Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/C_iwHp7NooXxFDWJy1CCz4_tIgk.roa
File:                     C_iwHp7NooXxFDWJy1CCz4_tIgk.roa (raw, json)
Hash identifier:          cZYHWhw62yR359hDlSCUjWyWLVvXNWIknTQTxy+ReBo=
Subject key identifier:   0B:F8:B0:1E:9E:CD:A2:85:F1:14:35:89:CB:50:82:CF:8F:ED:22:09
Certificate issuer:       /CN=4ee843a85dd664e9dc0310892bd7dd9ce52591c7
Certificate serial:       01915167252B106C630BFE4F687B139649C0
Authority key identifier: 4E:E8:43:A8:5D:D6:64:E9:DC:03:10:89:2B:D7:DD:9C:E5:25:91:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TuhDqF3WZOncAxCJK9fdnOUlkcc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/C_iwHp7NooXxFDWJy1CCz4_tIgk.roa
Signing time:             Wed 14 Aug 2024 14:59:59 +0000
ROA not before:           Wed 14 Aug 2024 14:59:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215324
IP address blocks:        206.245.238.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/TuhDqF3WZOncAxCJK9fdnOUlkcc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/TuhDqF3WZOncAxCJK9fdnOUlkcc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TuhDqF3WZOncAxCJK9fdnOUlkcc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:51:67:25:2b:10:6c:63:0b:fe:4f:68:7b:13:96:49:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ee843a85dd664e9dc0310892bd7dd9ce52591c7
        Validity
            Not Before: Aug 14 14:59:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0bf8b01e9ecda285f1143589cb5082cf8fed2209
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:70:dc:00:06:bc:3a:88:d4:d7:98:11:66:62:
                    49:9f:64:37:16:10:e1:6a:4c:f2:4f:8c:13:3b:a9:
                    a4:8a:c0:a1:67:7d:7f:e0:8c:53:59:b6:e5:8c:7f:
                    80:9f:1a:56:94:a5:a9:45:01:39:0b:16:cc:fe:c8:
                    47:a3:4f:02:30:54:7f:df:5c:8c:c6:da:7e:8a:49:
                    d6:9f:ef:13:70:01:7c:55:6d:57:4f:61:d5:45:0e:
                    5f:04:0f:fc:8d:71:05:1b:c2:f4:a8:e9:32:18:fb:
                    0b:d5:f2:48:0c:32:10:79:8e:4a:ad:b0:52:96:ea:
                    9b:7a:9f:fd:e9:33:ea:96:d7:a6:16:1d:53:26:e9:
                    56:ae:75:f8:02:ac:65:b6:1c:ea:5d:c9:43:1a:48:
                    f8:dc:90:55:1c:d3:01:7d:09:8a:cb:07:c5:7f:ed:
                    b6:eb:5b:36:81:03:3c:2f:b0:3b:e9:83:36:67:d6:
                    1f:e2:52:04:3f:8d:d8:af:fc:aa:ac:f1:a7:30:22:
                    eb:1d:74:7e:f6:35:e8:f8:90:c9:33:4c:e6:f9:50:
                    b8:c3:1a:b3:a1:02:96:6c:45:db:9a:3a:78:81:06:
                    12:8e:ef:07:70:ff:0f:3b:18:8b:1e:d1:15:57:07:
                    21:7c:ae:06:29:fb:28:d1:33:63:64:69:53:bb:e5:
                    2f:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:F8:B0:1E:9E:CD:A2:85:F1:14:35:89:CB:50:82:CF:8F:ED:22:09
            X509v3 Authority Key Identifier:
                keyid:4E:E8:43:A8:5D:D6:64:E9:DC:03:10:89:2B:D7:DD:9C:E5:25:91:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TuhDqF3WZOncAxCJK9fdnOUlkcc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/C_iwHp7NooXxFDWJy1CCz4_tIgk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/TuhDqF3WZOncAxCJK9fdnOUlkcc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  206.245.238.0/23

    Signature Algorithm: sha256WithRSAEncryption
         35:44:06:d6:a0:14:96:02:57:0c:9e:88:d3:15:26:26:27:26:
         dd:98:d7:14:66:7b:36:0e:89:a1:64:d2:65:7c:2a:d7:d0:3e:
         b1:99:15:2b:9d:d0:d9:11:37:dc:11:8f:96:c3:8a:63:f0:c1:
         24:11:6e:35:d5:d9:27:c3:ad:35:d3:97:3e:3f:1b:da:44:ae:
         4d:a9:a2:96:38:4a:66:28:10:7b:87:a8:23:c8:7c:11:c9:fa:
         fa:47:65:08:8f:e3:d6:32:03:8c:1d:a8:46:b5:fa:4c:2c:b3:
         0e:34:86:2b:f4:83:43:d0:83:dc:7a:f3:96:b2:53:72:bf:c9:
         44:1e:9d:b0:68:90:ec:30:62:cb:12:21:d2:13:a1:6e:2f:5e:
         05:1f:3c:36:2d:53:02:f5:e3:60:51:12:d8:dc:86:1c:e6:fc:
         34:91:df:a2:95:7c:8e:4c:d2:47:ee:f6:96:1f:76:6c:d0:e7:
         8f:1d:a9:a9:ac:c9:4a:d8:be:dd:6c:14:97:c7:f7:5e:e0:b9:
         31:74:d6:86:06:b2:6b:f7:1f:62:48:40:0e:79:78:e5:ae:b4:
         d2:90:2e:d8:c5:75:45:fe:ec:92:34:18:f2:06:c8:3b:68:dd:
         b7:e0:e4:7f:5e:84:d0:18:73:b5:dd:47:3e:b6:67:c8:83:2d:
         a4:cf:7e:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFRZyUrEGxjC/5PaHsTlknAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlZTg0M2E4NWRkNjY0ZTlkYzAzMTA4OTJiZDdkZDljZTUy
NTkxYzcwHhcNMjQwODE0MTQ1OTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmY4YjAxZTllY2RhMjg1ZjExNDM1ODljYjUwODJjZjhmZWQyMjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3DcAAa8OojU15gRZmJJn2Q3FhDh
akzyT4wTO6mkisChZ31/4IxTWbbljH+AnxpWlKWpRQE5CxbM/shHo08CMFR/31yM
xtp+iknWn+8TcAF8VW1XT2HVRQ5fBA/8jXEFG8L0qOkyGPsL1fJIDDIQeY5KrbBS
luqbep/96TPqltemFh1TJulWrnX4AqxlthzqXclDGkj43JBVHNMBfQmKywfFf+22
61s2gQM8L7A76YM2Z9Yf4lIEP43Yr/yqrPGnMCLrHXR+9jXo+JDJM0zm+VC4wxqz
oQKWbEXbmjp4gQYSju8HcP8POxiLHtEVVwchfK4GKfso0TNjZGlTu+Uv2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAv4sB6ezaKF8RQ1ictQgs+P7SIJMB8GA1UdIwQY
MBaAFE7oQ6hd1mTp3AMQiSvX3ZzlJZHHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHVoRHFGM1daT25jQXhDSks5ZmRuT1Vsa2NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9hZGFkMjAtYzUxMi00ZmIwLWExMjct
NDhjZjQxMmIzODdiLzEvQ19pd0hwN05vb1h4RkRXSnkxQ0N6NF90SWdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9hZGFkMjAtYzUxMi00ZmIwLWExMjctNDhjZjQxMmIzODdi
LzEvVHVoRHFGM1daT25jQXhDSks5ZmRuT1Vsa2NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBzvXuMA0G
CSqGSIb3DQEBCwUAA4IBAQA1RAbWoBSWAlcMnojTFSYmJybdmNcUZns2DomhZNJl
fCrX0D6xmRUrndDZETfcEY+Ww4pj8MEkEW411dknw60105c+PxvaRK5NqaKWOEpm
KBB7h6gjyHwRyfr6R2UIj+PWMgOMHahGtfpMLLMONIYr9IND0IPcevOWslNyv8lE
Hp2waJDsMGLLEiHSE6FuL14FHzw2LVMC9eNgURLY3IYc5vw0kd+ilXyOTNJH7vaW
H3Zs0OePHamprMlK2L7dbBSXx/de4LkxdNaGBrJr9x9iSEAOeXjlrrTSkC7YxXVF
/uySNBjyBsg7aN234OR/XoTQGHO13Uc+tmfIgy2kz35g
-----END CERTIFICATE-----