Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/uh4snZBYPR5EQX9l89AaAC_KPh4.roa
File:                     uh4snZBYPR5EQX9l89AaAC_KPh4.roa (raw, json)
Hash identifier:          bviraIi5pXZMcxpZfcUrNYYwxCK0SxQGswXcriKy9ck=
Subject key identifier:   BA:1E:2C:9D:90:58:3D:1E:44:41:7F:65:F3:D0:1A:00:2F:CA:3E:1E
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       018CC8DE8B1E56E2D9E154AAE85C9F46A0CB
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/uh4snZBYPR5EQX9l89AaAC_KPh4.roa
Signing time:             Tue 02 Jan 2024 06:31:16 +0000
ROA not before:           Tue 02 Jan 2024 06:31:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198883
IP address blocks:        5.180.233.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 12:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:8b:1e:56:e2:d9:e1:54:aa:e8:5c:9f:46:a0:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan  2 06:31:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba1e2c9d90583d1e44417f65f3d01a002fca3e1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:25:26:d6:f5:7c:4a:12:4d:59:df:55:9c:33:
                    3b:c7:5d:1e:97:2f:79:b5:00:b5:41:10:a5:af:44:
                    a0:9a:72:25:0a:25:d9:ca:75:23:2e:6f:d5:a4:66:
                    7c:ed:9b:21:49:8f:69:11:57:d6:34:04:87:a7:85:
                    27:c7:07:35:69:40:c9:b2:90:7d:37:4b:4c:ae:dc:
                    29:0d:f9:5c:bb:41:51:f5:8b:33:6c:1c:8b:0a:d3:
                    56:0d:43:cf:68:ee:44:f2:dc:f1:d7:a8:f1:97:a1:
                    bf:77:f0:0b:6b:a6:57:47:89:0d:ca:86:3e:ca:c4:
                    60:85:55:d7:a6:c1:6a:39:b7:fd:e1:98:2d:64:ed:
                    43:6d:7f:cf:27:4e:75:47:4b:23:63:22:f4:5f:33:
                    0c:46:41:72:6e:96:db:31:19:54:45:49:8e:fb:a5:
                    32:e6:1c:4e:5b:8f:af:2b:78:8d:f0:34:b2:77:43:
                    49:ea:e6:5c:6f:af:99:8c:ff:04:25:6d:ae:ce:48:
                    5d:9c:18:f5:93:e8:67:30:a2:40:43:32:9a:56:0c:
                    98:e5:fe:d4:25:e1:5c:87:69:1a:7e:97:3e:9b:5f:
                    a8:01:5b:a7:5e:da:44:10:b6:ad:19:06:6b:d7:3f:
                    fc:48:2a:c3:d3:76:de:16:50:5d:73:fe:94:35:f1:
                    02:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:1E:2C:9D:90:58:3D:1E:44:41:7F:65:F3:D0:1A:00:2F:CA:3E:1E
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/uh4snZBYPR5EQX9l89AaAC_KPh4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:8b:e8:74:e3:fd:16:6d:31:6f:b5:62:8c:68:95:9d:ca:00:
         a0:68:ba:98:3d:7d:04:51:7d:61:a3:73:8f:52:27:f6:42:19:
         f1:c1:81:d0:e7:af:75:af:dd:7d:ef:95:cc:63:b4:8d:bc:4f:
         c4:23:05:2f:2b:e7:42:2b:65:e9:48:64:aa:e5:26:ea:d8:35:
         74:b3:ff:5e:a9:81:82:ee:a9:47:28:86:47:43:00:53:ff:de:
         00:76:9d:b0:7f:8a:5a:23:f9:ed:a8:87:5a:ee:ee:d2:eb:7d:
         bd:e0:67:ae:ab:73:34:4a:50:e9:5a:8c:35:eb:3a:57:6b:85:
         6f:9f:5c:2a:71:8e:c3:6b:c3:4a:59:b4:57:f5:ab:a7:56:38:
         58:4b:c3:0a:2b:60:e7:d1:9c:af:d8:59:78:4d:c1:ad:86:94:
         28:aa:f2:eb:51:70:1a:25:4f:83:9c:9b:53:03:0d:fd:28:6b:
         11:de:cb:9f:ee:a4:2d:80:6e:4d:06:48:be:82:cd:dd:30:91:
         23:e3:0c:b2:05:6a:50:dd:fc:0a:48:81:a1:1e:dd:46:51:e9:
         53:82:7a:19:26:39:3b:66:3a:5b:ec:aa:4d:fe:6e:cc:7d:45:
         d6:fb:85:4b:dc:f7:a8:eb:f0:bc:1a:ba:45:2c:1b:b8:9a:7b:
         e7:32:16:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3oseVuLZ4VSq6FyfRqDLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjQwMTAyMDYzMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTFlMmM5ZDkwNTgzZDFlNDQ0MTdmNjVmM2QwMWEwMDJmY2EzZTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtCUm1vV8ShJNWd9VnDM7x10ely95
tQC1QRClr0SgmnIlCiXZynUjLm/VpGZ87ZshSY9pEVfWNASHp4Unxwc1aUDJspB9
N0tMrtwpDflcu0FR9YszbByLCtNWDUPPaO5E8tzx16jxl6G/d/ALa6ZXR4kNyoY+
ysRghVXXpsFqObf94ZgtZO1DbX/PJ051R0sjYyL0XzMMRkFybpbbMRlURUmO+6Uy
5hxOW4+vK3iN8DSyd0NJ6uZcb6+ZjP8EJW2uzkhdnBj1k+hnMKJAQzKaVgyY5f7U
JeFch2kafpc+m1+oAVunXtpEELatGQZr1z/8SCrD03beFlBdc/6UNfECDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLoeLJ2QWD0eREF/ZfPQGgAvyj4eMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvdWg0c25aQllQUjVFUVg5bDg5QWFBQ19LUGg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbTpMA0G
CSqGSIb3DQEBCwUAA4IBAQCbi+h04/0WbTFvtWKMaJWdygCgaLqYPX0EUX1ho3OP
Uif2QhnxwYHQ5691r91975XMY7SNvE/EIwUvK+dCK2XpSGSq5Sbq2DV0s/9eqYGC
7qlHKIZHQwBT/94Adp2wf4paI/ntqIda7u7S63294Geuq3M0SlDpWow16zpXa4Vv
n1wqcY7Da8NKWbRX9aunVjhYS8MKK2Dn0Zyv2Fl4TcGthpQoqvLrUXAaJU+DnJtT
Aw39KGsR3suf7qQtgG5NBki+gs3dMJEj4wyyBWpQ3fwKSIGhHt1GUelTgnoZJjk7
Zjpb7KpN/m7MfUXW+4VL3Peo6/C8GrpFLBu4mnvnMhbO
-----END CERTIFICATE-----