Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/842046-3f5f-4f4e-930c-e3d0a0ace398/1/uiWqfVPhoZCJrGs6ehp3Q3YfR4I.roa
File:                     uiWqfVPhoZCJrGs6ehp3Q3YfR4I.roa (raw, json)
Hash identifier:          Tg9CeY0+wHu9vdEpWqQcl2Mg8kl9vuUVf6VapLumqN8=
Subject key identifier:   BA:25:AA:7D:53:E1:A1:90:89:AC:6B:3A:7A:1A:77:43:76:1F:47:82
Certificate issuer:       /CN=7a556c19a4556f36f7600006d8eacd1fa3f439f2
Certificate serial:       018D407D3A495215810390972A10C5006BF4
Authority key identifier: 7A:55:6C:19:A4:55:6F:36:F7:60:00:06:D8:EA:CD:1F:A3:F4:39:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/elVsGaRVbzb3YAAG2OrNH6P0OfI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/842046-3f5f-4f4e-930c-e3d0a0ace398/1/uiWqfVPhoZCJrGs6ehp3Q3YfR4I.roa
Signing time:             Thu 25 Jan 2024 11:59:25 +0000
ROA not before:           Thu 25 Jan 2024 11:59:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49223
IP address blocks:        62.122.220.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/842046-3f5f-4f4e-930c-e3d0a0ace398/1/elVsGaRVbzb3YAAG2OrNH6P0OfI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/842046-3f5f-4f4e-930c-e3d0a0ace398/1/elVsGaRVbzb3YAAG2OrNH6P0OfI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/elVsGaRVbzb3YAAG2OrNH6P0OfI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:40:7d:3a:49:52:15:81:03:90:97:2a:10:c5:00:6b:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7a556c19a4556f36f7600006d8eacd1fa3f439f2
        Validity
            Not Before: Jan 25 11:59:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba25aa7d53e1a19089ac6b3a7a1a7743761f4782
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:9e:88:6f:3d:a3:ab:6c:e3:00:80:ec:2c:c5:
                    11:98:b0:3f:0b:64:81:53:f9:fe:6a:85:50:5c:18:
                    b5:3d:cd:bb:74:61:da:2d:b0:0d:f8:15:9a:a1:27:
                    7c:99:bf:8b:ca:de:04:bd:24:74:73:67:4d:cc:25:
                    c8:73:aa:27:97:57:bc:ab:dd:86:08:14:8d:b3:d1:
                    60:5d:27:d4:c2:9d:56:ce:06:7a:e2:0a:3c:86:f8:
                    57:32:b6:8d:59:04:e3:88:53:b3:24:0b:25:7b:6e:
                    05:cc:66:7c:6f:3b:d5:6b:55:f1:2c:0f:4d:fc:8d:
                    53:8f:ac:01:bb:56:ca:f5:f9:5e:9f:fd:5a:1c:f4:
                    34:77:a1:9a:41:7b:b6:eb:0b:7f:8c:dd:5b:4f:4a:
                    f8:89:ab:43:6d:de:a3:68:bd:73:3d:23:53:3f:d4:
                    70:0d:ba:45:eb:77:7c:89:a5:7a:56:79:5d:a3:a8:
                    a7:88:37:67:1f:60:af:ee:c1:4b:01:6b:27:39:c2:
                    df:6b:2c:5a:a2:c4:b1:e2:f1:22:1d:4b:03:0b:03:
                    42:5b:4c:c1:32:3a:5e:10:7c:f2:3e:b9:dc:fd:31:
                    d0:9d:a3:83:4b:00:ff:aa:61:c3:bc:9e:af:10:1e:
                    0f:4e:79:1f:43:09:67:af:ac:d5:b3:df:d0:8f:2b:
                    e6:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:25:AA:7D:53:E1:A1:90:89:AC:6B:3A:7A:1A:77:43:76:1F:47:82
            X509v3 Authority Key Identifier:
