Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/a69b42-0f9d-4f3c-a931-9127f429a48d/1/kb1_Y0kOYomlnklhxopzGceEpto.roa
File:                     kb1_Y0kOYomlnklhxopzGceEpto.roa (raw, json)
Hash identifier:          J0NqOM/xrN4CqFn4DW7eONhvFKPnwTtWaFAGATqd4a0=
Subject key identifier:   91:BD:7F:63:49:0E:62:89:A5:9E:49:61:C6:8A:73:19:C7:84:A6:DA
Certificate issuer:       /CN=018b20ff098e6b7cbc8b6af0d680065e6b90600b
Certificate serial:       018CC870319E96EF152A8A2CD8B1E75A444B
Authority key identifier: 01:8B:20:FF:09:8E:6B:7C:BC:8B:6A:F0:D6:80:06:5E:6B:90:60:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AYsg_wmOa3y8i2rw1oAGXmuQYAs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/a69b42-0f9d-4f3c-a931-9127f429a48d/1/kb1_Y0kOYomlnklhxopzGceEpto.roa
Signing time:             Tue 02 Jan 2024 04:30:45 +0000
ROA not before:           Tue 02 Jan 2024 04:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210598
IP address blocks:        109.107.152.0/24 maxlen: 24
                          2a11:d2c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/a69b42-0f9d-4f3c-a931-9127f429a48d/1/AYsg_wmOa3y8i2rw1oAGXmuQYAs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/a69b42-0f9d-4f3c-a931-9127f429a48d/1/AYsg_wmOa3y8i2rw1oAGXmuQYAs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AYsg_wmOa3y8i2rw1oAGXmuQYAs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:31:9e:96:ef:15:2a:8a:2c:d8:b1:e7:5a:44:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=018b20ff098e6b7cbc8b6af0d680065e6b90600b
        Validity
            Not Before: Jan  2 04:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91bd7f63490e6289a59e4961c68a7319c784a6da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:ab:60:7f:55:a7:ee:78:f5:17:3f:61:3f:42:
                    d7:6a:5f:0f:97:d6:92:10:76:3d:89:04:ef:f1:92:
                    9f:3e:1e:83:2e:f7:ee:66:5d:6b:cd:a2:e0:84:a3:
                    ee:20:03:e9:18:f4:a2:39:08:b4:44:55:f2:4d:69:
                    52:c8:47:22:84:96:dc:d4:c0:89:45:5f:a9:ec:47:
                    b0:84:2c:90:0e:f3:92:ea:eb:a2:4b:b6:a2:01:d6:
                    37:ef:63:33:4b:7f:0b:d5:b8:90:6e:fc:2b:f9:bc:
                    1e:db:d1:bb:41:b9:2b:c2:06:36:75:5f:b9:2b:10:
                    f5:c1:07:d7:62:e3:53:cd:75:b7:3d:65:09:23:0f:
                    6a:f2:11:fb:02:c7:49:cd:cf:b7:9e:cd:05:38:42:
                    f1:4a:f1:03:b7:92:53:21:13:7a:10:d0:8e:29:ac:
                    67:d7:0f:1a:bc:48:a4:28:11:63:47:78:17:0d:06:
                    97:4a:ae:42:ed:7d:df:88:46:e1:85:0f:93:a7:aa:
                    7f:fb:60:d7:52:42:39:9d:a1:dd:18:67:2c:4a:47:
                    df:96:54:a8:6b:33:7c:89:83:e3:e9:9f:e3:d2:90:
                    fe:db:9b:f6:ad:71:4d:09:de:52:40:51:5c:87:e6:
                    13:1c:a2:9b:47:d3:e1:37:fc:98:bc:eb:da:07:be:
                    f3:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:BD:7F:63:49:0E:62:89:A5:9E:49:61:C6:8A:73:19:C7:84:A6:DA
            X509v3 Authority Key Identifier:
                keyid:01:8B:20:FF:09:8E:6B:7C:BC:8B:6A:F0:D6:80:06:5E:6B:90:60:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AYsg_wmOa3y8i2rw1oAGXmuQYAs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/a69b42-0f9d-4f3c-a931-9127f429a48d/1/kb1_Y0kOYomlnklhxopzGceEpto.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/a69b42-0f9d-4f3c-a931-9127f429a48d/1/AYsg_wmOa3y8i2rw1oAGXmuQYAs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.107.152.0/24
                IPv6:
                  2a11:d2c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         ea:a6:e2:cf:01:e1:9e:51:7e:ec:c7:3e:28:5b:e5:6b:2e:b1:
         f0:ec:a5:28:54:1c:6f:01:14:b7:cf:0f:a4:88:77:a2:10:96:
         59:be:27:31:3a:14:d4:d3:92:70:4a:c9:4c:5f:82:4a:7a:4c:
         a9:f1:86:8f:45:70:b9:cd:6c:f2:32:51:cb:95:03:fd:2e:9c:
         19:e7:ae:19:5f:fa:7d:4f:8b:d7:7f:e3:56:37:21:20:40:d7:
         d0:53:f2:9f:07:1f:95:18:2d:a7:8e:f8:85:3c:6c:9b:5c:47:
         84:99:2a:ab:5a:58:da:d1:fe:d9:2d:2b:4f:f6:37:5b:aa:22:
         0f:83:2a:6a:01:aa:76:dc:5e:23:bd:9c:8b:47:41:2c:0e:7d:
         14:1f:d0:cf:de:5c:06:58:ff:79:44:76:09:ad:03:95:7a:71:
         05:2f:15:00:bf:3f:6f:b5:1e:0d:5d:16:77:74:7a:a0:79:92:
         cd:9b:ea:68:e0:60:e3:51:e5:43:0c:34:73:6d:8c:d5:c0:3a:
         e9:9a:e1:df:ee:a3:c8:b9:70:73:a2:a5:44:b5:84:7b:74:d4:
         c2:55:bf:6d:3c:be:43:d1:dd:b1:02:2e:f8:22:5a:2f:f4:b2:
         32:83:57:c0:25:00:a2:f2:f3:5a:18:c2:98:e8:8e:13:0e:6f:
         d8:d7:7a:69
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIcDGelu8VKoos2LHnWkRLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxOGIyMGZmMDk4ZTZiN2NiYzhiNmFmMGQ2ODAwNjVlNmI5
MDYwMGIwHhcNMjQwMTAyMDQzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWJkN2Y2MzQ5MGU2Mjg5YTU5ZTQ5NjFjNjhhNzMxOWM3ODRhNmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmatgf1Wn7nj1Fz9hP0LXal8Pl9aS
EHY9iQTv8ZKfPh6DLvfuZl1rzaLghKPuIAPpGPSiOQi0RFXyTWlSyEcihJbc1MCJ
RV+p7EewhCyQDvOS6uuiS7aiAdY372MzS38L1biQbvwr+bwe29G7QbkrwgY2dV+5
KxD1wQfXYuNTzXW3PWUJIw9q8hH7AsdJzc+3ns0FOELxSvEDt5JTIRN6ENCOKaxn
1w8avEikKBFjR3gXDQaXSq5C7X3fiEbhhQ+Tp6p/+2DXUkI5naHdGGcsSkffllSo
azN8iYPj6Z/j0pD+25v2rXFNCd5SQFFch+YTHKKbR9PhN/yYvOvaB77ztwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJG9f2NJDmKJpZ5JYcaKcxnHhKbaMB8GA1UdIwQY
MBaAFAGLIP8Jjmt8vItq8NaABl5rkGALMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVlzZ193bU9hM3k4aTJydzFvQUdYbXVRWUFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS9hNjliNDItMGY5ZC00ZjNjLWE5MzEt
OTEyN2Y0MjlhNDhkLzEva2IxX1kwa09Zb21sbmtsaHhvcHpHY2VFcHRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS9hNjliNDItMGY5ZC00ZjNjLWE5MzEtOTEyN2Y0MjlhNDhk
LzEvQVlzZ193bU9hM3k4aTJydzFvQUdYbXVRWUFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAbWuYMA0E
AgACMAcDBQMqEdLAMA0GCSqGSIb3DQEBCwUAA4IBAQDqpuLPAeGeUX7sxz4oW+Vr
LrHw7KUoVBxvARS3zw+kiHeiEJZZvicxOhTU05JwSslMX4JKekyp8YaPRXC5zWzy
MlHLlQP9LpwZ564ZX/p9T4vXf+NWNyEgQNfQU/KfBx+VGC2njviFPGybXEeEmSqr
Wlja0f7ZLStP9jdbqiIPgypqAap23F4jvZyLR0EsDn0UH9DP3lwGWP95RHYJrQOV
enEFLxUAvz9vtR4NXRZ3dHqgeZLNm+po4GDjUeVDDDRzbYzVwDrpmuHf7qPIuXBz
oqVEtYR7dNTCVb9tPL5D0d2xAi74Ilov9LIyg1fAJQCi8vNaGMKY6I4TDm/Y13pp
-----END CERTIFICATE-----