Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/72a4e3-f793-4f9a-ba4e-0590394a2efa/1/KYKmnhP6m5Ht_sTPljDOyEnCsB8.roa
File:                     KYKmnhP6m5Ht_sTPljDOyEnCsB8.roa (raw, json)
Hash identifier:          b+5Y07Uo9OQ4JbBagfZppZr91NJ8ga7qRf8gX7xrpJA=
Subject key identifier:   29:82:A6:9E:13:FA:9B:91:ED:FE:C4:CF:96:30:CE:C8:49:C2:B0:1F
Certificate issuer:       /CN=6fdbbe7e978029c6ceaa557b4a76da68074311b1
Certificate serial:       018CC8DF1A1B24F97CAD5DFDA5B7E24008C4
Authority key identifier: 6F:DB:BE:7E:97:80:29:C6:CE:AA:55:7B:4A:76:DA:68:07:43:11:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b9u-fpeAKcbOqlV7SnbaaAdDEbE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/72a4e3-f793-4f9a-ba4e-0590394a2efa/1/KYKmnhP6m5Ht_sTPljDOyEnCsB8.roa
Signing time:             Tue 02 Jan 2024 06:31:53 +0000
ROA not before:           Tue 02 Jan 2024 06:31:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206251
IP address blocks:        185.191.244.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/72a4e3-f793-4f9a-ba4e-0590394a2efa/1/b9u-fpeAKcbOqlV7SnbaaAdDEbE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/72a4e3-f793-4f9a-ba4e-0590394a2efa/1/b9u-fpeAKcbOqlV7SnbaaAdDEbE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b9u-fpeAKcbOqlV7SnbaaAdDEbE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:1a:1b:24:f9:7c:ad:5d:fd:a5:b7:e2:40:08:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fdbbe7e978029c6ceaa557b4a76da68074311b1
        Validity
            Not Before: Jan  2 06:31:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2982a69e13fa9b91edfec4cf9630cec849c2b01f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:3e:e9:1b:9e:37:e4:d3:3f:48:b0:08:98:e3:
                    c8:0f:13:f0:05:b2:ac:c2:bf:39:61:72:48:39:06:
                    4b:54:1a:54:2b:7f:f2:6a:f1:4c:5a:86:84:f7:21:
                    9a:7f:50:ee:56:33:07:63:22:ce:9d:f5:3c:6c:c3:
                    05:1f:c3:89:68:10:52:a8:8b:56:37:04:9f:4f:f4:
                    65:c0:ad:04:3a:dd:f8:81:66:f4:8d:20:38:5b:e6:
                    b5:ed:89:7b:a0:1a:99:11:df:5b:49:00:2a:15:aa:
                    7f:7d:c7:d0:29:25:ef:34:d6:ec:2b:bd:98:80:f1:
                    e1:e2:50:81:00:34:6b:7e:7b:34:ce:74:dc:15:b9:
                    ba:be:0d:cb:7b:1b:ae:c3:08:c4:1b:d5:25:d1:eb:
                    4a:e5:2b:6c:fd:89:fc:42:b3:e8:56:09:95:6c:a2:
                    10:69:ab:f1:01:50:89:8b:62:30:34:a6:0e:be:8e:
                    cb:08:f2:3c:91:58:4d:48:4b:b7:0f:9d:1a:3f:ae:
                    b6:26:ab:2d:57:45:c1:f2:bc:5f:30:f9:6f:e8:2b:
                    5d:79:75:cb:47:c0:eb:0f:8d:c4:17:1a:93:7d:b5:
                    68:07:6b:6f:ab:f0:f9:3a:97:84:33:2c:2f:25:11:
                    94:69:58:95:92:82:43:3a:07:da:9c:5b:66:3f:b2:
                    a3:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:82:A6:9E:13:FA:9B:91:ED:FE:C4:CF:96:30:CE:C8:49:C2:B0:1F
            X509v3 Authority Key Identifier:
