Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/df9e2d-a033-40c0-a00f-e344fdb722a3/1/bSgS465w7GIr8XBUKob7J14IZ14.roa
File:                     bSgS465w7GIr8XBUKob7J14IZ14.roa (raw, json)
Hash identifier:          TO/OxnqnwPeqg7oxTmCHi/jqPuUVFGyVBOuBBonjylY=
Subject key identifier:   6D:28:12:E3:AE:70:EC:62:2B:F1:70:54:2A:86:FB:27:5E:08:67:5E
Certificate issuer:       /CN=8f3ced30b2852e552c7837467003f175ea59de73
Certificate serial:       018CC6B78E4C9DEFD43E1ED6236C350E300E
Authority key identifier: 8F:3C:ED:30:B2:85:2E:55:2C:78:37:46:70:03:F1:75:EA:59:DE:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jzztMLKFLlUseDdGcAPxdepZ3nM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/df9e2d-a033-40c0-a00f-e344fdb722a3/1/bSgS465w7GIr8XBUKob7J14IZ14.roa
Signing time:             Mon 01 Jan 2024 20:29:27 +0000
ROA not before:           Mon 01 Jan 2024 20:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197293
IP address blocks:        45.144.140.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/df9e2d-a033-40c0-a00f-e344fdb722a3/1/jzztMLKFLlUseDdGcAPxdepZ3nM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/df9e2d-a033-40c0-a00f-e344fdb722a3/1/jzztMLKFLlUseDdGcAPxdepZ3nM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jzztMLKFLlUseDdGcAPxdepZ3nM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:8e:4c:9d:ef:d4:3e:1e:d6:23:6c:35:0e:30:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f3ced30b2852e552c7837467003f175ea59de73
        Validity
            Not Before: Jan  1 20:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d2812e3ae70ec622bf170542a86fb275e08675e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:9f:c1:f1:a8:e3:7c:a4:1e:07:72:08:79:12:
                    fc:a0:e0:89:79:2a:6d:7d:8a:bf:e2:02:29:01:8a:
                    72:48:b1:76:fa:0a:44:85:e6:ff:28:fe:22:c3:54:
                    42:38:41:97:1d:00:c0:1a:9c:10:22:4d:9c:d9:7e:
                    86:e9:66:15:ec:88:ee:ca:3a:aa:6a:73:69:da:62:
                    0f:24:04:0e:f0:19:7d:ef:c7:49:d2:af:76:b9:b8:
                    66:4e:6a:80:81:52:76:d7:7e:79:b9:05:51:05:f8:
                    07:fa:12:16:57:2e:b6:3c:d2:50:36:03:db:32:f7:
                    7c:6b:a9:9d:eb:90:c1:c1:91:ce:cd:55:40:f4:57:
                    bb:d7:22:db:b3:c6:6a:bc:a6:87:fe:0c:20:d7:03:
                    32:74:99:24:e8:98:ec:98:7c:aa:ac:00:86:c3:d2:
                    5f:1c:ac:1c:ec:78:6c:78:af:42:af:2b:78:d4:fa:
                    29:64:67:6a:8f:b0:9f:cb:f1:3e:4b:62:b0:5e:b5:
                    24:46:12:40:50:77:a7:45:94:78:d6:f7:2c:d8:29:
                    92:8a:9f:af:8d:47:fb:61:c8:bb:60:b1:8d:6d:c5:
                    74:50:24:0c:a5:b3:56:dd:5d:f5:6d:be:f1:53:00:
                    a2:24:5f:2f:40:8b:f4:3f:3e:d5:17:09:c7:7f:6c:
                    8a:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:28:12:E3:AE:70:EC:62:2B:F1:70:54:2A:86:FB:27:5E:08:67:5E
            X509v3 Authority Key Identifier:
                keyid:8F:3C:ED:30:B2:85:2E:55:2C:78:37:46:70:03:F1:75:EA:59:DE:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jzztMLKFLlUseDdGcAPxdepZ3nM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/df9e2d-a033-40c0-a00f-e344fdb722a3/1/bSgS465w7GIr8XBUKob7J14IZ14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/df9e2d-a033-40c0-a00f-e344fdb722a3/1/jzztMLKFLlUseDdGcAPxdepZ3nM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.144.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8e:a2:8e:80:1a:cb:e8:ec:66:c4:f3:36:c6:36:a7:e3:76:8b:
         2b:02:cf:b1:de:75:e0:dc:34:2d:00:63:74:0b:e0:60:8a:1f:
         5c:1a:13:91:01:18:63:53:e5:6a:82:6a:06:56:06:4d:9f:1a:
         34:db:82:8d:69:c9:e7:f6:ed:e7:9e:30:ad:a1:af:c9:4e:dd:
         c2:55:e8:25:9a:9e:cd:b6:ab:fa:a9:96:ae:61:ad:9c:cb:05:
         77:76:2e:49:e8:40:d8:2d:74:b2:e1:5e:e3:d4:b5:b1:0e:22:
         53:2d:c2:e5:98:eb:4e:14:6f:cf:7c:15:f6:90:03:4c:97:df:
         0e:92:64:f1:f4:34:25:c9:92:89:6e:6d:29:28:e7:f4:02:73:
         26:b4:b2:db:bb:8f:96:22:f3:af:8c:90:85:06:87:a5:3b:62:
         45:f4:02:3d:fb:f8:69:9f:63:f9:cc:42:9e:37:96:8b:0f:0a:
         5a:ba:1f:fd:07:a1:fa:a2:0f:2b:fd:b7:25:08:68:e3:a4:3e:
         db:13:c6:5c:40:13:89:4f:04:dd:58:71:6d:b3:1b:db:e0:f5:
         3c:41:59:88:b2:c7:59:62:68:9b:40:3d:9f:9d:4f:31:c8:23:
         e4:22:95:6f:38:4b:c4:11:da:8d:80:be:af:25:34:29:40:e7:
         3d:2a:60:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt45Mne/UPh7WI2w1DjAOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmM2NlZDMwYjI4NTJlNTUyYzc4Mzc0NjcwMDNmMTc1ZWE1
OWRlNzMwHhcNMjQwMTAxMjAyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDI4MTJlM2FlNzBlYzYyMmJmMTcwNTQyYTg2ZmIyNzVlMDg2NzVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA05/B8ajjfKQeB3IIeRL8oOCJeSpt
fYq/4gIpAYpySLF2+gpEheb/KP4iw1RCOEGXHQDAGpwQIk2c2X6G6WYV7Ijuyjqq
anNp2mIPJAQO8Bl978dJ0q92ubhmTmqAgVJ21355uQVRBfgH+hIWVy62PNJQNgPb
Mvd8a6md65DBwZHOzVVA9Fe71yLbs8ZqvKaH/gwg1wMydJkk6JjsmHyqrACGw9Jf
HKwc7HhseK9Cryt41PopZGdqj7Cfy/E+S2KwXrUkRhJAUHenRZR41vcs2CmSip+v
jUf7Yci7YLGNbcV0UCQMpbNW3V31bb7xUwCiJF8vQIv0Pz7VFwnHf2yKkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG0oEuOucOxiK/FwVCqG+ydeCGdeMB8GA1UdIwQY
MBaAFI887TCyhS5VLHg3RnAD8XXqWd5zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanp6dE1MS0ZMbFVzZURkR2NBUHhkZXBaM25NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC9kZjllMmQtYTAzMy00MGMwLWEwMGYt
ZTM0NGZkYjcyMmEzLzEvYlNnUzQ2NXc3R0lyOFhCVUtvYjdKMTRJWjE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC9kZjllMmQtYTAzMy00MGMwLWEwMGYtZTM0NGZkYjcyMmEz
LzEvanp6dE1MS0ZMbFVzZURkR2NBUHhkZXBaM25NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZCMMA0G
CSqGSIb3DQEBCwUAA4IBAQCOoo6AGsvo7GbE8zbGNqfjdosrAs+x3nXg3DQtAGN0
C+Bgih9cGhORARhjU+VqgmoGVgZNnxo024KNacnn9u3nnjCtoa/JTt3CVeglmp7N
tqv6qZauYa2cywV3di5J6EDYLXSy4V7j1LWxDiJTLcLlmOtOFG/PfBX2kANMl98O
kmTx9DQlyZKJbm0pKOf0AnMmtLLbu4+WIvOvjJCFBoelO2JF9AI9+/hpn2P5zEKe
N5aLDwpauh/9B6H6og8r/bclCGjjpD7bE8ZcQBOJTwTdWHFtsxvb4PU8QVmIssdZ
YmibQD2fnU8xyCPkIpVvOEvEEdqNgL6vJTQpQOc9KmAr
-----END CERTIFICATE-----