Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/8jRo6eW7pIH8gb5Jd9MkTFFt3Ss.roa
File:                     8jRo6eW7pIH8gb5Jd9MkTFFt3Ss.roa (raw, json)
Hash identifier:          g47QA01qfdVVs/QiasCPgjBZJwN+2DTQZA2am8utpOA=
Subject key identifier:   F2:34:68:E9:E5:BB:A4:81:FC:81:BE:49:77:D3:24:4C:51:6D:DD:2B
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       018FDF3FBF14D2CC09B93B35BBDC333AE8BB
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/8jRo6eW7pIH8gb5Jd9MkTFFt3Ss.roa
Signing time:             Mon 03 Jun 2024 17:57:27 +0000
ROA not before:           Mon 03 Jun 2024 17:57:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57271
IP address blocks:        45.141.198.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 05:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:df:3f:bf:14:d2:cc:09:b9:3b:35:bb:dc:33:3a:e8:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Jun  3 17:57:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f23468e9e5bba481fc81be4977d3244c516ddd2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:b2:72:b4:c7:19:a0:d4:65:88:0a:d1:5d:b6:
                    6e:41:89:92:5b:8e:0c:2e:8c:b3:3e:c1:c0:de:9f:
                    69:bd:d0:bb:7f:c8:d4:b2:14:82:65:8b:08:6e:bf:
                    66:2d:ff:ea:31:c0:e8:4b:d8:bf:e0:ab:d1:6a:83:
                    be:36:6d:88:aa:19:f7:3e:de:ad:97:40:0e:53:e2:
                    75:8e:38:ae:fe:fe:87:0d:26:31:97:f2:7c:a6:e7:
                    d4:6d:34:dd:d8:b6:8a:df:37:1a:54:40:90:56:33:
                    31:2d:ef:c3:0b:9d:99:ab:72:c5:24:14:53:b0:82:
                    f8:83:8e:fe:f9:1f:d5:9f:24:4c:5c:b6:5d:21:12:
                    7c:62:8f:5c:2d:40:02:0d:87:c5:dd:16:f5:ab:b5:
                    6d:26:97:12:49:1d:74:79:6d:2b:c8:d7:c1:8d:f7:
                    97:53:d9:4c:0f:0b:28:fa:1a:cf:3d:1b:43:3a:61:
                    72:0f:c9:c8:44:ac:cd:7f:86:6c:41:a1:3e:94:db:
                    7c:15:3f:89:c9:c8:1d:a6:d0:a1:fb:65:9a:a7:ff:
                    1d:3d:af:a3:65:d9:d0:44:1d:1f:29:3c:24:37:91:
                    5c:5a:8d:77:e4:51:39:5c:cd:84:ca:e8:3a:87:79:
                    70:e0:03:f3:88:11:90:ea:28:40:b4:1b:61:8d:b8:
                    c1:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:34:68:E9:E5:BB:A4:81:FC:81:BE:49:77:D3:24:4C:51:6D:DD:2B
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/8jRo6eW7pIH8gb5Jd9MkTFFt3Ss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.198.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9f:e3:3c:95:73:91:09:80:a9:5f:af:b0:7b:15:4b:5c:68:ee:
         b9:92:34:49:5b:dd:e1:72:1e:3c:d2:aa:03:39:a5:9d:48:0d:
         cf:bb:22:a0:b8:d2:73:4c:4a:ef:8c:72:b7:9f:17:49:97:ed:
         4f:4b:6c:1e:73:45:cd:95:b0:7d:1f:7d:73:de:72:cc:58:16:
         a0:d3:b4:36:bf:2b:ff:11:e5:b2:0e:90:48:10:e8:19:d8:ca:
         8a:71:14:68:d9:b4:c3:89:02:5b:e6:21:6f:fd:72:96:b6:c9:
         c2:a6:ae:57:db:a1:1b:79:59:2f:17:52:e4:44:30:83:8e:44:
         db:f5:35:60:b3:b8:1c:40:c0:03:b6:29:6c:d7:71:5a:09:89:
         1d:25:af:dd:d1:62:b6:98:5b:f5:a8:bf:c9:ee:0f:c2:c3:c4:
         2f:6b:3a:38:39:bf:52:85:a8:52:11:bb:20:25:ad:61:33:85:
         f8:fa:e2:06:bf:89:0f:61:55:78:2a:3e:20:63:8a:bf:02:70:
         86:26:32:60:84:75:76:57:85:b4:45:2f:da:fa:05:44:70:a3:
         5e:82:0c:87:d8:a8:b0:6b:4f:84:d4:dc:21:df:6b:f7:44:86:
         98:a1:8a:1f:91:d2:85:60:e2:a6:16:39:d7:a8:15:29:7a:c7:
         76:39:36:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/fP78U0swJuTs1u9wzOui7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjQwNjAzMTc1NzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjM0NjhlOWU1YmJhNDgxZmM4MWJlNDk3N2QzMjQ0YzUxNmRkZDJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2LJytMcZoNRliArRXbZuQYmSW44M
LoyzPsHA3p9pvdC7f8jUshSCZYsIbr9mLf/qMcDoS9i/4KvRaoO+Nm2Iqhn3Pt6t
l0AOU+J1jjiu/v6HDSYxl/J8pufUbTTd2LaK3zcaVECQVjMxLe/DC52Zq3LFJBRT
sIL4g47++R/VnyRMXLZdIRJ8Yo9cLUACDYfF3Rb1q7VtJpcSSR10eW0ryNfBjfeX
U9lMDwso+hrPPRtDOmFyD8nIRKzNf4ZsQaE+lNt8FT+JycgdptCh+2Wap/8dPa+j
ZdnQRB0fKTwkN5FcWo135FE5XM2Eyug6h3lw4APziBGQ6ihAtBthjbjBdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPI0aOnlu6SB/IG+SXfTJExRbd0rMB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvOGpSbzZlVzdwSUg4Z2I1SmQ5TWtURkZ0M1NzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLY3GMA0G
CSqGSIb3DQEBCwUAA4IBAQCf4zyVc5EJgKlfr7B7FUtcaO65kjRJW93hch480qoD
OaWdSA3PuyKguNJzTErvjHK3nxdJl+1PS2wec0XNlbB9H31z3nLMWBag07Q2vyv/
EeWyDpBIEOgZ2MqKcRRo2bTDiQJb5iFv/XKWtsnCpq5X26EbeVkvF1LkRDCDjkTb
9TVgs7gcQMADtils13FaCYkdJa/d0WK2mFv1qL/J7g/Cw8Qvazo4Ob9ShahSEbsg
Ja1hM4X4+uIGv4kPYVV4Kj4gY4q/AnCGJjJghHV2V4W0RS/a+gVEcKNeggyH2Kiw
a0+E1Nwh32v3RIaYoYofkdKFYOKmFjnXqBUpesd2OTbS
-----END CERTIFICATE-----