Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/HpSsS9oTGcryjVlXzs1iVA7wlS0.roa
File:                     HpSsS9oTGcryjVlXzs1iVA7wlS0.roa (raw, json)
Hash identifier:          N6leFNt29ZYPWsMZYSAJZAq72uI+HSzVBdQsRd6qt6A=
Subject key identifier:   1E:94:AC:4B:DA:13:19:CA:F2:8D:59:57:CE:CD:62:54:0E:F0:95:2D
Certificate issuer:       /CN=6cd98c2c54b0cbea134e27a981cfdde73236e055
Certificate serial:       018CC2DB5E50E5096A746D7813AF71E0641E
Authority key identifier: 6C:D9:8C:2C:54:B0:CB:EA:13:4E:27:A9:81:CF:DD:E7:32:36:E0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bNmMLFSwy-oTTiepgc_d5zI24FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/HpSsS9oTGcryjVlXzs1iVA7wlS0.roa
Signing time:             Mon 01 Jan 2024 02:30:05 +0000
ROA not before:           Mon 01 Jan 2024 02:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     268581
IP address blocks:        45.140.192.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/bNmMLFSwy-oTTiepgc_d5zI24FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/bNmMLFSwy-oTTiepgc_d5zI24FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bNmMLFSwy-oTTiepgc_d5zI24FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:5e:50:e5:09:6a:74:6d:78:13:af:71:e0:64:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6cd98c2c54b0cbea134e27a981cfdde73236e055
        Validity
            Not Before: Jan  1 02:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1e94ac4bda1319caf28d5957cecd62540ef0952d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:2c:fe:ad:80:af:58:83:d6:f0:80:2c:ec:5a:
                    10:6a:f3:90:53:31:b6:85:93:da:a6:e6:6e:23:a6:
                    d6:38:82:31:82:55:32:f5:7a:82:99:4c:54:e6:6b:
                    59:69:c9:26:0b:84:76:40:52:a7:29:72:4a:f8:e6:
                    d3:30:56:5f:42:fb:d7:ac:05:f5:79:da:2f:52:59:
                    2f:cc:c7:1e:64:3b:80:ad:e6:f7:e3:85:ad:59:94:
                    0b:96:e6:7e:36:4b:cd:a6:cf:1c:5f:f9:ce:1a:65:
                    56:75:a8:f3:20:9d:73:7a:2c:9b:8b:e6:1c:62:27:
                    61:42:27:86:ef:d1:f7:ee:56:13:ab:58:f9:6a:51:
                    3d:92:63:10:54:6c:e7:f8:91:18:72:db:cb:fc:6a:
                    a3:27:9c:06:38:a4:e3:24:52:9a:39:fc:25:09:f6:
                    1d:57:08:a0:1e:c5:fa:9f:5f:f7:09:df:94:26:09:
                    e9:d1:c1:f0:5c:18:dd:2e:f4:7d:78:d3:49:d3:da:
                    df:28:65:9a:39:e4:20:01:a3:85:96:2c:b2:a1:84:
                    ba:2c:58:10:5e:f8:93:ff:9a:3f:70:53:ed:61:4e:
                    cc:5e:de:21:c8:d5:90:6d:1a:0c:e5:67:5e:83:16:
                    e0:4f:70:69:f7:b3:a8:72:f3:53:b8:15:83:ef:32:
                    5a:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:94:AC:4B:DA:13:19:CA:F2:8D:59:57:CE:CD:62:54:0E:F0:95:2D
            X509v3 Authority Key Identifier:
                keyid:6C:D9:8C:2C:54:B0:CB:EA:13:4E:27:A9:81:CF:DD:E7:32:36:E0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bNmMLFSwy-oTTiepgc_d5zI24FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/HpSsS9oTGcryjVlXzs1iVA7wlS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/bNmMLFSwy-oTTiepgc_d5zI24FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.192.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b0:8b:62:4f:c7:6b:59:8c:d5:02:db:a4:5d:fd:99:b5:ac:11:
         5a:fb:d8:02:32:13:8e:61:3e:88:c7:1d:0b:74:3f:e7:d3:59:
         4d:fe:bf:48:4f:29:c1:52:c6:1f:f1:60:b0:4a:e3:18:d9:5c:
         7b:ad:7f:99:55:36:d4:d5:51:6d:cc:6a:5f:cb:c5:44:05:2d:
         5c:c2:c5:f5:b0:50:04:d0:13:fe:4d:a2:49:58:c9:27:d4:7f:
         f0:43:9b:b1:04:13:b2:93:c9:d5:34:69:01:db:cd:9d:34:c3:
         e9:e9:12:bf:f0:ae:54:9b:8b:32:09:d8:b4:24:23:96:d6:35:
         13:e4:a6:8a:08:25:e5:92:08:bb:40:63:c1:05:14:0e:86:09:
         c7:56:58:11:44:59:85:55:cf:e9:83:cb:5b:54:65:1b:a9:91:
         5f:c1:3b:05:23:74:16:51:c2:02:96:87:fb:39:5f:83:18:28:
         ab:4b:31:f7:06:28:83:13:f4:15:fb:13:25:67:8c:76:3e:0f:
         6a:37:e9:cb:6b:c2:3a:24:63:62:b8:ab:a7:a8:c9:92:b4:30:
         0c:1b:7b:ed:e8:c4:46:ef:03:ee:dc:dd:a3:d1:a7:a5:c6:89:
         d2:e9:92:6d:d4:ba:35:b7:3d:89:95:7c:b6:64:e3:7d:9d:3b:
         ce:54:6a:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC215Q5QlqdG14E69x4GQeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZDk4YzJjNTRiMGNiZWExMzRlMjdhOTgxY2ZkZGU3MzIz
NmUwNTUwHhcNMjQwMTAxMDIzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTk0YWM0YmRhMTMxOWNhZjI4ZDU5NTdjZWNkNjI1NDBlZjA5NTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqyz+rYCvWIPW8IAs7FoQavOQUzG2
hZPapuZuI6bWOIIxglUy9XqCmUxU5mtZackmC4R2QFKnKXJK+ObTMFZfQvvXrAX1
edovUlkvzMceZDuAreb344WtWZQLluZ+NkvNps8cX/nOGmVWdajzIJ1zeiybi+Yc
YidhQieG79H37lYTq1j5alE9kmMQVGzn+JEYctvL/GqjJ5wGOKTjJFKaOfwlCfYd
VwigHsX6n1/3Cd+UJgnp0cHwXBjdLvR9eNNJ09rfKGWaOeQgAaOFliyyoYS6LFgQ
XviT/5o/cFPtYU7MXt4hyNWQbRoM5WdegxbgT3Bp97OocvNTuBWD7zJa9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB6UrEvaExnK8o1ZV87NYlQO8JUtMB8GA1UdIwQY
MBaAFGzZjCxUsMvqE04nqYHP3ecyNuBVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk5tTUxGU3d5LW9UVGllcGdjX2Q1ekkyNEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS8wMTYzOGMtNmNiOS00NTg5LTkwOWIt
ZDM3ZGY2MzRhOTI5LzEvSHBTc1M5b1RHY3J5alZsWHpzMWlWQTd3bFMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS8wMTYzOGMtNmNiOS00NTg5LTkwOWItZDM3ZGY2MzRhOTI5
LzEvYk5tTUxGU3d5LW9UVGllcGdjX2Q1ekkyNEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYzAMA0G
CSqGSIb3DQEBCwUAA4IBAQCwi2JPx2tZjNUC26Rd/Zm1rBFa+9gCMhOOYT6Ixx0L
dD/n01lN/r9ITynBUsYf8WCwSuMY2Vx7rX+ZVTbU1VFtzGpfy8VEBS1cwsX1sFAE
0BP+TaJJWMkn1H/wQ5uxBBOyk8nVNGkB282dNMPp6RK/8K5Um4syCdi0JCOW1jUT
5KaKCCXlkgi7QGPBBRQOhgnHVlgRRFmFVc/pg8tbVGUbqZFfwTsFI3QWUcIClof7
OV+DGCirSzH3BiiDE/QV+xMlZ4x2Pg9qN+nLa8I6JGNiuKunqMmStDAMG3vt6MRG
7wPu3N2j0aelxonS6ZJt1Lo1tz2JlXy2ZON9nTvOVGpO
-----END CERTIFICATE-----