Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/2b285d-d6da-4bbb-a93a-b78760334ebd/1/a03zm1vmtQ330Msfz3OCgJqNrWI.roa
File:                     a03zm1vmtQ330Msfz3OCgJqNrWI.roa (raw, json)
Hash identifier:          m12SGEwbTvhPstFx57kW64ukuWWW8X8BvAD30Fp3m48=
Subject key identifier:   6B:4D:F3:9B:5B:E6:B5:0D:F7:D0:CB:1F:CF:73:82:80:9A:8D:AD:62
Certificate issuer:       /CN=696262b63e63464aa4f1046628fa425dbaee3ceb
Certificate serial:       018CC8DE444AEDCBC51B4679158F6F81DCA0
Authority key identifier: 69:62:62:B6:3E:63:46:4A:A4:F1:04:66:28:FA:42:5D:BA:EE:3C:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aWJitj5jRkqk8QRmKPpCXbruPOs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/2b285d-d6da-4bbb-a93a-b78760334ebd/1/a03zm1vmtQ330Msfz3OCgJqNrWI.roa
Signing time:             Tue 02 Jan 2024 06:30:58 +0000
ROA not before:           Tue 02 Jan 2024 06:30:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206610
IP address blocks:        45.158.140.0/22 maxlen: 24
                          2a0f:6980::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/2b285d-d6da-4bbb-a93a-b78760334ebd/1/aWJitj5jRkqk8QRmKPpCXbruPOs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/2b285d-d6da-4bbb-a93a-b78760334ebd/1/aWJitj5jRkqk8QRmKPpCXbruPOs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aWJitj5jRkqk8QRmKPpCXbruPOs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:44:4a:ed:cb:c5:1b:46:79:15:8f:6f:81:dc:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=696262b63e63464aa4f1046628fa425dbaee3ceb
        Validity
            Not Before: Jan  2 06:30:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b4df39b5be6b50df7d0cb1fcf7382809a8dad62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:6b:37:07:b5:27:84:19:99:49:9c:10:50:a6:
                    01:5e:cd:e6:17:22:3a:67:4d:52:89:4e:50:6c:15:
                    42:a9:fc:c4:8b:45:03:86:84:2e:50:8d:65:5f:ab:
                    95:ea:c9:21:3f:d0:89:86:a8:2d:b1:24:32:21:94:
                    83:dc:60:4a:ad:98:15:bb:eb:61:58:37:5f:6b:d6:
                    12:61:d6:f8:de:5b:b4:eb:f0:67:93:67:f0:af:3a:
                    90:49:27:48:e1:78:23:99:2b:96:39:db:ae:db:3c:
                    0a:81:d6:df:2f:d8:32:8d:85:f7:ec:b2:b9:ac:17:
                    ac:78:25:39:37:89:3c:ed:87:d7:a6:18:b0:88:6e:
                    9b:fc:ef:07:09:4d:6d:82:b2:fe:18:8d:a1:bd:31:
                    a9:95:cd:7c:e2:61:3b:99:cc:6c:03:49:e0:4e:37:
                    6b:ee:3c:ed:77:b6:01:9b:b0:8e:ca:41:1e:bd:07:
                    37:b6:26:d5:8c:71:56:4c:66:79:df:d7:da:57:a8:
                    aa:a9:d9:d9:80:da:95:27:b6:69:19:5b:87:16:76:
                    bf:7a:8d:73:c8:74:58:b4:07:5c:59:e8:3a:29:eb:
                    6c:69:af:e8:5d:3c:80:33:0b:e6:f1:27:3e:84:c4:
                    1e:c3:fb:7f:cb:22:fb:ff:d3:1b:23:61:01:50:9d:
                    94:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:4D:F3:9B:5B:E6:B5:0D:F7:D0:CB:1F:CF:73:82:80:9A:8D:AD:62
            X509v3 Authority Key Identifier:
