Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/9d4203-2eee-41de-8d85-08bf22f64097/1/KPjKDyehv8RXqm4yfklp_DtrNQo.roa
File:                     KPjKDyehv8RXqm4yfklp_DtrNQo.roa (raw, json)
Hash identifier:          FVUQQG4RY+Baeg7lO7qa6BhauAr2vKHqbyJi7qMH2Co=
Subject key identifier:   28:F8:CA:0F:27:A1:BF:C4:57:AA:6E:32:7E:49:69:FC:3B:6B:35:0A
Certificate issuer:       /CN=d9f9fa7b944f7e7c60d73ef10b776fc27995a4ed
Certificate serial:       018CCA2A7511C58B4A1C812B7F58474B3EF7
Authority key identifier: D9:F9:FA:7B:94:4F:7E:7C:60:D7:3E:F1:0B:77:6F:C2:79:95:A4:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2fn6e5RPfnxg1z7xC3dvwnmVpO0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/9d4203-2eee-41de-8d85-08bf22f64097/1/KPjKDyehv8RXqm4yfklp_DtrNQo.roa
Signing time:             Tue 02 Jan 2024 12:33:49 +0000
ROA not before:           Tue 02 Jan 2024 12:33:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59974
IP address blocks:        185.69.186.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/9d4203-2eee-41de-8d85-08bf22f64097/1/2fn6e5RPfnxg1z7xC3dvwnmVpO0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/9d4203-2eee-41de-8d85-08bf22f64097/1/2fn6e5RPfnxg1z7xC3dvwnmVpO0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2fn6e5RPfnxg1z7xC3dvwnmVpO0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 18:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:75:11:c5:8b:4a:1c:81:2b:7f:58:47:4b:3e:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9f9fa7b944f7e7c60d73ef10b776fc27995a4ed
        Validity
            Not Before: Jan  2 12:33:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=28f8ca0f27a1bfc457aa6e327e4969fc3b6b350a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:64:b2:78:de:5b:8e:7d:ba:a2:52:11:52:be:
                    4f:34:2c:1f:06:f5:75:36:c5:8b:9c:46:e0:1c:14:
                    38:9f:bf:96:07:b7:18:25:1a:f9:3b:5a:1e:5f:78:
                    18:be:4f:9a:b9:a5:c8:01:fe:f0:cd:df:a3:de:1b:
                    27:50:9b:3c:97:53:52:b5:0a:54:59:a2:01:61:e1:
                    c9:69:99:c0:01:d8:1a:a9:2a:ee:40:b0:be:11:a4:
                    fb:a7:af:c4:3a:3c:eb:1f:09:bb:73:4a:2c:cf:98:
                    f6:40:4f:cb:34:83:6e:a1:9f:c5:03:c1:bd:16:24:
                    2f:51:e1:a3:1f:36:36:5c:99:87:9f:93:c4:c3:3c:
                    84:57:8f:d4:a7:09:23:3e:ad:1e:ce:bd:38:bd:9e:
                    f9:61:41:03:fe:f4:cf:b0:f3:a8:16:63:0a:6a:92:
                    be:77:a5:d2:24:fa:e6:73:bb:3d:1a:14:6b:83:1a:
                    11:86:f1:ef:ff:d1:c0:05:f2:b8:7c:3a:5d:1d:f1:
                    a0:bc:62:4a:3f:ed:6b:61:7e:11:e3:73:ef:1a:5a:
                    c5:b6:13:df:ce:78:95:40:1e:b8:43:17:5b:a9:d6:
                    27:5a:52:cb:06:fc:fb:86:0d:93:bb:1f:e8:a0:41:
                    78:22:00:fe:05:4c:99:86:12:b9:f4:32:e7:80:66:
                    e9:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:F8:CA:0F:27:A1:BF:C4:57:AA:6E:32:7E:49:69:FC:3B:6B:35:0A
            X509v3 Authority Key Identifier:
                keyid:D9:F9:FA:7B:94:4F:7E:7C:60:D7:3E:F1:0B:77:6F:C2:79:95:A4:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2fn6e5RPfnxg1z7xC3dvwnmVpO0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/9d4203-2eee-41de-8d85-08bf22f64097/1/KPjKDyehv8RXqm4yfklp_DtrNQo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/9d4203-2eee-41de-8d85-08bf22f64097/1/2fn6e5RPfnxg1z7xC3dvwnmVpO0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.69.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:4d:ed:6f:92:22:12:d2:57:59:f3:e7:bb:45:46:ca:e2:41:
         c4:ab:87:55:04:d8:40:19:b2:3e:81:2b:86:30:dc:70:6d:2a:
         02:05:c5:91:02:d6:49:6c:0c:e1:51:95:a2:c6:39:72:86:c9:
         6c:c4:5a:67:ed:0b:89:cb:30:99:f3:14:47:45:43:3a:b5:ad:
         4b:fe:58:fb:cc:ef:cf:ec:e4:be:cb:4b:15:72:59:3d:76:c3:
         cc:f0:7d:fc:33:5a:36:f3:4b:2a:86:5d:36:e5:90:f9:95:98:
         63:53:ca:45:61:9b:d3:6d:d9:24:41:0e:0f:f3:26:5e:48:88:
         26:e7:60:f7:6e:76:c0:a0:9f:6d:0c:a9:68:66:2d:d6:88:b1:
         6a:d9:82:cc:6a:b2:3b:08:30:c5:65:0d:22:eb:16:0b:a4:36:
         9a:e6:08:44:00:0f:7a:c0:81:fd:e2:57:08:ed:1a:6d:e5:91:
         ea:57:18:7e:25:45:76:ff:e4:32:de:f2:75:c8:51:75:b9:60:
         74:19:81:70:a4:63:a8:94:b5:7d:4b:d2:ad:6b:5d:8d:cf:d6:
         4c:be:a8:15:17:c4:81:12:32:38:81:57:10:88:4b:c0:c1:22:
         b4:95:b9:23:8f:2d:d5:76:79:61:ec:39:ec:07:31:92:78:0e:
         56:aa:61:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKnURxYtKHIErf1hHSz73MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ZjlmYTdiOTQ0ZjdlN2M2MGQ3M2VmMTBiNzc2ZmMyNzk5
NWE0ZWQwHhcNMjQwMTAyMTIzMzQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGY4Y2EwZjI3YTFiZmM0NTdhYTZlMzI3ZTQ5NjlmYzNiNmIzNTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgWSyeN5bjn26olIRUr5PNCwfBvV1
NsWLnEbgHBQ4n7+WB7cYJRr5O1oeX3gYvk+auaXIAf7wzd+j3hsnUJs8l1NStQpU
WaIBYeHJaZnAAdgaqSruQLC+EaT7p6/EOjzrHwm7c0osz5j2QE/LNINuoZ/FA8G9
FiQvUeGjHzY2XJmHn5PEwzyEV4/UpwkjPq0ezr04vZ75YUED/vTPsPOoFmMKapK+
d6XSJPrmc7s9GhRrgxoRhvHv/9HABfK4fDpdHfGgvGJKP+1rYX4R43PvGlrFthPf
zniVQB64QxdbqdYnWlLLBvz7hg2Tux/ooEF4IgD+BUyZhhK59DLngGbp9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCj4yg8nob/EV6puMn5Jafw7azUKMB8GA1UdIwQY
MBaAFNn5+nuUT358YNc+8Qt3b8J5laTtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmZuNmU1UlBmbnhnMXo3eEMzZHZ3bm1WcE8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC85ZDQyMDMtMmVlZS00MWRlLThkODUt
MDhiZjIyZjY0MDk3LzEvS1BqS0R5ZWh2OFJYcW00eWZrbHBfRHRyTlFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC85ZDQyMDMtMmVlZS00MWRlLThkODUtMDhiZjIyZjY0MDk3
LzEvMmZuNmU1UlBmbnhnMXo3eEMzZHZ3bm1WcE8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUW6MA0G
CSqGSIb3DQEBCwUAA4IBAQAUTe1vkiIS0ldZ8+e7RUbK4kHEq4dVBNhAGbI+gSuG
MNxwbSoCBcWRAtZJbAzhUZWixjlyhslsxFpn7QuJyzCZ8xRHRUM6ta1L/lj7zO/P
7OS+y0sVclk9dsPM8H38M1o280sqhl025ZD5lZhjU8pFYZvTbdkkQQ4P8yZeSIgm
52D3bnbAoJ9tDKloZi3WiLFq2YLMarI7CDDFZQ0i6xYLpDaa5ghEAA96wIH94lcI
7Rpt5ZHqVxh+JUV2/+Qy3vJ1yFF1uWB0GYFwpGOolLV9S9Kta12Nz9ZMvqgVF8SB
EjI4gVcQiEvAwSK0lbkjjy3Vdnlh7DnsBzGSeA5WqmHH
-----END CERTIFICATE-----