Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/m6gVz404FioMKAvRIrGtOCv7MGU.roa
File:                     m6gVz404FioMKAvRIrGtOCv7MGU.roa (raw, json)
Hash identifier:          6dF/3slugrIKRmGc8ixVcD4fl2cILY2OcJZQ/DlL4qo=
Subject key identifier:   9B:A8:15:CF:8D:38:16:2A:0C:28:0B:D1:22:B1:AD:38:2B:FB:30:65
Certificate issuer:       /CN=297364f502534e8771a0c6259794c26e26d4bca4
Certificate serial:       018CC2DB1F7CACA5276E4C261788B1145B2E
Authority key identifier: 29:73:64:F5:02:53:4E:87:71:A0:C6:25:97:94:C2:6E:26:D4:BC:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KXNk9QJTTodxoMYll5TCbibUvKQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/m6gVz404FioMKAvRIrGtOCv7MGU.roa
Signing time:             Mon 01 Jan 2024 02:29:49 +0000
ROA not before:           Mon 01 Jan 2024 02:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198394
IP address blocks:        141.105.164.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/KXNk9QJTTodxoMYll5TCbibUvKQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/KXNk9QJTTodxoMYll5TCbibUvKQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KXNk9QJTTodxoMYll5TCbibUvKQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jul 2024 04:02:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:1f:7c:ac:a5:27:6e:4c:26:17:88:b1:14:5b:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=297364f502534e8771a0c6259794c26e26d4bca4
        Validity
            Not Before: Jan  1 02:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ba815cf8d38162a0c280bd122b1ad382bfb3065
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:10:14:d6:10:bd:68:72:de:7a:db:dc:f6:a9:
                    50:4e:a5:4b:6b:37:66:cb:fb:31:2f:ef:a2:45:2b:
                    c1:71:23:eb:22:84:a5:8a:84:1d:bb:7c:bc:c1:a3:
                    d4:fe:7e:c2:08:66:bf:5e:05:f4:c9:e3:c1:c7:9b:
                    93:1e:30:17:c5:4e:53:e7:4c:93:a9:37:1e:0b:ca:
                    7c:7e:e2:e6:82:f1:48:56:40:af:36:56:d3:86:17:
                    94:61:1f:58:5b:4d:32:a0:aa:9a:0f:e0:c6:c1:2f:
                    bc:af:d2:14:36:8b:4a:d4:5a:de:dd:9f:ed:a8:f8:
                    04:7b:9f:fb:d8:07:08:a3:01:b4:cb:b7:82:ea:ec:
                    cc:2e:92:fe:5a:34:6e:d7:85:9c:56:ab:57:2c:ce:
                    f1:cb:05:a5:8f:eb:cd:88:f4:0a:73:70:ae:f0:e8:
                    2b:6a:1f:90:7d:70:55:aa:5b:b9:1f:b2:9c:77:ec:
                    f8:1c:c8:81:74:fc:8e:94:de:81:3e:f9:78:c9:21:
                    33:98:2f:86:5d:2e:bf:ab:30:9a:ac:66:af:5b:dc:
                    b4:d6:97:7a:74:ba:80:82:2c:f8:90:9f:16:d6:1f:
                    af:fd:13:42:3d:c9:92:32:81:f1:bc:99:20:de:6e:
                    d6:ac:51:2a:04:8c:ec:f1:76:12:7a:50:29:2b:cd:
                    39:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:A8:15:CF:8D:38:16:2A:0C:28:0B:D1:22:B1:AD:38:2B:FB:30:65
            X509v3 Authority Key Identifier:
