Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/0uZ_81E-aEBMHX6dZ6efu60Xfg0.roa
File:                     0uZ_81E-aEBMHX6dZ6efu60Xfg0.roa (raw, json)
Hash identifier:          L6uioRLfv8ukNb9irfp63+sGqiDtGyMvcrx9h0Tdlg8=
Subject key identifier:   D2:E6:7F:F3:51:3E:68:40:4C:1D:7E:9D:67:A7:9F:BB:AD:17:7E:0D
Certificate issuer:       /CN=297364f502534e8771a0c6259794c26e26d4bca4
Certificate serial:       018CC2DB1FC194923AF72B0100BFF120D4A9
Authority key identifier: 29:73:64:F5:02:53:4E:87:71:A0:C6:25:97:94:C2:6E:26:D4:BC:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KXNk9QJTTodxoMYll5TCbibUvKQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/0uZ_81E-aEBMHX6dZ6efu60Xfg0.roa
Signing time:             Mon 01 Jan 2024 02:29:49 +0000
ROA not before:           Mon 01 Jan 2024 02:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198504
IP address blocks:        141.105.166.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/KXNk9QJTTodxoMYll5TCbibUvKQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/KXNk9QJTTodxoMYll5TCbibUvKQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KXNk9QJTTodxoMYll5TCbibUvKQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Jun 2024 16:01:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:1f:c1:94:92:3a:f7:2b:01:00:bf:f1:20:d4:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=297364f502534e8771a0c6259794c26e26d4bca4
        Validity
            Not Before: Jan  1 02:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d2e67ff3513e68404c1d7e9d67a79fbbad177e0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:51:5e:dd:38:5d:71:5d:ce:8b:8b:f8:43:cc:
                    85:47:11:ec:78:f7:e9:86:19:9f:78:7d:c7:22:30:
                    8b:5f:8c:1d:d6:bd:b6:3f:a6:6a:e4:6b:d6:47:12:
                    fd:c7:39:42:4f:ea:62:89:41:8e:2f:5a:40:19:f8:
                    0c:5b:c6:eb:5d:01:59:d8:84:76:7d:f4:d9:cb:0a:
                    c7:91:2c:01:66:b6:e3:b6:6c:5e:7f:21:f0:0c:4d:
                    80:84:46:3d:3c:16:35:6e:8f:1d:76:1e:d0:c6:01:
                    a3:0e:25:47:d0:1f:41:98:88:78:53:7c:9b:4b:41:
                    22:40:58:72:cf:1e:3f:df:30:b5:00:3a:61:c5:b1:
                    2f:41:be:04:de:7a:20:d5:46:2a:52:ad:cd:c8:65:
                    e2:6e:87:39:85:98:c5:82:5d:7e:f1:6e:5c:b4:16:
                    a6:db:25:cf:26:ed:5f:84:97:17:7c:c1:ac:f0:04:
                    2b:a8:97:af:53:4a:5b:50:29:a3:a9:cd:1c:8b:59:
                    f5:f1:f7:57:74:e5:08:67:b6:7c:e3:05:09:c8:74:
                    fb:15:49:c1:a0:b4:51:db:5a:27:8e:0f:2c:55:48:
                    64:b8:58:f8:12:1a:0a:39:ef:0d:28:42:39:6d:cc:
                    c9:90:9a:da:65:c8:91:79:24:a7:0c:64:4c:47:0c:
                    f9:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:E6:7F:F3:51:3E:68:40:4C:1D:7E:9D:67:A7:9F:BB:AD:17:7E:0D
            X509v3 Authority Key Identifier:
                keyid:29:73:64:F5:02:53:4E:87:71:A0:C6:25:97:94:C2:6E:26:D4:BC:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KXNk9QJTTodxoMYll5TCbibUvKQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/0uZ_81E-aEBMHX6dZ6efu60Xfg0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/KXNk9QJTTodxoMYll5TCbibUvKQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.105.166.0/23

    Signature Algorithm: sha256WithRSAEncryption
         79:5d:09:fa:79:be:5d:59:70:f5:e9:a1:50:56:fb:7f:85:a9:
         53:d8:a7:0f:ea:93:9a:7b:7e:11:f1:27:df:c9:03:cb:79:a3:
         70:17:49:b7:d5:12:d1:19:0d:fb:43:6f:ab:12:99:97:9f:dd:
         3d:32:fe:53:eb:74:e2:26:3a:24:f9:fb:dd:ea:98:68:26:04:
         d4:17:08:38:d8:96:ad:1a:46:3e:72:b5:18:5d:91:72:ad:1c:
         52:54:29:e6:b3:dd:63:56:e9:7b:47:b9:c3:cf:ef:84:98:c6:
         e4:c5:8e:e5:4b:a6:33:48:03:4c:39:ca:9f:1b:75:ed:9c:c4:
         91:7e:7b:6b:59:97:f5:11:9e:1d:53:44:59:7e:81:8a:dc:b4:
         c3:b8:68:2e:25:5c:39:22:0b:7e:fc:61:cd:0b:b1:86:4d:d0:
         a5:90:79:84:9c:48:e0:11:06:30:b2:6b:0b:83:04:16:61:2e:
         5f:e4:68:09:06:2a:ba:a5:4a:57:ec:30:3e:e2:d8:c1:b4:eb:
         1c:8a:a3:f6:06:58:92:91:79:73:41:27:29:ba:6b:82:e0:f3:
         9e:2c:9b:1a:a4:d0:d0:8c:52:94:93:c0:f3:52:2f:35:bf:a4:
         0a:fb:ff:db:54:08:ba:7f:07:ac:45:f9:1b:ef:7c:49:06:ee:
         03:6f:06:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2x/BlJI69ysBAL/xINSpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NzM2NGY1MDI1MzRlODc3MWEwYzYyNTk3OTRjMjZlMjZk
NGJjYTQwHhcNMjQwMTAxMDIyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmU2N2ZmMzUxM2U2ODQwNGMxZDdlOWQ2N2E3OWZiYmFkMTc3ZTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0VFe3ThdcV3Oi4v4Q8yFRxHsePfp
hhmfeH3HIjCLX4wd1r22P6Zq5GvWRxL9xzlCT+piiUGOL1pAGfgMW8brXQFZ2IR2
ffTZywrHkSwBZrbjtmxefyHwDE2AhEY9PBY1bo8ddh7QxgGjDiVH0B9BmIh4U3yb
S0EiQFhyzx4/3zC1ADphxbEvQb4E3nog1UYqUq3NyGXiboc5hZjFgl1+8W5ctBam
2yXPJu1fhJcXfMGs8AQrqJevU0pbUCmjqc0ci1n18fdXdOUIZ7Z84wUJyHT7FUnB
oLRR21onjg8sVUhkuFj4EhoKOe8NKEI5bczJkJraZciReSSnDGRMRwz5vwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNLmf/NRPmhATB1+nWenn7utF34NMB8GA1UdIwQY
MBaAFClzZPUCU06HcaDGJZeUwm4m1LykMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1hOazlRSlRUb2R4b01ZbGw1VENiaWJVdktRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi8wNDU4MjAtMzU0Ni00MDdjLTgzYTUt
MGEwZjNlNzhhNDkzLzEvMHVaXzgxRS1hRUJNSFg2ZFo2ZWZ1NjBYZmcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi8wNDU4MjAtMzU0Ni00MDdjLTgzYTUtMGEwZjNlNzhhNDkz
LzEvS1hOazlRSlRUb2R4b01ZbGw1VENiaWJVdktRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBjWmmMA0G
CSqGSIb3DQEBCwUAA4IBAQB5XQn6eb5dWXD16aFQVvt/halT2KcP6pOae34R8Sff
yQPLeaNwF0m31RLRGQ37Q2+rEpmXn909Mv5T63TiJjok+fvd6phoJgTUFwg42Jat
GkY+crUYXZFyrRxSVCnms91jVul7R7nDz++EmMbkxY7lS6YzSANMOcqfG3XtnMSR
fntrWZf1EZ4dU0RZfoGK3LTDuGguJVw5Igt+/GHNC7GGTdClkHmEnEjgEQYwsmsL
gwQWYS5f5GgJBiq6pUpX7DA+4tjBtOsciqP2BliSkXlzQScpumuC4POeLJsapNDQ
jFKUk8DzUi81v6QK+//bVAi6fwesRfkb73xJBu4DbwaC
-----END CERTIFICATE-----