Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/d809b3-3675-4fd8-8821-b367ebdf302b/1/kTROkiG7sq3jXz30Bp0Pwi07wcg.roa
File:                     kTROkiG7sq3jXz30Bp0Pwi07wcg.roa (raw, json)
Hash identifier:          dR7poaAm9sT2feISy5YTBUTSNnyTCAF1AeBsDWOcDJU=
Subject key identifier:   91:34:4E:92:21:BB:B2:AD:E3:5F:3D:F4:06:9D:0F:C2:2D:3B:C1:C8
Certificate issuer:       /CN=a45002022b7a3e4790b8b4e2f6d5b7a3dabddce1
Certificate serial:       018CC7955ECAE774D156D9E9B9F2AC62C474
Authority key identifier: A4:50:02:02:2B:7A:3E:47:90:B8:B4:E2:F6:D5:B7:A3:DA:BD:DC:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pFACAit6PkeQuLTi9tW3o9q93OE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/d809b3-3675-4fd8-8821-b367ebdf302b/1/kTROkiG7sq3jXz30Bp0Pwi07wcg.roa
Signing time:             Tue 02 Jan 2024 00:31:44 +0000
ROA not before:           Tue 02 Jan 2024 00:31:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205816
IP address blocks:        185.245.20.0/24 maxlen: 24
                          2a0c:9b80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/d809b3-3675-4fd8-8821-b367ebdf302b/1/pFACAit6PkeQuLTi9tW3o9q93OE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/d809b3-3675-4fd8-8821-b367ebdf302b/1/pFACAit6PkeQuLTi9tW3o9q93OE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pFACAit6PkeQuLTi9tW3o9q93OE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:5e:ca:e7:74:d1:56:d9:e9:b9:f2:ac:62:c4:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a45002022b7a3e4790b8b4e2f6d5b7a3dabddce1
        Validity
            Not Before: Jan  2 00:31:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91344e9221bbb2ade35f3df4069d0fc22d3bc1c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:16:20:5b:b9:0b:29:45:8f:c6:b8:c3:e0:2d:
                    67:55:41:ae:87:b8:34:65:52:27:4e:ed:0d:a7:e6:
                    f1:e8:0c:60:6d:c3:6f:60:82:9e:39:1d:d4:70:df:
                    1a:5e:54:d4:18:57:47:a9:05:61:34:da:ae:65:b4:
                    15:6c:d5:e0:64:2d:ad:7e:a4:86:a4:56:c3:de:9f:
                    48:eb:d0:a5:d3:c0:6e:d6:6d:c5:be:5c:88:76:fc:
                    f6:67:6d:55:bb:a3:3e:29:fd:d8:9d:37:c4:72:84:
                    fd:ad:da:4c:07:46:a2:b0:0c:74:f9:07:10:88:55:
                    57:08:e4:84:c4:d4:15:bc:a5:49:39:73:cc:48:c2:
                    76:1d:a8:60:6f:5f:7a:6e:ef:e1:52:ee:17:74:52:
                    bd:8f:45:c5:17:a3:76:5c:4f:a2:85:39:39:2d:8e:
                    a2:5a:5a:df:15:ef:5f:32:c9:b5:5a:d0:e8:34:4f:
                    ec:47:9f:f9:7d:c5:44:60:ee:40:e2:fe:25:78:fe:
                    a0:30:4b:29:11:c7:97:98:5e:9b:fd:17:d8:8a:e6:
                    97:d1:22:25:2e:da:37:89:d0:78:15:8f:8c:38:40:
                    6e:1c:cd:bb:26:64:6e:e2:36:d9:98:b8:cb:31:b0:
                    4b:a7:58:dc:f8:f5:4a:bf:7d:13:ae:5d:22:c3:ee:
                    29:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:34:4E:92:21:BB:B2:AD:E3:5F:3D:F4:06:9D:0F:C2:2D:3B:C1:C8
            X509v3 Authority Key Identifier:
                keyid:A4:50:02:02:2B:7A:3E:47:90:B8:B4:E2:F6:D5:B7:A3:DA:BD:DC:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pFACAit6PkeQuLTi9tW3o9q93OE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/d809b3-3675-4fd8-8821-b367ebdf302b/1/kTROkiG7sq3jXz30Bp0Pwi07wcg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/d809b3-3675-4fd8-8821-b367ebdf302b/1/pFACAit6PkeQuLTi9tW3o9q93OE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.245.20.0/24
                IPv6:
                  2a0c:9b80::/29

    Signature Algorithm: sha256WithRSAEncryption
         c4:7a:09:4f:96:2e:b8:2f:fa:d9:35:74:08:30:cb:cd:2b:d3:
         5d:3d:03:5d:e6:61:f7:e4:4b:9c:3b:93:44:c8:bb:8c:b3:a4:
         9d:a8:a9:47:06:62:90:e0:1b:7b:7f:e7:5b:55:2e:55:1a:d4:
         ed:31:fb:3c:53:74:a4:3a:9b:02:16:0a:21:54:06:e3:38:74:
         01:09:6a:e6:45:04:f7:1c:04:a0:b2:91:9b:c9:67:2e:5a:ff:
         9c:4d:ae:df:b4:53:6a:0e:f1:b3:cc:b0:2f:e3:31:3d:37:e5:
         c1:53:05:10:75:3f:1d:da:de:c0:a0:b6:0e:a5:ab:ad:5a:48:
         18:f6:26:31:b8:83:6c:14:25:e4:3c:72:3f:bf:ee:23:5a:88:
         19:3f:c6:ee:4f:01:98:8f:67:b6:81:87:44:a8:37:3d:e0:06:
         76:4a:9d:55:0f:f8:43:12:a8:f1:b0:a2:20:a1:1c:66:08:7e:
         11:db:b8:6d:83:fd:d5:6d:4c:dc:b4:34:3a:1a:4b:72:85:8f:
         f3:76:cb:df:6b:fc:41:7e:34:72:62:be:e6:ef:4b:05:2f:44:
         3b:79:41:2d:a1:04:4a:52:f9:11:24:7b:da:d8:0e:7e:df:96:
         90:e2:cf:f7:c3:eb:c8:24:82:25:2f:2d:83:46:cc:09:59:e2:
         b1:cf:79:2f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHlV7K53TRVtnpufKsYsR0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0NTAwMjAyMmI3YTNlNDc5MGI4YjRlMmY2ZDViN2EzZGFi
ZGRjZTEwHhcNMjQwMTAyMDAzMTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTM0NGU5MjIxYmJiMmFkZTM1ZjNkZjQwNjlkMGZjMjJkM2JjMWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhYgW7kLKUWPxrjD4C1nVUGuh7g0
ZVInTu0Np+bx6AxgbcNvYIKeOR3UcN8aXlTUGFdHqQVhNNquZbQVbNXgZC2tfqSG
pFbD3p9I69Cl08Bu1m3FvlyIdvz2Z21Vu6M+Kf3YnTfEcoT9rdpMB0aisAx0+QcQ
iFVXCOSExNQVvKVJOXPMSMJ2Hahgb196bu/hUu4XdFK9j0XFF6N2XE+ihTk5LY6i
WlrfFe9fMsm1WtDoNE/sR5/5fcVEYO5A4v4leP6gMEspEceXmF6b/RfYiuaX0SIl
Lto3idB4FY+MOEBuHM27JmRu4jbZmLjLMbBLp1jc+PVKv30Trl0iw+4ptQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJE0TpIhu7Kt41899AadD8ItO8HIMB8GA1UdIwQY
MBaAFKRQAgIrej5HkLi04vbVt6PavdzhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEZBQ0FpdDZQa2VRdUxUaTl0VzNvOXE5M09FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9kODA5YjMtMzY3NS00ZmQ4LTg4MjEt
YjM2N2ViZGYzMDJiLzEva1RST2tpRzdzcTNqWHozMEJwMFB3aTA3d2NnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9kODA5YjMtMzY3NS00ZmQ4LTg4MjEtYjM2N2ViZGYzMDJi
LzEvcEZBQ0FpdDZQa2VRdUxUaTl0VzNvOXE5M09FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAufUUMA0E
AgACMAcDBQMqDJuAMA0GCSqGSIb3DQEBCwUAA4IBAQDEeglPli64L/rZNXQIMMvN
K9NdPQNd5mH35EucO5NEyLuMs6SdqKlHBmKQ4Bt7f+dbVS5VGtTtMfs8U3SkOpsC
FgohVAbjOHQBCWrmRQT3HASgspGbyWcuWv+cTa7ftFNqDvGzzLAv4zE9N+XBUwUQ
dT8d2t7AoLYOpautWkgY9iYxuINsFCXkPHI/v+4jWogZP8buTwGYj2e2gYdEqDc9
4AZ2Sp1VD/hDEqjxsKIgoRxmCH4R27htg/3VbUzctDQ6GktyhY/zdsvfa/xBfjRy
Yr7m70sFL0Q7eUEtoQRKUvkRJHva2A5+35aQ4s/3w+vIJIIlLy2DRswJWeKxz3kv
-----END CERTIFICATE-----