                keyid:69:62:62:B6:3E:63:46:4A:A4:F1:04:66:28:FA:42:5D:BA:EE:3C:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aWJitj5jRkqk8QRmKPpCXbruPOs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/2b285d-d6da-4bbb-a93a-b78760334ebd/1/a03zm1vmtQ330Msfz3OCgJqNrWI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/2b285d-d6da-4bbb-a93a-b78760334ebd/1/aWJitj5jRkqk8QRmKPpCXbruPOs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.140.0/22
                IPv6:
                  2a0f:6980::/29

    Signature Algorithm: sha256WithRSAEncryption
         65:f3:2a:be:40:51:61:d2:02:ac:a3:aa:1f:d1:b8:9b:25:0c:
         e9:5b:dc:9c:8f:3f:32:6b:f9:30:89:cd:c0:0c:3a:1e:f5:ba:
         50:c3:2e:76:88:08:04:09:96:bc:27:1b:9f:9c:d6:9c:35:48:
         47:c1:80:00:77:1c:96:2d:2f:fd:bf:ed:49:0a:3c:95:12:e0:
         9f:6a:69:0e:f3:68:70:ea:97:b2:48:55:64:5d:e2:f7:e6:b4:
         75:4f:38:5f:a3:6f:88:96:0b:b0:23:22:56:cd:66:d3:8d:2e:
         d8:1a:5c:da:27:29:70:a1:ae:31:b4:ac:2a:74:29:46:11:9a:
         df:dd:55:d4:86:e5:e4:b5:ef:71:9a:93:fe:fb:aa:d2:0a:ec:
         0f:27:f4:21:6a:2a:d6:8c:0f:06:05:91:87:78:4e:8a:25:a6:
         e8:65:24:52:d2:14:a3:3d:33:15:fe:d2:f6:2f:9f:1b:fd:da:
         3c:ed:ab:3a:9d:1a:68:ee:4c:a6:aa:9f:f6:a6:7a:c5:6a:d5:
         12:dc:c8:85:cf:28:02:88:00:dd:4f:8f:fd:ec:07:fc:87:07:
         94:f4:cb:68:67:32:90:97:d9:e2:ce:19:4f:a1:43:9e:7c:0c:
         1d:2e:8c:ae:91:2f:a0:7e:05:3a:53:e5:03:70:6a:c9:f0:87:
         14:33:b9:73
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI3kRK7cvFG0Z5FY9vgdygMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5NjI2MmI2M2U2MzQ2NGFhNGYxMDQ2NjI4ZmE0MjVkYmFl
ZTNjZWIwHhcNMjQwMTAyMDYzMDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjRkZjM5YjViZTZiNTBkZjdkMGNiMWZjZjczODI4MDlhOGRhZDYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhGs3B7UnhBmZSZwQUKYBXs3mFyI6
Z01SiU5QbBVCqfzEi0UDhoQuUI1lX6uV6skhP9CJhqgtsSQyIZSD3GBKrZgVu+th
WDdfa9YSYdb43lu06/Bnk2fwrzqQSSdI4XgjmSuWOduu2zwKgdbfL9gyjYX37LK5
rBeseCU5N4k87YfXphiwiG6b/O8HCU1tgrL+GI2hvTGplc184mE7mcxsA0ngTjdr
7jztd7YBm7COykEevQc3tibVjHFWTGZ539faV6iqqdnZgNqVJ7ZpGVuHFna/eo1z
yHRYtAdcWeg6Ketsaa/oXTyAMwvm8Sc+hMQew/t/yyL7/9MbI2EBUJ2U4QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGtN85tb5rUN99DLH89zgoCaja1iMB8GA1UdIwQY
MBaAFGliYrY+Y0ZKpPEEZij6Ql267jzrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVdKaXRqNWpSa3FrOFFSbUtQcENYYnJ1UE9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My8yYjI4NWQtZDZkYS00YmJiLWE5M2Et
Yjc4NzYwMzM0ZWJkLzEvYTAzem0xdm10UTMzME1zZnozT0NnSnFOcldJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My8yYjI4NWQtZDZkYS00YmJiLWE5M2EtYjc4NzYwMzM0ZWJk
LzEvYVdKaXRqNWpSa3FrOFFSbUtQcENYYnJ1UE9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLZ6MMA0E
AgACMAcDBQMqD2mAMA0GCSqGSIb3DQEBCwUAA4IBAQBl8yq+QFFh0gKso6of0bib
JQzpW9ycjz8ya/kwic3ADDoe9bpQwy52iAgECZa8JxufnNacNUhHwYAAdxyWLS/9
v+1JCjyVEuCfamkO82hw6peySFVkXeL35rR1Tzhfo2+IlguwIyJWzWbTjS7YGlza
Jylwoa4xtKwqdClGEZrf3VXUhuXkte9xmpP++6rSCuwPJ/QhairWjA8GBZGHeE6K
JaboZSRS0hSjPTMV/tL2L58b/do87as6nRpo7kymqp/2pnrFatUS3MiFzygCiADd
T4/97Af8hweU9MtoZzKQl9nizhlPoUOefAwdLoyukS+gfgU6U+UDcGrJ8IcUM7lz
-----END CERTIFICATE-----