Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/tU2KFfsctzA1zcFoHKSQqLgB2TI.roa
File:                     tU2KFfsctzA1zcFoHKSQqLgB2TI.roa (raw, json)
Hash identifier:          48Ule6RdnyH8IKltkkSfOFUT6dw90AC8T8+KkIkL1M0=
Subject key identifier:   B5:4D:8A:15:FB:1C:B7:30:35:CD:C1:68:1C:A4:90:A8:B8:01:D9:32
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       018CC8DE8DCAC6BDB06C99CB46CD0646F9E1
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/tU2KFfsctzA1zcFoHKSQqLgB2TI.roa
Signing time:             Tue 02 Jan 2024 06:31:17 +0000
ROA not before:           Tue 02 Jan 2024 06:31:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203470
IP address blocks:        45.8.201.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:8d:ca:c6:bd:b0:6c:99:cb:46:cd:06:46:f9:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan  2 06:31:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b54d8a15fb1cb73035cdc1681ca490a8b801d932
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:be:6e:db:af:c3:27:b7:11:ac:dd:27:9f:80:
                    32:68:d7:d9:fa:43:0a:9b:d4:92:86:67:c2:74:bd:
                    59:80:0b:88:e5:ad:e9:d8:59:9d:58:6a:36:28:2c:
                    42:94:d8:d4:9d:36:1d:41:72:5f:9e:18:9d:9f:ad:
                    e3:01:fb:3c:6c:27:4a:9e:62:dd:b3:10:7e:92:51:
                    c1:33:63:98:2d:a1:ce:5a:ec:fb:91:cd:74:d5:e0:
                    6e:19:ed:7b:75:65:55:a7:08:30:67:de:5a:db:47:
                    ed:51:6e:4e:12:55:15:ed:5c:18:d9:08:ee:eb:53:
                    24:a0:12:f3:59:50:8b:05:2a:7c:6a:75:53:b3:c4:
                    e5:08:54:12:ae:61:bb:5e:08:a2:50:4f:10:8c:49:
                    2e:d4:4d:95:40:88:33:5e:d2:30:b6:f6:2d:67:4a:
                    c5:f4:97:74:26:52:98:46:22:30:e4:e3:95:9a:d2:
                    c7:25:f5:4c:c1:a3:1c:42:65:e0:da:39:c5:46:d8:
                    12:f9:77:56:cf:55:17:de:f7:96:c3:4f:12:d8:5d:
                    23:d5:fe:64:bc:1e:ae:56:f4:cf:90:81:80:7b:ee:
                    33:83:a8:e8:ae:79:36:34:6b:96:01:ee:c4:0e:28:
                    f0:6d:fb:9e:b7:de:d2:ea:6a:b4:c2:32:60:f8:ad:
                    c2:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:4D:8A:15:FB:1C:B7:30:35:CD:C1:68:1C:A4:90:A8:B8:01:D9:32
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/tU2KFfsctzA1zcFoHKSQqLgB2TI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:b6:59:0e:04:a1:51:86:84:c5:ca:48:d5:c4:f2:2d:b0:aa:
         a1:43:64:50:4a:4c:cd:0b:f0:34:cf:12:4a:5f:51:19:ab:eb:
         32:6a:35:93:8c:01:fa:e4:1a:5a:69:cf:88:de:41:c3:7f:a3:
         0e:06:b4:09:3f:82:3c:0f:a0:14:fb:17:67:8a:e1:51:c7:f4:
         11:99:63:23:63:35:ee:7f:d4:48:ff:9d:33:fc:55:ef:79:27:
         09:5b:f0:70:5d:d7:59:ed:f4:19:45:ff:44:3c:a8:ad:dd:d3:
         7d:d6:a7:42:66:26:7b:7b:f2:2e:31:2f:ca:40:5d:fb:30:1d:
         5e:4b:1d:f5:98:3f:82:79:96:6a:ff:69:f9:89:9c:47:73:9c:
         c7:ba:14:d5:77:3e:e0:94:04:e9:d2:00:0d:45:0f:34:f3:a0:
         7a:ec:08:d5:8b:e2:09:07:55:af:03:26:3b:a2:c4:95:b9:a9:
         d9:ee:ba:e3:a9:d8:ec:38:ee:13:24:28:e9:01:64:84:a5:91:
         51:19:c8:78:a9:34:ff:79:36:10:38:7b:bf:b8:1b:d4:39:75:
         31:52:d2:99:78:2b:96:a7:b3:5d:ae:3e:56:f3:e6:4f:2f:1c:
         fd:9e:46:a6:99:2b:0a:e3:02:83:26:b9:72:85:8a:62:be:de:
         7e:bc:cc:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3o3Kxr2wbJnLRs0GRvnhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjQwMTAyMDYzMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTRkOGExNWZiMWNiNzMwMzVjZGMxNjgxY2E0OTBhOGI4MDFkOTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmr5u26/DJ7cRrN0nn4AyaNfZ+kMK
m9SShmfCdL1ZgAuI5a3p2FmdWGo2KCxClNjUnTYdQXJfnhidn63jAfs8bCdKnmLd
sxB+klHBM2OYLaHOWuz7kc101eBuGe17dWVVpwgwZ95a20ftUW5OElUV7VwY2Qju
61MkoBLzWVCLBSp8anVTs8TlCFQSrmG7XgiiUE8QjEku1E2VQIgzXtIwtvYtZ0rF
9Jd0JlKYRiIw5OOVmtLHJfVMwaMcQmXg2jnFRtgS+XdWz1UX3veWw08S2F0j1f5k
vB6uVvTPkIGAe+4zg6jornk2NGuWAe7EDijwbfuet97S6mq0wjJg+K3CNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLVNihX7HLcwNc3BaBykkKi4AdkyMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvdFUyS0Zmc2N0ekExemNGb0hLU1FxTGdCMlRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQjJMA0G
CSqGSIb3DQEBCwUAA4IBAQAJtlkOBKFRhoTFykjVxPItsKqhQ2RQSkzNC/A0zxJK
X1EZq+syajWTjAH65Bpaac+I3kHDf6MOBrQJP4I8D6AU+xdniuFRx/QRmWMjYzXu
f9RI/50z/FXveScJW/BwXddZ7fQZRf9EPKit3dN91qdCZiZ7e/IuMS/KQF37MB1e
Sx31mD+CeZZq/2n5iZxHc5zHuhTVdz7glATp0gANRQ8086B67AjVi+IJB1WvAyY7
osSVuanZ7rrjqdjsOO4TJCjpAWSEpZFRGch4qTT/eTYQOHu/uBvUOXUxUtKZeCuW
p7Ndrj5W8+ZPLxz9nkammSsK4wKDJrlyhYpivt5+vMza
-----END CERTIFICATE-----