Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/d43085-d94e-469d-9778-3b8ec1a65880/1/KbRDWMXiKN_b99HDexhbtI1Rp7g.roa
File:                     KbRDWMXiKN_b99HDexhbtI1Rp7g.roa (raw, json)
Hash identifier:          FXkoP90x1vBSBJdZTStYwTJBrRVBnyS0OMcb3PxfcPk=
Subject key identifier:   29:B4:43:58:C5:E2:28:DF:DB:F7:D1:C3:7B:18:5B:B4:8D:51:A7:B8
Certificate issuer:       /CN=718b138ba935234f11ca1025d667f133f07d55fd
Certificate serial:       018DC0D2E0EFBF4561274039D974135E9E11
Authority key identifier: 71:8B:13:8B:A9:35:23:4F:11:CA:10:25:D6:67:F1:33:F0:7D:55:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cYsTi6k1I08RyhAl1mfxM_B9Vf0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/d43085-d94e-469d-9778-3b8ec1a65880/1/KbRDWMXiKN_b99HDexhbtI1Rp7g.roa
Signing time:             Mon 19 Feb 2024 10:04:22 +0000
ROA not before:           Mon 19 Feb 2024 10:04:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202282
IP address blocks:        194.62.184.0/22 maxlen: 24
                          2a07:e400::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/d43085-d94e-469d-9778-3b8ec1a65880/1/cYsTi6k1I08RyhAl1mfxM_B9Vf0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/d43085-d94e-469d-9778-3b8ec1a65880/1/cYsTi6k1I08RyhAl1mfxM_B9Vf0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cYsTi6k1I08RyhAl1mfxM_B9Vf0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c0:d2:e0:ef:bf:45:61:27:40:39:d9:74:13:5e:9e:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=718b138ba935234f11ca1025d667f133f07d55fd
        Validity
            Not Before: Feb 19 10:04:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=29b44358c5e228dfdbf7d1c37b185bb48d51a7b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:49:31:b9:16:53:18:23:18:28:af:3b:d4:69:
                    5c:b6:b4:b9:f1:5d:d7:42:30:17:34:ed:30:52:b5:
                    77:d9:c7:e5:bf:d8:27:05:2e:ed:ff:a7:63:c4:38:
                    ce:8c:e7:9c:bb:ff:66:e6:0d:7d:1d:83:11:dc:a4:
                    c5:b8:c2:85:b4:71:a1:67:42:33:9b:3c:04:d1:f6:
                    32:28:16:c5:00:c2:78:9d:58:c9:cc:a7:51:52:f6:
                    bd:e0:44:02:ed:90:11:3a:9b:f5:b7:cf:52:dc:9c:
                    12:b1:d7:88:f3:25:4d:20:80:ec:64:a3:51:10:c2:
                    48:06:24:ad:dc:ce:d6:85:6a:96:b2:74:0b:e7:a7:
                    b1:c6:c6:52:44:aa:b8:b6:10:e2:da:37:b6:d2:e8:
                    fc:16:4e:4e:f5:c7:c8:dd:e3:70:ed:d3:34:47:88:
                    14:64:bc:35:72:40:9b:ec:fe:37:cf:1c:1b:49:ee:
                    ef:b4:06:75:67:6a:6b:4a:a3:02:95:da:6f:f2:b6:
                    96:0b:d1:a8:5c:cd:8c:79:5b:a3:70:54:6d:09:7b:
                    19:4a:21:00:aa:2b:96:d3:e5:73:e0:d3:52:e1:46:
                    e8:ee:f8:dd:39:33:29:20:ea:a2:c1:f6:2a:aa:3d:
                    5b:eb:47:9a:90:9a:09:ad:a3:c5:9a:96:70:8d:3e:
                    e8:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:B4:43:58:C5:E2:28:DF:DB:F7:D1:C3:7B:18:5B:B4:8D:51:A7:B8
            X509v3 Authority Key Identifier:
                keyid:71:8B:13:8B:A9:35:23:4F:11:CA:10:25:D6:67:F1:33:F0:7D:55:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cYsTi6k1I08RyhAl1mfxM_B9Vf0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/d43085-d94e-469d-9778-3b8ec1a65880/1/KbRDWMXiKN_b99HDexhbtI1Rp7g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/d43085-d94e-469d-9778-3b8ec1a65880/1/cYsTi6k1I08RyhAl1mfxM_B9Vf0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.62.184.0/22
                IPv6:
                  2a07:e400::/29

    Signature Algorithm: sha256WithRSAEncryption
         2e:a1:81:8b:12:14:7d:a4:e7:2b:64:67:85:b7:0a:29:25:74:
         c5:11:ed:d3:e0:bc:87:ee:3a:66:f1:51:58:34:34:b3:f3:76:
         25:80:7b:40:76:4e:88:b6:9a:ae:db:b6:71:2a:ad:a2:16:72:
         04:7f:8a:3d:3b:77:9a:14:36:ca:57:cc:73:1b:99:62:0d:2f:
         74:42:83:e5:e2:5d:51:b3:3e:90:b6:87:27:e5:ec:6b:f4:59:
         03:26:4e:b5:f2:f9:6f:85:e5:3a:66:4e:50:b1:1a:dc:8e:ff:
         69:bc:07:65:11:73:28:bd:55:06:63:a8:6a:e8:8b:cf:74:26:
         54:b6:fa:79:fb:ea:6d:59:88:40:3c:a8:53:1f:91:e7:26:ca:
         f6:1f:96:ad:58:dc:78:d5:c8:50:36:ba:e0:2f:ee:14:e5:41:
         22:37:8e:b1:82:96:78:65:bb:2d:53:09:b5:da:40:5c:00:f2:
         3e:20:64:2a:27:4b:b0:da:e4:01:f5:c3:56:bc:8d:b1:99:84:
         a1:ea:e9:d3:35:66:cf:15:ca:0e:78:56:ea:4c:9d:d7:0a:6d:
         62:d2:c5:77:a7:3f:4d:c8:07:8d:e3:51:50:1e:7d:1d:86:cd:
         c7:42:bd:75:6d:22:ee:1d:68:c5:d6:83:9f:b2:31:da:06:31:
         1b:3c:5f:f2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY3A0uDvv0VhJ0A52XQTXp4RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxOGIxMzhiYTkzNTIzNGYxMWNhMTAyNWQ2NjdmMTMzZjA3
ZDU1ZmQwHhcNMjQwMjE5MTAwNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWI0NDM1OGM1ZTIyOGRmZGJmN2QxYzM3YjE4NWJiNDhkNTFhN2I4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl0kxuRZTGCMYKK871GlctrS58V3X
QjAXNO0wUrV32cflv9gnBS7t/6djxDjOjOecu/9m5g19HYMR3KTFuMKFtHGhZ0Iz
mzwE0fYyKBbFAMJ4nVjJzKdRUva94EQC7ZAROpv1t89S3JwSsdeI8yVNIIDsZKNR
EMJIBiSt3M7WhWqWsnQL56exxsZSRKq4thDi2je20uj8Fk5O9cfI3eNw7dM0R4gU
ZLw1ckCb7P43zxwbSe7vtAZ1Z2prSqMCldpv8raWC9GoXM2MeVujcFRtCXsZSiEA
qiuW0+Vz4NNS4Ubo7vjdOTMpIOqiwfYqqj1b60eakJoJraPFmpZwjT7oxwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCm0Q1jF4ijf2/fRw3sYW7SNUae4MB8GA1UdIwQY
MBaAFHGLE4upNSNPEcoQJdZn8TPwfVX9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1lzVGk2azFJMDhSeWhBbDFtZnhNX0I5VmYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9kNDMwODUtZDk0ZS00NjlkLTk3Nzgt
M2I4ZWMxYTY1ODgwLzEvS2JSRFdNWGlLTl9iOTlIRGV4aGJ0STFScDdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9kNDMwODUtZDk0ZS00NjlkLTk3NzgtM2I4ZWMxYTY1ODgw
LzEvY1lzVGk2azFJMDhSeWhBbDFtZnhNX0I5VmYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCwj64MA0E
AgACMAcDBQMqB+QAMA0GCSqGSIb3DQEBCwUAA4IBAQAuoYGLEhR9pOcrZGeFtwop
JXTFEe3T4LyH7jpm8VFYNDSz83YlgHtAdk6Itpqu27ZxKq2iFnIEf4o9O3eaFDbK
V8xzG5liDS90QoPl4l1Rsz6Qtocn5exr9FkDJk618vlvheU6Zk5QsRrcjv9pvAdl
EXMovVUGY6hq6IvPdCZUtvp5++ptWYhAPKhTH5HnJsr2H5atWNx41chQNrrgL+4U
5UEiN46xgpZ4ZbstUwm12kBcAPI+IGQqJ0uw2uQB9cNWvI2xmYSh6unTNWbPFcoO
eFbqTJ3XCm1i0sV3pz9NyAeN41FQHn0dhs3HQr11bSLuHWjF1oOfsjHaBjEbPF/y
-----END CERTIFICATE-----