Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/9ff645-e0f1-4b18-980f-eda59bc9ca2c/1/tcgehgb8jEKBxZ-eQK6E5ck9WnQ.roa
File:                     tcgehgb8jEKBxZ-eQK6E5ck9WnQ.roa (raw, json)
Hash identifier:          oCHSxwehuV0mec7mPTr4Jm3bomG+7ucgdmDNpeY0taU=
Subject key identifier:   B5:C8:1E:86:06:FC:8C:42:81:C5:9F:9E:40:AE:84:E5:C9:3D:5A:74
Certificate issuer:       /CN=b62fccda29be666deef8ec62d6bc1e6cd067c35f
Certificate serial:       018CC34940F01E9A38BC3F4A94D5915FADE1
Authority key identifier: B6:2F:CC:DA:29:BE:66:6D:EE:F8:EC:62:D6:BC:1E:6C:D0:67:C3:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ti_M2im-Zm3u-Oxi1rwebNBnw18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/9ff645-e0f1-4b18-980f-eda59bc9ca2c/1/tcgehgb8jEKBxZ-eQK6E5ck9WnQ.roa
Signing time:             Mon 01 Jan 2024 04:30:07 +0000
ROA not before:           Mon 01 Jan 2024 04:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208343
IP address blocks:        45.144.32.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/9ff645-e0f1-4b18-980f-eda59bc9ca2c/1/ti_M2im-Zm3u-Oxi1rwebNBnw18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/9ff645-e0f1-4b18-980f-eda59bc9ca2c/1/ti_M2im-Zm3u-Oxi1rwebNBnw18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ti_M2im-Zm3u-Oxi1rwebNBnw18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:40:f0:1e:9a:38:bc:3f:4a:94:d5:91:5f:ad:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b62fccda29be666deef8ec62d6bc1e6cd067c35f
        Validity
            Not Before: Jan  1 04:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b5c81e8606fc8c4281c59f9e40ae84e5c93d5a74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:b9:46:06:2d:0f:12:88:57:eb:5f:64:ab:a4:
                    3f:15:0b:9c:04:55:48:2c:9d:51:19:02:ec:ff:ca:
                    5f:27:86:88:58:33:e1:55:3d:88:a6:3e:70:23:10:
                    c6:f0:c5:08:de:f2:5a:6b:9b:cc:ef:ea:6b:58:4a:
                    13:8e:8d:0e:bf:2c:f0:d8:db:34:cc:a5:e1:d7:5e:
                    76:ee:ec:a4:80:7d:b5:e9:55:be:66:d8:39:4f:35:
                    3a:9a:d0:6d:56:b7:f4:77:91:ed:61:73:be:ee:2f:
                    84:43:80:9c:41:2e:84:83:f7:66:56:ce:a0:57:12:
                    9c:d2:83:d0:7f:9e:d1:8d:44:23:53:1f:72:29:73:
                    fd:06:7c:b0:f0:4f:5c:c5:7c:b9:16:81:38:1b:8d:
                    94:9a:b7:08:81:50:f1:ce:ca:5c:e5:69:01:37:8c:
                    0e:cc:8f:73:12:d2:24:59:92:41:62:13:67:f0:76:
                    42:3d:df:2b:3c:bd:d6:d8:94:f9:45:84:82:cd:72:
                    8c:ab:4d:f4:b9:04:ea:f3:88:4a:ee:bb:00:49:f7:
                    d9:86:34:a4:54:73:41:37:39:f4:63:a4:cc:93:00:
                    37:31:a5:97:1d:d9:4d:e7:0b:3e:d2:37:74:63:30:
                    59:2b:3c:0d:aa:f0:90:f2:27:f4:63:19:26:53:df:
                    f6:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:C8:1E:86:06:FC:8C:42:81:C5:9F:9E:40:AE:84:E5:C9:3D:5A:74
            X509v3 Authority Key Identifier:
                keyid:B6:2F:CC:DA:29:BE:66:6D:EE:F8:EC:62:D6:BC:1E:6C:D0:67:C3:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ti_M2im-Zm3u-Oxi1rwebNBnw18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/9ff645-e0f1-4b18-980f-eda59bc9ca2c/1/tcgehgb8jEKBxZ-eQK6E5ck9WnQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/9ff645-e0f1-4b18-980f-eda59bc9ca2c/1/ti_M2im-Zm3u-Oxi1rwebNBnw18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.144.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3d:fa:96:cd:af:3e:22:2d:e0:85:e3:da:73:e2:24:e6:57:43:
         a8:cf:e5:e4:2a:11:53:07:0a:47:d7:a8:34:e3:45:09:ef:de:
         6e:78:83:ec:b5:2a:e9:8c:b3:b0:00:ac:c5:b2:91:9a:4b:47:
         6e:5c:81:15:ea:c9:b0:0b:c4:48:13:b3:e2:99:0d:0d:01:7a:
         84:98:d5:8b:7c:cd:af:74:41:33:c6:1c:2d:a0:d1:9b:d2:db:
         36:bb:ff:0b:3c:37:3e:14:36:30:2d:70:d4:3a:8e:7c:a9:a5:
         68:b0:f0:b1:ec:82:5b:41:c9:fa:01:16:1e:c6:23:d4:dd:95:
         4f:52:f4:28:d9:5e:0e:97:50:c6:f4:10:18:da:68:cc:3d:c3:
         58:de:63:41:1e:ab:3d:9b:a8:f0:f4:64:93:04:4d:10:0a:ba:
         0b:6c:da:db:e0:ff:ef:94:77:7a:d8:a4:6a:9e:65:9c:a3:f0:
         59:2f:a7:fa:36:97:90:ae:5c:a3:fe:2b:cf:89:7b:fa:c0:54:
         43:39:ae:fa:99:00:4a:b8:47:c0:11:30:04:3f:9a:2b:29:9b:
         a7:61:b6:35:06:1c:f0:80:13:73:36:ab:f2:bb:57:bb:98:7c:
         30:82:12:f6:ab:f9:a1:d9:21:b8:85:52:d3:46:3a:81:a9:be:
         d2:89:27:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSUDwHpo4vD9KlNWRX63hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2MmZjY2RhMjliZTY2NmRlZWY4ZWM2MmQ2YmMxZTZjZDA2
N2MzNWYwHhcNMjQwMTAxMDQzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWM4MWU4NjA2ZmM4YzQyODFjNTlmOWU0MGFlODRlNWM5M2Q1YTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz7lGBi0PEohX619kq6Q/FQucBFVI
LJ1RGQLs/8pfJ4aIWDPhVT2Ipj5wIxDG8MUI3vJaa5vM7+prWEoTjo0Ovyzw2Ns0
zKXh11527uykgH216VW+Ztg5TzU6mtBtVrf0d5HtYXO+7i+EQ4CcQS6Eg/dmVs6g
VxKc0oPQf57RjUQjUx9yKXP9Bnyw8E9cxXy5FoE4G42UmrcIgVDxzspc5WkBN4wO
zI9zEtIkWZJBYhNn8HZCPd8rPL3W2JT5RYSCzXKMq030uQTq84hK7rsASffZhjSk
VHNBNzn0Y6TMkwA3MaWXHdlN5ws+0jd0YzBZKzwNqvCQ8if0YxkmU9/2jQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLXIHoYG/IxCgcWfnkCuhOXJPVp0MB8GA1UdIwQY
MBaAFLYvzNopvmZt7vjsYta8HmzQZ8NfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGlfTTJpbS1abTN1LU94aTFyd2ViTkJudzE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85ZmY2NDUtZTBmMS00YjE4LTk4MGYt
ZWRhNTliYzljYTJjLzEvdGNnZWhnYjhqRUtCeFotZVFLNkU1Y2s5V25RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85ZmY2NDUtZTBmMS00YjE4LTk4MGYtZWRhNTliYzljYTJj
LzEvdGlfTTJpbS1abTN1LU94aTFyd2ViTkJudzE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZAgMA0G
CSqGSIb3DQEBCwUAA4IBAQA9+pbNrz4iLeCF49pz4iTmV0Ooz+XkKhFTBwpH16g0
40UJ795ueIPstSrpjLOwAKzFspGaS0duXIEV6smwC8RIE7PimQ0NAXqEmNWLfM2v
dEEzxhwtoNGb0ts2u/8LPDc+FDYwLXDUOo58qaVosPCx7IJbQcn6ARYexiPU3ZVP
UvQo2V4Ol1DG9BAY2mjMPcNY3mNBHqs9m6jw9GSTBE0QCroLbNrb4P/vlHd62KRq
nmWco/BZL6f6NpeQrlyj/ivPiXv6wFRDOa76mQBKuEfAETAEP5orKZunYbY1Bhzw
gBNzNqvyu1e7mHwwghL2q/mh2SG4hVLTRjqBqb7SiSdb
-----END CERTIFICATE-----