Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/5a2ed9-8f8e-4c1d-aaf3-30c65ad83291/1/kyIVTHmogsruMXwf4uq8SpBbWFg.roa
File:                     kyIVTHmogsruMXwf4uq8SpBbWFg.roa (raw, json)
Hash identifier:          VzbeMxnhIYZT9DOE8v/1XPTQt4t80MoDua2GzPrnWcg=
Subject key identifier:   93:22:15:4C:79:A8:82:CA:EE:31:7C:1F:E2:EA:BC:4A:90:5B:58:58
Certificate issuer:       /CN=34832317d2544434b659e5692071d8e4c4938b06
Certificate serial:       0191A83616AFB81802AC8B2258E2A28FB996
Authority key identifier: 34:83:23:17:D2:54:44:34:B6:59:E5:69:20:71:D8:E4:C4:93:8B:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NIMjF9JURDS2WeVpIHHY5MSTiwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/5a2ed9-8f8e-4c1d-aaf3-30c65ad83291/1/kyIVTHmogsruMXwf4uq8SpBbWFg.roa
Signing time:             Sat 31 Aug 2024 11:33:22 +0000
ROA not before:           Sat 31 Aug 2024 11:33:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197893
IP address blocks:        176.28.73.0/24 maxlen: 24
                          176.28.74.0/24 maxlen: 24
                          176.28.75.0/24 maxlen: 24
                          176.28.79.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/5a2ed9-8f8e-4c1d-aaf3-30c65ad83291/1/NIMjF9JURDS2WeVpIHHY5MSTiwY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/5a2ed9-8f8e-4c1d-aaf3-30c65ad83291/1/NIMjF9JURDS2WeVpIHHY5MSTiwY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NIMjF9JURDS2WeVpIHHY5MSTiwY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:a8:36:16:af:b8:18:02:ac:8b:22:58:e2:a2:8f:b9:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34832317d2544434b659e5692071d8e4c4938b06
        Validity
            Not Before: Aug 31 11:33:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9322154c79a882caee317c1fe2eabc4a905b5858
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:f3:0e:5f:58:05:98:bb:67:df:90:64:9b:c4:
                    5a:3d:23:2c:39:32:bb:c5:cf:f4:40:f1:88:7b:c4:
                    34:40:c6:f5:03:20:9a:11:e3:43:86:7b:2b:34:a4:
                    da:dd:54:40:d2:8c:67:c1:68:a4:5a:15:af:71:d8:
                    a6:3a:b3:33:60:c9:3a:1c:e2:b5:3a:2d:fa:f1:1c:
                    ed:1c:c5:eb:71:42:ae:45:d6:b8:7a:ac:99:4e:aa:
                    e7:62:06:87:90:ec:0c:4f:ee:6e:36:20:44:5c:eb:
                    fb:8f:cf:44:bd:33:25:29:bc:3a:84:27:bf:73:37:
                    cc:0a:1b:36:1b:4a:92:71:c8:bc:27:80:a1:a1:66:
                    3e:c6:a8:6c:54:77:0e:56:ac:60:86:22:77:fb:4b:
                    b7:3a:6c:74:47:94:f0:19:81:1c:a0:6d:12:5d:93:
                    44:55:81:cf:46:d4:c0:d1:cc:e0:01:2c:6b:10:07:
                    d1:39:d4:7e:3b:d4:f3:9b:4a:0b:83:69:2e:eb:b1:
                    22:d1:c9:df:d9:09:2a:5a:7a:65:bb:0c:b4:20:c0:
                    a8:c2:eb:ce:43:d7:ab:eb:34:42:20:bc:0d:58:ea:
                    8c:e9:84:b0:ff:1c:78:da:10:cf:e8:60:82:2e:ed:
                    a5:ac:63:7f:c1:51:3e:cb:f5:c3:dc:81:5c:fc:05:
                    e2:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:22:15:4C:79:A8:82:CA:EE:31:7C:1F:E2:EA:BC:4A:90:5B:58:58
            X509v3 Authority Key Identifier:
                keyid:34:83:23:17:D2:54:44:34:B6:59:E5:69:20:71:D8:E4:C4:93:8B:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NIMjF9JURDS2WeVpIHHY5MSTiwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/5a2ed9-8f8e-4c1d-aaf3-30c65ad83291/1/kyIVTHmogsruMXwf4uq8SpBbWFg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/5a2ed9-8f8e-4c1d-aaf3-30c65ad83291/1/NIMjF9JURDS2WeVpIHHY5MSTiwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.28.73.0-176.28.75.255
                  176.28.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:bd:e8:ed:c5:3d:0f:dc:ce:61:b0:a8:c2:41:f6:30:ab:da:
         32:a4:1a:82:99:6f:19:ea:a0:31:83:19:7e:60:d8:28:91:f4:
         a6:ab:24:64:f7:9a:a4:21:c9:e7:c0:12:23:ac:fb:a5:2d:59:
         9c:c9:58:79:c6:56:5c:e8:5e:c3:2d:18:85:a7:02:d4:de:1e:
         df:e4:c2:be:b8:b9:dc:db:ba:a2:a2:d8:b9:72:6a:31:ba:18:
         ca:f9:de:b6:8d:55:ea:1a:42:7a:c1:b0:29:83:33:7c:28:de:
         6b:30:d8:8f:92:be:ff:29:db:30:20:60:b3:28:f8:b9:c5:13:
         e8:1f:87:a9:f8:cc:40:3f:32:f9:b2:fe:28:0f:b1:14:99:60:
         ac:4b:66:dc:9c:5f:db:69:55:19:ac:4c:4a:97:fc:3c:fc:a4:
         7d:29:e2:9f:ec:ee:35:45:ce:e4:87:6a:ea:54:03:6d:06:a5:
         e5:a3:a5:18:c1:42:f6:af:a3:1d:35:7b:05:44:d2:9a:36:12:
         53:c5:d1:12:e9:04:90:90:cf:c7:42:8c:7b:96:80:46:09:4b:
         74:e0:44:6c:d9:f5:92:b2:93:34:8c:2d:14:23:ff:1f:20:15:
         22:cd:44:28:3f:9f:a6:15:16:43:a5:2e:01:f3:08:78:5d:04:
         9e:e5:7d:f8
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZGoNhavuBgCrIsiWOKij7mWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0ODMyMzE3ZDI1NDQ0MzRiNjU5ZTU2OTIwNzFkOGU0YzQ5
MzhiMDYwHhcNMjQwODMxMTEzMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzIyMTU0Yzc5YTg4MmNhZWUzMTdjMWZlMmVhYmM0YTkwNWI1ODU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApPMOX1gFmLtn35Bkm8RaPSMsOTK7
xc/0QPGIe8Q0QMb1AyCaEeNDhnsrNKTa3VRA0oxnwWikWhWvcdimOrMzYMk6HOK1
Oi368RztHMXrcUKuRda4eqyZTqrnYgaHkOwMT+5uNiBEXOv7j89EvTMlKbw6hCe/
czfMChs2G0qScci8J4ChoWY+xqhsVHcOVqxghiJ3+0u3Omx0R5TwGYEcoG0SXZNE
VYHPRtTA0czgASxrEAfROdR+O9Tzm0oLg2ku67Ei0cnf2QkqWnpluwy0IMCowuvO
Q9er6zRCILwNWOqM6YSw/xx42hDP6GCCLu2lrGN/wVE+y/XD3IFc/AXicQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFJMiFUx5qILK7jF8H+LqvEqQW1hYMB8GA1UdIwQY
MBaAFDSDIxfSVEQ0tlnlaSBx2OTEk4sGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTklNakY5SlVSRFMyV2VWcElISFk1TVNUaXdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS81YTJlZDktOGY4ZS00YzFkLWFhZjMt
MzBjNjVhZDgzMjkxLzEva3lJVlRIbW9nc3J1TVh3ZjR1cThTcEJiV0ZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS81YTJlZDktOGY4ZS00YzFkLWFhZjMtMzBjNjVhZDgzMjkx
LzEvTklNakY5SlVSRFMyV2VWcElISFk1TVNUaXdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBACwHEkD
BAKwHEgDBACwHE8wDQYJKoZIhvcNAQELBQADggEBADO96O3FPQ/czmGwqMJB9jCr
2jKkGoKZbxnqoDGDGX5g2CiR9KarJGT3mqQhyefAEiOs+6UtWZzJWHnGVlzoXsMt
GIWnAtTeHt/kwr64udzbuqKi2LlyajG6GMr53raNVeoaQnrBsCmDM3wo3msw2I+S
vv8p2zAgYLMo+LnFE+gfh6n4zEA/Mvmy/igPsRSZYKxLZtycX9tpVRmsTEqX/Dz8
pH0p4p/s7jVFzuSHaupUA20GpeWjpRjBQvavox01ewVE0po2ElPF0RLpBJCQz8dC
jHuWgEYJS3TgRGzZ9ZKykzSMLRQj/x8gFSLNRCg/n6YVFkOlLgHzCHhdBJ7lffg=
-----END CERTIFICATE-----