Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/a5235f-62fb-4abb-8037-2ad195264c72/1/kOvO8CR_FX7pVsgJaG4WEow0tck.roa
File:                     kOvO8CR_FX7pVsgJaG4WEow0tck.roa (raw, json)
Hash identifier:          x179Uh3yeutyEEuJ423CR/TaAO4vJutHT35xrdoMILs=
Subject key identifier:   90:EB:CE:F0:24:7F:15:7E:E9:56:C8:09:68:6E:16:12:8C:34:B5:C9
Certificate issuer:       /CN=9145ead8d3f1284402b6f75614a87257503ce1bc
Certificate serial:       018CC2DADB072113D42D0487E9B48D001061
Authority key identifier: 91:45:EA:D8:D3:F1:28:44:02:B6:F7:56:14:A8:72:57:50:3C:E1:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kUXq2NPxKEQCtvdWFKhyV1A84bw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/a5235f-62fb-4abb-8037-2ad195264c72/1/kOvO8CR_FX7pVsgJaG4WEow0tck.roa
Signing time:             Mon 01 Jan 2024 02:29:31 +0000
ROA not before:           Mon 01 Jan 2024 02:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60233
IP address blocks:        94.177.80.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/a5235f-62fb-4abb-8037-2ad195264c72/1/kUXq2NPxKEQCtvdWFKhyV1A84bw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/a5235f-62fb-4abb-8037-2ad195264c72/1/kUXq2NPxKEQCtvdWFKhyV1A84bw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kUXq2NPxKEQCtvdWFKhyV1A84bw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:db:07:21:13:d4:2d:04:87:e9:b4:8d:00:10:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9145ead8d3f1284402b6f75614a87257503ce1bc
        Validity
            Not Before: Jan  1 02:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=90ebcef0247f157ee956c809686e16128c34b5c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:c9:bb:f8:d6:c7:45:d8:a9:8e:81:39:bf:31:
                    ff:af:87:9e:82:28:93:89:75:af:01:74:16:d6:3c:
                    78:33:c4:e7:33:51:c5:d1:77:32:5e:99:8a:f1:7e:
                    31:93:2a:65:6b:8e:65:3c:b0:71:e2:3b:94:2c:e0:
                    59:02:1d:c2:b4:27:06:80:ba:f8:99:a0:7f:82:dd:
                    9c:49:a7:b1:02:bc:7c:eb:9f:3a:e4:f0:f4:45:4e:
                    07:b2:91:90:02:6b:f3:cb:3c:f9:9d:c9:60:71:95:
                    f9:bd:26:7b:6d:0f:2a:b3:4f:d5:06:bb:b9:97:3f:
                    08:f6:68:28:6a:28:7d:9d:f8:50:6c:40:48:f3:9c:
                    b5:44:1d:4c:94:b3:da:93:29:73:71:d3:2e:00:f5:
                    20:10:00:1d:2e:e3:fe:d3:7a:fc:b1:3b:6a:ea:a5:
                    8a:c8:24:f9:82:32:37:35:18:01:c1:68:e5:22:44:
                    40:e9:7a:3f:58:d2:95:c2:94:72:6b:0e:c9:6c:df:
                    4e:07:ec:89:b6:ff:e1:4b:a1:e7:29:7f:80:6e:5f:
                    5f:96:87:dd:ae:0f:78:32:25:37:1b:fa:bf:bc:1a:
                    35:ba:e5:8c:20:16:19:e5:cc:5c:e9:56:da:6e:0a:
                    ba:78:9c:4a:6c:58:dd:6f:30:87:ad:30:9f:60:59:
                    64:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:EB:CE:F0:24:7F:15:7E:E9:56:C8:09:68:6E:16:12:8C:34:B5:C9
            X509v3 Authority Key Identifier:
                keyid:91:45:EA:D8:D3:F1:28:44:02:B6:F7:56:14:A8:72:57:50:3C:E1:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUXq2NPxKEQCtvdWFKhyV1A84bw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/a5235f-62fb-4abb-8037-2ad195264c72/1/kOvO8CR_FX7pVsgJaG4WEow0tck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/a5235f-62fb-4abb-8037-2ad195264c72/1/kUXq2NPxKEQCtvdWFKhyV1A84bw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.177.80.0/21

    Signature Algorithm: sha256WithRSAEncryption
         a6:ea:cf:42:30:a0:b9:61:1a:48:c2:1d:94:20:65:2b:ab:0c:
         db:8e:ce:c2:10:9f:16:7e:9c:d6:88:76:ba:d3:30:72:ec:75:
         8d:7e:41:fa:58:3f:44:12:24:a6:d2:89:bd:f9:26:bf:50:b6:
         9a:2b:bc:cc:bf:2e:54:24:2c:a1:6b:fb:1e:39:42:7e:b5:06:
         8e:5c:14:b4:9e:b6:a0:c3:3d:61:b2:16:5f:93:d2:a4:07:d4:
         90:43:50:a6:5a:2e:77:66:6c:ec:27:bf:f4:45:a6:ac:51:c6:
         d5:b2:11:9e:e7:ba:dc:a3:66:e1:ae:8d:a6:dc:90:60:c1:dd:
         a6:21:60:43:67:0f:1c:60:9c:ce:2f:78:f0:83:ed:5a:e3:0f:
         2a:2e:ab:51:9a:14:a2:44:45:19:2e:eb:f9:ed:f9:36:b2:4f:
         fd:70:4f:12:08:1f:f4:0e:5d:99:7c:e1:e0:dc:e6:14:b1:bf:
         01:8f:e6:61:1c:0d:29:ea:f8:eb:35:dc:bd:3f:1f:f5:fa:0b:
         20:ec:2e:4e:4c:c6:07:c9:bd:88:05:ce:13:59:89:8e:0a:38:
         00:fb:0a:6b:9c:9a:0d:71:cc:fc:be:e2:c7:2d:8c:03:9a:ba:
         a4:93:04:0e:09:d0:11:59:f9:4d:4a:b6:85:e5:19:09:95:93:
         b4:76:96:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2tsHIRPULQSH6bSNABBhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNDVlYWQ4ZDNmMTI4NDQwMmI2Zjc1NjE0YTg3MjU3NTAz
Y2UxYmMwHhcNMjQwMTAxMDIyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGViY2VmMDI0N2YxNTdlZTk1NmM4MDk2ODZlMTYxMjhjMzRiNWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl8m7+NbHRdipjoE5vzH/r4eegiiT
iXWvAXQW1jx4M8TnM1HF0XcyXpmK8X4xkypla45lPLBx4juULOBZAh3CtCcGgLr4
maB/gt2cSaexArx865865PD0RU4HspGQAmvzyzz5nclgcZX5vSZ7bQ8qs0/VBru5
lz8I9mgoaih9nfhQbEBI85y1RB1MlLPakylzcdMuAPUgEAAdLuP+03r8sTtq6qWK
yCT5gjI3NRgBwWjlIkRA6Xo/WNKVwpRyaw7JbN9OB+yJtv/hS6HnKX+Abl9flofd
rg94MiU3G/q/vBo1uuWMIBYZ5cxc6Vbabgq6eJxKbFjdbzCHrTCfYFlkyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJDrzvAkfxV+6VbICWhuFhKMNLXJMB8GA1UdIwQY
MBaAFJFF6tjT8ShEArb3VhSocldQPOG8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VYcTJOUHhLRVFDdHZkV0ZLaHlWMUE4NGJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9hNTIzNWYtNjJmYi00YWJiLTgwMzct
MmFkMTk1MjY0YzcyLzEva092TzhDUl9GWDdwVnNnSmFHNFdFb3cwdGNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9hNTIzNWYtNjJmYi00YWJiLTgwMzctMmFkMTk1MjY0Yzcy
LzEva1VYcTJOUHhLRVFDdHZkV0ZLaHlWMUE4NGJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDXrFQMA0G
CSqGSIb3DQEBCwUAA4IBAQCm6s9CMKC5YRpIwh2UIGUrqwzbjs7CEJ8WfpzWiHa6
0zBy7HWNfkH6WD9EEiSm0om9+Sa/ULaaK7zMvy5UJCyha/seOUJ+tQaOXBS0nrag
wz1hshZfk9KkB9SQQ1CmWi53ZmzsJ7/0RaasUcbVshGe57rco2bhro2m3JBgwd2m
IWBDZw8cYJzOL3jwg+1a4w8qLqtRmhSiREUZLuv57fk2sk/9cE8SCB/0Dl2ZfOHg
3OYUsb8Bj+ZhHA0p6vjrNdy9Px/1+gsg7C5OTMYHyb2IBc4TWYmOCjgA+wprnJoN
ccz8vuLHLYwDmrqkkwQOCdARWflNSraF5RkJlZO0dpaF
-----END CERTIFICATE-----