Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/q8zAk-_GcoJWdF66nsFV_k8HrL0.roa
File:                     q8zAk-_GcoJWdF66nsFV_k8HrL0.roa (raw, json)
Hash identifier:          ASXNttmuTUh81jdStroM+SOAtOjhmyxwtZ7SBRnJjdc=
Subject key identifier:   AB:CC:C0:93:EF:C6:72:82:56:74:5E:BA:9E:C1:55:FE:4F:07:AC:BD
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       018CC8DE8A887212C582563ADB3675A5048F
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/q8zAk-_GcoJWdF66nsFV_k8HrL0.roa
Signing time:             Tue 02 Jan 2024 06:31:16 +0000
ROA not before:           Tue 02 Jan 2024 06:31:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198607
IP address blocks:        5.180.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:8a:88:72:12:c5:82:56:3a:db:36:75:a5:04:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan  2 06:31:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=abccc093efc6728256745eba9ec155fe4f07acbd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:d8:b3:ec:fb:7a:f8:1c:cd:59:9f:f9:a6:b7:
                    d0:c2:c5:dd:31:0d:c0:ef:e2:bf:05:02:17:fd:65:
                    b3:aa:c8:e8:3f:d6:a3:9c:50:1e:8d:53:17:38:1e:
                    22:1c:6d:40:74:56:70:3b:5a:51:03:b5:e8:c4:e2:
                    eb:67:19:50:1a:e5:34:93:50:9d:cd:81:38:47:ad:
                    a7:42:43:89:75:3c:3a:64:e7:3f:af:d9:58:9e:4c:
                    19:39:2e:4d:a7:4e:73:38:5e:0e:92:d9:11:dc:bf:
                    67:53:06:bc:d0:d6:b8:96:cb:34:f8:f8:e3:30:45:
                    e9:77:82:fc:4f:31:0f:d8:8c:bb:bf:f0:63:8c:6c:
                    ea:ea:c5:56:94:3a:52:aa:83:82:c0:ad:4e:1d:8e:
                    b1:3d:03:88:d7:2f:dc:9a:e2:cb:9d:c0:24:e8:9b:
                    93:e2:f1:db:d2:3a:de:78:b8:69:4d:75:65:ab:35:
                    86:a3:5b:1f:58:79:f3:23:79:f7:11:aa:9b:a0:92:
                    80:77:88:2c:6b:43:37:c5:77:7e:ea:6f:b8:19:f5:
                    c1:46:f7:b4:3a:59:e4:cd:80:06:fc:48:f9:6c:96:
                    70:ac:b3:e6:03:96:d3:00:fb:b9:09:41:60:36:d4:
                    10:b5:e4:f6:88:e6:8d:5f:f3:d8:9c:99:56:06:9e:
                    92:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:CC:C0:93:EF:C6:72:82:56:74:5E:BA:9E:C1:55:FE:4F:07:AC:BD
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/q8zAk-_GcoJWdF66nsFV_k8HrL0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:3e:2a:07:4a:cc:87:81:b1:84:d8:d1:a0:fc:3f:e7:96:f8:
         a2:4f:68:ab:54:b5:a0:45:be:74:6d:5d:da:6c:ca:55:dd:94:
         2c:86:4a:90:91:39:33:71:84:5f:b2:0c:a8:a5:5b:bb:e2:b9:
         d9:ae:86:e1:e4:ee:b5:21:15:2f:88:41:01:4b:d5:b3:2c:f7:
         20:28:3d:26:65:c7:ea:50:a2:0c:50:33:9b:ec:f7:c5:16:75:
         ed:5d:e2:2b:42:2a:da:74:d8:ef:86:55:c3:60:69:5b:7c:c7:
         57:41:9e:98:ca:55:44:75:a7:e1:93:fb:c7:bf:25:8a:de:8b:
         68:8d:82:f6:60:17:a7:d2:6a:20:bb:67:b4:69:f8:0f:83:97:
         4a:bf:82:d3:d3:b7:2a:29:b4:46:2a:d9:bc:81:3b:1b:0e:c4:
         de:db:df:02:1f:0a:8d:56:60:aa:df:b2:43:fc:39:b8:d6:24:
         b6:bc:f3:ce:c2:bd:4b:e7:4e:f0:c6:ce:51:f2:4e:d5:2a:df:
         83:52:ef:2a:2d:7c:c5:90:ad:54:94:10:47:21:a4:87:70:96:
         8e:a6:98:84:84:52:1a:f7:8b:fe:d9:df:8a:fd:3b:14:d7:36:
         ba:a4:68:77:6b:61:61:01:44:e6:0d:aa:41:b4:06:16:53:1e:
         d5:1f:39:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3oqIchLFglY62zZ1pQSPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjQwMTAyMDYzMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmNjYzA5M2VmYzY3MjgyNTY3NDVlYmE5ZWMxNTVmZTRmMDdhY2JkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAitiz7Pt6+BzNWZ/5prfQwsXdMQ3A
7+K/BQIX/WWzqsjoP9ajnFAejVMXOB4iHG1AdFZwO1pRA7XoxOLrZxlQGuU0k1Cd
zYE4R62nQkOJdTw6ZOc/r9lYnkwZOS5Np05zOF4OktkR3L9nUwa80Na4lss0+Pjj
MEXpd4L8TzEP2Iy7v/BjjGzq6sVWlDpSqoOCwK1OHY6xPQOI1y/cmuLLncAk6JuT
4vHb0jreeLhpTXVlqzWGo1sfWHnzI3n3EaqboJKAd4gsa0M3xXd+6m+4GfXBRve0
OlnkzYAG/Ej5bJZwrLPmA5bTAPu5CUFgNtQQteT2iOaNX/PYnJlWBp6SXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKvMwJPvxnKCVnReup7BVf5PB6y9MB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvcTh6QWstX0djb0pXZEY2Nm5zRlZfazhIckwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbQxMA0G
CSqGSIb3DQEBCwUAA4IBAQAqPioHSsyHgbGE2NGg/D/nlviiT2irVLWgRb50bV3a
bMpV3ZQshkqQkTkzcYRfsgyopVu74rnZrobh5O61IRUviEEBS9WzLPcgKD0mZcfq
UKIMUDOb7PfFFnXtXeIrQiradNjvhlXDYGlbfMdXQZ6YylVEdafhk/vHvyWK3oto
jYL2YBen0mogu2e0afgPg5dKv4LT07cqKbRGKtm8gTsbDsTe298CHwqNVmCq37JD
/Dm41iS2vPPOwr1L507wxs5R8k7VKt+DUu8qLXzFkK1UlBBHIaSHcJaOppiEhFIa
94v+2d+K/TsU1za6pGh3a2FhAUTmDapBtAYWUx7VHzm2
-----END CERTIFICATE-----