Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/KNel6IG5g9XoUbaY7ckQhmwlmwY.roa
File:                     KNel6IG5g9XoUbaY7ckQhmwlmwY.roa (raw, json)
Hash identifier:          41FqmxZnBbTgF2jeR3kCwVDuK9MbMxesbpXHc1O+FiI=
Subject key identifier:   28:D7:A5:E8:81:B9:83:D5:E8:51:B6:98:ED:C9:10:86:6C:25:9B:06
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       018ECCBD6131C5656368333A9A2BA89B08DD
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/KNel6IG5g9XoUbaY7ckQhmwlmwY.roa
Signing time:             Thu 11 Apr 2024 10:39:06 +0000
ROA not before:           Thu 11 Apr 2024 10:39:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60544
IP address blocks:        62.76.205.0/24 maxlen: 32
                          195.209.149.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 13:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:cc:bd:61:31:c5:65:63:68:33:3a:9a:2b:a8:9b:08:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Apr 11 10:39:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=28d7a5e881b983d5e851b698edc910866c259b06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:ea:bb:6b:b8:5f:ea:7d:78:cb:7d:15:de:c3:
                    25:16:23:c1:0a:36:a9:0e:a0:30:e6:83:24:ba:bf:
                    47:7c:49:e2:26:5a:40:4e:73:ea:33:b9:8c:3d:b1:
                    42:00:26:9a:b4:15:8c:60:ee:ae:c0:82:b3:a3:7b:
                    7e:b5:16:cf:76:a9:53:5d:ba:00:a3:e5:20:63:48:
                    92:34:44:bb:9b:0c:b4:58:4e:3a:6e:47:db:0b:4f:
                    3a:1b:47:bb:b5:65:dd:e1:0b:42:26:c3:cb:7e:7d:
                    e3:25:6f:8a:49:30:f1:38:1c:77:34:d4:da:c1:46:
                    2d:8a:dd:41:6a:5d:e2:73:42:b2:50:7a:22:c0:80:
                    4c:74:0d:db:0b:2b:a3:d2:93:ba:13:36:ef:c7:95:
                    a0:bc:d2:f4:7a:de:76:fe:be:13:58:91:91:72:34:
                    ef:69:f1:82:1e:90:07:92:09:bb:d3:3b:3b:0d:79:
                    24:19:1c:3c:db:e1:54:21:7b:e9:35:f2:71:a9:d9:
                    c2:27:e0:c0:00:f1:30:39:88:e4:06:77:bc:a3:90:
                    3f:a6:0f:71:cf:b8:b8:2c:6a:77:01:b8:ad:e6:cc:
                    88:04:6d:ad:d7:76:e5:94:26:79:3f:fb:60:10:82:
                    cc:15:a7:c7:ba:e4:8f:7d:d0:1e:88:2d:6c:08:ac:
                    27:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:D7:A5:E8:81:B9:83:D5:E8:51:B6:98:ED:C9:10:86:6C:25:9B:06
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/KNel6IG5g9XoUbaY7ckQhmwlmwY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.76.205.0/24
                  195.209.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:bb:74:74:6a:fd:fb:97:91:66:0b:39:25:45:20:c1:b3:ab:
         61:0a:7b:74:7e:a7:5c:f2:23:b5:04:72:4b:68:46:bc:45:29:
         b0:d5:60:ba:94:75:2d:1d:17:e0:00:9f:55:e3:26:1f:f6:84:
         52:3a:04:5b:ee:cc:a6:72:eb:cd:b9:08:3a:46:ff:20:1d:41:
         19:b8:81:f7:5c:ca:6b:d1:99:f6:bd:cd:d2:86:17:a9:b8:bd:
         14:5a:5e:e2:ff:8d:1d:30:e3:d3:cc:a6:82:b4:a0:17:48:10:
         0e:27:80:1d:25:3d:6b:16:5e:77:5f:04:17:b5:d3:66:3b:4c:
         cf:a8:ba:3c:52:76:87:ce:3d:56:36:97:f7:42:7e:7b:85:80:
         fc:8a:dd:8c:f3:34:e4:cf:fd:2c:72:22:03:c2:b3:2f:a5:d4:
         c1:f6:39:c5:31:45:38:ba:8b:72:7e:8d:a1:4b:52:7c:64:d6:
         85:a4:d2:9b:70:aa:cb:9a:bd:0a:3d:f3:42:72:15:f2:d6:86:
         b5:e4:1d:2c:dd:70:b2:47:27:e5:fb:a1:fc:51:ce:28:11:3f:
         9b:c1:de:64:7f:8a:ef:fb:a9:cf:3c:92:b9:06:46:07:43:3a:
         56:88:10:7b:df:4e:49:f6:90:db:9e:6c:45:94:8b:61:10:c2:
         59:bf:cd:09
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY7MvWExxWVjaDM6miuomwjdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjQwNDExMTAzOTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGQ3YTVlODgxYjk4M2Q1ZTg1MWI2OThlZGM5MTA4NjZjMjU5YjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiuq7a7hf6n14y30V3sMlFiPBCjap
DqAw5oMkur9HfEniJlpATnPqM7mMPbFCACaatBWMYO6uwIKzo3t+tRbPdqlTXboA
o+UgY0iSNES7mwy0WE46bkfbC086G0e7tWXd4QtCJsPLfn3jJW+KSTDxOBx3NNTa
wUYtit1Bal3ic0KyUHoiwIBMdA3bCyuj0pO6Ezbvx5WgvNL0et52/r4TWJGRcjTv
afGCHpAHkgm70zs7DXkkGRw82+FUIXvpNfJxqdnCJ+DAAPEwOYjkBne8o5A/pg9x
z7i4LGp3Abit5syIBG2t13bllCZ5P/tgEILMFafHuuSPfdAeiC1sCKwnxwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCjXpeiBuYPV6FG2mO3JEIZsJZsGMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvS05lbDZJRzVnOVhvVWJhWTdja1FobXdsbXdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPkzNAwQA
w9GVMA0GCSqGSIb3DQEBCwUAA4IBAQAvu3R0av37l5FmCzklRSDBs6thCnt0fqdc
8iO1BHJLaEa8RSmw1WC6lHUtHRfgAJ9V4yYf9oRSOgRb7symcuvNuQg6Rv8gHUEZ
uIH3XMpr0Zn2vc3ShhepuL0UWl7i/40dMOPTzKaCtKAXSBAOJ4AdJT1rFl53XwQX
tdNmO0zPqLo8UnaHzj1WNpf3Qn57hYD8it2M8zTkz/0sciIDwrMvpdTB9jnFMUU4
uotyfo2hS1J8ZNaFpNKbcKrLmr0KPfNCchXy1oa15B0s3XCyRyfl+6H8Uc4oET+b
wd5kf4rv+6nPPJK5BkYHQzpWiBB7305J9pDbnmxFlIthEMJZv80J
-----END CERTIFICATE-----