Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/ae6751-178d-41e1-aec2-0f68e5bffc7d/1/kFG4549T67H5q3WqA0uutkQlLP8.roa
File:                     kFG4549T67H5q3WqA0uutkQlLP8.roa (raw, json)
Hash identifier:          zzq2p4/btT1OgpPRtJt1vMeMPKUG3Iu7YhtZOGhYIGw=
Subject key identifier:   90:51:B8:E7:8F:53:EB:B1:F9:AB:75:AA:03:4B:AE:B6:44:25:2C:FF
Certificate issuer:       /CN=a59da4a8638dbdd6fa43c27d3ac6ec8d9acc878a
Certificate serial:       018CC94D9C0F29AD4254E9F3637D120CA155
Authority key identifier: A5:9D:A4:A8:63:8D:BD:D6:FA:43:C2:7D:3A:C6:EC:8D:9A:CC:87:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pZ2kqGONvdb6Q8J9OsbsjZrMh4o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/ae6751-178d-41e1-aec2-0f68e5bffc7d/1/kFG4549T67H5q3WqA0uutkQlLP8.roa
Signing time:             Tue 02 Jan 2024 08:32:35 +0000
ROA not before:           Tue 02 Jan 2024 08:32:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41998
IP address blocks:        178.212.90.0/23 maxlen: 23
                          178.212.94.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/ae6751-178d-41e1-aec2-0f68e5bffc7d/1/pZ2kqGONvdb6Q8J9OsbsjZrMh4o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/ae6751-178d-41e1-aec2-0f68e5bffc7d/1/pZ2kqGONvdb6Q8J9OsbsjZrMh4o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pZ2kqGONvdb6Q8J9OsbsjZrMh4o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 11:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:9c:0f:29:ad:42:54:e9:f3:63:7d:12:0c:a1:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a59da4a8638dbdd6fa43c27d3ac6ec8d9acc878a
        Validity
            Not Before: Jan  2 08:32:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9051b8e78f53ebb1f9ab75aa034baeb644252cff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:3f:21:bb:81:2e:94:10:57:97:ec:20:16:97:
                    d7:67:7f:9a:5a:eb:f2:81:79:7a:71:cf:32:25:82:
                    da:52:77:0e:b6:6f:a0:94:72:3c:6d:e0:c1:a4:ac:
                    ff:3a:f3:20:7c:f2:2b:ea:22:19:d6:6d:d6:0b:a5:
                    f0:db:2b:7c:fe:c9:b0:42:78:8a:29:89:8b:61:cd:
                    16:2b:6e:d5:50:9b:10:e5:c5:a1:ff:32:d5:db:c4:
                    a9:3b:51:b8:46:1d:c5:75:af:cb:23:0d:eb:fe:5a:
                    1a:59:48:43:dd:27:7f:a7:3b:df:3d:b1:13:4f:40:
                    cd:00:0e:b2:d2:dc:03:ef:47:3e:d8:28:d0:6c:a6:
                    6a:44:2b:3f:07:f4:e8:60:0a:8c:f4:79:f7:09:f7:
                    b2:32:6b:71:f2:5b:63:1f:2a:70:38:ac:59:1d:85:
                    20:dd:1f:44:0f:f6:e0:60:c5:40:1d:56:4d:96:ad:
                    b1:9b:48:9e:99:12:7a:f3:7e:71:76:b9:18:41:93:
                    56:e8:a5:19:b2:f5:df:59:fd:da:f0:87:a1:46:a1:
                    35:ec:52:1d:86:9c:be:53:50:c9:4b:65:0b:13:15:
                    03:c3:a9:f5:f0:0b:92:80:cb:e3:73:0e:c5:41:05:
                    b8:bc:e8:17:b0:40:33:05:c9:b7:7b:c0:a9:b3:a6:
                    d6:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:51:B8:E7:8F:53:EB:B1:F9:AB:75:AA:03:4B:AE:B6:44:25:2C:FF
            X509v3 Authority Key Identifier:
