Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/lj4U0xzshShLI4RqQ8ifYZ_SyKU.roa
File:                     lj4U0xzshShLI4RqQ8ifYZ_SyKU.roa (raw, json)
Hash identifier:          2HnZmk1Q7rKpAPcq0w6WNOe0VnqGatYS81N39FC33jw=
Subject key identifier:   96:3E:14:D3:1C:EC:85:28:4B:23:84:6A:43:C8:9F:61:9F:D2:C8:A5
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       018FE5507ACADD345C49A4015D5C14659202
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/lj4U0xzshShLI4RqQ8ifYZ_SyKU.roa
Signing time:             Tue 04 Jun 2024 22:13:27 +0000
ROA not before:           Tue 04 Jun 2024 22:13:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     40676
IP address blocks:        5.180.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:44:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e5:50:7a:ca:dd:34:5c:49:a4:01:5d:5c:14:65:92:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jun  4 22:13:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=963e14d31cec85284b23846a43c89f619fd2c8a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:7a:59:61:a5:31:95:e8:85:c1:4e:3e:39:28:
                    ef:81:05:16:59:f5:73:ac:17:28:89:7b:b2:d3:ad:
                    e5:a3:56:b8:41:90:69:25:83:ec:95:6e:f0:65:84:
                    b2:2c:6b:30:bf:2f:bd:e4:51:22:df:99:9d:56:15:
                    ff:e3:3e:f7:84:e6:63:76:36:30:22:c8:c4:93:69:
                    9d:91:ec:35:98:38:7d:4b:dc:0f:48:20:2c:0a:5a:
                    45:5b:1c:70:6a:ca:3e:19:65:77:6d:f0:93:c9:4b:
                    c9:3e:3b:6e:44:9f:3c:7c:fe:d0:9f:14:c7:fc:05:
                    f0:2d:c5:f7:bc:8b:13:15:fc:c1:5c:42:70:3d:c1:
                    64:d7:92:a2:d8:b0:12:71:3b:be:ab:d3:fe:b2:48:
                    a7:83:f4:81:5c:2d:ea:1a:50:ca:81:05:5d:83:e6:
                    42:92:a6:5c:ce:d3:b7:fb:49:7e:89:8d:ba:26:93:
                    a2:44:da:ea:f5:4a:43:d8:a4:5e:b0:de:64:67:1f:
                    19:a9:24:15:fd:10:73:43:07:ff:1c:13:dd:9d:49:
                    d8:af:49:d6:83:45:2f:3a:2e:0d:bb:97:18:e8:7c:
                    1c:03:57:f7:c0:db:39:29:08:4d:0f:e0:ad:50:0b:
                    41:30:6f:58:2d:71:38:d4:a4:99:d6:34:eb:e5:83:
                    95:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:3E:14:D3:1C:EC:85:28:4B:23:84:6A:43:C8:9F:61:9F:D2:C8:A5
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/lj4U0xzshShLI4RqQ8ifYZ_SyKU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:4b:45:fc:46:2d:18:43:6a:a5:13:04:bd:8e:d5:05:f4:9f:
         3a:56:a5:47:ce:df:17:e3:ed:4f:67:1f:17:d1:c8:83:94:78:
         e5:10:40:b7:f3:0c:24:81:9f:eb:f7:ea:67:a3:b4:41:da:85:
         a2:2f:02:72:25:88:6a:e5:b5:9d:29:6d:6c:71:ce:c6:05:66:
         f8:bd:cd:63:cf:18:27:72:84:60:05:43:6c:a0:8d:6c:3b:8f:
         c7:36:38:8a:30:23:ab:43:6c:03:2c:6d:3b:40:c4:b7:ae:b2:
         36:13:e4:29:8f:10:9f:02:37:48:46:d3:7d:60:9a:92:95:4c:
         e6:d3:ae:a9:6a:cd:fb:2f:5c:eb:47:d4:78:98:26:47:0a:68:
         47:1c:0c:fd:f1:d2:05:b4:a4:99:de:1f:f1:02:30:50:ce:92:
         7a:dd:79:13:a7:37:78:1f:68:11:4b:be:48:61:52:50:f8:7a:
         b5:5f:bd:c8:ec:46:01:cd:48:45:3d:25:9d:06:9c:ce:ba:b5:
         98:79:b7:59:0f:44:1d:98:02:9f:9f:ac:9c:2e:a1:65:6e:e1:
         10:91:48:59:c8:d0:8b:26:82:74:2f:07:88:17:69:ba:7d:66:
         46:4e:c2:b6:14:49:f6:f2:8d:14:06:a4:17:55:46:8f:8f:57:
         e6:5e:9a:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/lUHrK3TRcSaQBXVwUZZICMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjQwNjA0MjIxMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjNlMTRkMzFjZWM4NTI4NGIyMzg0NmE0M2M4OWY2MTlmZDJjOGE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlnpZYaUxleiFwU4+OSjvgQUWWfVz
rBcoiXuy063lo1a4QZBpJYPslW7wZYSyLGswvy+95FEi35mdVhX/4z73hOZjdjYw
IsjEk2mdkew1mDh9S9wPSCAsClpFWxxwaso+GWV3bfCTyUvJPjtuRJ88fP7QnxTH
/AXwLcX3vIsTFfzBXEJwPcFk15Ki2LAScTu+q9P+sking/SBXC3qGlDKgQVdg+ZC
kqZcztO3+0l+iY26JpOiRNrq9UpD2KResN5kZx8ZqSQV/RBzQwf/HBPdnUnYr0nW
g0UvOi4Nu5cY6HwcA1f3wNs5KQhND+CtUAtBMG9YLXE41KSZ1jTr5YOV6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJY+FNMc7IUoSyOEakPIn2Gf0silMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvbGo0VTB4enNoU2hMSTRScVE4aWZZWl9TeUtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbQxMA0G
CSqGSIb3DQEBCwUAA4IBAQCSS0X8Ri0YQ2qlEwS9jtUF9J86VqVHzt8X4+1PZx8X
0ciDlHjlEEC38wwkgZ/r9+pno7RB2oWiLwJyJYhq5bWdKW1scc7GBWb4vc1jzxgn
coRgBUNsoI1sO4/HNjiKMCOrQ2wDLG07QMS3rrI2E+QpjxCfAjdIRtN9YJqSlUzm
066pas37L1zrR9R4mCZHCmhHHAz98dIFtKSZ3h/xAjBQzpJ63XkTpzd4H2gRS75I
YVJQ+Hq1X73I7EYBzUhFPSWdBpzOurWYebdZD0QdmAKfn6ycLqFlbuEQkUhZyNCL
JoJ0LweIF2m6fWZGTsK2FEn28o0UBqQXVUaPj1fmXprV
-----END CERTIFICATE-----