Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/15fff4-966b-4e0a-abac-05d58f0cb88c/1/KpXxrPPk4TR1zpyDTSVCaU--k3c.roa
File:                     KpXxrPPk4TR1zpyDTSVCaU--k3c.roa (raw, json)
Hash identifier:          gv/PxYR506JxX7BYPTMYlqAtsj5TCulowKsUQ2v61FI=
Subject key identifier:   2A:95:F1:AC:F3:E4:E1:34:75:CE:9C:83:4D:25:42:69:4F:BE:93:77
Certificate issuer:       /CN=d93a54f02f49f45ad5d73e5551d096181bce3f6e
Certificate serial:       018CF3ABEFAF6F7CEFEF1764FC60C30EA52A
Authority key identifier: D9:3A:54:F0:2F:49:F4:5A:D5:D7:3E:55:51:D0:96:18:1B:CE:3F:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2TpU8C9J9FrV1z5VUdCWGBvOP24.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/15fff4-966b-4e0a-abac-05d58f0cb88c/1/KpXxrPPk4TR1zpyDTSVCaU--k3c.roa
Signing time:             Wed 10 Jan 2024 13:59:40 +0000
ROA not before:           Wed 10 Jan 2024 13:59:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        178.20.209.0/24 maxlen: 24
                          178.20.210.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/15fff4-966b-4e0a-abac-05d58f0cb88c/1/2TpU8C9J9FrV1z5VUdCWGBvOP24.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/15fff4-966b-4e0a-abac-05d58f0cb88c/1/2TpU8C9J9FrV1z5VUdCWGBvOP24.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2TpU8C9J9FrV1z5VUdCWGBvOP24.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f3:ab:ef:af:6f:7c:ef:ef:17:64:fc:60:c3:0e:a5:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d93a54f02f49f45ad5d73e5551d096181bce3f6e
        Validity
            Not Before: Jan 10 13:59:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a95f1acf3e4e13475ce9c834d2542694fbe9377
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:96:95:23:98:75:6b:6c:b1:8a:1d:da:f4:f6:
                    62:e9:7c:1b:15:0a:27:ef:a4:9d:90:70:32:d9:0c:
                    3f:19:13:46:cd:c7:36:c3:76:a9:c1:46:90:c1:cf:
                    14:04:1f:9a:47:0f:35:47:9c:85:c5:ce:7a:63:9d:
                    e6:45:44:d8:bb:06:61:0d:fa:ed:7c:92:f2:07:30:
                    08:2b:7e:62:f8:f7:a9:c2:cd:1f:e0:bc:3a:6e:62:
                    46:90:23:b7:05:23:07:b0:04:92:f8:6d:bf:45:e9:
                    1c:ce:35:bd:51:9f:8f:48:79:9d:80:f2:71:0d:f4:
                    3c:5f:0c:15:28:49:93:1f:c6:40:cd:67:d2:84:75:
                    7e:1e:e0:97:15:d2:7e:eb:be:7d:b9:e4:7f:85:b9:
                    b7:f3:2d:a1:ea:f0:8a:b1:62:d5:77:ec:1f:ab:85:
                    32:24:b9:9e:dc:d4:a6:64:07:c4:9e:ea:08:c4:aa:
                    4e:c0:c2:1d:9a:6a:d1:95:ac:ce:c6:b8:88:76:dd:
                    17:44:17:9b:65:9d:3a:61:81:6c:f6:41:19:39:54:
                    a8:f8:ee:1f:70:b0:5e:02:d3:7b:0d:ec:4a:1b:52:
                    79:39:95:5b:93:17:9f:5e:80:fa:ce:6f:00:8e:98:
                    1f:2e:b3:1a:18:59:4b:d9:3e:25:69:4b:c9:86:66:
                    ab:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:95:F1:AC:F3:E4:E1:34:75:CE:9C:83:4D:25:42:69:4F:BE:93:77
            X509v3 Authority Key Identifier:
                keyid:D9:3A:54:F0:2F:49:F4:5A:D5:D7:3E:55:51:D0:96:18:1B:CE:3F:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2TpU8C9J9FrV1z5VUdCWGBvOP24.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/15fff4-966b-4e0a-abac-05d58f0cb88c/1/KpXxrPPk4TR1zpyDTSVCaU--k3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/15fff4-966b-4e0a-abac-05d58f0cb88c/1/2TpU8C9J9FrV1z5VUdCWGBvOP24.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.20.209.0-178.20.211.255

    Signature Algorithm: sha256WithRSAEncryption
         2b:4a:e5:09:bb:ba:95:08:a9:ff:c0:a1:02:35:e3:80:8e:fa:
         e5:27:a7:61:04:b7:a2:38:6e:81:bd:e5:d6:9d:0a:93:54:16:
         e6:68:e0:28:2e:4d:a7:08:9b:77:f0:90:31:3c:87:08:21:73:
         55:9b:f1:96:f6:1e:52:f6:0a:e1:47:46:d9:fe:b1:cc:27:f7:
         f6:0f:1b:5d:f8:4e:9e:7b:a6:d2:bc:15:c3:e7:cb:a0:1c:16:
         a2:0e:0e:44:07:01:17:69:88:f9:1b:e2:5d:e0:e0:fa:e8:8f:
         5d:6f:01:01:e9:7d:43:36:11:48:3c:b5:24:0a:8a:09:96:9d:
         4f:ea:c6:e4:a4:99:04:0c:d7:93:05:77:d3:e2:0f:26:e7:d6:
         a6:a5:cb:18:a4:25:5a:78:40:9b:6c:da:de:c6:30:6f:15:66:
         bc:f9:ea:71:c5:a2:08:28:88:62:02:37:cb:08:78:4c:92:fd:
         43:4c:64:0d:19:46:8e:c1:d3:f8:2e:e6:27:c6:e7:c6:d0:31:
         ac:ce:41:e2:15:3e:9c:1d:dc:04:3d:bd:56:1a:dc:6c:3e:7f:
         c8:97:2c:d6:81:f5:79:a9:3f:72:d3:d2:3e:d6:82:98:37:81:
         34:5f:d1:08:38:14:30:44:1e:ed:a2:c1:56:64:19:47:5b:e5:
         9f:a2:55:4c
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzzq++vb3zv7xdk/GDDDqUqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5M2E1NGYwMmY0OWY0NWFkNWQ3M2U1NTUxZDA5NjE4MWJj
ZTNmNmUwHhcNMjQwMTEwMTM1OTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTk1ZjFhY2YzZTRlMTM0NzVjZTljODM0ZDI1NDI2OTRmYmU5Mzc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq5aVI5h1a2yxih3a9PZi6XwbFQon
76SdkHAy2Qw/GRNGzcc2w3apwUaQwc8UBB+aRw81R5yFxc56Y53mRUTYuwZhDfrt
fJLyBzAIK35i+Pepws0f4Lw6bmJGkCO3BSMHsASS+G2/RekczjW9UZ+PSHmdgPJx
DfQ8XwwVKEmTH8ZAzWfShHV+HuCXFdJ+6759ueR/hbm38y2h6vCKsWLVd+wfq4Uy
JLme3NSmZAfEnuoIxKpOwMIdmmrRlazOxriIdt0XRBebZZ06YYFs9kEZOVSo+O4f
cLBeAtN7DexKG1J5OZVbkxefXoD6zm8AjpgfLrMaGFlL2T4laUvJhmar6QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFCqV8azz5OE0dc6cg00lQmlPvpN3MB8GA1UdIwQY
MBaAFNk6VPAvSfRa1dc+VVHQlhgbzj9uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlRwVThDOUo5RnJWMXo1VlVkQ1dHQnZPUDI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8xNWZmZjQtOTY2Yi00ZTBhLWFiYWMt
MDVkNThmMGNiODhjLzEvS3BYeHJQUGs0VFIxenB5RFRTVkNhVS0tazNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8xNWZmZjQtOTY2Yi00ZTBhLWFiYWMtMDVkNThmMGNiODhj
LzEvMlRwVThDOUo5RnJWMXo1VlVkQ1dHQnZPUDI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBACyFNED
BAKyFNAwDQYJKoZIhvcNAQELBQADggEBACtK5Qm7upUIqf/AoQI144CO+uUnp2EE
t6I4boG95dadCpNUFuZo4CguTacIm3fwkDE8hwghc1Wb8Zb2HlL2CuFHRtn+scwn
9/YPG134Tp57ptK8FcPny6AcFqIODkQHARdpiPkb4l3g4Proj11vAQHpfUM2EUg8
tSQKigmWnU/qxuSkmQQM15MFd9PiDybn1qalyxikJVp4QJts2t7GMG8VZrz56nHF
oggoiGICN8sIeEyS/UNMZA0ZRo7B0/gu5ifG58bQMazOQeIVPpwd3AQ9vVYa3Gw+
f8iXLNaB9XmpP3LT0j7Wgpg3gTRf0Qg4FDBEHu2iwVZkGUdb5Z+iVUw=
-----END CERTIFICATE-----