Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/prM15DIz8U2SuK3WT1XmwpRyPiw.roa
File:                     prM15DIz8U2SuK3WT1XmwpRyPiw.roa (raw, json)
Hash identifier:          Ev3JYItgs2plIvnRogGir6HXmqnxV6oHdsBBlVemcUA=
Subject key identifier:   A6:B3:35:E4:32:33:F1:4D:92:B8:AD:D6:4F:55:E6:C2:94:72:3E:2C
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       018D024175F5B0DFDBC27C9A439AFA3B4BD0
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/prM15DIz8U2SuK3WT1XmwpRyPiw.roa
Signing time:             Sat 13 Jan 2024 09:57:40 +0000
ROA not before:           Sat 13 Jan 2024 09:57:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     151338
IP address blocks:        45.8.253.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:02:41:75:f5:b0:df:db:c2:7c:9a:43:9a:fa:3b:4b:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan 13 09:57:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a6b335e43233f14d92b8add64f55e6c294723e2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:75:ec:44:ba:03:49:f2:e2:61:23:14:75:49:
                    7f:ce:4a:77:d5:2b:2d:30:81:93:04:5a:5e:06:bc:
                    0f:9b:5f:34:0c:00:08:74:70:27:cf:de:68:f2:15:
                    9a:88:00:e6:10:3e:4e:c4:59:c8:00:03:dd:4c:1c:
                    eb:9b:1e:b7:8e:66:2d:c7:fc:07:dd:02:27:4e:58:
                    44:2b:fb:f6:1d:d3:49:fe:48:61:73:8e:d4:f4:bc:
                    90:c5:23:1c:2e:20:30:d5:97:f4:0a:22:0a:46:f6:
                    49:a7:4c:bb:7f:55:37:e4:99:d4:5c:9e:f3:53:b9:
                    68:33:3e:b4:a0:6e:69:73:7d:63:fc:1f:57:90:24:
                    66:16:ad:8a:54:a9:03:de:c5:a0:ed:29:31:d8:fe:
                    1c:ab:7a:35:b6:bd:a1:0f:75:4e:66:0d:43:7e:18:
                    a5:92:86:bb:6c:08:c6:5a:3c:1a:e3:49:a2:bf:68:
                    4b:98:b7:c8:dd:af:e5:d6:33:4f:90:62:93:d8:2f:
                    07:96:73:8d:5b:4e:5c:ce:8a:81:19:5e:dc:3d:94:
                    11:b9:db:7d:19:3e:02:d7:e6:2d:cc:4c:51:1f:49:
                    fd:21:f1:5e:b4:45:bb:18:97:9d:ba:43:ca:ee:77:
                    71:44:64:a9:83:cc:b5:27:85:df:d6:18:7c:85:70:
                    64:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:B3:35:E4:32:33:F1:4D:92:B8:AD:D6:4F:55:E6:C2:94:72:3E:2C
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/prM15DIz8U2SuK3WT1XmwpRyPiw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:69:34:82:be:d5:ab:6b:9c:ec:a0:48:d8:c5:48:d3:ba:7b:
         23:c1:1c:3b:b2:70:ba:c9:7b:30:b7:8f:a0:84:25:17:b5:e3:
         18:f5:8a:31:25:99:e2:65:00:92:32:ae:b0:73:e7:66:05:49:
         cd:f1:f5:a4:6e:dc:94:c7:8d:43:bf:e5:51:cb:f4:68:8a:32:
         16:b0:87:00:2b:aa:b5:5d:e9:a1:e8:64:72:e5:0d:ae:41:f1:
         c5:94:d0:74:cd:b1:89:28:e1:cc:0c:ec:c2:a7:1d:0e:55:3e:
         3d:85:26:70:9b:20:36:0e:29:76:3e:c0:65:cd:e6:27:0a:7b:
         f5:cf:07:ca:c5:86:84:ea:c3:9a:10:7e:e3:10:f4:bd:fe:d1:
         d2:8a:1e:26:14:04:c5:2a:21:41:a0:85:e5:73:b2:c7:19:e5:
         42:d8:c2:43:e4:f9:05:fb:c4:f2:66:e4:bc:61:3f:4b:95:52:
         bc:32:64:71:5b:68:ee:bd:78:7d:f2:f0:55:b7:c6:f4:21:ac:
         a5:2a:33:9d:40:03:72:e0:22:40:00:9e:03:f4:30:fd:3a:b5:
         fa:96:cd:f9:84:d0:40:1b:9d:5e:fb:90:ce:bf:58:65:20:55:
         a1:f4:85:fe:8d:09:f6:3a:5a:dd:ff:2f:10:08:12:76:52:24:
         5a:64:73:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0CQXX1sN/bwnyaQ5r6O0vQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjQwMTEzMDk1NzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmIzMzVlNDMyMzNmMTRkOTJiOGFkZDY0ZjU1ZTZjMjk0NzIzZTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtXXsRLoDSfLiYSMUdUl/zkp31Sst
MIGTBFpeBrwPm180DAAIdHAnz95o8hWaiADmED5OxFnIAAPdTBzrmx63jmYtx/wH
3QInTlhEK/v2HdNJ/khhc47U9LyQxSMcLiAw1Zf0CiIKRvZJp0y7f1U35JnUXJ7z
U7loMz60oG5pc31j/B9XkCRmFq2KVKkD3sWg7Skx2P4cq3o1tr2hD3VOZg1Dfhil
koa7bAjGWjwa40miv2hLmLfI3a/l1jNPkGKT2C8HlnONW05czoqBGV7cPZQRudt9
GT4C1+YtzExRH0n9IfFetEW7GJedukPK7ndxRGSpg8y1J4Xf1hh8hXBkxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKazNeQyM/FNkrit1k9V5sKUcj4sMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvcHJNMTVESXo4VTJTdUszV1QxWG13cFJ5UGl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQj9MA0G
CSqGSIb3DQEBCwUAA4IBAQB9aTSCvtWra5zsoEjYxUjTunsjwRw7snC6yXswt4+g
hCUXteMY9YoxJZniZQCSMq6wc+dmBUnN8fWkbtyUx41Dv+VRy/RoijIWsIcAK6q1
Xemh6GRy5Q2uQfHFlNB0zbGJKOHMDOzCpx0OVT49hSZwmyA2Dil2PsBlzeYnCnv1
zwfKxYaE6sOaEH7jEPS9/tHSih4mFATFKiFBoIXlc7LHGeVC2MJD5PkF+8TyZuS8
YT9LlVK8MmRxW2juvXh98vBVt8b0IaylKjOdQANy4CJAAJ4D9DD9OrX6ls35hNBA
G51e+5DOv1hlIFWh9IX+jQn2Olrd/y8QCBJ2UiRaZHME
-----END CERTIFICATE-----