                keyid:29:73:64:F5:02:53:4E:87:71:A0:C6:25:97:94:C2:6E:26:D4:BC:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KXNk9QJTTodxoMYll5TCbibUvKQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/m6gVz404FioMKAvRIrGtOCv7MGU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/KXNk9QJTTodxoMYll5TCbibUvKQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.105.164.0/23

    Signature Algorithm: sha256WithRSAEncryption
         69:c8:5e:8f:7f:a0:ed:14:d0:60:be:f1:7e:e0:c6:3c:db:a3:
         14:d9:d2:27:65:91:61:ad:68:d4:b9:5f:c3:7d:3c:e1:84:ae:
         08:93:08:67:65:c6:1c:87:3b:f4:22:05:47:a5:b5:a1:65:6c:
         43:a4:f3:db:7e:09:84:f6:d5:d4:a9:fa:00:6b:42:5e:61:93:
         5c:22:5b:35:f5:35:9a:59:18:69:b2:80:56:2e:71:d2:f2:84:
         ca:84:83:b2:1a:30:d8:ee:07:63:5b:d2:2a:f8:c9:03:1e:d3:
         37:70:5b:ab:c4:19:51:43:38:93:e5:c6:52:5a:8f:86:1a:51:
         27:18:a2:9d:39:4b:4d:88:09:c3:f0:c6:c0:d6:ff:3d:9b:e8:
         45:e7:43:eb:05:b6:5e:36:f8:ce:f7:82:88:29:a9:42:c8:24:
         ab:ff:98:3e:1e:cb:45:bc:85:fd:31:e0:65:47:4e:cc:d1:aa:
         53:a2:a2:c0:64:2b:f0:36:b0:f3:f8:fc:b7:c9:65:27:7b:63:
         1a:00:e1:a3:8c:ed:6c:60:1b:96:4d:ee:de:02:2d:4f:ed:83:
         ad:a3:12:5d:43:cf:b3:86:58:28:a9:fa:95:5c:f3:41:77:e3:
         ba:57:ef:b5:d7:fe:a1:64:1a:8d:b9:3c:3b:bd:d6:1f:0b:7f:
         80:e4:aa:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2x98rKUnbkwmF4ixFFsuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NzM2NGY1MDI1MzRlODc3MWEwYzYyNTk3OTRjMjZlMjZk
NGJjYTQwHhcNMjQwMTAxMDIyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmE4MTVjZjhkMzgxNjJhMGMyODBiZDEyMmIxYWQzODJiZmIzMDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvxAU1hC9aHLeetvc9qlQTqVLazdm
y/sxL++iRSvBcSPrIoSlioQdu3y8waPU/n7CCGa/XgX0yePBx5uTHjAXxU5T50yT
qTceC8p8fuLmgvFIVkCvNlbThheUYR9YW00yoKqaD+DGwS+8r9IUNotK1Fre3Z/t
qPgEe5/72AcIowG0y7eC6uzMLpL+WjRu14WcVqtXLM7xywWlj+vNiPQKc3Cu8Ogr
ah+QfXBVqlu5H7Kcd+z4HMiBdPyOlN6BPvl4ySEzmC+GXS6/qzCarGavW9y01pd6
dLqAgiz4kJ8W1h+v/RNCPcmSMoHxvJkg3m7WrFEqBIzs8XYSelApK805vQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJuoFc+NOBYqDCgL0SKxrTgr+zBlMB8GA1UdIwQY
MBaAFClzZPUCU06HcaDGJZeUwm4m1LykMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1hOazlRSlRUb2R4b01ZbGw1VENiaWJVdktRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi8wNDU4MjAtMzU0Ni00MDdjLTgzYTUt
MGEwZjNlNzhhNDkzLzEvbTZnVno0MDRGaW9NS0F2UklyR3RPQ3Y3TUdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi8wNDU4MjAtMzU0Ni00MDdjLTgzYTUtMGEwZjNlNzhhNDkz
LzEvS1hOazlRSlRUb2R4b01ZbGw1VENiaWJVdktRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBjWmkMA0G
CSqGSIb3DQEBCwUAA4IBAQBpyF6Pf6DtFNBgvvF+4MY826MU2dInZZFhrWjUuV/D
fTzhhK4IkwhnZcYchzv0IgVHpbWhZWxDpPPbfgmE9tXUqfoAa0JeYZNcIls19TWa
WRhpsoBWLnHS8oTKhIOyGjDY7gdjW9Iq+MkDHtM3cFurxBlRQziT5cZSWo+GGlEn
GKKdOUtNiAnD8MbA1v89m+hF50PrBbZeNvjO94KIKalCyCSr/5g+HstFvIX9MeBl
R07M0apToqLAZCvwNrDz+Py3yWUne2MaAOGjjO1sYBuWTe7eAi1P7YOtoxJdQ8+z
hlgoqfqVXPNBd+O6V++11/6hZBqNuTw7vdYfC3+A5Koo
-----END CERTIFICATE-----