Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/KHJXK_hsvfM2sbazyMBg6Gx6LYc.roa
File:                     KHJXK_hsvfM2sbazyMBg6Gx6LYc.roa (raw, json)
Hash identifier:          HLdJYHpqo+jNDmWfQ+ofjwHE/N8OdCaoQIhQEgiU6kE=
Subject key identifier:   28:72:57:2B:F8:6C:BD:F3:36:B1:B6:B3:C8:C0:60:E8:6C:7A:2D:87
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018CCA2A7C93C78A0C22EFD0F6D4BA2D8056
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/KHJXK_hsvfM2sbazyMBg6Gx6LYc.roa
Signing time:             Tue 02 Jan 2024 12:33:51 +0000
ROA not before:           Tue 02 Jan 2024 12:33:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61003
IP address blocks:        212.193.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:7c:93:c7:8a:0c:22:ef:d0:f6:d4:ba:2d:80:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 12:33:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2872572bf86cbdf336b1b6b3c8c060e86c7a2d87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:05:4d:20:52:4c:c2:30:60:54:a3:b8:bb:07:
                    b0:e2:e9:1d:90:71:4a:0d:b3:d2:47:fd:96:d0:e0:
                    04:00:1b:c9:97:f6:ed:d8:54:4b:91:b5:c2:ba:b8:
                    7e:c3:0e:71:0c:60:3f:fe:da:4e:89:0c:83:64:05:
                    69:33:19:24:73:02:2a:e8:ac:41:7a:23:4d:aa:66:
                    b9:ab:49:b4:a7:c6:f4:10:0d:28:d8:91:94:eb:06:
                    a1:b5:61:68:2a:6d:43:d9:10:49:93:1f:80:76:f8:
                    2a:86:88:a5:04:7e:6a:5a:8b:e7:14:ca:c6:14:de:
                    c0:36:18:aa:de:f6:c0:91:63:27:4b:1e:8f:65:aa:
                    48:7a:9a:94:ab:48:0a:40:d5:8b:4d:5d:51:dc:96:
                    cb:2b:9b:82:d1:d1:b2:cb:98:a8:7f:f8:5a:f4:19:
                    49:27:ec:25:25:83:b9:cb:bf:77:54:00:71:73:a6:
                    92:b2:b1:59:d4:15:0b:6d:66:03:91:6f:8f:d0:3b:
                    24:c5:94:b8:f5:69:21:6c:63:24:51:de:d8:e0:e9:
                    a0:f4:42:e6:20:33:29:f3:19:8c:ed:d7:d3:79:17:
                    da:07:cc:7a:ab:dd:9e:73:f7:3d:85:8d:ce:ba:c1:
                    0e:cc:2f:72:c6:18:91:fd:a1:39:d9:02:39:fe:68:
                    9f:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:72:57:2B:F8:6C:BD:F3:36:B1:B6:B3:C8:C0:60:E8:6C:7A:2D:87
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/KHJXK_hsvfM2sbazyMBg6Gx6LYc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.193.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:3a:5d:8c:ee:e5:2e:ab:a0:18:99:bb:73:42:98:64:10:48:
         d9:d4:fa:1e:08:33:eb:f3:d4:f2:3b:ed:d8:be:b6:25:eb:32:
         1e:d6:e6:fd:22:26:1f:2c:7f:69:40:d3:f5:5e:73:af:15:ae:
         90:50:15:4e:a8:22:65:fe:95:77:a6:85:75:e4:66:b7:2c:e8:
         4b:7d:5c:88:89:99:b7:1a:b7:07:58:a6:1d:23:55:e5:ee:89:
         02:0b:27:ed:b5:4a:72:41:97:07:d4:aa:ae:2c:31:92:c3:4c:
         ce:73:a5:fa:3b:de:6a:3d:f0:f7:72:9d:f8:3d:6d:1e:15:1e:
         c1:cd:a6:fe:df:52:cc:6e:a5:00:cb:b9:d7:9d:20:27:8a:1a:
         1d:62:1c:7d:6d:5a:02:2a:2c:38:00:98:1d:e1:4e:95:9b:69:
         70:3a:08:72:fb:00:a9:6a:5a:1f:9d:7b:d9:b5:7d:28:03:b5:
         b1:fc:0c:68:73:66:4e:8f:dc:89:bf:76:2b:25:85:f5:ba:6c:
         86:5f:0d:20:3e:66:d6:a2:0b:f9:1f:eb:83:f7:94:fd:04:15:
         f7:b9:7e:48:b5:cf:d3:9d:07:03:ab:19:69:f2:6b:e1:a6:5c:
         a7:6b:29:10:d7:c9:ef:f2:00:01:6a:32:11:07:fc:e4:f9:1f:
         20:b4:8c:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKnyTx4oMIu/Q9tS6LYBWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMTAyMTIzMzUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODcyNTcyYmY4NmNiZGYzMzZiMWI2YjNjOGMwNjBlODZjN2EyZDg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlwVNIFJMwjBgVKO4uwew4ukdkHFK
DbPSR/2W0OAEABvJl/bt2FRLkbXCurh+ww5xDGA//tpOiQyDZAVpMxkkcwIq6KxB
eiNNqma5q0m0p8b0EA0o2JGU6wahtWFoKm1D2RBJkx+AdvgqhoilBH5qWovnFMrG
FN7ANhiq3vbAkWMnSx6PZapIepqUq0gKQNWLTV1R3JbLK5uC0dGyy5iof/ha9BlJ
J+wlJYO5y793VABxc6aSsrFZ1BULbWYDkW+P0DskxZS49WkhbGMkUd7Y4Omg9ELm
IDMp8xmM7dfTeRfaB8x6q92ec/c9hY3OusEOzC9yxhiR/aE52QI5/mifywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFChyVyv4bL3zNrG2s8jAYOhsei2HMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvS0hKWEtfaHN2Zk0yc2JhenlNQmc2R3g2TFljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1MEDMA0G
CSqGSIb3DQEBCwUAA4IBAQBoOl2M7uUuq6AYmbtzQphkEEjZ1PoeCDPr89TyO+3Y
vrYl6zIe1ub9IiYfLH9pQNP1XnOvFa6QUBVOqCJl/pV3poV15Ga3LOhLfVyIiZm3
GrcHWKYdI1Xl7okCCyfttUpyQZcH1KquLDGSw0zOc6X6O95qPfD3cp34PW0eFR7B
zab+31LMbqUAy7nXnSAnihodYhx9bVoCKiw4AJgd4U6Vm2lwOghy+wCpalofnXvZ
tX0oA7Wx/Axoc2ZOj9yJv3YrJYX1umyGXw0gPmbWogv5H+uD95T9BBX3uX5Itc/T
nQcDqxlp8mvhplynaykQ18nv8gABajIRB/zk+R8gtIz6
-----END CERTIFICATE-----