Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8d241f-71ea-4a1b-96ea-a99c7ee5c284/1/vZ1yAVzyASLv0TjQjOHxofpQPgQ.roa
File:                     vZ1yAVzyASLv0TjQjOHxofpQPgQ.roa (raw, json)
Hash identifier:          PwV4fx6G6Bgl4hZ3vm+fDg9UULJs855TvFOatQDiSM8=
Subject key identifier:   BD:9D:72:01:5C:F2:01:22:EF:D1:38:D0:8C:E1:F1:A1:FA:50:3E:04
Certificate issuer:       /CN=62927b36b138f086358938e3acfda4638e56a792
Certificate serial:       018CC2DB1CFD7032767677743C557FE266E1
Authority key identifier: 62:92:7B:36:B1:38:F0:86:35:89:38:E3:AC:FD:A4:63:8E:56:A7:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YpJ7NrE48IY1iTjjrP2kY45Wp5I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8d241f-71ea-4a1b-96ea-a99c7ee5c284/1/vZ1yAVzyASLv0TjQjOHxofpQPgQ.roa
Signing time:             Mon 01 Jan 2024 02:29:48 +0000
ROA not before:           Mon 01 Jan 2024 02:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207265
IP address blocks:        45.151.128.0/22 maxlen: 22
                          2a10:20c0::/30 maxlen: 30

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8d241f-71ea-4a1b-96ea-a99c7ee5c284/1/YpJ7NrE48IY1iTjjrP2kY45Wp5I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8d241f-71ea-4a1b-96ea-a99c7ee5c284/1/YpJ7NrE48IY1iTjjrP2kY45Wp5I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YpJ7NrE48IY1iTjjrP2kY45Wp5I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:1c:fd:70:32:76:76:77:74:3c:55:7f:e2:66:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62927b36b138f086358938e3acfda4638e56a792
        Validity
            Not Before: Jan  1 02:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd9d72015cf20122efd138d08ce1f1a1fa503e04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:a6:c9:11:0a:81:42:20:37:60:36:8c:7f:35:
                    6d:29:6b:98:5f:a3:97:12:d0:51:1f:d4:b7:60:91:
                    ca:9a:5e:fe:33:50:b0:17:9b:ec:62:82:07:1c:7a:
                    28:10:30:ad:29:48:e8:68:d8:6b:d7:56:07:7c:cf:
                    17:5a:99:ed:4d:0f:3d:12:b1:94:2e:fc:85:04:6d:
                    6b:40:19:85:49:70:8c:b3:8d:4a:3f:6e:a0:bd:d5:
                    d5:ec:4c:57:d9:11:0f:7d:8b:dc:53:81:70:1b:77:
                    97:54:d4:86:ba:c3:93:e4:9e:58:33:50:b0:af:e0:
                    6c:84:55:ec:65:98:82:4b:86:45:17:04:73:49:06:
                    64:ff:57:18:a6:41:53:65:79:b5:3f:43:c3:aa:eb:
                    02:e5:ba:7d:84:52:e0:b6:b8:6d:75:ac:42:aa:eb:
                    f6:72:e1:ce:17:d1:7a:69:52:d2:7c:fa:18:4b:64:
                    f2:dd:4f:1c:cd:64:94:c0:4c:b2:9b:64:2c:b3:e7:
                    9a:6d:10:5c:58:9a:42:7b:c5:9b:63:d9:f2:50:ea:
                    5f:29:d5:f8:ed:4f:5f:5f:42:ae:21:d8:a9:3d:a6:
                    1f:32:1f:32:90:65:a0:37:c3:f8:90:fc:4c:88:13:
                    dc:c3:88:59:b6:36:21:d5:0b:48:af:7c:b6:90:7f:
                    a1:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:9D:72:01:5C:F2:01:22:EF:D1:38:D0:8C:E1:F1:A1:FA:50:3E:04
            X509v3 Authority Key Identifier:
                keyid:62:92:7B:36:B1:38:F0:86:35:89:38:E3:AC:FD:A4:63:8E:56:A7:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YpJ7NrE48IY1iTjjrP2kY45Wp5I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8d241f-71ea-4a1b-96ea-a99c7ee5c284/1/vZ1yAVzyASLv0TjQjOHxofpQPgQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8d241f-71ea-4a1b-96ea-a99c7ee5c284/1/YpJ7NrE48IY1iTjjrP2kY45Wp5I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.128.0/22
                IPv6:
                  2a10:20c0::/30

    Signature Algorithm: sha256WithRSAEncryption
         45:e3:1b:00:35:9c:c6:c8:e7:a3:30:47:99:33:fc:31:1d:28:
         7e:88:ef:5c:f8:07:eb:1e:e8:99:17:01:40:8a:9a:d9:71:70:
         1e:8e:a0:98:34:3b:15:0e:49:7e:f9:65:73:fa:be:b4:11:90:
         55:df:a6:71:7d:ff:1b:b8:7f:c7:1e:66:dc:8d:95:a1:12:14:
         2f:37:6b:21:22:20:f7:24:3e:60:d9:3c:8d:05:cc:98:59:d9:
         7a:23:6c:fb:0f:38:51:77:42:9b:76:a5:62:9b:91:fa:e7:46:
         4f:dc:eb:7f:4e:7c:2d:6d:d9:32:08:de:b3:95:0b:18:1d:d9:
         88:13:52:3b:c0:fa:06:da:9c:7d:4d:ae:7f:a2:c1:a4:6c:84:
         2d:d5:56:0c:ac:ae:6f:2a:80:5a:e7:18:9b:49:cf:3b:55:81:
         68:8d:90:d4:24:dd:6f:a7:1a:3c:b8:c2:c7:c0:14:be:67:51:
         48:d2:7a:36:6d:bf:5a:24:0f:0f:3e:89:cf:c6:6a:3a:41:fd:
         cc:01:52:fc:0a:ee:9a:86:c4:32:74:bf:b5:fd:d3:1b:84:1f:
         11:46:b7:86:e2:5d:1c:52:62:03:bb:4a:0f:82:c8:72:8b:19:
         be:12:53:8e:11:75:7c:43:36:b2:ff:3c:b4:87:78:82:ae:d5:
         36:99:0d:74
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzC2xz9cDJ2dnd0PFV/4mbhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyOTI3YjM2YjEzOGYwODYzNTg5MzhlM2FjZmRhNDYzOGU1
NmE3OTIwHhcNMjQwMTAxMDIyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDlkNzIwMTVjZjIwMTIyZWZkMTM4ZDA4Y2UxZjFhMWZhNTAzZTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA36bJEQqBQiA3YDaMfzVtKWuYX6OX
EtBRH9S3YJHKml7+M1CwF5vsYoIHHHooEDCtKUjoaNhr11YHfM8XWpntTQ89ErGU
LvyFBG1rQBmFSXCMs41KP26gvdXV7ExX2REPfYvcU4FwG3eXVNSGusOT5J5YM1Cw
r+BshFXsZZiCS4ZFFwRzSQZk/1cYpkFTZXm1P0PDqusC5bp9hFLgtrhtdaxCquv2
cuHOF9F6aVLSfPoYS2Ty3U8czWSUwEyym2Qss+eabRBcWJpCe8WbY9nyUOpfKdX4
7U9fX0KuIdipPaYfMh8ykGWgN8P4kPxMiBPcw4hZtjYh1QtIr3y2kH+hrwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFL2dcgFc8gEi79E40Izh8aH6UD4EMB8GA1UdIwQY
MBaAFGKSezaxOPCGNYk446z9pGOOVqeSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXBKN05yRTQ4SVkxaVRqanJQMmtZNDVXcDVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZDI0MWYtNzFlYS00YTFiLTk2ZWEt
YTk5YzdlZTVjMjg0LzEvdloxeUFWenlBU0x2MFRqUWpPSHhvZnBRUGdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZDI0MWYtNzFlYS00YTFiLTk2ZWEtYTk5YzdlZTVjMjg0
LzEvWXBKN05yRTQ4SVkxaVRqanJQMmtZNDVXcDVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLZeAMA0E
AgACMAcDBQIqECDAMA0GCSqGSIb3DQEBCwUAA4IBAQBF4xsANZzGyOejMEeZM/wx
HSh+iO9c+AfrHuiZFwFAiprZcXAejqCYNDsVDkl++WVz+r60EZBV36Zxff8buH/H
HmbcjZWhEhQvN2shIiD3JD5g2TyNBcyYWdl6I2z7DzhRd0KbdqVim5H650ZP3Ot/
TnwtbdkyCN6zlQsYHdmIE1I7wPoG2px9Ta5/osGkbIQt1VYMrK5vKoBa5xibSc87
VYFojZDUJN1vpxo8uMLHwBS+Z1FI0no2bb9aJA8PPonPxmo6Qf3MAVL8Cu6ahsQy
dL+1/dMbhB8RRreG4l0cUmIDu0oPgshyixm+ElOOEXV8Qzay/zy0h3iCrtU2mQ10
-----END CERTIFICATE-----