Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/73beeb-6a05-4cca-86be-acfc3d2c2522/1/zHwXw68GxE5ReNUacR_kim83C3c.roa
File:                     zHwXw68GxE5ReNUacR_kim83C3c.roa (raw, json)
Hash identifier:          FNVSHVfmi+vuZI40cOZwIYIYGx2RhfgE8aLnRluPNdE=
Subject key identifier:   CC:7C:17:C3:AF:06:C4:4E:51:78:D5:1A:71:1F:E4:8A:6F:37:0B:77
Certificate issuer:       /CN=b6c167dfa9882b2aa8f84595f58a97c305ca43c5
Certificate serial:       018F6C2A840ACB4FA811D7143DF4686E020A
Authority key identifier: B6:C1:67:DF:A9:88:2B:2A:A8:F8:45:95:F5:8A:97:C3:05:CA:43:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tsFn36mIKyqo-EWV9YqXwwXKQ8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/73beeb-6a05-4cca-86be-acfc3d2c2522/1/zHwXw68GxE5ReNUacR_kim83C3c.roa
Signing time:             Sun 12 May 2024 09:37:56 +0000
ROA not before:           Sun 12 May 2024 09:37:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204393
IP address blocks:        45.135.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/73beeb-6a05-4cca-86be-acfc3d2c2522/1/tsFn36mIKyqo-EWV9YqXwwXKQ8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/73beeb-6a05-4cca-86be-acfc3d2c2522/1/tsFn36mIKyqo-EWV9YqXwwXKQ8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tsFn36mIKyqo-EWV9YqXwwXKQ8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:6c:2a:84:0a:cb:4f:a8:11:d7:14:3d:f4:68:6e:02:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6c167dfa9882b2aa8f84595f58a97c305ca43c5
        Validity
            Not Before: May 12 09:37:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cc7c17c3af06c44e5178d51a711fe48a6f370b77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:1d:1b:9b:db:a9:81:cb:98:e1:ec:cb:24:34:
                    a6:11:b7:61:3f:fe:8c:0a:2d:9f:ef:bd:7f:8a:65:
                    11:14:ce:18:ba:f7:7e:da:50:10:37:bb:72:c0:d7:
                    7b:78:e3:03:fe:ac:b0:01:20:ea:12:4f:cf:ae:3a:
                    74:d3:0e:b6:7c:91:c6:ea:51:1b:1b:a8:06:1b:3c:
                    a4:95:0c:06:a8:43:b5:4e:ec:1a:75:11:b9:f0:8e:
                    91:6b:8b:c2:a7:f9:a0:a4:31:83:0f:c1:86:d1:85:
                    8c:62:b9:76:57:76:41:60:d2:c8:c4:d5:f7:53:a6:
                    f1:ca:cb:ef:45:54:b0:02:3c:43:85:18:cb:64:75:
                    39:d8:c7:f2:98:50:28:eb:f8:57:7b:05:b0:30:a1:
                    eb:f6:3a:5b:7d:a8:11:8a:3b:82:dc:4b:2e:a2:1f:
                    f3:15:84:2b:96:e6:10:1a:5d:39:50:53:25:bf:2e:
                    77:16:c9:49:7b:30:f6:52:27:08:e2:8e:4d:f3:7f:
                    f1:cc:25:6e:f5:53:42:04:be:9c:16:31:85:86:2a:
                    14:83:b7:1a:0f:ad:35:08:cc:1b:f1:65:aa:33:ba:
                    01:db:3b:89:b1:3f:65:d9:e0:04:cb:dc:09:44:68:
                    05:3b:a3:7b:f5:d0:f7:9a:c8:be:a8:b9:c6:74:bc:
                    33:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:7C:17:C3:AF:06:C4:4E:51:78:D5:1A:71:1F:E4:8A:6F:37:0B:77
            X509v3 Authority Key Identifier:
