Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/KPz3Cm_1DxMoqldNd_Qe0CdVunI.roa
File:                     KPz3Cm_1DxMoqldNd_Qe0CdVunI.roa (raw, json)
Hash identifier:          jAz8Zf0zML7iHo7Uhd4xbPl0p3LD9WbKkMTMWdp6tQg=
Subject key identifier:   28:FC:F7:0A:6F:F5:0F:13:28:AA:57:4D:77:F4:1E:D0:27:55:BA:72
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC801726F8046CB30A8E90658EC96B94F
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/KPz3Cm_1DxMoqldNd_Qe0CdVunI.roa
Signing time:             Tue 02 Jan 2024 02:29:47 +0000
ROA not before:           Tue 02 Jan 2024 02:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210558
IP address blocks:        45.154.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:72:6f:80:46:cb:30:a8:e9:06:58:ec:96:b9:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=28fcf70a6ff50f1328aa574d77f41ed02755ba72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:63:d3:1e:fd:e3:0c:ee:64:40:5e:96:15:d3:
                    29:52:78:c7:24:16:9f:eb:b6:60:21:e7:16:74:4f:
                    e1:66:f5:64:2c:dc:ce:d8:12:04:ef:04:e4:81:c2:
                    7a:01:ff:ea:0f:b6:7a:df:14:82:1f:b0:46:98:0f:
                    0a:53:83:65:11:ff:46:ac:d0:e3:dc:0b:62:bd:4b:
                    82:59:4b:c5:b8:cf:d7:90:4e:a5:45:9d:de:11:ee:
                    7a:f6:23:c1:27:a1:e5:a9:5b:87:5c:3e:86:b5:34:
                    36:42:48:ea:90:03:e7:03:be:eb:29:b5:b7:fd:3c:
                    27:b6:e9:c2:df:0b:61:a8:a4:f3:7f:fc:ed:93:93:
                    16:c8:16:95:5f:3a:89:30:96:06:ae:aa:10:15:bd:
                    c5:e9:d7:6e:03:49:70:af:cd:a1:50:94:48:f6:25:
                    10:2c:7a:07:d0:71:37:64:f8:58:66:58:09:18:91:
                    09:b9:b9:9b:59:06:2c:1e:04:60:7e:ca:7f:93:14:
                    73:bc:23:ab:89:b5:8d:01:94:06:5f:5f:8d:01:ad:
                    e7:f6:98:2b:aa:52:1d:3e:07:bd:ae:00:bb:4b:43:
                    9f:44:d1:d9:57:ed:74:8d:1b:a2:7b:39:b9:05:dc:
                    77:30:69:66:98:25:9b:d3:e0:02:cb:a8:7c:82:1d:
                    5b:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:FC:F7:0A:6F:F5:0F:13:28:AA:57:4D:77:F4:1E:D0:27:55:BA:72
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/KPz3Cm_1DxMoqldNd_Qe0CdVunI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:ab:7e:0a:7e:c1:70:6f:ac:fb:b3:91:8b:d8:70:dc:4b:5a:
         2a:26:4a:bc:ab:c1:15:1f:a6:0b:0b:e9:ec:a8:b4:20:af:53:
         a4:9d:95:91:d9:23:cb:dc:be:6a:35:73:55:c9:09:45:d3:3d:
         02:f3:02:a8:4c:27:0c:ba:ef:91:2f:b6:ea:9f:23:08:d2:63:
         71:90:56:6f:42:c9:c9:b1:38:ae:24:ad:9b:42:94:8c:b2:99:
         47:60:a0:ee:b6:d3:00:2f:a8:00:06:e3:e2:42:fa:bf:71:52:
         94:18:33:b6:bf:4b:97:e8:ed:87:c1:a9:47:5c:0d:52:47:a6:
         df:73:dd:9e:b1:44:58:c5:99:67:e5:6b:29:1d:6c:f6:60:21:
         55:62:2f:6b:f6:5a:a8:5d:db:f3:f0:d6:99:5d:12:b8:8b:97:
         95:8a:91:f0:b0:d6:bb:f3:7b:9a:8d:cb:65:b0:fc:f5:97:ab:
         c3:0f:1e:34:20:57:ed:b9:1b:da:4a:d1:1e:45:2f:eb:c2:6b:
         c3:0f:43:2b:e1:d7:7a:84:e9:78:0b:51:55:fe:06:22:62:6b:
         54:a6:68:69:06:ba:e3:60:23:57:90:d9:a6:b2:dc:11:e9:52:
         3b:36:3a:9d:09:e8:a5:74:74:e1:ad:f5:da:d7:70:48:1d:49:
         7f:01:ce:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAXJvgEbLMKjpBljslrlPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGZjZjcwYTZmZjUwZjEzMjhhYTU3NGQ3N2Y0MWVkMDI3NTViYTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnmPTHv3jDO5kQF6WFdMpUnjHJBaf
67ZgIecWdE/hZvVkLNzO2BIE7wTkgcJ6Af/qD7Z63xSCH7BGmA8KU4NlEf9GrNDj
3AtivUuCWUvFuM/XkE6lRZ3eEe569iPBJ6HlqVuHXD6GtTQ2QkjqkAPnA77rKbW3
/TwntunC3wthqKTzf/ztk5MWyBaVXzqJMJYGrqoQFb3F6dduA0lwr82hUJRI9iUQ
LHoH0HE3ZPhYZlgJGJEJubmbWQYsHgRgfsp/kxRzvCOribWNAZQGX1+NAa3n9pgr
qlIdPge9rgC7S0OfRNHZV+10jRuiezm5Bdx3MGlmmCWb0+ACy6h8gh1bDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCj89wpv9Q8TKKpXTXf0HtAnVbpyMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvS1B6M0NtXzFEeE1vcWxkTmRfUWUwQ2RWdW5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZpiMA0G
CSqGSIb3DQEBCwUAA4IBAQCcq34KfsFwb6z7s5GL2HDcS1oqJkq8q8EVH6YLC+ns
qLQgr1OknZWR2SPL3L5qNXNVyQlF0z0C8wKoTCcMuu+RL7bqnyMI0mNxkFZvQsnJ
sTiuJK2bQpSMsplHYKDuttMAL6gABuPiQvq/cVKUGDO2v0uX6O2HwalHXA1SR6bf
c92esURYxZln5WspHWz2YCFVYi9r9lqoXdvz8NaZXRK4i5eVipHwsNa783uajctl
sPz1l6vDDx40IFftuRvaStEeRS/rwmvDD0Mr4dd6hOl4C1FV/gYiYmtUpmhpBrrj
YCNXkNmmstwR6VI7NjqdCeildHThrfXa13BIHUl/Ac6w
-----END CERTIFICATE-----