Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/tExQcDKVE7-eLUThXLwYgrx5_0c.roa
File:                     tExQcDKVE7-eLUThXLwYgrx5_0c.roa (raw, json)
Hash identifier:          T/pXP5OirEhFTLdVpXfGReMQSI7rIjTDykJ9YIGX1DE=
Subject key identifier:   B4:4C:50:70:32:95:13:BF:9E:2D:44:E1:5C:BC:18:82:BC:79:FF:47
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       018CC8DE95F9D046E37ED4E879D0D83C58B4
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/tExQcDKVE7-eLUThXLwYgrx5_0c.roa
Signing time:             Tue 02 Jan 2024 06:31:19 +0000
ROA not before:           Tue 02 Jan 2024 06:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     395003
IP address blocks:        45.82.245.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 07:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:95:f9:d0:46:e3:7e:d4:e8:79:d0:d8:3c:58:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan  2 06:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b44c5070329513bf9e2d44e15cbc1882bc79ff47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:15:57:ce:98:cd:dc:3e:49:db:69:c8:7d:a4:
                    bc:c1:69:a3:a0:a8:4c:43:31:d5:2c:1a:0c:36:93:
                    ce:70:f2:fd:5f:56:99:11:1d:79:7a:c1:85:b5:c5:
                    3f:a5:04:e8:f5:dd:1d:c2:77:2b:3e:d7:09:3e:87:
                    ad:eb:ce:d9:00:fe:80:c3:32:5a:39:a4:eb:3b:c4:
                    8f:48:57:5f:89:38:b2:f8:22:21:12:24:20:83:7a:
                    d7:5c:6e:25:02:12:a0:a1:4d:33:81:22:0f:33:a8:
                    0d:5b:66:c0:25:34:41:d3:9f:b2:a4:bc:58:c8:56:
                    be:2a:f2:7b:38:a3:df:b6:f7:c3:45:f6:96:94:f6:
                    e9:45:bd:11:a0:0d:23:ee:6b:4c:37:bd:5e:66:d0:
                    9c:c1:79:c0:87:e3:d3:16:13:d3:41:ba:a6:b6:45:
                    b7:65:c3:15:95:df:93:8d:13:2a:1f:97:65:f9:d6:
                    f5:be:4c:54:a5:6e:1b:cc:a1:97:b8:40:95:93:c1:
                    da:73:2a:b5:63:74:82:69:65:c8:89:01:d4:38:58:
                    b5:3e:8a:b5:ab:2e:a1:47:c4:04:93:46:03:5f:a5:
                    8a:a9:44:ed:37:1f:44:59:5f:50:f9:59:52:10:91:
                    86:e4:9f:49:c3:ea:5b:ee:5f:96:f4:d2:68:3e:db:
                    ac:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:4C:50:70:32:95:13:BF:9E:2D:44:E1:5C:BC:18:82:BC:79:FF:47
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/tExQcDKVE7-eLUThXLwYgrx5_0c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.82.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:3c:2b:64:b6:98:a0:fd:20:b2:a0:4a:06:bb:7b:95:0b:5a:
         77:0a:a2:86:d1:6e:4d:dc:28:76:c2:e1:6a:fb:e7:7c:97:c3:
         70:9c:b9:4f:b5:94:82:9c:b0:58:1e:ce:6e:ac:a4:e0:ae:a7:
         5e:66:9e:ce:8d:a9:05:90:88:77:64:8c:f7:58:66:ef:d6:6a:
         33:f9:d2:6e:cb:77:32:7c:e3:e3:9d:bf:f4:e8:11:ce:59:69:
         3c:91:1c:12:bd:80:79:64:c6:df:a9:80:b8:3a:ef:b2:f5:6b:
         d1:d6:94:36:5b:3b:e6:43:9d:30:c7:1f:ec:9b:d8:d1:ef:ef:
         27:a3:aa:a7:c9:ea:a8:29:45:fb:3a:f6:6a:31:51:75:ad:7d:
         d1:29:cb:92:bd:55:29:5f:b6:4a:52:1b:d6:b7:b7:d3:c0:1b:
         36:72:21:2b:8b:52:93:f7:74:0b:21:70:88:c4:08:68:0f:3d:
         c0:8a:1e:85:ca:74:df:2a:bf:88:96:e9:10:5b:85:bf:b1:1f:
         5f:de:ed:08:ce:a6:6a:c9:b3:3a:84:4e:04:67:da:ec:26:e5:
         b2:81:e0:49:43:ce:14:df:b3:e1:0a:db:0d:56:ea:62:d8:1b:
         a9:3a:47:fc:7f:fa:74:8a:72:3b:90:bf:28:ce:fc:ee:a0:6c:
         a3:ad:a8:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3pX50EbjftToedDYPFi0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjQwMTAyMDYzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDRjNTA3MDMyOTUxM2JmOWUyZDQ0ZTE1Y2JjMTg4MmJjNzlmZjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmhVXzpjN3D5J22nIfaS8wWmjoKhM
QzHVLBoMNpPOcPL9X1aZER15esGFtcU/pQTo9d0dwncrPtcJPoet687ZAP6AwzJa
OaTrO8SPSFdfiTiy+CIhEiQgg3rXXG4lAhKgoU0zgSIPM6gNW2bAJTRB05+ypLxY
yFa+KvJ7OKPftvfDRfaWlPbpRb0RoA0j7mtMN71eZtCcwXnAh+PTFhPTQbqmtkW3
ZcMVld+TjRMqH5dl+db1vkxUpW4bzKGXuECVk8Hacyq1Y3SCaWXIiQHUOFi1Poq1
qy6hR8QEk0YDX6WKqUTtNx9EWV9Q+VlSEJGG5J9Jw+pb7l+W9NJoPtuskQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLRMUHAylRO/ni1E4Vy8GIK8ef9HMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvdEV4UWNES1ZFNy1lTFVUaFhMd1lncng1XzBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVL1MA0G
CSqGSIb3DQEBCwUAA4IBAQBVPCtktpig/SCyoEoGu3uVC1p3CqKG0W5N3Ch2wuFq
++d8l8NwnLlPtZSCnLBYHs5urKTgrqdeZp7OjakFkIh3ZIz3WGbv1moz+dJuy3cy
fOPjnb/06BHOWWk8kRwSvYB5ZMbfqYC4Ou+y9WvR1pQ2WzvmQ50wxx/sm9jR7+8n
o6qnyeqoKUX7OvZqMVF1rX3RKcuSvVUpX7ZKUhvWt7fTwBs2ciEri1KT93QLIXCI
xAhoDz3Aih6FynTfKr+IlukQW4W/sR9f3u0IzqZqybM6hE4EZ9rsJuWygeBJQ84U
37PhCtsNVupi2BupOkf8f/p0inI7kL8ozvzuoGyjrajF
-----END CERTIFICATE-----