Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/KAhsxSQlFQN3oO8Eck6YseugNCI.roa
File:                     KAhsxSQlFQN3oO8Eck6YseugNCI.roa (raw, json)
Hash identifier:          zYLWEovLNx3/lIHQM/vtWK3Rjd/9zYoy1C4Na86jP1w=
Subject key identifier:   28:08:6C:C5:24:25:15:03:77:A0:EF:04:72:4E:98:B1:EB:A0:34:22
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       018CC64ADE17D5943B5DD96B94BD37664A28
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/KAhsxSQlFQN3oO8Eck6YseugNCI.roa
Signing time:             Mon 01 Jan 2024 18:30:44 +0000
ROA not before:           Mon 01 Jan 2024 18:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25103
IP address blocks:        80.96.234.0/24 maxlen: 24
                          80.96.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:de:17:d5:94:3b:5d:d9:6b:94:bd:37:66:4a:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 18:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=28086cc52425150377a0ef04724e98b1eba03422
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:06:e2:65:08:04:0f:7e:dd:98:b0:1a:60:40:
                    db:08:ed:e4:5b:1a:c3:5d:3f:47:e7:11:5b:93:7a:
                    49:d1:e5:f8:6d:5b:47:2c:b4:2c:21:ce:e9:d1:e4:
                    68:a1:e4:df:5d:cb:2b:40:23:05:2c:48:e1:dc:a1:
                    17:ec:2c:39:2f:91:b2:c8:6f:ae:e8:fd:79:d2:51:
                    0d:42:ce:82:9f:2c:f2:ca:4c:8a:2a:89:95:05:a9:
                    a6:06:33:a7:59:22:76:ac:01:d5:80:0b:d2:d4:c6:
                    89:16:a9:4e:9a:43:8c:64:55:92:b6:65:f6:ba:83:
                    d7:26:46:ab:ac:e8:ff:4c:11:72:33:53:a2:c1:e7:
                    6a:06:af:a3:4e:d9:25:cd:15:d3:e1:52:35:f0:b2:
                    a1:4c:97:e9:0c:26:47:4e:ae:82:4e:d6:a1:bf:11:
                    79:61:45:77:42:0a:63:99:ca:84:63:33:e2:81:31:
                    16:29:bc:93:b3:f1:1e:41:73:7c:e9:74:8c:ea:4d:
                    21:98:f9:c5:5e:fe:8e:bb:26:66:82:1c:6a:68:a2:
                    3a:1f:60:1b:10:2b:9d:ac:87:de:68:bb:1b:e0:41:
                    05:59:f2:4a:8e:ca:b2:1c:50:06:84:36:f9:7d:f8:
                    49:3f:f4:a3:61:c0:81:f8:85:cf:c5:b6:ad:b9:75:
                    17:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:08:6C:C5:24:25:15:03:77:A0:EF:04:72:4E:98:B1:EB:A0:34:22
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/KAhsxSQlFQN3oO8Eck6YseugNCI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.96.234.0/24
                  80.96.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:af:d6:1c:0f:f4:7e:a7:b3:ef:81:04:35:01:54:ef:0a:83:
         69:7e:86:c4:77:4c:6a:65:cd:79:f7:38:8b:d4:4c:fe:90:5a:
         68:c8:e2:ba:08:fd:80:e3:d7:5c:96:cb:e4:83:30:1b:64:a1:
         aa:d3:37:52:35:fe:9b:13:e2:6e:97:f8:27:19:54:cd:f0:70:
         a7:67:ad:4f:7d:3c:06:45:66:05:0c:12:94:83:c2:6b:a2:3f:
         1a:5c:b8:e6:96:25:37:1a:66:47:53:13:15:b0:97:d7:3b:59:
         b0:92:3c:80:5f:6d:33:fd:9b:22:99:6d:04:0b:47:14:61:97:
         a9:12:e1:78:de:aa:a8:5b:a3:b6:79:f5:5f:7a:70:3e:3b:0b:
         a8:1f:bc:39:4f:dd:0d:0d:2f:fc:5c:50:06:81:9f:1b:13:9b:
         83:4a:32:71:39:d5:13:5c:13:9f:cc:97:b3:28:c6:5e:fb:13:
         29:7b:6d:84:33:92:0c:d6:0f:c0:ad:2e:a1:d6:af:7c:00:a3:
         78:73:5d:ba:5f:19:67:fa:c0:dd:e6:4d:9c:11:c4:7c:b5:0d:
         08:bc:d9:ca:6d:ce:22:50:4f:ad:f6:15:91:fc:78:0b:07:c0:
         79:c9:f6:88:7b:10:0c:10:32:15:69:18:4a:10:3d:cd:8b:3f:
         99:0a:65:e0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGSt4X1ZQ7XdlrlL03ZkooMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjQwMTAxMTgzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODA4NmNjNTI0MjUxNTAzNzdhMGVmMDQ3MjRlOThiMWViYTAzNDIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtAbiZQgED37dmLAaYEDbCO3kWxrD
XT9H5xFbk3pJ0eX4bVtHLLQsIc7p0eRooeTfXcsrQCMFLEjh3KEX7Cw5L5GyyG+u
6P150lENQs6CnyzyykyKKomVBammBjOnWSJ2rAHVgAvS1MaJFqlOmkOMZFWStmX2
uoPXJkarrOj/TBFyM1OiwedqBq+jTtklzRXT4VI18LKhTJfpDCZHTq6CTtahvxF5
YUV3QgpjmcqEYzPigTEWKbyTs/EeQXN86XSM6k0hmPnFXv6OuyZmghxqaKI6H2Ab
ECudrIfeaLsb4EEFWfJKjsqyHFAGhDb5ffhJP/SjYcCB+IXPxbatuXUXrQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCgIbMUkJRUDd6DvBHJOmLHroDQiMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvS0Foc3hTUWxGUU4zb084RWNrNllzZXVnTkNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUGDqAwQA
UGD3MA0GCSqGSIb3DQEBCwUAA4IBAQBQr9YcD/R+p7PvgQQ1AVTvCoNpfobEd0xq
Zc159ziL1Ez+kFpoyOK6CP2A49dclsvkgzAbZKGq0zdSNf6bE+Jul/gnGVTN8HCn
Z61PfTwGRWYFDBKUg8Jroj8aXLjmliU3GmZHUxMVsJfXO1mwkjyAX20z/ZsimW0E
C0cUYZepEuF43qqoW6O2efVfenA+OwuoH7w5T90NDS/8XFAGgZ8bE5uDSjJxOdUT
XBOfzJezKMZe+xMpe22EM5IM1g/ArS6h1q98AKN4c126Xxln+sDd5k2cEcR8tQ0I
vNnKbc4iUE+t9hWR/HgLB8B5yfaIexAMEDIVaRhKED3Niz+ZCmXg
-----END CERTIFICATE-----