                keyid:A5:9D:A4:A8:63:8D:BD:D6:FA:43:C2:7D:3A:C6:EC:8D:9A:CC:87:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pZ2kqGONvdb6Q8J9OsbsjZrMh4o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/ae6751-178d-41e1-aec2-0f68e5bffc7d/1/kFG4549T67H5q3WqA0uutkQlLP8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/ae6751-178d-41e1-aec2-0f68e5bffc7d/1/pZ2kqGONvdb6Q8J9OsbsjZrMh4o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.212.90.0/23
                  178.212.94.0/23

    Signature Algorithm: sha256WithRSAEncryption
         60:00:58:01:d5:3f:79:8d:9f:07:98:bf:7c:6d:05:c2:ae:71:
         9e:32:1d:64:04:ab:bb:ac:93:94:29:bf:ed:61:37:f9:66:85:
         23:67:e1:f4:49:b1:49:61:94:48:ae:c0:14:97:b4:ba:e3:79:
         60:ef:fb:a3:3f:c1:b1:f5:47:1e:5b:da:13:f1:7b:3f:06:fa:
         a1:8b:97:ce:1c:bf:d8:cf:c6:0b:40:6c:8f:ff:80:0e:f4:f4:
         f7:e7:ba:08:01:e7:23:58:90:f8:86:12:63:cf:0d:cb:5c:dc:
         ec:be:9d:17:6a:11:1f:b1:30:3f:88:6f:f6:fb:99:f5:2f:6d:
         0b:8e:49:6e:a3:42:91:7c:da:fc:b7:58:42:0a:85:fe:2b:5d:
         21:cc:1a:2a:dd:76:1c:8a:1d:77:84:c7:68:7f:ab:a0:04:49:
         3e:a6:8e:76:0d:6f:bc:88:f7:79:38:5b:e5:f5:42:c4:89:f6:
         1d:51:db:d9:07:1b:77:dd:00:c8:77:af:71:1f:9d:2a:f5:d4:
         b8:cc:98:ab:f4:fe:61:1e:58:4a:45:4c:4d:47:bc:2d:3b:ab:
         f9:80:cd:a6:a5:0d:17:bd:d0:4b:fc:27:0c:f5:7f:ba:07:7f:
         2f:a3:fb:2b:81:b7:72:16:06:e1:9b:68:61:43:d2:aa:c7:25:
         1c:26:cb:05
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJTZwPKa1CVOnzY30SDKFVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1OWRhNGE4NjM4ZGJkZDZmYTQzYzI3ZDNhYzZlYzhkOWFj
Yzg3OGEwHhcNMjQwMTAyMDgzMjM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDUxYjhlNzhmNTNlYmIxZjlhYjc1YWEwMzRiYWViNjQ0MjUyY2ZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvD8hu4EulBBXl+wgFpfXZ3+aWuvy
gXl6cc8yJYLaUncOtm+glHI8beDBpKz/OvMgfPIr6iIZ1m3WC6Xw2yt8/smwQniK
KYmLYc0WK27VUJsQ5cWh/zLV28SpO1G4Rh3Fda/LIw3r/loaWUhD3Sd/pzvfPbET
T0DNAA6y0twD70c+2CjQbKZqRCs/B/ToYAqM9Hn3CfeyMmtx8ltjHypwOKxZHYUg
3R9ED/bgYMVAHVZNlq2xm0iemRJ6835xdrkYQZNW6KUZsvXfWf3a8IehRqE17FId
hpy+U1DJS2ULExUDw6n18AuSgMvjcw7FQQW4vOgXsEAzBcm3e8Cps6bW3wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJBRuOePU+ux+at1qgNLrrZEJSz/MB8GA1UdIwQY
MBaAFKWdpKhjjb3W+kPCfTrG7I2azIeKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFoya3FHT052ZGI2UThKOU9zYnNqWnJNaDRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9hZTY3NTEtMTc4ZC00MWUxLWFlYzIt
MGY2OGU1YmZmYzdkLzEva0ZHNDU0OVQ2N0g1cTNXcUEwdXV0a1FsTFA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9hZTY3NTEtMTc4ZC00MWUxLWFlYzItMGY2OGU1YmZmYzdk
LzEvcFoya3FHT052ZGI2UThKOU9zYnNqWnJNaDRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBstRaAwQB
stReMA0GCSqGSIb3DQEBCwUAA4IBAQBgAFgB1T95jZ8HmL98bQXCrnGeMh1kBKu7
rJOUKb/tYTf5ZoUjZ+H0SbFJYZRIrsAUl7S643lg7/ujP8Gx9UceW9oT8Xs/Bvqh
i5fOHL/Yz8YLQGyP/4AO9PT357oIAecjWJD4hhJjzw3LXNzsvp0XahEfsTA/iG/2
+5n1L20Ljkluo0KRfNr8t1hCCoX+K10hzBoq3XYcih13hMdof6ugBEk+po52DW+8
iPd5OFvl9ULEifYdUdvZBxt33QDId69xH50q9dS4zJir9P5hHlhKRUxNR7wtO6v5
gM2mpQ0XvdBL/CcM9X+6B38vo/srgbdyFgbhm2hhQ9KqxyUcJssF
-----END CERTIFICATE-----