Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/2d783a-1cbc-40d4-b011-e085275aa364/1/klWfxitZSsVurKO2bAsIVheui4w.roa
File:                     klWfxitZSsVurKO2bAsIVheui4w.roa (raw, json)
Hash identifier:          ekz+k7RzloX2eO8qG5xM1IVc6e1QEZjm2tjiqTUc+ho=
Subject key identifier:   92:55:9F:C6:2B:59:4A:C5:6E:AC:A3:B6:6C:0B:08:56:17:AE:8B:8C
Certificate issuer:       /CN=034b0eed2c5a787ad87fb49f04d3fdf3d0f49d4c
Certificate serial:       018CC4246BDA91C2EB2E252421C87C805B79
Authority key identifier: 03:4B:0E:ED:2C:5A:78:7A:D8:7F:B4:9F:04:D3:FD:F3:D0:F4:9D:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A0sO7SxaeHrYf7SfBNP989D0nUw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/2d783a-1cbc-40d4-b011-e085275aa364/1/klWfxitZSsVurKO2bAsIVheui4w.roa
Signing time:             Mon 01 Jan 2024 08:29:30 +0000
ROA not before:           Mon 01 Jan 2024 08:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9199
IP address blocks:        185.57.46.0/24 maxlen: 24
                          2a04:7580::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/2d783a-1cbc-40d4-b011-e085275aa364/1/A0sO7SxaeHrYf7SfBNP989D0nUw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/2d783a-1cbc-40d4-b011-e085275aa364/1/A0sO7SxaeHrYf7SfBNP989D0nUw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A0sO7SxaeHrYf7SfBNP989D0nUw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:01:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:6b:da:91:c2:eb:2e:25:24:21:c8:7c:80:5b:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=034b0eed2c5a787ad87fb49f04d3fdf3d0f49d4c
        Validity
            Not Before: Jan  1 08:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=92559fc62b594ac56eaca3b66c0b085617ae8b8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:cb:86:1e:9d:13:09:10:5e:c9:0a:12:37:95:
                    a1:06:d2:ce:d2:a7:14:c6:d8:6b:a6:ee:fe:b2:3b:
                    59:5b:89:46:42:ff:2c:b8:47:fa:79:65:f4:b1:98:
                    dd:eb:c5:69:e3:b2:72:1e:07:20:ea:9b:7b:2e:74:
                    a5:c8:44:e1:39:d6:ad:6f:b2:4a:9b:0e:47:1b:72:
                    6f:0c:b1:ca:68:90:a1:74:fe:b8:4c:72:1f:9c:4a:
                    30:57:e7:38:f8:da:37:f0:ef:16:0a:fe:e3:6e:df:
                    ca:08:e4:dc:ff:75:e2:e0:54:6f:2e:d0:f8:34:c3:
                    d9:cb:20:a1:30:3c:f1:83:20:75:df:6a:28:08:6b:
                    12:e9:8d:10:05:0c:43:64:4b:a3:76:ca:aa:fa:36:
                    b4:e1:8f:2a:6b:5f:4e:bb:08:29:61:21:9f:3a:63:
                    0c:6d:92:aa:31:48:db:0b:e1:14:6d:96:f9:00:af:
                    0d:4b:22:fd:e7:3c:74:e1:80:6b:69:45:d4:32:5a:
                    75:48:a3:42:33:db:5c:26:e9:3c:d1:2b:b9:b0:b1:
                    60:c6:31:6f:85:22:b6:ac:f0:28:2f:11:00:d5:99:
                    d3:f5:ca:da:31:6b:38:9f:6b:92:99:4e:9b:c2:8e:
                    e4:b3:f1:6b:d3:e2:91:66:21:dd:fe:40:86:da:c3:
                    11:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:55:9F:C6:2B:59:4A:C5:6E:AC:A3:B6:6C:0B:08:56:17:AE:8B:8C
            X509v3 Authority Key Identifier:
                keyid:03:4B:0E:ED:2C:5A:78:7A:D8:7F:B4:9F:04:D3:FD:F3:D0:F4:9D:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A0sO7SxaeHrYf7SfBNP989D0nUw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/2d783a-1cbc-40d4-b011-e085275aa364/1/klWfxitZSsVurKO2bAsIVheui4w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/2d783a-1cbc-40d4-b011-e085275aa364/1/A0sO7SxaeHrYf7SfBNP989D0nUw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.57.46.0/24
                IPv6:
                  2a04:7580::/29

    Signature Algorithm: sha256WithRSAEncryption
         67:2a:21:7d:9b:c4:97:8a:c2:bf:78:1b:1e:02:51:fa:9e:ce:
         d4:ef:e6:e9:11:f4:e5:c6:f7:d1:8e:d2:3d:8d:c9:ce:03:e6:
         c5:bf:e5:ff:69:c4:5d:80:84:4d:30:06:e8:1e:23:1a:27:14:
         cb:b4:ab:de:09:70:dc:a5:8f:a3:1a:f2:80:2d:e1:21:69:ba:
         57:35:2c:1f:b7:f8:12:d8:a9:ed:84:df:3a:9b:96:e0:d4:4f:
         4e:ce:02:78:01:8f:a5:73:45:c7:0c:65:74:e3:88:1c:0e:70:
         f3:ea:39:bd:a3:91:2f:97:d3:f0:24:67:b9:14:6f:be:6f:0b:
         6c:f6:41:56:f5:08:94:ff:4b:f6:ba:59:17:1f:47:4e:12:70:
         f5:91:bc:4c:2b:f7:36:b8:26:a8:25:df:20:e7:fe:4c:5b:d9:
         86:ff:68:bb:3b:2a:e1:cf:7f:ce:79:36:61:0c:6f:eb:37:9c:
         dc:ba:10:f4:22:2c:b8:ce:de:c0:af:ef:a8:d4:23:93:1f:b6:
         a9:3c:4d:20:d8:d7:4c:bf:39:88:aa:5c:6e:f6:c0:42:2c:0a:
         09:f3:69:23:8c:f8:40:f3:e0:f5:8f:eb:02:18:39:98:be:52:
         58:fb:ef:69:fc:46:22:47:ba:45:f3:22:b3:aa:e2:0b:2c:66:
         5a:63:9b:15
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJGvakcLrLiUkIch8gFt5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzNGIwZWVkMmM1YTc4N2FkODdmYjQ5ZjA0ZDNmZGYzZDBm
NDlkNGMwHhcNMjQwMTAxMDgyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjU1OWZjNjJiNTk0YWM1NmVhY2EzYjY2YzBiMDg1NjE3YWU4YjhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArcuGHp0TCRBeyQoSN5WhBtLO0qcU
xthrpu7+sjtZW4lGQv8suEf6eWX0sZjd68Vp47JyHgcg6pt7LnSlyEThOdatb7JK
mw5HG3JvDLHKaJChdP64THIfnEowV+c4+No38O8WCv7jbt/KCOTc/3Xi4FRvLtD4
NMPZyyChMDzxgyB132ooCGsS6Y0QBQxDZEujdsqq+ja04Y8qa19OuwgpYSGfOmMM
bZKqMUjbC+EUbZb5AK8NSyL95zx04YBraUXUMlp1SKNCM9tcJuk80Su5sLFgxjFv
hSK2rPAoLxEA1ZnT9craMWs4n2uSmU6bwo7ks/Fr0+KRZiHd/kCG2sMRIQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJJVn8YrWUrFbqyjtmwLCFYXrouMMB8GA1UdIwQY
MBaAFANLDu0sWnh62H+0nwTT/fPQ9J1MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQTBzTzdTeGFlSHJZZjdTZkJOUDk4OUQwblV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8yZDc4M2EtMWNiYy00MGQ0LWIwMTEt
ZTA4NTI3NWFhMzY0LzEva2xXZnhpdFpTc1Z1cktPMmJBc0lWaGV1aTR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8yZDc4M2EtMWNiYy00MGQ0LWIwMTEtZTA4NTI3NWFhMzY0
LzEvQTBzTzdTeGFlSHJZZjdTZkJOUDk4OUQwblV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuTkuMA0E
AgACMAcDBQMqBHWAMA0GCSqGSIb3DQEBCwUAA4IBAQBnKiF9m8SXisK/eBseAlH6
ns7U7+bpEfTlxvfRjtI9jcnOA+bFv+X/acRdgIRNMAboHiMaJxTLtKveCXDcpY+j
GvKALeEhabpXNSwft/gS2KnthN86m5bg1E9OzgJ4AY+lc0XHDGV044gcDnDz6jm9
o5Evl9PwJGe5FG++bwts9kFW9QiU/0v2ulkXH0dOEnD1kbxMK/c2uCaoJd8g5/5M
W9mG/2i7Oyrhz3/OeTZhDG/rN5zcuhD0Iiy4zt7Ar++o1COTH7apPE0g2NdMvzmI
qlxu9sBCLAoJ82kjjPhA8+D1j+sCGDmYvlJY++9p/EYiR7pF8yKzquILLGZaY5sV
-----END CERTIFICATE-----