb:c6:79:bb:
         10:c5:0b:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZC/24rgp37e6KCd2Xq7uuKQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjQwNzE3MDg0MjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTdiZDUxZDM0NTc0MDRjNjY2OTJiNWQ0NTkzNzI0YWYyNjg1ZGVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2JEiynlUXdycky18AXmj9zzQl6VQ
QxFyvhYCXQl577ZGKgOFxd6bxmc3PHUHuOz4+FuTUDUDCP2W/YsDaFbx7751aroO
2ecfS15JNPFys299AE0866bCsUGg7BSv6fpOjMm4mNHqwjXuuviSAVGcJzntTEgj
qXIYq+77f8mD3j8imeL83vV72QwBKBLPDFyymE0Kxnb3Y0g9ITneqmMIg/l+uAnb
4ln4qJsdjwQbt0NpDel31e05/iAtrG32ro6hsxpBuBgQVDP2lZh9XuTU/OdzkM2z
4ci82awc8x3pS/M1mXCe02Wg63ExtgIdtzGb48B+Ha6Tc4lB+DgTM3fBlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHF71R00V0BMZmkrXUWTckryaF3vMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvY1h2VkhUUlhRRXhtYVN0ZFJaTnlTdkpvWGU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQi/MA0G
CSqGSIb3DQEBCwUAA4IBAQBGsqR6THleS0flH6CSWzKFT09esrZMT71QhwzZhi6P
2y6DD+j51O9wQA7AaVXbkvhvgOOb4+aSmg/PIyRteGHL+wxUM53ynIwDp7JpVByr
X+3Jr7RcuDCTsW8NlFzVydx6mI4uWy6GG1S10Sm9iO5pQJ4G7aswcqE2co/Ht9Xx
Gr+O++uc5hpMkVlLlqtW/wJlPn5IsMHrymMGSMhHue3Yk4CFZ1BfEwj0UQxVKSh8
Lm3t++qHqGSBdGUfVihH0z3AcTOGm3WP+aMuavCO9eml/P/93+uUebOpfxRcXPIt
o3OasoPvoXKkQxSm5yyLjhxJh+86nrWyhMvGebsQxQuA
-----END CERTIFICATE-----