Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/KCZ406XSvPjgBqUSnTwv_Z6VM9U.roa
File:                     KCZ406XSvPjgBqUSnTwv_Z6VM9U.roa (raw, json)
Hash identifier:          mRurr5genJ4tqA7pbliDz/11359BLIRkU7e5BbwcCL4=
Subject key identifier:   28:26:78:D3:A5:D2:BC:F8:E0:06:A5:12:9D:3C:2F:FD:9E:95:33:D5
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018CC79528A9C6349BF09790D05FE7D8BBAE
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/KCZ406XSvPjgBqUSnTwv_Z6VM9U.roa
Signing time:             Tue 02 Jan 2024 00:31:30 +0000
ROA not before:           Tue 02 Jan 2024 00:31:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49392
IP address blocks:        193.233.86.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 22:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:28:a9:c6:34:9b:f0:97:90:d0:5f:e7:d8:bb:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  2 00:31:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=282678d3a5d2bcf8e006a5129d3c2ffd9e9533d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:64:35:d2:52:d9:af:f0:1f:3f:f3:56:0d:f9:
                    c6:43:d9:ab:51:b3:e3:3c:dd:b7:6a:43:71:bd:eb:
                    15:d0:df:08:f4:b1:c0:38:09:bd:57:d2:a8:4e:19:
                    40:1d:a6:47:ac:4a:d3:35:55:e8:aa:5e:31:ab:4a:
                    07:89:0d:3b:c6:70:9c:af:ca:b6:77:c1:7f:ab:40:
                    e9:5a:14:15:82:da:b3:5c:83:c9:46:1a:7c:18:56:
                    94:e7:a7:9d:87:70:cb:8c:d3:04:a5:1f:bc:a2:e3:
                    ce:76:62:b3:3a:0a:09:6b:de:12:5a:b3:af:f7:a3:
                    47:2a:03:dd:07:dd:0e:89:e0:9a:63:21:97:8a:5c:
                    98:14:46:b7:03:bb:c7:40:dc:96:ad:c9:df:aa:c4:
                    d0:76:b6:95:99:d7:c9:32:0c:26:4c:8f:52:b2:a1:
                    18:32:7f:cf:5e:49:09:b5:c3:07:53:80:8b:9b:4e:
                    73:94:44:4b:79:b6:19:3d:da:6d:58:a2:4a:53:2f:
                    f2:92:76:c5:f2:38:b3:de:74:8f:5a:11:e8:da:a2:
                    a8:8f:bc:a7:1f:4f:40:1a:e9:b6:7b:3f:76:a3:a5:
                    de:5c:35:61:bd:bf:07:1b:8a:7f:89:5d:36:f7:ac:
                    cc:56:f8:79:ad:a2:dd:b6:68:16:36:4c:90:b0:8c:
                    c5:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:26:78:D3:A5:D2:BC:F8:E0:06:A5:12:9D:3C:2F:FD:9E:95:33:D5
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/KCZ406XSvPjgBqUSnTwv_Z6VM9U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:e7:ef:5d:85:5b:fc:b2:28:f7:bc:50:3e:eb:5f:91:4a:f8:
         d2:e0:5d:fc:6e:80:00:26:b4:d3:8a:3c:5e:b3:ac:38:48:cd:
         5d:0a:1e:fa:d1:69:25:fc:dc:56:cb:0b:5d:00:3d:5e:c9:37:
         44:3f:04:82:7e:81:67:0e:98:8e:c0:fd:40:3a:5f:d4:0f:2e:
         7d:1c:96:34:ca:27:26:a8:14:64:4c:ee:94:d2:bf:f9:25:e6:
         66:d7:a7:a5:b9:09:a6:6f:ce:fe:fd:a5:cc:3b:ae:c0:c6:62:
         28:60:12:c4:c5:bc:68:9e:c1:50:06:f6:f3:a2:6d:2c:b2:f4:
         1b:89:c0:c4:95:23:72:11:c7:8d:73:87:61:d1:47:e8:a6:10:
         ac:ea:03:1f:0a:a6:5c:99:e2:bd:92:6d:60:ef:a7:f2:ed:2e:
         d6:4b:8e:ff:dc:2e:21:95:44:40:34:f9:61:a0:3c:e3:8a:1c:
         6e:42:4e:41:68:82:c5:31:02:b9:bc:ec:91:ca:13:38:ce:87:
         4c:15:3b:1d:51:b1:01:a8:bd:0d:51:3e:70:3e:bf:ed:b1:fd:
         17:61:ae:66:82:68:c5:59:4c:f1:10:63:f3:33:b4:ef:92:c5:
         8d:83:a7:b5:48:b7:2d:a4:cf:e8:38:0d:18:3b:c7:d5:9c:a0:
         f8:5a:af:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlSipxjSb8JeQ0F/n2LuuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwMTAyMDAzMTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODI2NzhkM2E1ZDJiY2Y4ZTAwNmE1MTI5ZDNjMmZmZDllOTUzM2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn2Q10lLZr/AfP/NWDfnGQ9mrUbPj
PN23akNxvesV0N8I9LHAOAm9V9KoThlAHaZHrErTNVXoql4xq0oHiQ07xnCcr8q2
d8F/q0DpWhQVgtqzXIPJRhp8GFaU56edh3DLjNMEpR+8ouPOdmKzOgoJa94SWrOv
96NHKgPdB90OieCaYyGXilyYFEa3A7vHQNyWrcnfqsTQdraVmdfJMgwmTI9SsqEY
Mn/PXkkJtcMHU4CLm05zlERLebYZPdptWKJKUy/yknbF8jiz3nSPWhHo2qKoj7yn
H09AGum2ez92o6XeXDVhvb8HG4p/iV0296zMVvh5raLdtmgWNkyQsIzFlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCgmeNOl0rz44AalEp08L/2elTPVMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvS0NaNDA2WFN2UGpnQnFVU25Ud3ZfWjZWTTlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwelWMA0G
CSqGSIb3DQEBCwUAA4IBAQCK5+9dhVv8sij3vFA+61+RSvjS4F38boAAJrTTijxe
s6w4SM1dCh760Wkl/NxWywtdAD1eyTdEPwSCfoFnDpiOwP1AOl/UDy59HJY0yicm
qBRkTO6U0r/5JeZm16eluQmmb87+/aXMO67AxmIoYBLExbxonsFQBvbzom0ssvQb
icDElSNyEceNc4dh0UfophCs6gMfCqZcmeK9km1g76fy7S7WS47/3C4hlURANPlh
oDzjihxuQk5BaILFMQK5vOyRyhM4zodMFTsdUbEBqL0NUT5wPr/tsf0XYa5mgmjF
WUzxEGPzM7TvksWNg6e1SLctpM/oOA0YO8fVnKD4Wq+6
-----END CERTIFICATE-----