Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/f8999c-040a-424a-8896-2a92333f9df6/1/sIZhLIF67Qp9_N0UtgcGtRnInVc.roa
File:                     sIZhLIF67Qp9_N0UtgcGtRnInVc.roa (raw, json)
Hash identifier:          U3oivsRC55fIUZbGAghVXn6DhN9l2aFsYGj3V+Lqyjc=
Subject key identifier:   B0:86:61:2C:81:7A:ED:0A:7D:FC:DD:14:B6:07:06:B5:19:C8:9D:57
Certificate issuer:       /CN=715b885c3b302fd50e6c22647a33dc47727fea95
Certificate serial:       018CC7943B7FE7B2F6B96335C548DB29C03B
Authority key identifier: 71:5B:88:5C:3B:30:2F:D5:0E:6C:22:64:7A:33:DC:47:72:7F:EA:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cVuIXDswL9UObCJkejPcR3J_6pU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/f8999c-040a-424a-8896-2a92333f9df6/1/sIZhLIF67Qp9_N0UtgcGtRnInVc.roa
Signing time:             Tue 02 Jan 2024 00:30:29 +0000
ROA not before:           Tue 02 Jan 2024 00:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     133480
IP address blocks:        5.62.23.0/24 maxlen: 24
                          5.62.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/f8999c-040a-424a-8896-2a92333f9df6/1/cVuIXDswL9UObCJkejPcR3J_6pU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/f8999c-040a-424a-8896-2a92333f9df6/1/cVuIXDswL9UObCJkejPcR3J_6pU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cVuIXDswL9UObCJkejPcR3J_6pU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 03:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:3b:7f:e7:b2:f6:b9:63:35:c5:48:db:29:c0:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=715b885c3b302fd50e6c22647a33dc47727fea95
        Validity
            Not Before: Jan  2 00:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b086612c817aed0a7dfcdd14b60706b519c89d57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:e9:3b:e6:91:c1:96:59:7f:69:ef:6f:66:55:
                    e4:59:1d:04:2e:cc:53:84:61:7e:c7:14:c8:49:49:
                    fa:52:2a:59:a3:7d:9c:89:e0:69:89:b6:d8:ea:d9:
                    ca:70:a8:87:d5:0b:1d:dc:54:40:9e:9a:18:2b:e1:
                    a5:5c:36:f7:7a:22:b2:50:4b:41:ef:e3:36:a0:f3:
                    fe:09:03:be:82:70:e5:71:be:75:ce:4f:cd:49:a0:
                    b9:bd:a6:97:7c:8e:6d:6b:e5:04:b8:60:2b:6a:e9:
                    a9:be:f2:b2:ed:20:38:a8:db:2e:b0:d5:0d:39:a3:
                    92:33:ca:f9:71:4d:ff:56:15:72:ed:05:77:72:23:
                    e6:0b:51:8c:c5:39:f1:55:31:86:c8:b4:a0:c0:3c:
                    07:bb:af:0a:f1:fd:12:88:73:1a:9f:e5:07:ee:36:
                    4e:80:64:93:84:e6:09:ad:31:10:3e:e2:a2:03:3b:
                    ae:2f:f7:33:12:d4:13:77:3a:aa:cd:fb:ce:e7:a8:
                    7b:bb:e0:9b:a2:9b:1d:df:02:40:7b:84:a3:d9:2f:
                    6b:db:70:c7:c0:7c:1f:88:53:a2:d1:16:30:97:69:
                    96:e8:84:1e:e4:d7:00:be:1a:3f:07:90:29:9f:77:
                    af:7a:f9:22:a1:7b:01:0c:71:58:b0:44:50:eb:c8:
                    5f:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:86:61:2C:81:7A:ED:0A:7D:FC:DD:14:B6:07:06:B5:19:C8:9D:57
            X509v3 Authority Key Identifier:
                keyid:71:5B:88:5C:3B:30:2F:D5:0E:6C:22:64:7A:33:DC:47:72:7F:EA:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cVuIXDswL9UObCJkejPcR3J_6pU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/f8999c-040a-424a-8896-2a92333f9df6/1/sIZhLIF67Qp9_N0UtgcGtRnInVc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/f8999c-040a-424a-8896-2a92333f9df6/1/cVuIXDswL9UObCJkejPcR3J_6pU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.62.22.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0d:bf:0c:84:e5:9c:7c:e9:eb:11:61:61:8a:7f:5e:b8:00:f8:
         bb:b4:45:44:85:c7:d2:4e:90:30:4f:b8:cf:5f:87:d4:aa:51:
         4d:35:2b:54:39:ee:4b:68:15:fd:0d:90:f6:4a:f7:39:42:b0:
         bb:0b:75:d9:82:2d:7b:90:85:8e:50:22:54:a5:52:45:b1:da:
         a9:e3:dc:57:d5:15:f3:7e:3f:bd:f2:7c:50:f1:20:50:0e:d6:
         b2:80:eb:23:cb:bf:72:b0:ee:49:11:aa:46:eb:c8:0b:e0:ed:
         30:37:40:71:e4:30:68:28:8e:84:b3:b1:18:03:e1:db:de:86:
         7f:10:17:f7:77:a5:32:c5:34:10:1d:d0:c4:60:b2:43:5e:2c:
         d5:f7:99:76:81:92:ac:c4:20:f9:5f:7f:6c:c0:01:82:3c:39:
         8d:e4:17:38:80:46:6f:d4:3d:f6:35:e0:86:5d:dd:72:87:64:
         10:ce:c7:cb:df:da:e6:0d:ab:b9:9c:aa:5b:6d:e6:96:18:8d:
         b8:b5:16:b6:8a:d6:ba:f8:0b:df:9e:ad:ae:3b:b4:01:a5:ef:
         40:09:c7:38:5e:ec:44:be:21:da:70:5d:23:67:ed:b0:3d:9f:
         05:bd:69:de:fc:b6:33:f4:30:a2:c8:45:9b:1f:c4:ef:7a:d0:
         6f:17:d4:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlDt/57L2uWM1xUjbKcA7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxNWI4ODVjM2IzMDJmZDUwZTZjMjI2NDdhMzNkYzQ3NzI3
ZmVhOTUwHhcNMjQwMTAyMDAzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDg2NjEyYzgxN2FlZDBhN2RmY2RkMTRiNjA3MDZiNTE5Yzg5ZDU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+k75pHBlll/ae9vZlXkWR0ELsxT
hGF+xxTISUn6UipZo32cieBpibbY6tnKcKiH1Qsd3FRAnpoYK+GlXDb3eiKyUEtB
7+M2oPP+CQO+gnDlcb51zk/NSaC5vaaXfI5ta+UEuGAraumpvvKy7SA4qNsusNUN
OaOSM8r5cU3/VhVy7QV3ciPmC1GMxTnxVTGGyLSgwDwHu68K8f0SiHMan+UH7jZO
gGSThOYJrTEQPuKiAzuuL/czEtQTdzqqzfvO56h7u+Cbopsd3wJAe4Sj2S9r23DH
wHwfiFOi0RYwl2mW6IQe5NcAvho/B5Apn3evevkioXsBDHFYsERQ68hf/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLCGYSyBeu0KffzdFLYHBrUZyJ1XMB8GA1UdIwQY
MBaAFHFbiFw7MC/VDmwiZHoz3Edyf+qVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1Z1SVhEc3dMOVVPYkNKa2VqUGNSM0pfNnBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS9mODk5OWMtMDQwYS00MjRhLTg4OTYt
MmE5MjMzM2Y5ZGY2LzEvc0laaExJRjY3UXA5X04wVXRnY0d0Um5JblZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS9mODk5OWMtMDQwYS00MjRhLTg4OTYtMmE5MjMzM2Y5ZGY2
LzEvY1Z1SVhEc3dMOVVPYkNKa2VqUGNSM0pfNnBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBT4WMA0G
CSqGSIb3DQEBCwUAA4IBAQANvwyE5Zx86esRYWGKf164APi7tEVEhcfSTpAwT7jP
X4fUqlFNNStUOe5LaBX9DZD2Svc5QrC7C3XZgi17kIWOUCJUpVJFsdqp49xX1RXz
fj+98nxQ8SBQDtaygOsjy79ysO5JEapG68gL4O0wN0Bx5DBoKI6Es7EYA+Hb3oZ/
EBf3d6UyxTQQHdDEYLJDXizV95l2gZKsxCD5X39swAGCPDmN5Bc4gEZv1D32NeCG
Xd1yh2QQzsfL39rmDau5nKpbbeaWGI24tRa2ita6+Avfnq2uO7QBpe9ACcc4XuxE
viHacF0jZ+2wPZ8FvWne/LYz9DCiyEWbH8TvetBvF9Q7
-----END CERTIFICATE-----