Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/i_Tvja-apEGVfTOpUqdTZgG57sw.roa
File:                     i_Tvja-apEGVfTOpUqdTZgG57sw.roa (raw, json)
Hash identifier:          jbMPVJryoXxkKVPlFpl9ugt3/Khzrfs+JJiuceX1MzU=
Subject key identifier:   8B:F4:EF:8D:AF:9A:A4:41:95:7D:33:A9:52:A7:53:66:01:B9:EE:CC
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       018FDF3FBF4481D3650AC45A0763B4414713
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/i_Tvja-apEGVfTOpUqdTZgG57sw.roa
Signing time:             Mon 03 Jun 2024 17:57:27 +0000
ROA not before:           Mon 03 Jun 2024 17:57:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206728
IP address blocks:        45.141.198.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 02:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:df:3f:bf:44:81:d3:65:0a:c4:5a:07:63:b4:41:47:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Jun  3 17:57:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8bf4ef8daf9aa441957d33a952a7536601b9eecc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:6b:c1:58:c6:dd:0a:19:07:ff:69:35:c1:55:
                    32:a3:d6:19:2c:e9:3f:7f:20:25:53:09:ba:db:9c:
                    9f:00:0e:ca:53:e9:86:27:9f:fa:20:76:db:1e:98:
                    19:e8:04:86:e6:a4:58:a8:2e:bf:90:c1:e5:99:c1:
                    29:a1:a4:7f:e5:30:eb:84:b4:a3:9f:10:9b:97:b8:
                    fd:1e:54:65:91:a5:bb:8a:0d:e0:b2:97:36:ff:15:
                    d5:f5:30:69:61:47:4c:f4:24:bc:40:51:76:d9:67:
                    0b:5e:8b:6d:23:09:cf:c3:f9:dc:5b:96:d5:eb:67:
                    c1:2f:52:0e:97:bd:0d:28:66:5c:8b:98:c4:13:67:
                    59:68:6f:a7:e0:00:18:a6:7f:8f:25:4d:c3:e7:44:
                    49:9e:06:11:95:30:c0:71:22:b7:68:1f:2b:fb:ba:
                    8b:42:8e:93:6d:00:8b:f2:09:f4:c7:46:40:39:03:
                    e3:de:db:7d:9e:00:6a:40:19:3d:24:5e:9e:90:72:
                    5d:29:10:26:f7:11:6c:59:09:14:e5:91:5d:fd:65:
                    44:1a:7f:70:5b:a9:60:96:b4:68:5e:29:e9:18:a0:
                    c9:9a:49:de:6b:f9:6c:f5:9c:c7:8f:13:df:17:7a:
                    de:50:f7:7a:7f:fe:19:61:1a:33:ce:78:f9:cc:ea:
                    bd:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:F4:EF:8D:AF:9A:A4:41:95:7D:33:A9:52:A7:53:66:01:B9:EE:CC
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/i_Tvja-apEGVfTOpUqdTZgG57sw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.198.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ab:72:f2:7f:b9:d3:ca:74:2f:4f:97:7e:fe:06:a8:73:22:48:
         5d:10:17:46:35:65:11:0e:db:6d:80:ad:69:b8:c4:e0:a2:ec:
         08:7b:bb:61:4b:1e:c8:d1:a8:4f:f8:5d:fb:44:5b:ea:cb:c1:
         c0:8b:2b:fa:a9:4e:7e:53:5a:94:01:6d:9b:7d:54:b6:56:98:
         30:8d:05:a0:fd:fd:de:ad:4c:ac:fc:bf:ef:32:38:7a:99:c0:
         94:a5:83:15:2e:35:a0:fe:63:8b:57:5b:3d:13:0c:a6:99:e5:
         f0:36:ce:ae:31:9a:8a:7d:7c:7e:10:39:7f:14:ff:35:f2:b6:
         af:69:d3:ec:b3:8d:12:c9:6b:8c:6f:80:5b:bd:ec:b2:5b:b7:
         38:a1:ec:12:4a:c5:42:c7:07:ff:f7:bd:1b:e3:91:f6:8a:20:
         1f:69:44:c9:12:ef:96:29:2a:e6:ce:ff:11:4d:20:23:85:1d:
         f9:11:75:b7:41:5d:35:bc:7d:5e:f7:69:fa:fa:f0:e3:4f:46:
         da:78:21:37:e0:a4:60:87:af:fe:70:0d:fc:af:9d:fc:85:01:
         d3:9b:c1:08:0d:08:95:11:79:00:8b:1c:23:79:69:46:e5:4b:
         cb:15:50:f3:5f:07:b6:b8:c6:a1:a5:7c:db:db:1a:da:11:e2:
         9f:fe:35:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/fP79EgdNlCsRaB2O0QUcTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjQwNjAzMTc1NzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmY0ZWY4ZGFmOWFhNDQxOTU3ZDMzYTk1MmE3NTM2NjAxYjllZWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwGvBWMbdChkH/2k1wVUyo9YZLOk/
fyAlUwm625yfAA7KU+mGJ5/6IHbbHpgZ6ASG5qRYqC6/kMHlmcEpoaR/5TDrhLSj
nxCbl7j9HlRlkaW7ig3gspc2/xXV9TBpYUdM9CS8QFF22WcLXottIwnPw/ncW5bV
62fBL1IOl70NKGZci5jEE2dZaG+n4AAYpn+PJU3D50RJngYRlTDAcSK3aB8r+7qL
Qo6TbQCL8gn0x0ZAOQPj3tt9ngBqQBk9JF6ekHJdKRAm9xFsWQkU5ZFd/WVEGn9w
W6lglrRoXinpGKDJmknea/ls9ZzHjxPfF3reUPd6f/4ZYRozznj5zOq9dwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIv0742vmqRBlX0zqVKnU2YBue7MMB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvaV9UdmphLWFwRUdWZlRPcFVxZFRaZ0c1N3N3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLY3GMA0G
CSqGSIb3DQEBCwUAA4IBAQCrcvJ/udPKdC9Pl37+BqhzIkhdEBdGNWURDtttgK1p
uMTgouwIe7thSx7I0ahP+F37RFvqy8HAiyv6qU5+U1qUAW2bfVS2VpgwjQWg/f3e
rUys/L/vMjh6mcCUpYMVLjWg/mOLV1s9EwymmeXwNs6uMZqKfXx+EDl/FP818rav
adPss40SyWuMb4BbveyyW7c4oewSSsVCxwf/970b45H2iiAfaUTJEu+WKSrmzv8R
TSAjhR35EXW3QV01vH1e92n6+vDjT0baeCE34KRgh6/+cA38r538hQHTm8EIDQiV
EXkAixwjeWlG5UvLFVDzXwe2uMahpXzb2xraEeKf/jWu
-----END CERTIFICATE-----