Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/bd9ca8-179b-4322-a094-50dd3a58154b/1/KMZgi8Soz6WnLVnCz16ohkjXr_4.roa
File:                     KMZgi8Soz6WnLVnCz16ohkjXr_4.roa (raw, json)
Hash identifier:          79Xagc3tYNkCzcsLviAcQsxzSPPqPaxKsez5HmONKoM=
Subject key identifier:   28:C6:60:8B:C4:A8:CF:A5:A7:2D:59:C2:CF:5E:A8:86:48:D7:AF:FE
Certificate issuer:       /CN=e8bd26dce48161c7fbf9ff67b907f1e605c25a66
Certificate serial:       01910E405C5CB19444BB5D18D3ABB707A54C
Authority key identifier: E8:BD:26:DC:E4:81:61:C7:FB:F9:FF:67:B9:07:F1:E6:05:C2:5A:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6L0m3OSBYcf7-f9nuQfx5gXCWmY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/bd9ca8-179b-4322-a094-50dd3a58154b/1/KMZgi8Soz6WnLVnCz16ohkjXr_4.roa
Signing time:             Thu 01 Aug 2024 14:03:04 +0000
ROA not before:           Thu 01 Aug 2024 14:03:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206221
IP address blocks:        185.1.240.0/24 maxlen: 24
                          2001:7f8:12a::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/bd9ca8-179b-4322-a094-50dd3a58154b/1/6L0m3OSBYcf7-f9nuQfx5gXCWmY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/bd9ca8-179b-4322-a094-50dd3a58154b/1/6L0m3OSBYcf7-f9nuQfx5gXCWmY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6L0m3OSBYcf7-f9nuQfx5gXCWmY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:0e:40:5c:5c:b1:94:44:bb:5d:18:d3:ab:b7:07:a5:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8bd26dce48161c7fbf9ff67b907f1e605c25a66
        Validity
            Not Before: Aug  1 14:03:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=28c6608bc4a8cfa5a72d59c2cf5ea88648d7affe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:8c:a5:bb:b8:f3:56:36:9d:0f:39:63:d6:5d:
                    6c:be:8b:bb:83:5d:5d:99:4f:35:90:d0:36:41:32:
                    da:e4:4d:28:32:df:2b:4c:73:f8:16:76:73:25:b7:
                    a5:ab:5e:dd:5a:e0:8d:57:b1:ca:69:4a:29:df:be:
                    0d:95:47:12:7c:fc:ab:94:24:f2:e4:b8:27:91:a9:
                    f6:f1:24:44:fd:b3:70:0c:d0:21:c8:78:e7:fa:a7:
                    91:b7:38:51:f4:fd:d5:13:36:b5:e0:a0:76:68:cc:
                    4b:5e:22:84:e2:89:ba:98:23:ce:f3:8c:e8:44:c6:
                    34:7f:71:8b:e0:37:2b:31:29:aa:39:6e:11:e5:62:
                    a1:c7:dd:03:3e:ac:e1:5a:6d:0d:3e:05:5a:84:e8:
                    d0:b1:05:6c:11:44:e2:7f:b7:cb:a0:68:6a:ff:9f:
                    97:66:15:56:51:b9:49:fa:14:5b:40:6a:06:13:c7:
                    c8:06:c6:ee:a7:e1:91:05:db:67:20:25:e2:67:b6:
                    46:e7:ea:17:ab:b7:62:eb:b8:1e:a5:aa:db:3f:4f:
                    52:bf:ab:b3:29:c5:34:08:f8:58:59:60:b8:3b:f3:
                    76:fe:44:ac:f8:fa:cd:31:bf:ca:0b:a4:41:2a:86:
                    48:f0:ea:5c:fe:7b:62:1e:98:7c:6c:74:be:2b:96:
                    26:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:C6:60:8B:C4:A8:CF:A5:A7:2D:59:C2:CF:5E:A8:86:48:D7:AF:FE
            X509v3 Authority Key Identifier:
                keyid:E8:BD:26:DC:E4:81:61:C7:FB:F9:FF:67:B9:07:F1:E6:05:C2:5A:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6L0m3OSBYcf7-f9nuQfx5gXCWmY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/bd9ca8-179b-4322-a094-50dd3a58154b/1/KMZgi8Soz6WnLVnCz16ohkjXr_4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/bd9ca8-179b-4322-a094-50dd3a58154b/1/6L0m3OSBYcf7-f9nuQfx5gXCWmY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.240.0/24
                IPv6:
                  2001:7f8:12a::/48

    Signature Algorithm: sha256WithRSAEncryption
         10:49:43:3a:29:f6:9a:0f:fa:ea:97:a7:4d:bf:a6:6f:26:30:
         73:1b:ee:7e:e8:a6:8d:be:0d:b5:03:b7:a9:59:0c:6f:9c:ca:
         6b:d8:ee:61:77:60:1a:8c:30:52:c1:c5:18:c9:69:1e:d5:4a:
         15:c1:34:8c:a1:57:ab:b9:01:c2:30:42:73:d3:60:d3:c6:a6:
         2c:cf:83:6b:e3:eb:9c:29:14:da:b8:be:00:83:11:24:cb:a4:
         86:17:3d:63:0a:d5:71:6d:fa:88:9b:52:46:29:2f:18:d8:79:
         af:2c:a8:6e:e5:03:38:7d:c8:f5:2f:4e:8b:7b:0e:07:4e:6d:
         1c:62:59:fa:bc:df:f4:f9:e3:cb:ef:d5:88:a0:2a:46:b7:7c:
         cd:db:9a:0d:7e:1d:cf:8b:19:03:85:cb:f4:12:22:ee:62:4b:
         9d:ed:28:1f:84:c8:15:59:c0:11:11:be:28:56:34:27:d5:2f:
         83:9b:bf:1b:0c:eb:a9:c0:3a:6c:05:ee:12:f3:18:62:f8:91:
         54:16:01:bd:88:75:41:d6:3d:b2:20:f0:4a:58:b2:5a:f2:3a:
         84:8d:0b:7c:38:81:8c:96:01:39:d5:54:60:ca:7f:33:31:3c:
         be:9f:f3:9c:2f:3d:df:67:1f:c2:8b:4e:07:82:da:91:74:96:
         ac:99:6b:7e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZEOQFxcsZREu10Y06u3B6VMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4YmQyNmRjZTQ4MTYxYzdmYmY5ZmY2N2I5MDdmMWU2MDVj
MjVhNjYwHhcNMjQwODAxMTQwMzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGM2NjA4YmM0YThjZmE1YTcyZDU5YzJjZjVlYTg4NjQ4ZDdhZmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoIylu7jzVjadDzlj1l1svou7g11d
mU81kNA2QTLa5E0oMt8rTHP4FnZzJbelq17dWuCNV7HKaUop374NlUcSfPyrlCTy
5Lgnkan28SRE/bNwDNAhyHjn+qeRtzhR9P3VEza14KB2aMxLXiKE4om6mCPO84zo
RMY0f3GL4DcrMSmqOW4R5WKhx90DPqzhWm0NPgVahOjQsQVsEUTif7fLoGhq/5+X
ZhVWUblJ+hRbQGoGE8fIBsbup+GRBdtnICXiZ7ZG5+oXq7di67geparbP09Sv6uz
KcU0CPhYWWC4O/N2/kSs+PrNMb/KC6RBKoZI8Opc/ntiHph8bHS+K5Ym+QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCjGYIvEqM+lpy1Zws9eqIZI16/+MB8GA1UdIwQY
MBaAFOi9JtzkgWHH+/n/Z7kH8eYFwlpmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkwwbTNPU0JZY2Y3LWY5bnVRZng1Z1hDV21ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC9iZDljYTgtMTc5Yi00MzIyLWEwOTQt
NTBkZDNhNTgxNTRiLzEvS01aZ2k4U296NlduTFZuQ3oxNm9oa2pYcl80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC9iZDljYTgtMTc5Yi00MzIyLWEwOTQtNTBkZDNhNTgxNTRi
LzEvNkwwbTNPU0JZY2Y3LWY5bnVRZng1Z1hDV21ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuQHwMA8E
AgACMAkDBwAgAQf4ASowDQYJKoZIhvcNAQELBQADggEBABBJQzop9poP+uqXp02/
pm8mMHMb7n7opo2+DbUDt6lZDG+cymvY7mF3YBqMMFLBxRjJaR7VShXBNIyhV6u5
AcIwQnPTYNPGpizPg2vj65wpFNq4vgCDESTLpIYXPWMK1XFt+oibUkYpLxjYea8s
qG7lAzh9yPUvTot7DgdObRxiWfq83/T548vv1YigKka3fM3bmg1+Hc+LGQOFy/QS
Iu5iS53tKB+EyBVZwBERvihWNCfVL4ObvxsM66nAOmwF7hLzGGL4kVQWAb2IdUHW
PbIg8EpYslryOoSNC3w4gYyWATnVVGDKfzMxPL6f85wvPd9nH8KLTgeC2pF0lqyZ
a34=
-----END CERTIFICATE-----