                keyid:6F:DB:BE:7E:97:80:29:C6:CE:AA:55:7B:4A:76:DA:68:07:43:11:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9u-fpeAKcbOqlV7SnbaaAdDEbE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/72a4e3-f793-4f9a-ba4e-0590394a2efa/1/KYKmnhP6m5Ht_sTPljDOyEnCsB8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/72a4e3-f793-4f9a-ba4e-0590394a2efa/1/b9u-fpeAKcbOqlV7SnbaaAdDEbE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.191.244.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6a:20:b9:a6:81:f1:09:31:a2:98:3b:f0:eb:2b:ff:62:5d:7c:
         f6:7a:fe:ee:be:8a:0c:db:f9:04:ce:74:42:8a:ab:57:5b:c0:
         58:96:cf:30:59:c5:6d:20:b7:0d:a5:67:ae:16:a1:7d:4d:69:
         4b:fa:4d:89:3d:fa:ac:97:2e:f5:d7:54:3f:ed:10:df:75:7e:
         1a:1f:ba:bd:f9:c4:f3:34:75:9d:2f:f8:7c:0d:ae:5d:cf:a2:
         b0:ff:00:1e:9e:4d:1c:30:39:17:9a:65:20:0d:73:7a:f0:53:
         b6:96:d8:d2:25:e7:62:ca:42:0d:ab:d6:e1:0d:b4:e0:ae:93:
         06:78:86:55:5f:42:c2:9c:1e:0b:c2:59:ab:15:02:27:58:76:
         43:51:ab:bb:46:e8:6c:93:45:8f:64:b9:80:ee:e1:62:ae:14:
         cf:98:6c:0c:0b:61:e1:96:77:e4:bc:ea:28:17:c4:d3:7b:ee:
         fe:07:5c:2c:41:69:66:bb:bb:3f:db:fc:cc:c5:4c:8e:88:9e:
         e0:b0:38:48:56:57:8a:65:4b:91:02:78:e9:38:95:83:18:4c:
         ba:4d:1e:fc:1b:98:ed:69:0b:32:d1:00:9c:4a:e1:f3:e3:0e:
         3a:5f:ac:a3:bc:1f:6d:94:6b:48:71:5a:4e:3b:d0:46:c7:e0:
         7b:6a:73:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3xobJPl8rV39pbfiQAjEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmZGJiZTdlOTc4MDI5YzZjZWFhNTU3YjRhNzZkYTY4MDc0
MzExYjEwHhcNMjQwMTAyMDYzMTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTgyYTY5ZTEzZmE5YjkxZWRmZWM0Y2Y5NjMwY2VjODQ5YzJiMDFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnz7pG5435NM/SLAImOPIDxPwBbKs
wr85YXJIOQZLVBpUK3/yavFMWoaE9yGaf1DuVjMHYyLOnfU8bMMFH8OJaBBSqItW
NwSfT/RlwK0EOt34gWb0jSA4W+a17Yl7oBqZEd9bSQAqFap/fcfQKSXvNNbsK72Y
gPHh4lCBADRrfns0znTcFbm6vg3LexuuwwjEG9Ul0etK5Sts/Yn8QrPoVgmVbKIQ
aavxAVCJi2IwNKYOvo7LCPI8kVhNSEu3D50aP662JqstV0XB8rxfMPlv6CtdeXXL
R8DrD43EFxqTfbVoB2tvq/D5OpeEMywvJRGUaViVkoJDOgfanFtmP7Kj6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCmCpp4T+puR7f7Ez5YwzshJwrAfMB8GA1UdIwQY
MBaAFG/bvn6XgCnGzqpVe0p22mgHQxGxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjl1LWZwZUFLY2JPcWxWN1NuYmFhQWRERWJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS83MmE0ZTMtZjc5My00ZjlhLWJhNGUt
MDU5MDM5NGEyZWZhLzEvS1lLbW5oUDZtNUh0X3NUUGxqRE95RW5Dc0I4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS83MmE0ZTMtZjc5My00ZjlhLWJhNGUtMDU5MDM5NGEyZWZh
LzEvYjl1LWZwZUFLY2JPcWxWN1NuYmFhQWRERWJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBub/0MA0G
CSqGSIb3DQEBCwUAA4IBAQBqILmmgfEJMaKYO/DrK/9iXXz2ev7uvooM2/kEznRC
iqtXW8BYls8wWcVtILcNpWeuFqF9TWlL+k2JPfqsly7111Q/7RDfdX4aH7q9+cTz
NHWdL/h8Da5dz6Kw/wAenk0cMDkXmmUgDXN68FO2ltjSJediykINq9bhDbTgrpMG
eIZVX0LCnB4LwlmrFQInWHZDUau7Ruhsk0WPZLmA7uFirhTPmGwMC2HhlnfkvOoo
F8TTe+7+B1wsQWlmu7s/2/zMxUyOiJ7gsDhIVleKZUuRAnjpOJWDGEy6TR78G5jt
aQsy0QCcSuHz4w46X6yjvB9tlGtIcVpOO9BGx+B7anPy
-----END CERTIFICATE-----