Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/877e6c-325a-47ea-aa56-1096bfd6bf6d/1/KJRJLsHRbejthC1tuk083w-bsuc.roa
File:                     KJRJLsHRbejthC1tuk083w-bsuc.roa (raw, json)
Hash identifier:          pV4eCjX4VuC6WTnDrFVzyGb2KML9xhIqzwHqsDhzdFA=
Subject key identifier:   28:94:49:2E:C1:D1:6D:E8:ED:84:2D:6D:BA:4D:3C:DF:0F:9B:B2:E7
Certificate issuer:       /CN=1246f23a048763aa3ad0aede5a489ab8fcd26384
Certificate serial:       018CC3B6E282A16B94C81335A5495CFF1718
Authority key identifier: 12:46:F2:3A:04:87:63:AA:3A:D0:AE:DE:5A:48:9A:B8:FC:D2:63:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EkbyOgSHY6o60K7eWkiauPzSY4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/877e6c-325a-47ea-aa56-1096bfd6bf6d/1/KJRJLsHRbejthC1tuk083w-bsuc.roa
Signing time:             Mon 01 Jan 2024 06:29:51 +0000
ROA not before:           Mon 01 Jan 2024 06:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207553
IP address blocks:        194.9.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/877e6c-325a-47ea-aa56-1096bfd6bf6d/1/EkbyOgSHY6o60K7eWkiauPzSY4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/877e6c-325a-47ea-aa56-1096bfd6bf6d/1/EkbyOgSHY6o60K7eWkiauPzSY4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EkbyOgSHY6o60K7eWkiauPzSY4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 06:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:e2:82:a1:6b:94:c8:13:35:a5:49:5c:ff:17:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1246f23a048763aa3ad0aede5a489ab8fcd26384
        Validity
            Not Before: Jan  1 06:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2894492ec1d16de8ed842d6dba4d3cdf0f9bb2e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:fd:1b:0a:47:f6:cb:88:70:fd:7c:58:55:91:
                    36:46:c0:75:10:ef:07:71:99:2d:81:3a:8f:cf:dc:
                    fa:f8:5b:f5:36:7b:a8:6b:61:5d:15:cd:f2:9a:de:
                    03:36:64:53:d1:06:34:36:7e:81:9d:6c:7e:63:b7:
                    2f:b8:92:a3:e5:21:18:ef:22:45:04:9f:2e:25:f8:
                    40:1c:72:9c:74:5c:fe:49:f5:26:84:9e:43:84:d0:
                    5e:81:7b:c6:1b:38:de:7a:28:61:bc:c1:d9:b8:d8:
                    17:84:c5:f2:b2:69:97:10:e7:69:26:ee:ed:bc:78:
                    f4:cd:9b:f4:2b:31:77:40:31:29:5f:74:c1:00:54:
                    39:4f:87:e7:24:16:10:c9:b9:aa:79:db:bc:a9:52:
                    3c:42:6c:a1:fa:22:6b:b1:10:1e:b2:75:bb:62:57:
                    8f:8b:99:ff:45:6d:4b:39:ae:d8:08:26:ca:e0:08:
                    0a:b9:f9:0c:df:c4:35:dd:05:82:29:5c:35:31:4f:
                    a6:c7:8e:20:02:4c:63:e8:30:46:03:b2:15:79:2a:
                    a2:99:ef:a0:ba:2b:6e:d2:1d:63:bb:4c:46:9e:7d:
                    e7:c3:3f:0c:c2:f8:80:1f:65:07:df:31:61:34:65:
                    87:24:54:84:27:e9:ed:d2:13:3f:e1:92:54:71:e5:
                    9b:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:94:49:2E:C1:D1:6D:E8:ED:84:2D:6D:BA:4D:3C:DF:0F:9B:B2:E7
            X509v3 Authority Key Identifier:
                keyid:12:46:F2:3A:04:87:63:AA:3A:D0:AE:DE:5A:48:9A:B8:FC:D2:63:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EkbyOgSHY6o60K7eWkiauPzSY4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/877e6c-325a-47ea-aa56-1096bfd6bf6d/1/KJRJLsHRbejthC1tuk083w-bsuc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/877e6c-325a-47ea-aa56-1096bfd6bf6d/1/EkbyOgSHY6o60K7eWkiauPzSY4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.9.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:92:d2:e7:b0:0a:30:f5:ce:60:01:25:39:55:86:14:71:8d:
         6e:01:80:cf:13:45:d8:0f:7d:9c:3c:cc:8a:70:41:af:22:68:
         a1:36:f3:10:ae:75:be:fb:85:e6:00:8c:3e:f7:47:15:64:1e:
         7d:e7:5b:ee:a3:d9:ea:d0:ed:c1:b0:e2:1c:9b:7a:23:16:e0:
         0b:e6:6a:c6:bc:6a:76:dd:4c:18:23:aa:e7:e1:59:20:64:62:
         6f:78:37:b6:5e:34:5e:20:65:2c:46:14:f9:4f:3b:75:a7:dc:
         47:28:3c:70:a7:c9:50:d8:e9:5d:6b:12:17:72:b0:d6:73:fe:
         66:2c:be:ee:0d:7c:4b:a8:e7:9e:c6:88:a6:b2:8d:f4:d6:6d:
         39:3d:80:98:e1:e3:26:9e:a4:ff:8f:61:29:a0:0f:d4:58:f9:
         1f:31:2d:2d:07:7e:82:da:73:2e:bd:e7:78:80:23:d7:37:a9:
         29:cf:98:75:3b:12:62:62:4f:e0:80:11:fd:27:13:25:95:75:
         ff:df:09:3c:ee:26:5b:1c:77:0d:d7:fc:e6:b6:e4:9a:4d:19:
         17:7d:74:32:b7:60:08:7c:01:32:85:e3:d3:b2:21:94:6a:6d:
         d8:5c:c6:09:b4:f9:d7:8f:be:ba:fb:ff:36:e0:7e:87:3d:e7:
         89:13:3f:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtuKCoWuUyBM1pUlc/xcYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyNDZmMjNhMDQ4NzYzYWEzYWQwYWVkZTVhNDg5YWI4ZmNk
MjYzODQwHhcNMjQwMTAxMDYyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODk0NDkyZWMxZDE2ZGU4ZWQ4NDJkNmRiYTRkM2NkZjBmOWJiMmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh/0bCkf2y4hw/XxYVZE2RsB1EO8H
cZktgTqPz9z6+Fv1Nnuoa2FdFc3ymt4DNmRT0QY0Nn6BnWx+Y7cvuJKj5SEY7yJF
BJ8uJfhAHHKcdFz+SfUmhJ5DhNBegXvGGzjeeihhvMHZuNgXhMXysmmXEOdpJu7t
vHj0zZv0KzF3QDEpX3TBAFQ5T4fnJBYQybmqedu8qVI8Qmyh+iJrsRAesnW7YleP
i5n/RW1LOa7YCCbK4AgKufkM38Q13QWCKVw1MU+mx44gAkxj6DBGA7IVeSqime+g
uitu0h1ju0xGnn3nwz8MwviAH2UH3zFhNGWHJFSEJ+nt0hM/4ZJUceWbRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCiUSS7B0W3o7YQtbbpNPN8Pm7LnMB8GA1UdIwQY
MBaAFBJG8joEh2OqOtCu3lpImrj80mOEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWtieU9nU0hZNm82MEs3ZVdraWF1UHpTWTRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS84NzdlNmMtMzI1YS00N2VhLWFhNTYt
MTA5NmJmZDZiZjZkLzEvS0pSSkxzSFJiZWp0aEMxdHVrMDgzdy1ic3VjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS84NzdlNmMtMzI1YS00N2VhLWFhNTYtMTA5NmJmZDZiZjZk
LzEvRWtieU9nU0hZNm82MEs3ZVdraWF1UHpTWTRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgm/MA0G
CSqGSIb3DQEBCwUAA4IBAQBZktLnsAow9c5gASU5VYYUcY1uAYDPE0XYD32cPMyK
cEGvImihNvMQrnW++4XmAIw+90cVZB5951vuo9nq0O3BsOIcm3ojFuAL5mrGvGp2
3UwYI6rn4VkgZGJveDe2XjReIGUsRhT5Tzt1p9xHKDxwp8lQ2OldaxIXcrDWc/5m
LL7uDXxLqOeexoimso301m05PYCY4eMmnqT/j2EpoA/UWPkfMS0tB36C2nMuved4
gCPXN6kpz5h1OxJiYk/ggBH9JxMllXX/3wk87iZbHHcN1/zmtuSaTRkXfXQyt2AI
fAEyhePTsiGUam3YXMYJtPnXj766+/824H6HPeeJEz89
-----END CERTIFICATE-----