Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/eaa602-2a3f-4f32-abce-3d80d686e747/1/KcwWhQ9w9ix59dQyDMWlIBfwMAw.roa
File:                     KcwWhQ9w9ix59dQyDMWlIBfwMAw.roa (raw, json)
Hash identifier:          UbAeYuvEt0JxKAA0RZ2a/NSyvRKvo6uaGrQHq3rvqkM=
Subject key identifier:   29:CC:16:85:0F:70:F6:2C:79:F5:D4:32:0C:C5:A5:20:17:F0:30:0C
Certificate issuer:       /CN=0637d1ce5dc3fa800e1d1dcfbdaa841fddd43905
Certificate serial:       018CC492AFE0B44A0932DAD828C389BC4190
Authority key identifier: 06:37:D1:CE:5D:C3:FA:80:0E:1D:1D:CF:BD:AA:84:1F:DD:D4:39:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BjfRzl3D-oAOHR3PvaqEH93UOQU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/eaa602-2a3f-4f32-abce-3d80d686e747/1/KcwWhQ9w9ix59dQyDMWlIBfwMAw.roa
Signing time:             Mon 01 Jan 2024 10:29:56 +0000
ROA not before:           Mon 01 Jan 2024 10:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198389
IP address blocks:        176.103.168.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/eaa602-2a3f-4f32-abce-3d80d686e747/1/BjfRzl3D-oAOHR3PvaqEH93UOQU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/eaa602-2a3f-4f32-abce-3d80d686e747/1/BjfRzl3D-oAOHR3PvaqEH93UOQU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BjfRzl3D-oAOHR3PvaqEH93UOQU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:af:e0:b4:4a:09:32:da:d8:28:c3:89:bc:41:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0637d1ce5dc3fa800e1d1dcfbdaa841fddd43905
        Validity
            Not Before: Jan  1 10:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=29cc16850f70f62c79f5d4320cc5a52017f0300c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:95:f5:bc:4c:bf:d5:1f:4a:be:a4:99:c3:24:
                    b7:f7:08:6d:63:83:b0:34:84:f3:2f:50:75:87:51:
                    04:7a:4c:28:7d:b1:84:32:4d:6f:8b:e2:f3:52:62:
                    1b:fd:c6:74:1e:04:6e:a4:72:39:81:83:3c:d7:82:
                    57:3b:74:fc:fe:0e:c7:b5:2a:de:20:41:50:cf:60:
                    f3:80:94:12:de:d7:76:1c:9b:c9:2a:80:1d:01:8a:
                    6e:35:14:ed:e1:62:25:c0:2a:cb:c4:2d:c7:6a:ae:
                    43:ee:cd:7b:c9:17:a7:ae:b9:13:96:09:3b:75:c8:
                    29:b3:24:de:ae:84:33:0f:11:ca:9e:d9:f0:59:cb:
                    1b:ba:fc:65:a5:67:31:23:1d:47:c6:38:86:47:6a:
                    6e:ad:90:a7:2c:c5:b4:1d:c1:44:ed:7a:af:7d:24:
                    6d:6a:85:65:49:16:da:d2:af:59:2b:92:e7:c8:c8:
                    32:4f:99:70:94:1e:80:a4:87:ed:f2:82:74:ae:a7:
                    25:1b:36:97:b2:90:a8:6c:66:de:5a:b1:b4:8d:1a:
                    fc:9d:ec:83:ce:ca:38:07:b7:78:8e:1b:3d:f8:94:
                    8d:c1:81:a0:a0:4b:40:48:a4:fe:5f:68:9d:e2:15:
                    03:0e:bb:46:35:bb:39:de:3f:54:59:89:d8:32:80:
                    40:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:CC:16:85:0F:70:F6:2C:79:F5:D4:32:0C:C5:A5:20:17:F0:30:0C
            X509v3 Authority Key Identifier:
                keyid:06:37:D1:CE:5D:C3:FA:80:0E:1D:1D:CF:BD:AA:84:1F:DD:D4:39:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BjfRzl3D-oAOHR3PvaqEH93UOQU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/eaa602-2a3f-4f32-abce-3d80d686e747/1/KcwWhQ9w9ix59dQyDMWlIBfwMAw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/eaa602-2a3f-4f32-abce-3d80d686e747/1/BjfRzl3D-oAOHR3PvaqEH93UOQU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.103.168.0/21

    Signature Algorithm: sha256WithRSAEncryption
         61:b2:72:7c:29:d4:c6:07:6c:c0:43:51:12:19:b9:2e:dc:1f:
         16:9c:e7:0f:3b:08:0c:d8:5a:81:6a:6b:1d:db:d3:5e:c5:45:
         16:de:86:d3:f5:8d:24:f4:b0:4b:8f:51:2d:2e:ef:c6:cc:6e:
         b4:23:07:53:b0:13:e8:ef:59:0d:bb:ca:67:2f:e7:ca:e7:1a:
         a4:32:47:1c:77:93:ef:f5:20:47:1f:bd:90:f2:20:21:8e:bc:
         69:0b:a4:ae:a5:12:d4:ca:89:16:98:ee:ac:31:83:67:40:10:
         82:91:51:c7:07:b7:38:95:85:28:7a:5e:dc:9d:69:7c:08:6e:
         63:6b:d5:de:d0:a1:94:c8:f4:4a:f3:76:28:42:74:6c:3a:86:
         08:67:b9:c9:00:04:54:6c:9d:14:cb:36:48:3a:6d:82:7d:7d:
         23:ef:95:94:30:cc:bc:e8:0b:06:db:b8:db:6e:3a:c2:cc:f3:
         3b:73:7d:40:c0:d3:c8:73:ee:3a:76:6c:ad:7a:04:fc:7d:aa:
         38:6d:9d:d0:3f:30:77:b1:62:c8:0a:5e:1d:0f:aa:d5:d2:42:
         cc:56:e4:a6:2b:00:78:e7:16:6a:43:ab:18:fd:ee:30:d3:80:
         41:d7:e7:e4:bd:59:fe:62:5a:3c:8f:8c:c5:40:b5:8f:68:e7:
         c2:b5:11:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkq/gtEoJMtrYKMOJvEGQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2MzdkMWNlNWRjM2ZhODAwZTFkMWRjZmJkYWE4NDFmZGRk
NDM5MDUwHhcNMjQwMTAxMTAyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWNjMTY4NTBmNzBmNjJjNzlmNWQ0MzIwY2M1YTUyMDE3ZjAzMDBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkZX1vEy/1R9KvqSZwyS39whtY4Ow
NITzL1B1h1EEekwofbGEMk1vi+LzUmIb/cZ0HgRupHI5gYM814JXO3T8/g7HtSre
IEFQz2DzgJQS3td2HJvJKoAdAYpuNRTt4WIlwCrLxC3Haq5D7s17yRenrrkTlgk7
dcgpsyTeroQzDxHKntnwWcsbuvxlpWcxIx1HxjiGR2purZCnLMW0HcFE7XqvfSRt
aoVlSRba0q9ZK5LnyMgyT5lwlB6ApIft8oJ0rqclGzaXspCobGbeWrG0jRr8neyD
zso4B7d4jhs9+JSNwYGgoEtASKT+X2id4hUDDrtGNbs53j9UWYnYMoBA2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCnMFoUPcPYsefXUMgzFpSAX8DAMMB8GA1UdIwQY
MBaAFAY30c5dw/qADh0dz72qhB/d1DkFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmpmUnpsM0Qtb0FPSFIzUHZhcUVIOTNVT1FVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9lYWE2MDItMmEzZi00ZjMyLWFiY2Ut
M2Q4MGQ2ODZlNzQ3LzEvS2N3V2hROXc5aXg1OWRReURNV2xJQmZ3TUF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9lYWE2MDItMmEzZi00ZjMyLWFiY2UtM2Q4MGQ2ODZlNzQ3
LzEvQmpmUnpsM0Qtb0FPSFIzUHZhcUVIOTNVT1FVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDsGeoMA0G
CSqGSIb3DQEBCwUAA4IBAQBhsnJ8KdTGB2zAQ1ESGbku3B8WnOcPOwgM2FqBamsd
29NexUUW3obT9Y0k9LBLj1EtLu/GzG60IwdTsBPo71kNu8pnL+fK5xqkMkccd5Pv
9SBHH72Q8iAhjrxpC6SupRLUyokWmO6sMYNnQBCCkVHHB7c4lYUoel7cnWl8CG5j
a9Xe0KGUyPRK83YoQnRsOoYIZ7nJAARUbJ0UyzZIOm2CfX0j75WUMMy86AsG27jb
bjrCzPM7c31AwNPIc+46dmytegT8fao4bZ3QPzB3sWLICl4dD6rV0kLMVuSmKwB4
5xZqQ6sY/e4w04BB1+fkvVn+Ylo8j4zFQLWPaOfCtREp
-----END CERTIFICATE-----