Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/KmhLxxgBgVBzswli0PYu7RYKHaQ.roa
File:                     KmhLxxgBgVBzswli0PYu7RYKHaQ.roa (raw, json)
Hash identifier:          oq7vqgQj1OZU4yVNYLKFJyoq010ikluNzxIHkYsgVMU=
Subject key identifier:   2A:68:4B:C7:18:01:81:50:73:B3:09:62:D0:F6:2E:ED:16:0A:1D:A4
Certificate issuer:       /CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
Certificate serial:       018CC9BCE0AF73F855CB9816FA503208C38D
Authority key identifier: 08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/KmhLxxgBgVBzswli0PYu7RYKHaQ.roa
Signing time:             Tue 02 Jan 2024 10:34:07 +0000
ROA not before:           Tue 02 Jan 2024 10:34:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56330
IP address blocks:        2a02:2698:3400::/38 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:e0:af:73:f8:55:cb:98:16:fa:50:32:08:c3:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
        Validity
            Not Before: Jan  2 10:34:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a684bc71801815073b30962d0f62eed160a1da4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:d4:c4:f4:e2:64:9b:df:2f:00:0c:69:db:6b:
                    f8:da:db:36:59:0e:b0:33:49:36:4c:5d:a3:e6:62:
                    61:12:b5:c5:8a:2a:46:a7:00:0d:4f:d4:da:5d:e0:
                    c7:6b:a7:88:3c:3e:f1:df:8d:43:a4:35:70:c2:fd:
                    03:8e:ee:1d:ae:c9:09:3a:f3:cc:4d:af:93:f0:ee:
                    1c:60:3d:12:07:6f:0f:77:20:32:3e:43:4d:8e:79:
                    f9:48:f4:e8:be:7d:5a:59:ca:57:94:8e:86:fa:88:
                    c9:0e:5b:2f:6b:70:b9:34:bb:e8:f5:9a:3b:a2:9b:
                    0d:4f:01:d6:b9:c6:92:e7:04:0c:dd:87:da:8b:8d:
                    ae:25:ce:ee:43:d0:86:cf:6f:1b:0a:30:c8:bc:42:
                    ab:51:d4:da:6b:c2:dd:a4:3c:6e:8a:ae:06:d5:f0:
                    94:3a:86:54:cf:7b:8f:77:79:42:8b:3a:4e:84:9f:
                    46:63:d5:39:09:a8:b0:ee:31:0b:d8:ad:ef:00:b7:
                    7a:61:74:f5:a4:5d:73:0f:b7:b1:42:33:16:69:7e:
                    9e:50:f3:b8:54:ee:c7:54:7e:2e:27:8f:07:02:f4:
                    aa:17:cf:41:f3:db:b3:d7:28:77:75:84:e1:f5:ed:
                    34:0f:f7:03:99:23:d3:2a:5c:91:71:eb:21:2c:53:
                    56:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:68:4B:C7:18:01:81:50:73:B3:09:62:D0:F6:2E:ED:16:0A:1D:A4
            X509v3 Authority Key Identifier:
                keyid:08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/KmhLxxgBgVBzswli0PYu7RYKHaQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:2698:3400::/38

    Signature Algorithm: sha256WithRSAEncryption
         1f:74:3a:54:af:41:7b:20:d5:04:b7:0b:c5:65:ac:1a:92:27:
         4f:03:88:c8:15:ad:48:89:29:52:7c:9b:dd:47:5a:95:5e:c8:
         41:0e:fc:52:31:12:54:d1:f2:0d:18:f6:53:ad:4a:18:be:be:
         20:7b:1d:ed:26:ee:84:c8:fa:7f:3b:ce:ce:6d:30:a6:4b:c4:
         d8:f3:ce:cd:da:bf:65:1d:0f:fd:61:3b:a9:ad:d7:56:6d:02:
         3e:1c:9b:48:79:59:f5:d1:14:eb:23:dd:a8:e4:3c:db:fc:57:
         81:c9:31:0b:b7:2b:67:fe:ed:61:34:2a:57:f9:6a:e8:32:ed:
         01:a2:2c:af:c7:fe:bc:29:98:ab:f5:56:72:60:e8:29:3d:ee:
         cc:73:b8:d9:0f:48:cb:7d:f3:1f:8a:7f:8b:16:a0:8f:8c:09:
         ca:fb:c6:5d:5c:69:17:4c:60:e2:c9:f5:d5:64:b7:bf:28:93:
         4f:fb:f6:6c:20:3d:32:7d:e8:a7:5b:ee:fd:e0:d7:60:e5:85:
         82:08:eb:87:a5:b5:a0:3e:de:67:69:49:af:cb:32:94:ab:20:
         df:0a:5e:05:6f:3c:52:e9:7f:f1:04:ab:dc:b8:a8:ee:e2:08:
         77:9c:50:01:61:0d:30:73:32:6d:43:40:a8:fb:69:fc:8a:e0:
         cf:e2:31:7f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJvOCvc/hVy5gW+lAyCMONMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MDJiOTVjZTYyMzlkNTI2YzM1YWU3YThlMmNlYjQ4YWVi
ODJiNWYwHhcNMjQwMTAyMTAzNDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTY4NGJjNzE4MDE4MTUwNzNiMzA5NjJkMGY2MmVlZDE2MGExZGE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAotTE9OJkm98vAAxp22v42ts2WQ6w
M0k2TF2j5mJhErXFiipGpwANT9TaXeDHa6eIPD7x341DpDVwwv0Dju4drskJOvPM
Ta+T8O4cYD0SB28PdyAyPkNNjnn5SPTovn1aWcpXlI6G+ojJDlsva3C5NLvo9Zo7
opsNTwHWucaS5wQM3Yfai42uJc7uQ9CGz28bCjDIvEKrUdTaa8LdpDxuiq4G1fCU
OoZUz3uPd3lCizpOhJ9GY9U5Caiw7jEL2K3vALd6YXT1pF1zD7exQjMWaX6eUPO4
VO7HVH4uJ48HAvSqF89B89uz1yh3dYTh9e00D/cDmSPTKlyRceshLFNWuwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFCpoS8cYAYFQc7MJYtD2Lu0WCh2kMB8GA1UdIwQY
MBaAFAgCuVzmI51SbDWueo4s60iuuCtfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDIt
Y2YwYWEzZWNhZDI4LzEvS21oTHh4Z0JnVkJ6c3dsaTBQWXU3UllLSGFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDItY2YwYWEzZWNhZDI4
LzEvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYCKgImmDQw
DQYJKoZIhvcNAQELBQADggEBAB90OlSvQXsg1QS3C8VlrBqSJ08DiMgVrUiJKVJ8
m91HWpVeyEEO/FIxElTR8g0Y9lOtShi+viB7He0m7oTI+n87zs5tMKZLxNjzzs3a
v2UdD/1hO6mt11ZtAj4cm0h5WfXRFOsj3ajkPNv8V4HJMQu3K2f+7WE0Klf5augy
7QGiLK/H/rwpmKv1VnJg6Ck97sxzuNkPSMt98x+Kf4sWoI+MCcr7xl1caRdMYOLJ
9dVkt78ok0/79mwgPTJ96Kdb7v3g12DlhYII64eltaA+3mdpSa/LMpSrIN8KXgVv
PFLpf/EEq9y4qO7iCHecUAFhDTBzMm1DQKj7afyK4M/iMX8=
-----END CERTIFICATE-----