Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/wpYQ3yQxyBn2HB8vYYCRp8Rto64.roa
File:                     wpYQ3yQxyBn2HB8vYYCRp8Rto64.roa (raw, json)
Hash identifier:          b3GGiaNCdJZtQJ68Xl7arIYu7nAhZr8JqnQ6lWiEwRQ=
Subject key identifier:   C2:96:10:DF:24:31:C8:19:F6:1C:1F:2F:61:80:91:A7:C4:6D:A3:AE
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       01931A39E3BB01668DE427CDF065AEB074D4
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/wpYQ3yQxyBn2HB8vYYCRp8Rto64.roa
Signing time:             Mon 11 Nov 2024 07:57:01 +0000
ROA not before:           Mon 11 Nov 2024 07:57:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5065
IP address blocks:        45.9.2.0/24 maxlen: 24
                          45.9.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:1a:39:e3:bb:01:66:8d:e4:27:cd:f0:65:ae:b0:74:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Nov 11 07:57:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c29610df2431c819f61c1f2f618091a7c46da3ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:c1:68:66:f4:16:ec:e6:67:ac:be:8e:07:f8:
                    0e:73:fe:cd:f1:9e:37:08:24:f9:a0:af:8a:f5:1f:
                    13:e9:3d:0a:29:ae:23:75:a3:d2:bc:af:79:fc:22:
                    67:60:2e:07:9c:e0:31:c9:f9:8c:e2:6d:7b:15:43:
                    da:33:4e:f1:33:c7:ef:85:c4:03:f6:90:05:2e:1f:
                    92:f5:a7:83:78:fb:52:52:91:9b:70:e2:e0:55:db:
                    45:eb:2d:1d:ea:70:4a:22:95:10:02:27:ad:df:25:
                    1d:08:d5:7f:94:4a:73:50:4f:ec:24:7c:33:9f:45:
                    b6:14:02:9a:cd:7f:42:a5:99:ee:cb:75:5d:df:59:
                    1f:bc:a3:94:22:61:ba:31:27:d2:7e:4c:54:02:be:
                    b1:53:a6:ee:51:9c:2b:40:ee:b0:0b:60:0d:1a:24:
                    47:50:d8:de:16:4f:11:83:92:44:03:fe:20:ec:1c:
                    ba:4c:99:1e:3a:f3:91:39:0e:bc:b3:cc:60:88:06:
                    1d:ea:47:15:72:55:f4:85:86:e2:3e:7b:76:4b:d6:
                    73:94:64:6e:d4:54:14:4b:3a:e4:41:2a:fb:1a:6f:
                    7e:07:26:b8:aa:f1:fc:84:77:1e:2a:74:d8:d7:d0:
                    6a:58:ce:a1:ad:f4:a4:98:eb:55:15:38:33:0e:ab:
                    f5:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:96:10:DF:24:31:C8:19:F6:1C:1F:2F:61:80:91:A7:C4:6D:A3:AE
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/wpYQ3yQxyBn2HB8vYYCRp8Rto64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         d2:8a:79:71:5a:39:56:a9:30:33:24:ab:3f:b7:c0:92:e8:19:
         38:56:96:1f:45:2e:f4:a9:be:b7:99:77:86:3b:e3:ae:13:5e:
         f0:4f:07:da:18:ff:75:2b:6b:22:b5:4c:43:3d:f4:76:78:5f:
         0e:e9:07:8a:59:e3:1a:4d:c7:78:91:66:bd:72:a9:40:e7:0e:
         aa:b0:62:aa:67:75:db:39:96:bc:79:a4:61:90:9f:b5:f6:c8:
         ae:87:aa:47:91:77:0e:5f:95:71:c5:58:34:81:2e:0c:3d:e1:
         42:8b:6c:bf:96:76:33:b3:f1:2a:a1:52:83:f0:8c:fb:aa:f5:
         d1:20:2f:30:fb:7e:14:0d:ea:2a:1b:94:82:40:a0:15:8a:a6:
         88:75:3d:ce:c8:a3:a3:ef:e7:ff:82:2a:5c:9e:23:89:6d:36:
         8b:89:fb:73:e4:47:4e:60:37:bb:cc:7c:d0:02:0d:ba:37:ce:
         35:68:5d:4a:a9:62:9b:b0:ea:41:fb:85:dc:2f:9f:9d:e3:1d:
         7e:f2:7d:29:12:9b:51:54:f9:cf:f2:45:8e:5b:6d:43:7b:ef:
         bf:8d:74:df:d4:df:fb:2f:d1:5d:50:0b:59:34:1e:ea:45:96:
         ca:6e:dc:8e:4d:b4:a9:3c:25:5a:5c:43:23:b2:0f:5a:fc:b7:
         dc:61:ac:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMaOeO7AWaN5CfN8GWusHTUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjQxMTExMDc1NzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjk2MTBkZjI0MzFjODE5ZjYxYzFmMmY2MTgwOTFhN2M0NmRhM2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8sFoZvQW7OZnrL6OB/gOc/7N8Z43
CCT5oK+K9R8T6T0KKa4jdaPSvK95/CJnYC4HnOAxyfmM4m17FUPaM07xM8fvhcQD
9pAFLh+S9aeDePtSUpGbcOLgVdtF6y0d6nBKIpUQAiet3yUdCNV/lEpzUE/sJHwz
n0W2FAKazX9CpZnuy3Vd31kfvKOUImG6MSfSfkxUAr6xU6buUZwrQO6wC2ANGiRH
UNjeFk8Rg5JEA/4g7By6TJkeOvOROQ68s8xgiAYd6kcVclX0hYbiPnt2S9ZzlGRu
1FQUSzrkQSr7Gm9+Bya4qvH8hHceKnTY19BqWM6hrfSkmOtVFTgzDqv1TQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMKWEN8kMcgZ9hwfL2GAkafEbaOuMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvd3BZUTN5UXh5Qm4ySEI4dllZQ1JwOFJ0bzY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLQkCMA0G
CSqGSIb3DQEBCwUAA4IBAQDSinlxWjlWqTAzJKs/t8CS6Bk4VpYfRS70qb63mXeG
O+OuE17wTwfaGP91K2sitUxDPfR2eF8O6QeKWeMaTcd4kWa9cqlA5w6qsGKqZ3Xb
OZa8eaRhkJ+19siuh6pHkXcOX5VxxVg0gS4MPeFCi2y/lnYzs/EqoVKD8Iz7qvXR
IC8w+34UDeoqG5SCQKAViqaIdT3OyKOj7+f/gipcniOJbTaLiftz5EdOYDe7zHzQ
Ag26N841aF1KqWKbsOpB+4XcL5+d4x1+8n0pEptRVPnP8kWOW21De++/jXTf1N/7
L9FdUAtZNB7qRZbKbtyOTbSpPCVaXEMjsg9a/LfcYay6
-----END CERTIFICATE-----