Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/KtJvHbn2CvcjPoj5lEpNcsEeltI.roa
File:                     KtJvHbn2CvcjPoj5lEpNcsEeltI.roa (raw, json)
Hash identifier:          Oq6uowMyAtIzDQJsMGyjCMI8hfqYmdOyaMurC3lBVSw=
Subject key identifier:   2A:D2:6F:1D:B9:F6:0A:F7:23:3E:88:F9:94:4A:4D:72:C1:1E:96:D2
Certificate issuer:       /CN=4f2d30b015ec4ef1b0d3c64347c8d1b598293f81
Certificate serial:       018CC6B9270CC2D7C9AECD8892F247DF5492
Authority key identifier: 4F:2D:30:B0:15:EC:4E:F1:B0:D3:C6:43:47:C8:D1:B5:98:29:3F:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/KtJvHbn2CvcjPoj5lEpNcsEeltI.roa
Signing time:             Mon 01 Jan 2024 20:31:12 +0000
ROA not before:           Mon 01 Jan 2024 20:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52000
IP address blocks:        185.157.120.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 04:02:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:27:0c:c2:d7:c9:ae:cd:88:92:f2:47:df:54:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f2d30b015ec4ef1b0d3c64347c8d1b598293f81
        Validity
            Not Before: Jan  1 20:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ad26f1db9f60af7233e88f9944a4d72c11e96d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:62:29:eb:d5:b3:c6:be:e4:9f:55:af:29:6d:
                    5a:f8:b9:21:8f:bb:16:9b:08:a6:8b:a1:8a:44:6f:
                    16:60:62:7c:a4:2b:76:be:28:ac:4b:ce:8a:54:2c:
                    d4:21:01:3b:57:7b:3b:3d:ad:98:64:6d:e0:a1:89:
                    2a:51:c6:15:af:f3:05:b7:dd:6f:a7:e3:d9:da:56:
                    fb:bf:58:17:80:36:4d:d2:df:39:56:74:60:d6:0d:
                    6f:fc:df:4f:c4:a0:4a:20:ee:94:a5:21:f3:66:bb:
                    bd:8a:49:64:fd:96:6d:24:05:64:9a:19:42:61:63:
                    43:61:cc:56:36:5b:e0:c3:75:30:dd:0b:30:1f:8d:
                    e3:12:50:bf:97:1a:3f:21:c7:6b:1f:6d:18:bc:bb:
                    de:16:1c:70:e5:07:92:bc:c3:30:35:4e:36:dc:47:
                    e9:75:cf:f6:f8:89:66:25:c4:8b:22:58:df:5e:9e:
                    d6:59:b0:c1:56:17:85:d9:5f:0d:fa:f8:e3:b1:2e:
                    e6:24:c0:4e:bd:7b:a4:2f:cf:8e:1c:5e:14:b6:78:
                    7b:81:83:e4:64:d7:c7:d8:d4:7b:3c:36:cb:c6:05:
                    bf:8e:7d:b8:16:9b:21:71:0a:49:cb:1e:2c:88:25:
                    0e:c2:93:d0:48:42:48:8f:78:15:27:69:a5:d6:4a:
                    dc:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:D2:6F:1D:B9:F6:0A:F7:23:3E:88:F9:94:4A:4D:72:C1:1E:96:D2
            X509v3 Authority Key Identifier:
                keyid:4F:2D:30:B0:15:EC:4E:F1:B0:D3:C6:43:47:C8:D1:B5:98:29:3F:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/KtJvHbn2CvcjPoj5lEpNcsEeltI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.157.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:a9:b9:e7:e3:e6:78:18:61:30:b9:5d:9f:2b:5d:fc:bc:cb:
         eb:5a:ba:2e:a7:dd:01:cd:65:07:d4:c6:32:6d:2f:58:be:59:
         82:c8:51:f4:27:42:d2:60:3a:0f:96:69:b6:32:30:c4:cb:f5:
         82:ae:b4:03:c2:98:a1:1f:65:03:9b:0a:2b:61:a0:8e:2d:97:
         02:13:69:d8:56:bf:a8:73:54:02:8a:0e:7b:95:9d:04:27:ef:
         dd:be:ca:35:5a:40:2c:61:aa:dd:44:49:95:a5:21:1f:a7:0f:
         45:d3:cf:26:87:ab:6f:96:67:0d:23:de:ed:f4:fa:6e:f5:68:
         2e:de:4e:44:2d:a1:bb:85:0d:4c:50:f0:12:a7:d1:a2:4f:12:
         9d:aa:31:bb:fe:92:a8:60:83:5f:80:e2:db:fa:e8:be:2c:3b:
         7c:9e:5f:c3:83:c9:42:a0:61:fb:8e:c0:cd:cf:4a:30:77:30:
         21:9e:c6:fb:15:eb:31:40:ba:37:22:76:b8:97:d1:0c:d6:83:
         44:fa:95:06:b2:73:52:84:ba:ab:ce:20:1d:d3:a7:5a:47:14:
         8c:2b:77:5b:86:c5:b6:fd:75:c7:9c:79:67:2b:41:ae:9f:8d:
         2a:36:de:bf:71:5f:02:e7:28:e1:d4:8a:f7:43:52:fb:4e:2a:
         44:ac:dd:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuScMwtfJrs2IkvJH31SSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMmQzMGIwMTVlYzRlZjFiMGQzYzY0MzQ3YzhkMWI1OTgy
OTNmODEwHhcNMjQwMTAxMjAzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWQyNmYxZGI5ZjYwYWY3MjMzZTg4Zjk5NDRhNGQ3MmMxMWU5NmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2mIp69Wzxr7kn1WvKW1a+Lkhj7sW
mwimi6GKRG8WYGJ8pCt2viisS86KVCzUIQE7V3s7Pa2YZG3goYkqUcYVr/MFt91v
p+PZ2lb7v1gXgDZN0t85VnRg1g1v/N9PxKBKIO6UpSHzZru9iklk/ZZtJAVkmhlC
YWNDYcxWNlvgw3Uw3QswH43jElC/lxo/IcdrH20YvLveFhxw5QeSvMMwNU423Efp
dc/2+IlmJcSLIljfXp7WWbDBVheF2V8N+vjjsS7mJMBOvXukL8+OHF4Utnh7gYPk
ZNfH2NR7PDbLxgW/jn24FpshcQpJyx4siCUOwpPQSEJIj3gVJ2ml1krc5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCrSbx259gr3Iz6I+ZRKTXLBHpbSMB8GA1UdIwQY
MBaAFE8tMLAV7E7xsNPGQ0fI0bWYKT+BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHkwd3NCWHNUdkd3MDhaRFI4alJ0WmdwUDRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi85NjY4YjUtNWU5Mi00YzE4LTliYjkt
NDM1MWJiZjc0YzBjLzEvS3RKdkhibjJDdmNqUG9qNWxFcE5jc0VlbHRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi85NjY4YjUtNWU5Mi00YzE4LTliYjktNDM1MWJiZjc0YzBj
LzEvVHkwd3NCWHNUdkd3MDhaRFI4alJ0WmdwUDRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZ14MA0G
CSqGSIb3DQEBCwUAA4IBAQBDqbnn4+Z4GGEwuV2fK138vMvrWroup90BzWUH1MYy
bS9YvlmCyFH0J0LSYDoPlmm2MjDEy/WCrrQDwpihH2UDmworYaCOLZcCE2nYVr+o
c1QCig57lZ0EJ+/dvso1WkAsYardREmVpSEfpw9F088mh6tvlmcNI97t9Ppu9Wgu
3k5ELaG7hQ1MUPASp9GiTxKdqjG7/pKoYINfgOLb+ui+LDt8nl/Dg8lCoGH7jsDN
z0owdzAhnsb7FesxQLo3Ina4l9EM1oNE+pUGsnNShLqrziAd06daRxSMK3dbhsW2
/XXHnHlnK0Gun40qNt6/cV8C5yjh1Ir3Q1L7TipErN2+
-----END CERTIFICATE-----