                keyid:7A:55:6C:19:A4:55:6F:36:F7:60:00:06:D8:EA:CD:1F:A3:F4:39:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/elVsGaRVbzb3YAAG2OrNH6P0OfI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/842046-3f5f-4f4e-930c-e3d0a0ace398/1/uiWqfVPhoZCJrGs6ehp3Q3YfR4I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/842046-3f5f-4f4e-930c-e3d0a0ace398/1/elVsGaRVbzb3YAAG2OrNH6P0OfI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.122.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         71:1a:2f:86:32:3c:e8:a9:23:09:58:da:7f:74:b2:8c:e8:c8:
         02:45:e1:38:72:98:fd:da:f6:38:c6:8e:a3:71:39:40:b5:c9:
         18:5f:4a:79:02:cb:ef:17:79:28:92:eb:57:89:66:f6:8d:6e:
         28:13:4f:0d:3e:13:1c:b8:c4:23:ab:4f:56:d0:f8:7d:f8:aa:
         02:46:3c:fa:71:8e:6e:99:0a:d6:04:0f:8d:f7:11:a7:4a:6c:
         71:9e:b5:b8:03:48:17:3e:e8:89:1e:e0:ef:1c:7f:84:b1:1a:
         b3:26:a2:41:a2:c8:55:70:11:5e:7d:c7:5d:5b:ba:c1:94:c0:
         9c:e1:d8:7a:86:9d:7d:a1:8b:8a:52:7e:37:ee:92:b3:b2:b3:
         0c:1d:89:53:30:0d:5d:b0:64:dc:76:43:3e:19:8f:63:12:63:
         98:35:09:27:bf:8c:78:5b:ad:3d:73:34:b2:e7:1b:d9:ff:ef:
         ef:09:1d:57:7b:6d:53:c9:d5:2f:1b:90:5d:4c:54:b1:36:dd:
         a3:0a:b6:20:18:4e:35:48:db:6c:0a:fa:3a:d0:89:c9:94:a1:
         29:37:4b:6e:8b:73:91:bc:c2:2e:c6:39:81:5c:96:13:39:d6:
         17:14:18:1e:62:06:83:93:be:ad:ea:28:f8:10:16:59:10:a7:
         09:df:70:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1AfTpJUhWBA5CXKhDFAGv0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhNTU2YzE5YTQ1NTZmMzZmNzYwMDAwNmQ4ZWFjZDFmYTNm
NDM5ZjIwHhcNMjQwMTI1MTE1OTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTI1YWE3ZDUzZTFhMTkwODlhYzZiM2E3YTFhNzc0Mzc2MWY0NzgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgJ6Ibz2jq2zjAIDsLMURmLA/C2SB
U/n+aoVQXBi1Pc27dGHaLbAN+BWaoSd8mb+Lyt4EvSR0c2dNzCXIc6onl1e8q92G
CBSNs9FgXSfUwp1WzgZ64go8hvhXMraNWQTjiFOzJAsle24FzGZ8bzvVa1XxLA9N
/I1Tj6wBu1bK9flen/1aHPQ0d6GaQXu26wt/jN1bT0r4iatDbd6jaL1zPSNTP9Rw
DbpF63d8iaV6Vnldo6iniDdnH2Cv7sFLAWsnOcLfayxaosSx4vEiHUsDCwNCW0zB
MjpeEHzyPrnc/THQnaODSwD/qmHDvJ6vEB4PTnkfQwlnr6zVs9/QjyvmRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLolqn1T4aGQiaxrOnoad0N2H0eCMB8GA1UdIwQY
MBaAFHpVbBmkVW8292AABtjqzR+j9DnyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWxWc0dhUlZiemIzWUFBRzJPck5INlAwT2ZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS84NDIwNDYtM2Y1Zi00ZjRlLTkzMGMt
ZTNkMGEwYWNlMzk4LzEvdWlXcWZWUGhvWkNKckdzNmVocDNRM1lmUjRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS84NDIwNDYtM2Y1Zi00ZjRlLTkzMGMtZTNkMGEwYWNlMzk4
LzEvZWxWc0dhUlZiemIzWUFBRzJPck5INlAwT2ZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCPnrcMA0G
CSqGSIb3DQEBCwUAA4IBAQBxGi+GMjzoqSMJWNp/dLKM6MgCReE4cpj92vY4xo6j
cTlAtckYX0p5AsvvF3kokutXiWb2jW4oE08NPhMcuMQjq09W0Ph9+KoCRjz6cY5u
mQrWBA+N9xGnSmxxnrW4A0gXPuiJHuDvHH+EsRqzJqJBoshVcBFefcddW7rBlMCc
4dh6hp19oYuKUn437pKzsrMMHYlTMA1dsGTcdkM+GY9jEmOYNQknv4x4W609czSy
5xvZ/+/vCR1Xe21TydUvG5BdTFSxNt2jCrYgGE41SNtsCvo60InJlKEpN0tui3OR
vMIuxjmBXJYTOdYXFBgeYgaDk76t6ij4EBZZEKcJ33Bi
-----END CERTIFICATE-----