Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/FLrfluS3G6eBn4Rz8dO3Tg1uUvc.roa
File:                     FLrfluS3G6eBn4Rz8dO3Tg1uUvc.roa (raw, json)
Hash identifier:          BnW4jyu0bgDvHie08CZtTDJ78L8japxPf505h8mt7Ho=
Subject key identifier:   14:BA:DF:96:E4:B7:1B:A7:81:9F:84:73:F1:D3:B7:4E:0D:6E:52:F7
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       018CC6B7B6EC96E8E58EA5C6BE768A252986
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/FLrfluS3G6eBn4Rz8dO3Tg1uUvc.roa
Signing time:             Mon 01 Jan 2024 20:29:37 +0000
ROA not before:           Mon 01 Jan 2024 20:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61302
IP address blocks:        45.141.184.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:b6:ec:96:e8:e5:8e:a5:c6:be:76:8a:25:29:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Jan  1 20:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=14badf96e4b71ba7819f8473f1d3b74e0d6e52f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:eb:79:c4:32:45:7f:7f:93:e2:28:3e:29:91:
                    46:05:9d:53:26:af:f8:39:a1:e6:4e:f9:ef:c8:50:
                    3a:4a:c3:48:6f:47:8e:65:4c:1c:2b:3c:16:6e:60:
                    84:fc:a5:4e:80:81:e0:2e:ae:4d:ba:6c:1d:33:ca:
                    12:0b:4b:62:b4:6a:0e:0c:d4:7c:b8:6b:6d:64:43:
                    76:c9:a4:bb:a0:d1:45:38:b6:f7:a3:29:fe:2a:fd:
                    ac:74:31:ba:09:c9:69:67:f2:4d:dd:77:8d:9a:50:
                    c1:c2:b1:3c:3c:b4:83:68:3f:ec:a1:2c:cc:cb:88:
                    fd:41:32:44:b3:7c:5b:6a:68:4c:d5:75:95:8f:fa:
                    d6:d9:d8:3f:43:0b:65:01:0e:bd:ad:c7:1a:5f:5c:
                    2a:3d:cc:ba:ab:f6:1f:3b:56:da:57:98:d9:4d:a6:
                    0b:a9:15:d4:b7:58:24:b4:9e:15:00:f2:0b:b2:28:
                    13:21:8d:53:41:16:5d:ef:c4:12:af:05:17:6f:71:
                    91:8a:33:d6:d4:57:7e:f4:d6:ad:df:5b:d2:40:42:
                    5a:27:91:30:87:1d:ab:ed:3f:45:c4:92:f8:d0:b2:
                    5f:d8:ad:51:e7:00:6c:58:f0:ef:1d:2b:15:f6:e0:
                    60:7a:76:e1:c4:36:d1:ad:16:7b:ef:63:27:52:3c:
                    db:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:BA:DF:96:E4:B7:1B:A7:81:9F:84:73:F1:D3:B7:4E:0D:6E:52:F7
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/FLrfluS3G6eBn4Rz8dO3Tg1uUvc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:0c:ce:dc:fc:28:4a:6a:20:49:b6:57:ea:c3:bd:82:b4:71:
         4d:bc:a4:23:0a:ee:c8:79:b0:ad:33:db:ff:96:d2:77:f9:80:
         3d:d7:86:df:3b:b9:ee:d0:39:c9:48:b4:8b:a1:b2:93:dc:2d:
         a0:9e:8c:c6:a1:f6:1b:6d:07:49:8a:77:66:ea:0b:bf:b6:5d:
         f7:e8:c8:38:a0:be:4a:e9:12:2b:7d:8f:b4:1c:40:17:df:d8:
         c7:69:91:cf:10:82:e0:82:39:2e:5f:e5:46:9d:a3:30:b2:0d:
         a5:e0:05:1f:d8:fe:e8:45:30:7c:35:bb:18:d6:5a:25:70:a9:
         fe:d8:5d:b4:66:01:48:f9:38:0e:34:a8:25:38:3b:50:e4:6a:
         38:7f:af:63:bb:26:83:59:90:53:43:5c:07:27:48:71:dc:87:
         f6:b6:a9:12:df:b7:b0:fd:0d:40:a2:54:57:c2:4e:13:35:8e:
         23:68:fe:fa:57:33:5a:fa:c7:83:33:49:d6:2f:cb:d7:c5:9b:
         c3:4c:60:ed:08:02:82:d7:54:7c:36:5b:0a:c5:c4:b3:03:0e:
         7b:13:ba:8f:54:6b:d5:c7:c2:14:82:71:cc:8b:4d:46:cd:89:
         f2:0c:8d:bc:d3:71:f7:a9:97:3c:4f:2e:fb:43:62:3f:0a:4c:
         58:56:67:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt7bslujljqXGvnaKJSmGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjQwMTAxMjAyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGJhZGY5NmU0YjcxYmE3ODE5Zjg0NzNmMWQzYjc0ZTBkNmU1MmY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+t5xDJFf3+T4ig+KZFGBZ1TJq/4
OaHmTvnvyFA6SsNIb0eOZUwcKzwWbmCE/KVOgIHgLq5NumwdM8oSC0titGoODNR8
uGttZEN2yaS7oNFFOLb3oyn+Kv2sdDG6CclpZ/JN3XeNmlDBwrE8PLSDaD/soSzM
y4j9QTJEs3xbamhM1XWVj/rW2dg/QwtlAQ69rccaX1wqPcy6q/YfO1baV5jZTaYL
qRXUt1gktJ4VAPILsigTIY1TQRZd78QSrwUXb3GRijPW1Fd+9Nat31vSQEJaJ5Ew
hx2r7T9FxJL40LJf2K1R5wBsWPDvHSsV9uBgenbhxDbRrRZ772MnUjzbcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBS635bktxungZ+Ec/HTt04NblL3MB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvRkxyZmx1UzNHNmVCbjRSejhkTzNUZzF1VXZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY24MA0G
CSqGSIb3DQEBCwUAA4IBAQCaDM7c/ChKaiBJtlfqw72CtHFNvKQjCu7IebCtM9v/
ltJ3+YA914bfO7nu0DnJSLSLobKT3C2gnozGofYbbQdJindm6gu/tl336Mg4oL5K
6RIrfY+0HEAX39jHaZHPEILggjkuX+VGnaMwsg2l4AUf2P7oRTB8NbsY1lolcKn+
2F20ZgFI+TgONKglODtQ5Go4f69juyaDWZBTQ1wHJ0hx3If2tqkS37ew/Q1AolRX
wk4TNY4jaP76VzNa+seDM0nWL8vXxZvDTGDtCAKC11R8NlsKxcSzAw57E7qPVGvV
x8IUgnHMi01GzYnyDI2803H3qZc8Ty77Q2I/CkxYVmdL
-----END CERTIFICATE-----