Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/a89c01-6bb1-477c-94bc-5abe93aff642/1/KMpBluZJQW-1YrXQ8dgnUwkp8Zg.roa
File:                     KMpBluZJQW-1YrXQ8dgnUwkp8Zg.roa (raw, json)
Hash identifier:          SzjK9J5LCFOPaDR6GX8GHF6bY8U+rVzudL/YtaMoWzE=
Subject key identifier:   28:CA:41:96:E6:49:41:6F:B5:62:B5:D0:F1:D8:27:53:09:29:F1:98
Certificate issuer:       /CN=c900ef3dd5dd1be15d08bb93cbdd63b4ac860e6b
Certificate serial:       018CC64B5A44FAB5C5913B4FC7B493FD4197
Authority key identifier: C9:00:EF:3D:D5:DD:1B:E1:5D:08:BB:93:CB:DD:63:B4:AC:86:0E:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yQDvPdXdG-FdCLuTy91jtKyGDms.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/a89c01-6bb1-477c-94bc-5abe93aff642/1/KMpBluZJQW-1YrXQ8dgnUwkp8Zg.roa
Signing time:             Mon 01 Jan 2024 18:31:16 +0000
ROA not before:           Mon 01 Jan 2024 18:31:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202544
IP address blocks:        185.151.136.0/22 maxlen: 22
                          185.149.168.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/a89c01-6bb1-477c-94bc-5abe93aff642/1/yQDvPdXdG-FdCLuTy91jtKyGDms.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/a89c01-6bb1-477c-94bc-5abe93aff642/1/yQDvPdXdG-FdCLuTy91jtKyGDms.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yQDvPdXdG-FdCLuTy91jtKyGDms.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:5a:44:fa:b5:c5:91:3b:4f:c7:b4:93:fd:41:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c900ef3dd5dd1be15d08bb93cbdd63b4ac860e6b
        Validity
            Not Before: Jan  1 18:31:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=28ca4196e649416fb562b5d0f1d827530929f198
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:d3:d2:71:c0:d8:ee:36:93:8a:4a:b7:32:4b:
                    2e:2d:1a:41:47:cf:65:aa:11:0b:ab:0c:3b:c5:00:
                    a0:6e:a8:dd:42:b0:1c:04:a1:9a:25:c3:40:bb:09:
                    5a:11:d3:19:b8:bd:74:3b:5b:3b:3b:c7:ba:88:be:
                    50:94:90:df:ff:53:67:1a:34:e7:95:1c:89:5a:b6:
                    e6:54:ee:da:72:a2:7b:f8:07:ab:38:0f:c6:db:ec:
                    34:ab:90:af:56:bd:0f:1c:54:e3:d8:88:3d:9e:57:
                    79:fc:bf:11:06:08:50:de:ab:b5:7b:26:04:e1:05:
                    c4:82:b5:f1:87:23:2d:b9:c8:69:5f:fa:0c:49:7a:
                    6d:be:a1:4d:f6:d4:a6:60:38:ee:80:f2:71:c6:0d:
                    3c:5e:1e:9b:4a:d4:e5:c1:f7:3d:bc:b8:ab:4f:d8:
                    c3:a8:65:7e:d8:30:b6:de:28:84:b8:d1:f0:6a:49:
                    53:2a:4b:f7:e8:68:51:47:e0:0d:ad:d4:53:5b:53:
                    d0:15:1b:f8:a5:24:c8:51:08:00:0c:53:5f:c4:50:
                    03:bf:0a:31:cc:ad:a6:04:7a:ed:3d:66:2b:84:cf:
                    18:6d:75:da:e3:4b:a1:b7:df:36:a1:08:24:22:13:
                    e4:be:24:55:ef:1b:34:23:70:e8:87:36:a9:11:d8:
                    08:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:CA:41:96:E6:49:41:6F:B5:62:B5:D0:F1:D8:27:53:09:29:F1:98
            X509v3 Authority Key Identifier:
