Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/ylSqRAU8TDvYnpp3xgEE8eOXK84.roa
File:                     ylSqRAU8TDvYnpp3xgEE8eOXK84.roa (raw, json)
Hash identifier:          P7AJEPUgG3VwJhcoBPvJLvG0/uwPluFWWOqQGCt2rzQ=
Subject key identifier:   CA:54:AA:44:05:3C:4C:3B:D8:9E:9A:77:C6:01:04:F1:E3:97:2B:CE
Certificate issuer:       /CN=297364f502534e8771a0c6259794c26e26d4bca4
Certificate serial:       018CC2DB1F3E9368CC62922C66EA153BECE6
Authority key identifier: 29:73:64:F5:02:53:4E:87:71:A0:C6:25:97:94:C2:6E:26:D4:BC:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KXNk9QJTTodxoMYll5TCbibUvKQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/ylSqRAU8TDvYnpp3xgEE8eOXK84.roa
Signing time:             Mon 01 Jan 2024 02:29:49 +0000
ROA not before:           Mon 01 Jan 2024 02:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198381
IP address blocks:        141.105.162.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/KXNk9QJTTodxoMYll5TCbibUvKQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/KXNk9QJTTodxoMYll5TCbibUvKQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KXNk9QJTTodxoMYll5TCbibUvKQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 04:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:1f:3e:93:68:cc:62:92:2c:66:ea:15:3b:ec:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=297364f502534e8771a0c6259794c26e26d4bca4
        Validity
            Not Before: Jan  1 02:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca54aa44053c4c3bd89e9a77c60104f1e3972bce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:02:21:73:7d:48:da:b3:75:64:60:46:6b:f3:
                    10:83:e1:98:0b:f2:0b:65:76:e2:05:b2:9f:24:ee:
                    bf:f5:72:c1:93:0d:bb:39:b6:50:9c:be:67:d9:5c:
                    e2:f7:47:c6:ca:3f:8c:02:0d:c3:21:ea:e4:cc:2e:
                    47:31:6c:f9:d8:4e:60:37:e6:aa:be:fe:80:6d:c6:
                    ab:d0:a1:97:cd:54:c0:75:38:33:33:33:2f:4b:7a:
                    52:02:f9:fe:09:2a:1b:12:7b:8e:2c:b6:a9:d5:87:
                    6f:6b:82:c3:86:03:ca:bd:af:b4:c4:e7:84:bc:7e:
                    c0:b7:c7:bc:5c:56:1b:88:b4:ed:26:78:62:78:44:
                    9f:7d:9e:6c:f7:14:b2:09:cc:c4:b2:20:84:ae:42:
                    9c:23:d2:04:71:3e:e4:82:d5:07:0d:de:ba:b0:c5:
                    9c:c4:07:80:18:37:c7:3d:4a:15:81:c1:dc:ad:11:
                    dd:99:78:11:92:be:42:af:13:11:0d:a6:00:08:f6:
                    cf:01:ab:93:fe:d6:c8:f7:ea:e1:9d:68:9c:57:25:
                    f7:36:d7:46:b7:2f:fc:09:a9:36:5c:1c:85:90:48:
                    07:d1:84:f8:0d:d6:ca:a9:b0:68:8e:52:96:e6:78:
                    d7:a6:7f:e1:82:70:0e:b0:9c:44:64:15:e1:cd:b6:
                    ad:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:54:AA:44:05:3C:4C:3B:D8:9E:9A:77:C6:01:04:F1:E3:97:2B:CE
            X509v3 Authority Key Identifier:
                keyid:29:73:64:F5:02:53:4E:87:71:A0:C6:25:97:94:C2:6E:26:D4:BC:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KXNk9QJTTodxoMYll5TCbibUvKQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/ylSqRAU8TDvYnpp3xgEE8eOXK84.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/KXNk9QJTTodxoMYll5TCbibUvKQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.105.162.0/23

    Signature Algorithm: sha256WithRSAEncryption
         94:29:f7:cb:61:b1:c7:8f:d4:5f:ad:a1:3f:e0:55:4d:fc:38:
         cc:cd:95:b0:17:26:4a:7c:d2:68:c8:c2:a5:71:f9:3c:a8:1e:
         8f:77:29:86:ab:cc:25:46:df:02:4e:a4:69:66:a7:b4:7e:8e:
         bd:24:4b:26:45:3c:32:20:31:33:74:8b:18:c1:9c:9f:34:21:
         bc:b0:00:37:2f:37:8b:db:a0:af:40:dc:48:68:23:b4:3b:19:
         e5:b3:a2:ce:eb:e4:65:bd:63:f5:b3:33:14:96:42:09:02:38:
         39:25:eb:42:20:a9:3d:b2:d5:10:2c:0b:2d:5b:36:61:37:27:
         ef:b7:5f:e1:40:f3:b0:b1:61:fe:d4:95:d5:ec:2b:6e:f9:33:
         9b:e4:d6:9e:a8:97:bb:47:07:11:e7:d0:21:c5:eb:75:7c:86:
         cd:42:ea:7b:8b:72:bf:c2:9c:1b:a2:cd:d6:71:e5:61:88:f3:
         36:88:76:46:00:fa:ce:05:92:7b:08:1d:da:f1:7e:ff:3a:3b:
         de:88:66:ed:05:68:cf:ab:64:e0:2e:8a:bd:5f:3a:57:b5:08:
         f8:3d:81:a3:ca:96:d0:6b:98:28:89:4a:ba:9f:0f:a6:a2:6f:
         80:66:89:8c:ed:5e:be:54:aa:83:63:55:02:65:01:27:8c:25:
         b3:18:81:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2x8+k2jMYpIsZuoVO+zmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NzM2NGY1MDI1MzRlODc3MWEwYzYyNTk3OTRjMjZlMjZk
NGJjYTQwHhcNMjQwMTAxMDIyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTU0YWE0NDA1M2M0YzNiZDg5ZTlhNzdjNjAxMDRmMWUzOTcyYmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmwIhc31I2rN1ZGBGa/MQg+GYC/IL
ZXbiBbKfJO6/9XLBkw27ObZQnL5n2Vzi90fGyj+MAg3DIerkzC5HMWz52E5gN+aq
vv6Abcar0KGXzVTAdTgzMzMvS3pSAvn+CSobEnuOLLap1Ydva4LDhgPKva+0xOeE
vH7At8e8XFYbiLTtJnhieESffZ5s9xSyCczEsiCErkKcI9IEcT7kgtUHDd66sMWc
xAeAGDfHPUoVgcHcrRHdmXgRkr5CrxMRDaYACPbPAauT/tbI9+rhnWicVyX3NtdG
ty/8Cak2XByFkEgH0YT4DdbKqbBojlKW5njXpn/hgnAOsJxEZBXhzbat3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMpUqkQFPEw72J6ad8YBBPHjlyvOMB8GA1UdIwQY
MBaAFClzZPUCU06HcaDGJZeUwm4m1LykMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1hOazlRSlRUb2R4b01ZbGw1VENiaWJVdktRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi8wNDU4MjAtMzU0Ni00MDdjLTgzYTUt
MGEwZjNlNzhhNDkzLzEveWxTcVJBVThURHZZbnBwM3hnRUU4ZU9YSzg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi8wNDU4MjAtMzU0Ni00MDdjLTgzYTUtMGEwZjNlNzhhNDkz
LzEvS1hOazlRSlRUb2R4b01ZbGw1VENiaWJVdktRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBjWmiMA0G
CSqGSIb3DQEBCwUAA4IBAQCUKffLYbHHj9RfraE/4FVN/DjMzZWwFyZKfNJoyMKl
cfk8qB6PdymGq8wlRt8CTqRpZqe0fo69JEsmRTwyIDEzdIsYwZyfNCG8sAA3LzeL
26CvQNxIaCO0Oxnls6LO6+RlvWP1szMUlkIJAjg5JetCIKk9stUQLAstWzZhNyfv
t1/hQPOwsWH+1JXV7Ctu+TOb5NaeqJe7RwcR59Ahxet1fIbNQup7i3K/wpwbos3W
ceVhiPM2iHZGAPrOBZJ7CB3a8X7/OjveiGbtBWjPq2TgLoq9XzpXtQj4PYGjypbQ
a5goiUq6nw+mom+AZomM7V6+VKqDY1UCZQEnjCWzGIFx
-----END CERTIFICATE-----