Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/e831b1-9ec0-46f2-860d-fad5fd7970ba/1/KKRdZ-0_xERDK7u-dz12NqU2c6M.roa
File:                     KKRdZ-0_xERDK7u-dz12NqU2c6M.roa (raw, json)
Hash identifier:          GwxCdfXBc/T0lMrooEqMstsB6ekR5Z6DPv2WraaOI7o=
Subject key identifier:   28:A4:5D:67:ED:3F:C4:44:43:2B:BB:BE:77:3D:76:36:A5:36:73:A3
Certificate issuer:       /CN=0f21521a7127157f7daf0ad091394ad5a1cce779
Certificate serial:       018CC6B8BD9E8026873ED3D2BAA0556BA2F1
Authority key identifier: 0F:21:52:1A:71:27:15:7F:7D:AF:0A:D0:91:39:4A:D5:A1:CC:E7:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DyFSGnEnFX99rwrQkTlK1aHM53k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/e831b1-9ec0-46f2-860d-fad5fd7970ba/1/KKRdZ-0_xERDK7u-dz12NqU2c6M.roa
Signing time:             Mon 01 Jan 2024 20:30:45 +0000
ROA not before:           Mon 01 Jan 2024 20:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49915
IP address blocks:        62.69.150.0/24 maxlen: 24
                          62.69.148.0/23 maxlen: 24
                          91.216.158.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/e831b1-9ec0-46f2-860d-fad5fd7970ba/1/DyFSGnEnFX99rwrQkTlK1aHM53k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/e831b1-9ec0-46f2-860d-fad5fd7970ba/1/DyFSGnEnFX99rwrQkTlK1aHM53k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DyFSGnEnFX99rwrQkTlK1aHM53k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:bd:9e:80:26:87:3e:d3:d2:ba:a0:55:6b:a2:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f21521a7127157f7daf0ad091394ad5a1cce779
        Validity
            Not Before: Jan  1 20:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=28a45d67ed3fc444432bbbbe773d7636a53673a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:8d:15:7b:c9:86:e7:2a:a9:6c:4f:42:f8:d6:
                    20:f2:11:99:15:bc:a5:4f:38:16:de:88:a3:fe:7c:
                    f0:e7:8b:0d:8a:9c:a4:86:db:5c:ef:e6:b0:ff:85:
                    f1:a9:9c:dd:db:95:ac:07:6c:2e:79:8b:12:ab:a9:
                    dd:87:d3:6e:7b:89:4a:d3:ea:db:54:8b:15:b9:7b:
                    e3:62:30:6a:a5:ec:51:00:9c:d4:d4:e0:f9:f4:24:
                    10:af:a4:dc:92:e6:93:1c:09:93:2b:96:17:30:a3:
                    46:0c:fd:47:f7:4a:2d:87:57:ff:7d:d7:46:f2:29:
                    eb:18:16:a7:63:2a:ba:ce:d7:e7:b3:80:38:cb:df:
                    2c:14:69:eb:c1:bc:43:ca:27:02:5a:93:e8:2b:fd:
                    e0:45:a7:b1:87:56:80:d5:ee:8c:ab:69:8c:60:52:
                    5c:97:c2:80:5b:85:b7:19:37:1e:c5:10:a1:37:e2:
                    5c:76:0d:c1:9e:cf:79:8a:10:e2:3a:4b:57:a6:d7:
                    af:9b:69:e6:e2:23:25:74:be:c3:8e:f5:64:3f:96:
                    74:4c:72:ff:82:e8:5d:aa:2e:5b:70:2f:b5:93:5d:
                    6a:c6:6a:03:08:5a:cd:75:d1:4d:a9:b8:c8:a5:34:
                    3c:e1:11:aa:a1:a2:98:7b:a4:c0:23:de:a1:15:13:
                    1d:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:A4:5D:67:ED:3F:C4:44:43:2B:BB:BE:77:3D:76:36:A5:36:73:A3
            X509v3 Authority Key Identifier:
                keyid:0F:21:52:1A:71:27:15:7F:7D:AF:0A:D0:91:39:4A:D5:A1:CC:E7:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DyFSGnEnFX99rwrQkTlK1aHM53k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/e831b1-9ec0-46f2-860d-fad5fd7970ba/1/KKRdZ-0_xERDK7u-dz12NqU2c6M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/e831b1-9ec0-46f2-860d-fad5fd7970ba/1/DyFSGnEnFX99rwrQkTlK1aHM53k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.69.148.0-62.69.150.255
                  91.216.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:27:8e:94:cb:5b:4a:65:2f:f5:94:bd:b1:e9:2c:02:e8:4c:
         91:7a:89:ab:b2:b7:a4:79:fa:2e:ce:bf:46:bd:b8:f7:7a:59:
         0a:54:08:f3:bd:6e:f3:a7:f6:64:df:02:f1:6d:77:d4:da:92:
         13:35:bb:82:c4:0b:eb:77:71:05:b9:3e:2d:8b:22:f1:cb:e8:
         a6:79:32:bc:29:78:bb:80:a5:0d:a2:30:94:a0:e9:6f:98:8b:
         8f:1c:ad:b0:29:24:7e:89:56:d1:84:ca:e2:0b:af:06:44:45:
         86:a1:11:36:94:e5:7d:0d:ea:d9:8f:e0:7e:a4:a6:2f:85:b8:
         34:c2:aa:fb:41:cc:00:99:85:46:20:90:95:9d:7e:bd:b6:12:
         2c:20:95:cd:9d:62:42:39:4d:7f:dd:c7:3e:8e:2d:e6:57:df:
         72:40:9f:1d:85:39:22:ce:0f:29:7d:e3:4e:77:ba:82:c2:5f:
         22:ee:db:ab:d2:01:d9:47:57:ea:b6:35:df:fe:7e:af:43:99:
         1d:80:f6:d5:f4:92:23:04:c1:9a:3b:3a:a6:61:17:c2:3d:6e:
         c9:41:bf:0a:41:e2:1c:f1:50:84:a9:d4:84:ee:3a:af:0c:e5:
         a8:bc:b9:e0:8f:63:c6:9f:5c:0e:6b:91:04:3c:88:8e:e6:16:
         f8:1c:b1:5c
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzGuL2egCaHPtPSuqBVa6LxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmMjE1MjFhNzEyNzE1N2Y3ZGFmMGFkMDkxMzk0YWQ1YTFj
Y2U3NzkwHhcNMjQwMTAxMjAzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGE0NWQ2N2VkM2ZjNDQ0NDMyYmJiYmU3NzNkNzYzNmE1MzY3M2EzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmo0Ve8mG5yqpbE9C+NYg8hGZFbyl
TzgW3oij/nzw54sNipykhttc7+aw/4XxqZzd25WsB2wueYsSq6ndh9Nue4lK0+rb
VIsVuXvjYjBqpexRAJzU1OD59CQQr6TckuaTHAmTK5YXMKNGDP1H90oth1f/fddG
8inrGBanYyq6ztfns4A4y98sFGnrwbxDyicCWpPoK/3gRaexh1aA1e6Mq2mMYFJc
l8KAW4W3GTcexRChN+Jcdg3Bns95ihDiOktXptevm2nm4iMldL7DjvVkP5Z0THL/
guhdqi5bcC+1k11qxmoDCFrNddFNqbjIpTQ84RGqoaKYe6TAI96hFRMdlwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFCikXWftP8REQyu7vnc9djalNnOjMB8GA1UdIwQY
MBaAFA8hUhpxJxV/fa8K0JE5StWhzOd5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHlGU0duRW5GWDk5cndyUWtUbEsxYUhNNTNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9lODMxYjEtOWVjMC00NmYyLTg2MGQt
ZmFkNWZkNzk3MGJhLzEvS0tSZFotMF94RVJESzd1LWR6MTJOcVUyYzZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9lODMxYjEtOWVjMC00NmYyLTg2MGQtZmFkNWZkNzk3MGJh
LzEvRHlGU0duRW5GWDk5cndyUWtUbEsxYUhNNTNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAI+RZQD
BAA+RZYDBABb2J4wDQYJKoZIhvcNAQELBQADggEBAA8njpTLW0plL/WUvbHpLALo
TJF6iauyt6R5+i7Ov0a9uPd6WQpUCPO9bvOn9mTfAvFtd9TakhM1u4LEC+t3cQW5
Pi2LIvHL6KZ5MrwpeLuApQ2iMJSg6W+Yi48crbApJH6JVtGEyuILrwZERYahETaU
5X0N6tmP4H6kpi+FuDTCqvtBzACZhUYgkJWdfr22Eiwglc2dYkI5TX/dxz6OLeZX
33JAnx2FOSLODyl94053uoLCXyLu26vSAdlHV+q2Nd/+fq9DmR2A9tX0kiMEwZo7
OqZhF8I9bslBvwpB4hzxUISp1ITuOq8M5ai8ueCPY8afXA5rkQQ8iI7mFvgcsVw=
-----END CERTIFICATE-----