Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/kgeeGNIJSM_A0SRHDNnZ1ZPbayU.roa
File:                     kgeeGNIJSM_A0SRHDNnZ1ZPbayU.roa (raw, json)
Hash identifier:          1wk+xs2FFmnfr/Ux69Oan6exZU1j68AI2JrXDz1YRyk=
Subject key identifier:   92:07:9E:18:D2:09:48:CF:C0:D1:24:47:0C:D9:D9:D5:93:DB:6B:25
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018FE25319B788DA8A163C3CA5CAB6E08FA7
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/kgeeGNIJSM_A0SRHDNnZ1ZPbayU.roa
Signing time:             Tue 04 Jun 2024 08:17:27 +0000
ROA not before:           Tue 04 Jun 2024 08:17:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202952
IP address blocks:        2a0e:8f02:21e0::/44 maxlen: 48
                          2a0e:8f02:f04d::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e2:53:19:b7:88:da:8a:16:3c:3c:a5:ca:b6:e0:8f:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jun  4 08:17:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=92079e18d20948cfc0d124470cd9d9d593db6b25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:fc:4a:1f:e2:de:06:7e:4b:4e:c4:f4:cf:84:
                    03:74:6b:da:6c:98:b9:cc:19:88:59:9d:63:64:66:
                    93:1a:ab:e5:15:d1:1e:76:59:3f:db:b9:32:5f:37:
                    44:67:72:74:e8:7b:b8:ec:28:cc:2c:6a:d2:b3:08:
                    13:38:c1:73:b1:5d:fa:71:b7:d0:59:f8:29:69:bb:
                    91:89:88:ae:e5:5e:37:cc:26:b1:eb:12:00:e7:e5:
                    51:1b:2c:3f:8a:ae:c3:39:5a:e9:fe:5b:74:85:75:
                    23:9c:02:87:01:94:57:04:72:00:9b:94:3e:13:f3:
                    c1:09:41:6d:d5:3c:f3:42:32:98:49:56:d2:d9:45:
                    ad:88:7f:5b:c9:55:df:bd:97:1e:93:d6:fd:93:da:
                    11:e5:74:14:9b:bb:a1:69:10:c8:43:89:21:5e:85:
                    3d:17:a9:2c:74:51:b3:c3:29:0e:05:7d:fd:c5:a4:
                    4e:38:55:4c:19:ea:9e:17:b5:5a:08:e6:52:43:8f:
                    08:89:03:a4:9c:ca:b2:68:12:cc:8a:ce:a4:ec:6c:
                    63:94:e6:ed:b5:86:53:51:75:2b:7a:47:72:53:f0:
                    b4:3c:5e:5a:22:ed:f5:dd:f3:98:92:31:91:e1:28:
                    86:65:8c:0d:37:0c:0f:87:0c:46:19:d3:e9:45:07:
                    e4:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:07:9E:18:D2:09:48:CF:C0:D1:24:47:0C:D9:D9:D5:93:DB:6B:25
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/kgeeGNIJSM_A0SRHDNnZ1ZPbayU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:21e0::/44
                  2a0e:8f02:f04d::/48

    Signature Algorithm: sha256WithRSAEncryption
         4c:61:31:5c:7a:9d:eb:b8:7c:cc:dd:de:c7:45:e4:a6:ac:d7:
         e3:59:4b:ce:4f:aa:59:f9:18:53:3c:83:57:ef:0b:5b:ae:bd:
         15:e7:eb:45:d7:58:fc:e1:a2:ba:40:c8:d1:1c:84:e1:be:6a:
         3c:02:d7:18:f9:4a:89:11:e2:e8:eb:98:87:65:0e:17:c4:f8:
         d9:da:2e:4a:a5:8e:8a:21:d9:60:91:52:9b:e2:01:e0:50:04:
         22:42:9c:80:28:4c:4c:92:64:06:16:96:7c:4b:fe:9e:25:9c:
         b8:c0:f1:9f:99:c0:9a:7f:b0:b4:c0:86:70:c1:0e:5c:9a:67:
         18:50:f7:98:d6:70:bb:0e:50:d0:fb:90:c2:d9:93:1f:c8:2a:
         9b:e1:ea:08:3f:3a:7b:4f:39:04:6a:ad:dc:03:c5:cc:f2:40:
         b7:c4:db:81:26:b7:09:1b:02:ff:18:7d:dc:c7:c4:61:88:77:
         1a:73:8f:06:10:e1:f2:2b:bf:36:4c:38:88:08:89:34:d7:d4:
         9e:c6:43:fc:02:b0:f8:0e:01:b9:d2:57:dc:bd:7a:fd:b5:7c:
         5f:35:7b:5b:90:22:0a:17:cf:09:e8:2d:36:19:04:6e:26:9a:
         13:ed:ae:00:4e:63:f6:26:4c:65:18:cd:20:2a:90:19:38:8a:
         11:81:cb:e6
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY/iUxm3iNqKFjw8pcq24I+nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwNjA0MDgxNzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjA3OWUxOGQyMDk0OGNmYzBkMTI0NDcwY2Q5ZDlkNTkzZGI2YjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0PxKH+LeBn5LTsT0z4QDdGvabJi5
zBmIWZ1jZGaTGqvlFdEedlk/27kyXzdEZ3J06Hu47CjMLGrSswgTOMFzsV36cbfQ
WfgpabuRiYiu5V43zCax6xIA5+VRGyw/iq7DOVrp/lt0hXUjnAKHAZRXBHIAm5Q+
E/PBCUFt1TzzQjKYSVbS2UWtiH9byVXfvZcek9b9k9oR5XQUm7uhaRDIQ4khXoU9
F6ksdFGzwykOBX39xaROOFVMGeqeF7VaCOZSQ48IiQOknMqyaBLMis6k7GxjlObt
tYZTUXUrekdyU/C0PF5aIu313fOYkjGR4SiGZYwNNwwPhwxGGdPpRQfkzwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJIHnhjSCUjPwNEkRwzZ2dWT22slMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEva2dlZUdOSUpTTV9BMFNSSERObloxWlBiYXlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKg6PAiHg
AwcAKg6PAvBNMA0GCSqGSIb3DQEBCwUAA4IBAQBMYTFcep3ruHzM3d7HReSmrNfj
WUvOT6pZ+RhTPINX7wtbrr0V5+tF11j84aK6QMjRHIThvmo8AtcY+UqJEeLo65iH
ZQ4XxPjZ2i5KpY6KIdlgkVKb4gHgUAQiQpyAKExMkmQGFpZ8S/6eJZy4wPGfmcCa
f7C0wIZwwQ5cmmcYUPeY1nC7DlDQ+5DC2ZMfyCqb4eoIPzp7TzkEaq3cA8XM8kC3
xNuBJrcJGwL/GH3cx8RhiHcac48GEOHyK782TDiICIk019SexkP8ArD4DgG50lfc
vXr9tXxfNXtbkCIKF88J6C02GQRuJpoT7a4ATmP2JkxlGM0gKpAZOIoRgcvm
-----END CERTIFICATE-----