Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/kpS-naJC03kxkQNH6Gqd6czsGJ8.roa
File:                     kpS-naJC03kxkQNH6Gqd6czsGJ8.roa (raw, json)
Hash identifier:          AihkqBpw++UOFQlHYkKFQkJN3mM5Sfjwwyo/xvce4vQ=
Subject key identifier:   92:94:BE:9D:A2:42:D3:79:31:91:03:47:E8:6A:9D:E9:CC:EC:18:9F
Certificate issuer:       /CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
Certificate serial:       018D323467BC04AD2B353C0B45D0D86E81E5
Authority key identifier: 68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/kpS-naJC03kxkQNH6Gqd6czsGJ8.roa
Signing time:             Mon 22 Jan 2024 17:25:11 +0000
ROA not before:           Mon 22 Jan 2024 17:25:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41406
IP address blocks:        194.9.24.0/23 maxlen: 23
                          194.9.24.0/24 maxlen: 24
                          194.9.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jul 2024 06:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:32:34:67:bc:04:ad:2b:35:3c:0b:45:d0:d8:6e:81:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
        Validity
            Not Before: Jan 22 17:25:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9294be9da242d37931910347e86a9de9ccec189f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:4b:24:11:b1:01:09:21:e4:74:79:6d:c4:9d:
                    e5:e8:7e:a1:82:01:a7:4a:4c:12:33:37:4d:0b:07:
                    fd:d6:ea:ee:e8:3f:d6:e0:43:e3:07:6f:92:b7:45:
                    e5:bc:dd:df:c0:ae:ab:62:5d:65:6d:ea:b3:5b:49:
                    91:49:b4:0b:9b:85:46:79:9e:f4:c9:9c:77:53:64:
                    f3:b6:6d:b3:9d:8b:94:50:b2:24:2d:9a:8d:10:8b:
                    bb:4d:a7:e6:2b:c2:af:5f:e5:80:49:88:83:2c:ee:
                    e3:6c:fb:f4:1d:2f:3f:5d:c6:23:6f:66:ed:8c:bb:
                    ae:24:a2:0c:9b:44:4c:0a:02:7d:7b:89:4b:89:d9:
                    b0:c5:cc:5b:64:da:43:51:7b:cf:f4:59:61:e4:74:
                    55:c4:4f:80:b7:f9:41:22:02:72:55:99:3a:61:5e:
                    19:fe:bc:53:f9:73:c6:29:22:92:b2:0f:24:a6:ad:
                    ed:97:5c:17:58:00:33:89:35:c7:3c:d9:4c:78:e2:
                    c3:1e:11:f2:0e:97:88:da:b2:49:6a:1d:ea:34:ad:
                    db:36:21:ca:0a:5b:66:27:53:25:08:41:60:da:a9:
                    f8:16:6e:f5:f4:7b:0b:7c:09:69:f2:45:4f:77:08:
                    99:12:ca:63:e1:dd:b3:0f:89:5c:ea:30:a5:9f:2c:
                    9a:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:94:BE:9D:A2:42:D3:79:31:91:03:47:E8:6A:9D:E9:CC:EC:18:9F
            X509v3 Authority Key Identifier:
                keyid:68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/kpS-naJC03kxkQNH6Gqd6czsGJ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.9.24.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b9:67:42:df:79:9f:6b:6e:72:6d:3a:f5:3c:e2:aa:da:4d:b8:
         bd:98:f9:3e:27:f4:c4:6f:e8:1c:6c:b7:1b:31:2a:5d:3c:a1:
         8f:fa:65:a0:41:17:ff:c5:51:cf:43:60:c1:eb:30:51:8d:cd:
         a5:c6:5e:0a:3c:96:7a:83:0b:19:6b:43:66:6e:02:b2:11:4c:
         c5:02:36:5c:c0:b2:8b:bb:9d:23:71:5e:99:2a:b2:ab:c9:e0:
         02:59:63:df:f1:82:2b:8d:84:00:54:03:52:51:43:7e:d7:2d:
         5e:d7:78:e2:b8:c5:21:fa:76:2b:74:b5:87:3f:f3:58:ad:66:
         35:59:3b:a7:b9:cc:d8:1c:d8:f2:e0:1c:be:11:01:5c:0b:c0:
         02:20:af:73:66:48:01:7f:30:f9:af:43:20:08:ff:90:67:36:
         0d:e3:14:cc:f3:0d:d3:33:a8:5e:3d:7a:f4:63:92:48:05:5b:
         b4:08:e5:ef:eb:e9:20:32:f2:fa:d2:b7:f6:90:bb:ea:ef:24:
         34:14:21:eb:20:fb:47:4e:46:0c:29:64:17:51:ae:db:bb:0f:
         d9:6c:f7:58:a4:fe:52:cd:a8:08:4a:ab:de:a9:0c:70:2f:36:
         60:d4:40:76:6e:f3:1a:61:07:74:e3:c1:50:ff:bc:35:93:a0:
         6c:cc:df:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0yNGe8BK0rNTwLRdDYboHlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YzUxMGZjOWI4NjVkOTZlM2FmYzdjNTYwNTZlZmFkOWEz
MzBjNWIwHhcNMjQwMTIyMTcyNTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Mjk0YmU5ZGEyNDJkMzc5MzE5MTAzNDdlODZhOWRlOWNjZWMxODlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApEskEbEBCSHkdHltxJ3l6H6hggGn
SkwSMzdNCwf91uru6D/W4EPjB2+St0XlvN3fwK6rYl1lbeqzW0mRSbQLm4VGeZ70
yZx3U2Tztm2znYuUULIkLZqNEIu7TafmK8KvX+WASYiDLO7jbPv0HS8/XcYjb2bt
jLuuJKIMm0RMCgJ9e4lLidmwxcxbZNpDUXvP9Flh5HRVxE+At/lBIgJyVZk6YV4Z
/rxT+XPGKSKSsg8kpq3tl1wXWAAziTXHPNlMeOLDHhHyDpeI2rJJah3qNK3bNiHK
CltmJ1MlCEFg2qn4Fm719HsLfAlp8kVPdwiZEspj4d2zD4lc6jClnyya1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJKUvp2iQtN5MZEDR+hqnenM7BifMB8GA1UdIwQY
MBaAFGjFEPybhl2W46/HxWBW762aMwxbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEt
NWQ2NjVlOTk4ZjZhLzEva3BTLW5hSkMwM2t4a1FOSDZHcWQ2Y3pzR0o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEtNWQ2NjVlOTk4ZjZh
LzEvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwgkYMA0G
CSqGSIb3DQEBCwUAA4IBAQC5Z0LfeZ9rbnJtOvU84qraTbi9mPk+J/TEb+gcbLcb
MSpdPKGP+mWgQRf/xVHPQ2DB6zBRjc2lxl4KPJZ6gwsZa0NmbgKyEUzFAjZcwLKL
u50jcV6ZKrKryeACWWPf8YIrjYQAVANSUUN+1y1e13jiuMUh+nYrdLWHP/NYrWY1
WTunuczYHNjy4By+EQFcC8ACIK9zZkgBfzD5r0MgCP+QZzYN4xTM8w3TM6hePXr0
Y5JIBVu0COXv6+kgMvL60rf2kLvq7yQ0FCHrIPtHTkYMKWQXUa7buw/ZbPdYpP5S
zagISqveqQxwLzZg1EB2bvMaYQd048FQ/7w1k6BszN9t
-----END CERTIFICATE-----