Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/Jilvo6FK9cuu5EtiVUaHjINfL-g.roa
File:                     Jilvo6FK9cuu5EtiVUaHjINfL-g.roa (raw, json)
Hash identifier:          COReMyMCkii8RrpD+C2kOYiY5R2imTV+jHVihf2CuxM=
Subject key identifier:   26:29:6F:A3:A1:4A:F5:CB:AE:E4:4B:62:55:46:87:8C:83:5F:2F:E8
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018CCA2B4932FA65313AD14FD7FB8DCC030A
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/Jilvo6FK9cuu5EtiVUaHjINfL-g.roa
Signing time:             Tue 02 Jan 2024 12:34:43 +0000
ROA not before:           Tue 02 Jan 2024 12:34:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2914
IP address blocks:        45.138.210.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:49:32:fa:65:31:3a:d1:4f:d7:fb:8d:cc:03:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  2 12:34:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=26296fa3a14af5cbaee44b625546878c835f2fe8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:2a:27:ba:d2:9c:0a:64:d8:f1:f0:51:df:2c:
                    f8:6a:ef:2d:f6:5b:9d:5f:be:0d:e2:ea:8f:08:59:
                    39:02:71:ce:04:15:91:26:92:c1:da:0f:44:3d:fc:
                    84:aa:1d:51:e0:c1:85:7b:e0:1f:ca:4a:42:11:34:
                    54:57:25:63:ca:f3:86:0f:a8:fc:6d:49:9d:c8:90:
                    75:ad:d1:28:11:0d:08:f6:dd:b8:04:f0:00:52:6e:
                    f1:4a:a3:67:ee:45:34:9a:58:b3:3b:6e:6e:df:ff:
                    b6:27:91:d9:32:23:af:42:2b:c3:b0:a9:12:4d:d4:
                    c0:96:33:71:6e:c7:0e:64:27:a8:cc:20:11:1c:ee:
                    0c:41:66:eb:f0:e9:17:1e:95:7e:10:40:3e:5e:6d:
                    fe:c5:60:0e:05:a4:6a:1f:9f:92:7d:bf:05:b3:2f:
                    0f:b9:d0:89:33:bf:3b:39:c7:f3:9b:08:a7:2d:80:
                    58:84:e6:0a:71:b4:18:6d:78:30:2e:3d:c8:03:92:
                    7c:c2:a1:7a:b9:7a:68:5e:61:cc:e5:f2:50:23:1b:
                    a1:2d:3f:e2:67:28:d8:b2:ba:57:54:f5:74:bf:5c:
                    8e:92:86:59:a7:97:3b:c8:e3:24:be:ec:20:9a:ea:
                    86:a3:7b:47:f2:08:fb:ae:a5:d2:e0:29:58:d7:ad:
                    8f:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:29:6F:A3:A1:4A:F5:CB:AE:E4:4B:62:55:46:87:8C:83:5F:2F:E8
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/Jilvo6FK9cuu5EtiVUaHjINfL-g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.138.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:c4:b5:34:41:d5:09:eb:54:2f:8a:5b:f2:0a:e5:6b:6f:ee:
         11:7d:cb:74:f0:f2:60:8e:39:f9:89:e0:5e:e5:2f:eb:72:80:
         9a:11:5d:44:0d:8d:70:99:f4:cd:06:5a:02:f4:2d:8c:e5:40:
         6b:2e:54:4f:d1:d3:b2:0d:6e:43:ad:58:06:94:52:22:a6:7f:
         fa:16:f8:e8:d6:87:b2:5d:3b:48:59:3e:86:7d:7a:07:cf:8d:
         3a:8d:a2:8e:04:f1:35:9b:93:6c:3c:3b:cf:0b:5d:c8:82:1f:
         e7:50:93:4a:1f:88:b8:ca:52:d0:c3:05:7b:bd:2b:9b:db:3f:
         58:7f:1f:d8:bd:4c:32:96:91:a6:dd:37:3a:f0:41:89:19:a3:
         69:2b:ce:e4:1b:da:f6:eb:74:eb:fd:aa:f8:aa:41:22:02:8a:
         13:7c:eb:81:40:64:19:13:f7:90:da:41:05:ab:d3:ee:f6:6d:
         9d:e2:b0:b3:15:4a:e9:96:f5:b5:8b:17:96:df:d9:a9:95:01:
         5e:4d:60:ef:84:5e:ed:19:8e:af:02:11:c4:53:f7:b0:12:43:
         16:3e:10:02:31:43:7c:e9:d2:1e:90:b7:f2:c5:02:f8:c3:57:
         45:59:12:80:2d:78:61:ca:6a:56:8b:fb:1a:de:d3:31:0f:0c:
         08:a8:6c:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK0ky+mUxOtFP1/uNzAMKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwMTAyMTIzNDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjI5NmZhM2ExNGFmNWNiYWVlNDRiNjI1NTQ2ODc4YzgzNWYyZmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiSonutKcCmTY8fBR3yz4au8t9lud
X74N4uqPCFk5AnHOBBWRJpLB2g9EPfyEqh1R4MGFe+AfykpCETRUVyVjyvOGD6j8
bUmdyJB1rdEoEQ0I9t24BPAAUm7xSqNn7kU0mlizO25u3/+2J5HZMiOvQivDsKkS
TdTAljNxbscOZCeozCARHO4MQWbr8OkXHpV+EEA+Xm3+xWAOBaRqH5+Sfb8Fsy8P
udCJM787OcfzmwinLYBYhOYKcbQYbXgwLj3IA5J8wqF6uXpoXmHM5fJQIxuhLT/i
ZyjYsrpXVPV0v1yOkoZZp5c7yOMkvuwgmuqGo3tH8gj7rqXS4ClY162PbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCYpb6OhSvXLruRLYlVGh4yDXy/oMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvSmlsdm82Rks5Y3V1NUV0aVZVYUhqSU5mTC1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYrSMA0G
CSqGSIb3DQEBCwUAA4IBAQCvxLU0QdUJ61QvilvyCuVrb+4Rfct08PJgjjn5ieBe
5S/rcoCaEV1EDY1wmfTNBloC9C2M5UBrLlRP0dOyDW5DrVgGlFIipn/6Fvjo1oey
XTtIWT6GfXoHz406jaKOBPE1m5NsPDvPC13Igh/nUJNKH4i4ylLQwwV7vSub2z9Y
fx/YvUwylpGm3Tc68EGJGaNpK87kG9r263Tr/ar4qkEiAooTfOuBQGQZE/eQ2kEF
q9Pu9m2d4rCzFUrplvW1ixeW39mplQFeTWDvhF7tGY6vAhHEU/ewEkMWPhACMUN8
6dIekLfyxQL4w1dFWRKALXhhympWi/sa3tMxDwwIqGwz
-----END CERTIFICATE-----