                keyid:C9:00:EF:3D:D5:DD:1B:E1:5D:08:BB:93:CB:DD:63:B4:AC:86:0E:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yQDvPdXdG-FdCLuTy91jtKyGDms.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/a89c01-6bb1-477c-94bc-5abe93aff642/1/KMpBluZJQW-1YrXQ8dgnUwkp8Zg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/a89c01-6bb1-477c-94bc-5abe93aff642/1/yQDvPdXdG-FdCLuTy91jtKyGDms.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.149.168.0/22
                  185.151.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a4:bd:33:1f:33:01:b3:d4:c0:92:2e:c0:d9:67:f0:d2:73:b3:
         72:d1:ea:1f:19:77:33:a0:bd:d2:9c:6f:e6:88:44:c8:c8:80:
         d5:fc:72:0a:a7:bc:77:1c:b2:e2:cf:66:95:ee:75:2d:2a:43:
         8c:76:58:cf:27:91:ac:da:00:83:aa:73:b7:26:23:19:2f:4a:
         42:96:df:d4:2c:bf:7c:c1:17:97:92:55:1b:7a:fe:7f:38:1c:
         a6:98:fe:68:af:c4:e8:8e:5c:a5:1f:37:68:63:89:96:19:69:
         4b:79:cc:11:37:48:94:bc:6f:00:62:2b:ee:96:18:66:2f:4b:
         26:3b:a0:93:6a:43:3c:9b:12:a8:31:3b:60:17:95:b4:b2:ea:
         13:1a:ca:98:3c:c6:1b:4c:e4:0c:d0:78:8b:60:ea:53:5c:f3:
         7f:ea:c3:09:96:c1:73:dd:0f:1b:13:f6:ca:95:5e:7b:4e:5e:
         70:02:94:f6:b2:e3:9d:7e:40:fb:9a:fb:20:ea:30:34:bc:28:
         8a:d1:e2:7e:66:57:35:51:f9:d1:e8:44:83:83:11:13:7c:60:
         6f:da:09:a2:fb:83:40:72:47:74:0f:bd:81:8c:dc:d2:e5:e9:
         9c:c4:14:c2:37:7b:fe:d5:cc:45:39:cd:2b:48:15:56:d9:ad:
         f8:72:d6:7e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGS1pE+rXFkTtPx7ST/UGXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5MDBlZjNkZDVkZDFiZTE1ZDA4YmI5M2NiZGQ2M2I0YWM4
NjBlNmIwHhcNMjQwMTAxMTgzMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGNhNDE5NmU2NDk0MTZmYjU2MmI1ZDBmMWQ4Mjc1MzA5MjlmMTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjdPSccDY7jaTikq3MksuLRpBR89l
qhELqww7xQCgbqjdQrAcBKGaJcNAuwlaEdMZuL10O1s7O8e6iL5QlJDf/1NnGjTn
lRyJWrbmVO7acqJ7+AerOA/G2+w0q5CvVr0PHFTj2Ig9nld5/L8RBghQ3qu1eyYE
4QXEgrXxhyMtuchpX/oMSXptvqFN9tSmYDjugPJxxg08Xh6bStTlwfc9vLirT9jD
qGV+2DC23iiEuNHwaklTKkv36GhRR+ANrdRTW1PQFRv4pSTIUQgADFNfxFADvwox
zK2mBHrtPWYrhM8YbXXa40uht982oQgkIhPkviRV7xs0I3DohzapEdgIwwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCjKQZbmSUFvtWK10PHYJ1MJKfGYMB8GA1UdIwQY
MBaAFMkA7z3V3RvhXQi7k8vdY7Sshg5rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVFEdlBkWGRHLUZkQ0x1VHk5MWp0S3lHRG1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS9hODljMDEtNmJiMS00NzdjLTk0YmMt
NWFiZTkzYWZmNjQyLzEvS01wQmx1WkpRVy0xWXJYUThkZ25Vd2twOFpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS9hODljMDEtNmJiMS00NzdjLTk0YmMtNWFiZTkzYWZmNjQy
LzEveVFEdlBkWGRHLUZkQ0x1VHk5MWp0S3lHRG1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuZWoAwQC
uZeIMA0GCSqGSIb3DQEBCwUAA4IBAQCkvTMfMwGz1MCSLsDZZ/DSc7Ny0eofGXcz
oL3SnG/miETIyIDV/HIKp7x3HLLiz2aV7nUtKkOMdljPJ5Gs2gCDqnO3JiMZL0pC
lt/ULL98wReXklUbev5/OBymmP5or8TojlylHzdoY4mWGWlLecwRN0iUvG8AYivu
lhhmL0smO6CTakM8mxKoMTtgF5W0suoTGsqYPMYbTOQM0HiLYOpTXPN/6sMJlsFz
3Q8bE/bKlV57Tl5wApT2suOdfkD7mvsg6jA0vCiK0eJ+Zlc1UfnR6ESDgxETfGBv
2gmi+4NAckd0D72BjNzS5emcxBTCN3v+1cxFOc0rSBVW2a34ctZ+
-----END CERTIFICATE-----