Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/km0XLAMc8yiZHYC6kulcH1jqV8A.roa
File:                     km0XLAMc8yiZHYC6kulcH1jqV8A.roa (raw, json)
Hash identifier:          ehbBrH1czN3ILOxRfB0rOME00NV29cZMFlBQxnEbfkg=
Subject key identifier:   92:6D:17:2C:03:1C:F3:28:99:1D:80:BA:92:E9:5C:1F:58:EA:57:C0
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018CCA2B67313E1A3B2CE3DEBC257921025C
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/km0XLAMc8yiZHYC6kulcH1jqV8A.roa
Signing time:             Tue 02 Jan 2024 12:34:51 +0000
ROA not before:           Tue 02 Jan 2024 12:34:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        45.138.210.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:67:31:3e:1a:3b:2c:e3:de:bc:25:79:21:02:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  2 12:34:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=926d172c031cf328991d80ba92e95c1f58ea57c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:ba:b0:f2:db:78:95:19:59:ee:56:52:2f:aa:
                    85:72:0f:df:bf:85:f5:51:7e:fa:40:71:b6:45:34:
                    14:25:13:9d:f9:2a:41:ca:0e:11:7b:b8:0c:31:43:
                    39:6c:4c:24:4a:e5:e8:d4:e5:0e:7e:88:08:1e:3b:
                    ad:ee:33:b3:da:4c:15:f2:54:0c:77:0c:71:5b:00:
                    07:61:2e:e7:13:95:71:16:94:36:6d:da:c0:05:3b:
                    8b:72:34:83:d4:e9:94:cc:e5:03:d9:32:22:f2:c2:
                    03:79:4b:df:c4:b5:cd:c0:0b:f2:51:ae:03:56:2b:
                    41:72:a3:b7:d6:d2:ff:8a:d4:a7:0f:fe:11:8e:65:
                    30:8e:e2:38:77:d8:58:9c:4c:50:64:9e:17:b4:87:
                    42:56:c4:17:9a:2e:d6:af:4e:a5:b9:3b:b4:98:e7:
                    e2:8b:21:f5:04:51:03:7b:df:51:1c:ff:49:64:a0:
                    bd:28:99:a7:fe:97:10:d3:8b:8b:f9:13:85:1d:6c:
                    35:9c:99:d7:7d:a4:8a:a2:f4:c8:bf:19:fc:40:da:
                    b3:4e:37:24:49:5a:88:52:db:a6:1e:9e:b0:c4:bd:
                    e6:de:97:82:f7:ee:f6:fd:e6:f1:92:31:c8:c8:6c:
                    48:01:e3:1b:7b:ad:07:13:3f:44:8a:47:29:4e:47:
                    7e:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:6D:17:2C:03:1C:F3:28:99:1D:80:BA:92:E9:5C:1F:58:EA:57:C0
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/km0XLAMc8yiZHYC6kulcH1jqV8A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.138.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:f8:5c:f5:5f:05:04:9f:99:52:70:69:a6:c8:bc:2b:d7:75:
         83:a9:8d:a1:03:4a:62:ad:a2:87:6c:3d:1b:d7:fd:90:16:c9:
         7b:03:30:cf:78:73:1c:14:f7:be:ee:ba:23:10:38:ba:c0:da:
         3d:7e:20:d7:1a:0b:2d:08:86:f5:7e:9f:aa:fe:56:23:6b:8b:
         cb:ca:ce:cc:c7:e6:48:83:52:28:3e:ef:de:b5:d2:d2:80:ed:
         19:37:22:77:bc:cc:7b:35:a4:7b:e4:62:45:67:57:df:49:99:
         c0:f3:5d:05:a2:f2:e6:a1:bc:97:bf:d2:42:db:d4:4e:3a:db:
         d9:7c:3a:41:f6:10:1f:0c:cb:33:05:d1:39:11:f5:2a:d9:16:
         94:8f:0d:f0:ba:0e:37:bc:71:b5:81:1d:1d:d0:1b:77:79:d2:
         b1:1d:e9:6c:33:25:8b:26:bb:1a:c1:dc:28:30:07:dd:20:f4:
         f5:9e:c8:b8:5e:27:e8:fe:1f:90:6c:32:84:aa:19:68:cf:09:
         2c:ff:c5:dd:88:1f:45:32:2b:0c:f7:e4:0c:70:2c:ce:d1:18:
         e7:da:f8:bd:f9:dc:6e:4a:ef:e2:0d:eb:56:0e:8c:13:74:f7:
         02:62:79:4a:ce:e7:a1:9a:20:c8:26:6e:b4:65:85:21:89:16:
         ac:14:3c:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK2cxPho7LOPevCV5IQJcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwMTAyMTIzNDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjZkMTcyYzAzMWNmMzI4OTkxZDgwYmE5MmU5NWMxZjU4ZWE1N2MwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnbqw8tt4lRlZ7lZSL6qFcg/fv4X1
UX76QHG2RTQUJROd+SpByg4Re7gMMUM5bEwkSuXo1OUOfogIHjut7jOz2kwV8lQM
dwxxWwAHYS7nE5VxFpQ2bdrABTuLcjSD1OmUzOUD2TIi8sIDeUvfxLXNwAvyUa4D
VitBcqO31tL/itSnD/4RjmUwjuI4d9hYnExQZJ4XtIdCVsQXmi7Wr06luTu0mOfi
iyH1BFEDe99RHP9JZKC9KJmn/pcQ04uL+ROFHWw1nJnXfaSKovTIvxn8QNqzTjck
SVqIUtumHp6wxL3m3peC9+72/ebxkjHIyGxIAeMbe60HEz9EikcpTkd+9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJJtFywDHPMomR2AupLpXB9Y6lfAMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEva20wWExBTWM4eWlaSFlDNmt1bGNIMWpxVjhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYrSMA0G
CSqGSIb3DQEBCwUAA4IBAQCr+Fz1XwUEn5lScGmmyLwr13WDqY2hA0piraKHbD0b
1/2QFsl7AzDPeHMcFPe+7rojEDi6wNo9fiDXGgstCIb1fp+q/lYja4vLys7Mx+ZI
g1IoPu/etdLSgO0ZNyJ3vMx7NaR75GJFZ1ffSZnA810FovLmobyXv9JC29ROOtvZ
fDpB9hAfDMszBdE5EfUq2RaUjw3wug43vHG1gR0d0Bt3edKxHelsMyWLJrsawdwo
MAfdIPT1nsi4Xifo/h+QbDKEqhlozwks/8XdiB9FMisM9+QMcCzO0Rjn2vi9+dxu
Su/iDetWDowTdPcCYnlKzuehmiDIJm60ZYUhiRasFDyR
-----END CERTIFICATE-----