Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/c392d7-0a99-41c9-a2cd-f0d2b943cb53/1/KdCqUGyIyCtb6BU-2DJngF5sAtg.roa
File:                     KdCqUGyIyCtb6BU-2DJngF5sAtg.roa (raw, json)
Hash identifier:          Obe3428r3w+UG/xbSpY9dwkqjrD6gNTag6/FtrTepKM=
Subject key identifier:   29:D0:AA:50:6C:88:C8:2B:5B:E8:15:3E:D8:32:67:80:5E:6C:02:D8
Certificate issuer:       /CN=a5a42d260d5ecdc2fa2b0b5dbf603b90d715444d
Certificate serial:       018CC7275DEBFEFAE14B20F7BAF8023027B6
Authority key identifier: A5:A4:2D:26:0D:5E:CD:C2:FA:2B:0B:5D:BF:60:3B:90:D7:15:44:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/paQtJg1ezcL6Kwtdv2A7kNcVRE0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/c392d7-0a99-41c9-a2cd-f0d2b943cb53/1/KdCqUGyIyCtb6BU-2DJngF5sAtg.roa
Signing time:             Mon 01 Jan 2024 22:31:35 +0000
ROA not before:           Mon 01 Jan 2024 22:31:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34019
IP address blocks:        193.27.0.0/24 maxlen: 24
                          193.222.128.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/c392d7-0a99-41c9-a2cd-f0d2b943cb53/1/paQtJg1ezcL6Kwtdv2A7kNcVRE0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/c392d7-0a99-41c9-a2cd-f0d2b943cb53/1/paQtJg1ezcL6Kwtdv2A7kNcVRE0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/paQtJg1ezcL6Kwtdv2A7kNcVRE0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:5d:eb:fe:fa:e1:4b:20:f7:ba:f8:02:30:27:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5a42d260d5ecdc2fa2b0b5dbf603b90d715444d
        Validity
            Not Before: Jan  1 22:31:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=29d0aa506c88c82b5be8153ed83267805e6c02d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:89:70:e7:cc:ea:b2:28:30:35:ba:6a:61:32:
                    26:01:57:2a:82:f9:5b:24:8a:5e:a1:20:f0:89:a7:
                    5c:1c:9e:d7:1c:e9:f7:98:21:c2:31:31:fb:57:4e:
                    7b:f2:a7:d3:2f:89:59:43:53:b4:be:33:1e:dd:d9:
                    4f:2b:1a:02:7b:98:ac:05:7d:e7:f6:a6:3a:69:8c:
                    a3:f9:2b:4a:2c:64:36:f1:38:98:13:37:2a:d9:cb:
                    5d:9b:c3:d6:72:20:6f:7d:4d:a3:d5:de:41:d3:5b:
                    56:52:1a:92:ab:52:97:b8:73:12:ae:c8:6e:f6:d2:
                    98:16:56:e0:41:d1:2f:9d:8a:f5:1c:a2:36:ed:19:
                    8b:49:81:42:66:02:99:1a:cc:ee:50:3c:19:a9:13:
                    f3:22:59:71:02:00:1f:33:1f:1d:97:9b:52:38:a0:
                    4d:bf:ee:23:97:7b:6d:83:3d:98:33:3c:22:4d:66:
                    2a:7f:69:09:83:88:73:36:f2:71:e7:4b:92:fc:38:
                    61:e7:c3:ff:c2:14:6f:de:e8:20:22:04:35:39:ce:
                    1c:bb:f5:a4:01:5d:1c:5d:60:72:25:0d:f3:ad:63:
                    74:38:21:2f:93:8c:21:dd:80:f9:73:a1:cd:f7:43:
                    45:05:b2:68:a2:93:a3:e1:4b:52:95:f1:70:5c:51:
                    42:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:D0:AA:50:6C:88:C8:2B:5B:E8:15:3E:D8:32:67:80:5E:6C:02:D8
            X509v3 Authority Key Identifier:
                keyid:A5:A4:2D:26:0D:5E:CD:C2:FA:2B:0B:5D:BF:60:3B:90:D7:15:44:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/paQtJg1ezcL6Kwtdv2A7kNcVRE0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/c392d7-0a99-41c9-a2cd-f0d2b943cb53/1/KdCqUGyIyCtb6BU-2DJngF5sAtg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/c392d7-0a99-41c9-a2cd-f0d2b943cb53/1/paQtJg1ezcL6Kwtdv2A7kNcVRE0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.27.0.0/24
                  193.222.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:d9:89:85:b8:ba:2f:eb:7c:0f:d5:a4:d8:5c:44:a3:e9:ce:
         8b:53:ab:d0:1b:3e:d6:44:c3:06:ea:18:20:67:00:f6:ce:51:
         5a:ea:b6:c3:c4:c8:30:5d:66:3d:05:93:de:89:bd:ee:b3:86:
         ed:9d:c7:0a:b6:9c:aa:38:cd:bf:c5:bb:b4:06:1e:e4:bc:db:
         86:b0:89:ef:a4:ca:d4:e9:2e:02:5e:f1:ff:66:b2:38:4b:85:
         c2:17:7d:a4:c1:23:65:3b:c5:f2:97:02:c9:43:e4:a9:84:3c:
         63:e0:a1:39:24:16:6c:0f:9e:d3:eb:e9:2c:67:30:96:f9:70:
         5f:a2:57:42:a3:94:ee:b0:64:ae:7a:8c:76:e2:25:a3:de:af:
         ce:a2:1d:ff:b4:e4:6c:32:a0:50:11:d4:c4:f3:fa:3f:3e:78:
         ba:6d:c0:eb:46:2e:3a:8a:28:a3:b2:b6:5a:d1:14:02:e0:45:
         10:52:75:c9:2d:5e:e6:e0:d7:df:22:12:99:db:6a:75:0c:d0:
         82:2b:e7:11:a7:e9:eb:f2:3c:0b:c1:7f:17:b0:67:93:53:a4:
         45:45:35:15:36:a7:2b:01:ae:58:c6:0e:77:78:e2:d6:0d:c9:
         9b:ec:e6:82:1e:9a:3b:ec:71:54:60:57:52:98:26:51:15:d5:
         73:0e:c9:57
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHJ13r/vrhSyD3uvgCMCe2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YTQyZDI2MGQ1ZWNkYzJmYTJiMGI1ZGJmNjAzYjkwZDcx
NTQ0NGQwHhcNMjQwMTAxMjIzMTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWQwYWE1MDZjODhjODJiNWJlODE1M2VkODMyNjc4MDVlNmMwMmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjolw58zqsigwNbpqYTImAVcqgvlb
JIpeoSDwiadcHJ7XHOn3mCHCMTH7V0578qfTL4lZQ1O0vjMe3dlPKxoCe5isBX3n
9qY6aYyj+StKLGQ28TiYEzcq2ctdm8PWciBvfU2j1d5B01tWUhqSq1KXuHMSrshu
9tKYFlbgQdEvnYr1HKI27RmLSYFCZgKZGszuUDwZqRPzIllxAgAfMx8dl5tSOKBN
v+4jl3ttgz2YMzwiTWYqf2kJg4hzNvJx50uS/Dhh58P/whRv3uggIgQ1Oc4cu/Wk
AV0cXWByJQ3zrWN0OCEvk4wh3YD5c6HN90NFBbJoopOj4UtSlfFwXFFCuQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCnQqlBsiMgrW+gVPtgyZ4BebALYMB8GA1UdIwQY
MBaAFKWkLSYNXs3C+isLXb9gO5DXFURNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGFRdEpnMWV6Y0w2S3d0ZHYyQTdrTmNWUkUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC9jMzkyZDctMGE5OS00MWM5LWEyY2Qt
ZjBkMmI5NDNjYjUzLzEvS2RDcVVHeUl5Q3RiNkJVLTJESm5nRjVzQXRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC9jMzkyZDctMGE5OS00MWM5LWEyY2QtZjBkMmI5NDNjYjUz
LzEvcGFRdEpnMWV6Y0w2S3d0ZHYyQTdrTmNWUkUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwRsAAwQA
wd6AMA0GCSqGSIb3DQEBCwUAA4IBAQAQ2YmFuLov63wP1aTYXESj6c6LU6vQGz7W
RMMG6hggZwD2zlFa6rbDxMgwXWY9BZPeib3us4btnccKtpyqOM2/xbu0Bh7kvNuG
sInvpMrU6S4CXvH/ZrI4S4XCF32kwSNlO8XylwLJQ+SphDxj4KE5JBZsD57T6+ks
ZzCW+XBfoldCo5TusGSueox24iWj3q/Ooh3/tORsMqBQEdTE8/o/Pni6bcDrRi46
iiijsrZa0RQC4EUQUnXJLV7m4NffIhKZ22p1DNCCK+cRp+nr8jwLwX8XsGeTU6RF
RTUVNqcrAa5Yxg53eOLWDcmb7OaCHpo77HFUYFdSmCZRFdVzDslX
-----END CERTIFICATE-----