Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/ckX2UAvm62ggt2DVEXBKMiX4TH0.roa
File:                     ckX2UAvm62ggt2DVEXBKMiX4TH0.roa (raw, json)
Hash identifier:          sdYR7ypp3wb3yWWaAwy1yOgdLph2haFfVMje53Ydj2I=
Subject key identifier:   72:45:F6:50:0B:E6:EB:68:20:B7:60:D5:11:70:4A:32:25:F8:4C:7D
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       018FF2733641B91219B0628AF92F29907360
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/ckX2UAvm62ggt2DVEXBKMiX4TH0.roa
Signing time:             Fri 07 Jun 2024 11:26:27 +0000
ROA not before:           Fri 07 Jun 2024 11:26:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     40940
IP address blocks:        43.225.88.0/23 maxlen: 24
                          188.214.236.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:f2:73:36:41:b9:12:19:b0:62:8a:f9:2f:29:90:73:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jun  7 11:26:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7245f6500be6eb6820b760d511704a3225f84c7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:10:c0:e6:99:1e:e8:b3:6c:d5:7c:26:06:54:
                    12:b0:3e:cd:b9:a8:5b:be:2e:d4:74:24:c1:c1:37:
                    5e:20:ba:02:a4:4d:8d:13:ff:da:ce:90:0e:3d:f4:
                    7e:c9:7b:53:54:bd:4f:ff:b2:a6:bd:fb:a3:bf:45:
                    63:da:95:be:37:a2:57:2b:a1:3a:d6:8f:44:55:02:
                    ac:0d:7d:21:ba:91:83:0f:b1:34:ca:ac:cd:c3:8b:
                    09:b7:8f:d8:60:8d:0b:62:28:09:8e:3f:fb:f5:12:
                    68:38:16:6b:94:2f:95:19:d1:a5:55:7f:be:a0:4f:
                    26:d2:ad:4b:8a:d6:62:83:55:05:36:ec:08:be:22:
                    4a:8e:be:5d:28:0c:9c:72:16:b0:20:a1:08:d3:41:
                    66:19:f9:29:d3:2f:fd:72:49:11:a5:13:a0:40:4f:
                    e0:5e:46:71:22:c9:27:9c:01:a3:c8:d1:a8:7b:05:
                    48:96:82:c7:8a:85:86:4f:63:c7:01:36:05:36:af:
                    12:5d:df:b6:00:fa:d0:12:4b:ec:ad:7a:ed:46:74:
                    9e:47:b9:d3:ba:9c:dd:bc:07:2e:c7:c4:32:d4:4e:
                    ff:f0:e6:96:e7:57:79:a5:bf:7d:d9:72:10:0f:d2:
                    32:88:f0:46:aa:b8:0e:15:7e:f8:99:3c:4b:55:e9:
                    b9:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:45:F6:50:0B:E6:EB:68:20:B7:60:D5:11:70:4A:32:25:F8:4C:7D
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/ckX2UAvm62ggt2DVEXBKMiX4TH0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.225.88.0/23
                  188.214.236.0/23

    Signature Algorithm: sha256WithRSAEncryption
         38:d6:ef:a9:73:f2:b1:ca:69:a1:e4:ba:48:2e:2f:0e:05:8d:
         d2:45:41:de:e4:a6:9b:82:c9:39:e1:20:af:30:49:ba:8a:b6:
         e8:d7:a5:7c:4c:85:97:16:a8:63:a5:9d:da:ae:1e:39:55:95:
         ba:b9:66:c6:d6:48:38:1b:d1:16:9e:fb:31:1e:46:a3:82:6b:
         8d:9b:32:10:0a:05:69:02:99:bd:86:e7:cd:22:6c:9a:35:57:
         88:5d:30:de:ee:3c:59:11:e0:33:fc:b6:51:0a:b9:91:db:ad:
         c1:d2:80:2c:bd:f4:d0:8b:b6:56:f3:c9:51:e2:8b:f8:72:63:
         fc:11:29:34:9d:4e:a2:42:54:92:3a:a6:8a:10:9d:64:d6:9a:
         79:f7:bd:94:3c:14:d6:07:b4:36:07:89:ce:8d:b2:81:f1:1e:
         89:01:bd:40:7c:d4:e0:ed:cd:ac:bc:3e:79:66:d6:42:aa:6f:
         01:7b:7b:4d:34:71:01:ff:ab:9e:6e:a0:e8:5d:11:6a:43:2d:
         1f:e6:c1:48:c0:2a:79:05:41:0b:6c:f0:6e:1c:9e:20:5a:9f:
         a7:53:05:a1:33:c6:5f:0d:28:44:33:e8:39:fd:71:50:91:f6:
         ee:40:4e:28:d4:d8:64:69:78:90:83:b8:a3:1a:bf:de:79:6c:
         b1:85:3f:6e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY/yczZBuRIZsGKK+S8pkHNgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjQwNjA3MTEyNjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjQ1ZjY1MDBiZTZlYjY4MjBiNzYwZDUxMTcwNGEzMjI1Zjg0YzdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyRDA5pke6LNs1XwmBlQSsD7Nuahb
vi7UdCTBwTdeILoCpE2NE//azpAOPfR+yXtTVL1P/7Kmvfujv0Vj2pW+N6JXK6E6
1o9EVQKsDX0hupGDD7E0yqzNw4sJt4/YYI0LYigJjj/79RJoOBZrlC+VGdGlVX++
oE8m0q1LitZig1UFNuwIviJKjr5dKAycchawIKEI00FmGfkp0y/9ckkRpROgQE/g
XkZxIsknnAGjyNGoewVIloLHioWGT2PHATYFNq8SXd+2APrQEkvsrXrtRnSeR7nT
upzdvAcux8Qy1E7/8OaW51d5pb992XIQD9IyiPBGqrgOFX74mTxLVem5HwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHJF9lAL5utoILdg1RFwSjIl+Ex9MB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvY2tYMlVBdm02MmdndDJEVkVYQktNaVg0VEgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBK+FYAwQB
vNbsMA0GCSqGSIb3DQEBCwUAA4IBAQA41u+pc/Kxymmh5LpILi8OBY3SRUHe5Kab
gsk54SCvMEm6irbo16V8TIWXFqhjpZ3arh45VZW6uWbG1kg4G9EWnvsxHkajgmuN
mzIQCgVpApm9hufNImyaNVeIXTDe7jxZEeAz/LZRCrmR263B0oAsvfTQi7ZW88lR
4ov4cmP8ESk0nU6iQlSSOqaKEJ1k1pp5972UPBTWB7Q2B4nOjbKB8R6JAb1AfNTg
7c2svD55ZtZCqm8Be3tNNHEB/6uebqDoXRFqQy0f5sFIwCp5BUELbPBuHJ4gWp+n
UwWhM8ZfDShEM+g5/XFQkfbuQE4o1NhkaXiQg7ijGr/eeWyxhT9u
-----END CERTIFICATE-----