                keyid:B6:C1:67:DF:A9:88:2B:2A:A8:F8:45:95:F5:8A:97:C3:05:CA:43:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tsFn36mIKyqo-EWV9YqXwwXKQ8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/73beeb-6a05-4cca-86be-acfc3d2c2522/1/zHwXw68GxE5ReNUacR_kim83C3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/73beeb-6a05-4cca-86be-acfc3d2c2522/1/tsFn36mIKyqo-EWV9YqXwwXKQ8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:6e:92:bf:79:ee:81:72:53:a7:41:72:82:ef:06:a8:0a:ac:
         9d:fe:b4:f7:a1:be:b0:fa:9a:53:98:c0:cb:dd:c7:b0:ab:9c:
         c6:21:b6:71:14:9e:86:ba:a5:9e:2e:b5:95:95:10:58:79:4e:
         73:97:ca:a9:2b:65:2c:0c:d0:df:87:9c:94:1c:68:8b:f4:9e:
         55:1e:79:c2:d8:7b:0d:ca:5e:c2:52:98:ca:aa:41:4a:2f:da:
         3e:fc:35:e9:47:9c:02:75:50:03:4d:51:f1:3c:95:43:a6:fa:
         a8:b2:a5:e0:27:e0:e6:09:74:5b:4c:f9:22:c6:4a:21:5d:9d:
         89:e0:be:9e:9c:f8:37:6c:14:c4:32:4b:24:b3:1a:d5:c3:30:
         8b:7a:e4:f0:c8:11:a8:94:7f:82:96:6e:07:18:8c:23:9e:32:
         82:ba:d8:44:51:33:48:ec:26:15:54:d8:1d:21:34:67:6d:67:
         aa:37:cd:2e:37:ae:68:1e:ab:7c:44:81:dc:9c:2b:d5:c8:59:
         c8:79:3a:c4:94:f8:df:84:ee:c2:63:d1:a9:67:01:0d:07:a4:
         e2:71:0e:65:42:3e:98:6b:0b:76:76:1d:b0:bd:80:d8:5b:0f:
         24:41:b4:19:84:a0:29:e8:d5:44:36:8b:50:25:ca:dc:af:2b:
         1e:80:8f:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9sKoQKy0+oEdcUPfRobgIKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2YzE2N2RmYTk4ODJiMmFhOGY4NDU5NWY1OGE5N2MzMDVj
YTQzYzUwHhcNMjQwNTEyMDkzNzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzdjMTdjM2FmMDZjNDRlNTE3OGQ1MWE3MTFmZTQ4YTZmMzcwYjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6x0bm9upgcuY4ezLJDSmEbdhP/6M
Ci2f771/imURFM4Yuvd+2lAQN7tywNd7eOMD/qywASDqEk/Prjp00w62fJHG6lEb
G6gGGzyklQwGqEO1TuwadRG58I6Ra4vCp/mgpDGDD8GG0YWMYrl2V3ZBYNLIxNX3
U6bxysvvRVSwAjxDhRjLZHU52MfymFAo6/hXewWwMKHr9jpbfagRijuC3Esuoh/z
FYQrluYQGl05UFMlvy53FslJezD2UicI4o5N83/xzCVu9VNCBL6cFjGFhioUg7ca
D601CMwb8WWqM7oB2zuJsT9l2eAEy9wJRGgFO6N79dD3msi+qLnGdLwzvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMx8F8OvBsROUXjVGnEf5IpvNwt3MB8GA1UdIwQY
MBaAFLbBZ9+piCsqqPhFlfWKl8MFykPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHNGbjM2bUlLeXFvLUVXVjlZcVh3d1hLUThVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy83M2JlZWItNmEwNS00Y2NhLTg2YmUt
YWNmYzNkMmMyNTIyLzEvekh3WHc2OEd4RTVSZU5VYWNSX2tpbTgzQzNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy83M2JlZWItNmEwNS00Y2NhLTg2YmUtYWNmYzNkMmMyNTIy
LzEvdHNGbjM2bUlLeXFvLUVXVjlZcVh3d1hLUThVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYfyMA0G
CSqGSIb3DQEBCwUAA4IBAQBtbpK/ee6BclOnQXKC7waoCqyd/rT3ob6w+ppTmMDL
3cewq5zGIbZxFJ6GuqWeLrWVlRBYeU5zl8qpK2UsDNDfh5yUHGiL9J5VHnnC2HsN
yl7CUpjKqkFKL9o+/DXpR5wCdVADTVHxPJVDpvqosqXgJ+DmCXRbTPkixkohXZ2J
4L6enPg3bBTEMksksxrVwzCLeuTwyBGolH+Clm4HGIwjnjKCuthEUTNI7CYVVNgd
ITRnbWeqN80uN65oHqt8RIHcnCvVyFnIeTrElPjfhO7CY9GpZwENB6TicQ5lQj6Y
awt2dh2wvYDYWw8kQbQZhKAp6NVENotQJcrcrysegI+N
-----END CERTIFICATE-----