Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/KWwS50vCKKOPNeR04qxsZQLv87s.roa
File:                     KWwS50vCKKOPNeR04qxsZQLv87s.roa (raw, json)
Hash identifier:          0JJPdXCo/G5bdz/0h/UDkXIPCKxpdcKI42b2k4icps0=
Subject key identifier:   29:6C:12:E7:4B:C2:28:A3:8F:35:E4:74:E2:AC:6C:65:02:EF:F3:BB
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       018CC348E767F2853217883650F0AD170835
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/KWwS50vCKKOPNeR04qxsZQLv87s.roa
Signing time:             Mon 01 Jan 2024 04:29:44 +0000
ROA not before:           Mon 01 Jan 2024 04:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209880
IP address blocks:        212.243.125.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:e7:67:f2:85:32:17:88:36:50:f0:ad:17:08:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 04:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=296c12e74bc228a38f35e474e2ac6c6502eff3bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:3e:04:75:94:76:85:2b:d5:42:67:1c:21:e3:
                    f4:87:7b:62:4b:54:b7:33:38:b1:93:ff:8b:8d:27:
                    2e:6b:3d:6b:9e:11:16:a1:c6:ab:e6:be:ec:b5:de:
                    e7:44:97:00:68:97:bf:33:c6:ce:ac:76:1d:f6:05:
                    f2:9b:26:9e:97:2d:da:cd:cc:96:1f:1c:df:83:f6:
                    e2:de:b2:0b:1a:35:51:65:aa:25:d6:4a:0f:54:77:
                    3f:98:76:59:37:2d:16:0b:6e:a6:7d:12:18:05:84:
                    0c:4c:4c:7d:4f:5a:52:76:b6:cf:6c:24:7a:c2:71:
                    1d:c8:71:f6:39:01:18:9f:ea:1a:20:30:0a:f7:82:
                    a0:8e:ec:7c:5d:21:03:48:a1:1e:c3:3e:b5:ed:02:
                    c9:a1:8a:45:b3:e7:73:28:9e:7c:0e:03:33:26:0a:
                    13:2e:d4:34:45:70:0d:fa:0a:20:51:c2:95:1b:9d:
                    96:c4:7c:0b:a4:9c:7f:d1:34:ca:0f:d1:e5:29:14:
                    a1:39:36:d9:0b:2a:5b:00:99:55:7e:04:69:00:bb:
                    19:bb:a6:6b:3d:9b:fc:a8:64:bb:27:e3:82:d9:c5:
                    5f:b3:39:e9:0a:73:30:96:55:d0:64:5a:bd:6e:f5:
                    82:61:9e:3c:c1:15:a1:11:32:e8:40:21:6b:0b:48:
                    98:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:6C:12:E7:4B:C2:28:A3:8F:35:E4:74:E2:AC:6C:65:02:EF:F3:BB
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/KWwS50vCKKOPNeR04qxsZQLv87s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.243.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:33:9f:71:64:5b:80:83:93:16:f5:46:42:e8:d6:82:bc:22:
         75:e6:8a:b8:72:98:b4:fd:59:9a:79:89:21:ae:89:3d:f6:ec:
         d9:32:ef:0a:90:17:ae:44:56:f2:86:aa:9b:93:a3:db:03:ee:
         5f:34:d3:74:b7:e5:e7:5e:16:cc:39:99:f0:bc:af:03:0c:5c:
         8e:2f:d4:31:48:f0:1d:fc:d9:fa:fa:58:9c:5c:99:8f:67:60:
         36:0a:c6:9e:b2:50:f6:d0:25:fa:50:dc:b7:08:14:ea:35:e1:
         b0:c3:1a:bc:b2:84:a8:bc:c9:e8:3d:8a:79:18:71:c5:af:20:
         10:25:a5:ed:1d:01:c9:a9:41:81:8b:1c:48:98:42:c4:e2:44:
         06:02:fe:57:2c:6b:d7:a3:c5:ce:c0:36:f3:ba:3c:6a:e5:1b:
         7b:d1:f2:97:36:76:cc:45:a3:9a:60:cb:2d:10:b4:0a:12:0f:
         70:ab:0e:0b:97:3c:33:dd:93:5b:c9:f0:07:03:eb:ca:22:2c:
         43:85:74:7d:24:1c:cf:01:c8:14:75:3a:3f:d5:aa:03:1d:c0:
         67:61:6d:48:c0:f8:24:e1:bb:df:89:de:e9:55:c7:ff:b2:ba:
         cc:5f:d1:c8:4a:4b:4a:ba:06:48:e9:fe:6a:25:98:ee:f6:a9:
         7c:60:35:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSOdn8oUyF4g2UPCtFwg1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjQwMTAxMDQyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTZjMTJlNzRiYzIyOGEzOGYzNWU0NzRlMmFjNmM2NTAyZWZmM2JiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmD4EdZR2hSvVQmccIeP0h3tiS1S3
Mzixk/+LjScuaz1rnhEWocar5r7std7nRJcAaJe/M8bOrHYd9gXymyaely3azcyW
Hxzfg/bi3rILGjVRZaol1koPVHc/mHZZNy0WC26mfRIYBYQMTEx9T1pSdrbPbCR6
wnEdyHH2OQEYn+oaIDAK94Kgjux8XSEDSKEewz617QLJoYpFs+dzKJ58DgMzJgoT
LtQ0RXAN+gogUcKVG52WxHwLpJx/0TTKD9HlKRShOTbZCypbAJlVfgRpALsZu6Zr
PZv8qGS7J+OC2cVfsznpCnMwllXQZFq9bvWCYZ48wRWhETLoQCFrC0iYMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFClsEudLwiijjzXkdOKsbGUC7/O7MB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvS1d3UzUwdkNLS09QTmVSMDRxeHNaUUx2ODdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1PN9MA0G
CSqGSIb3DQEBCwUAA4IBAQBcM59xZFuAg5MW9UZC6NaCvCJ15oq4cpi0/VmaeYkh
rok99uzZMu8KkBeuRFbyhqqbk6PbA+5fNNN0t+XnXhbMOZnwvK8DDFyOL9QxSPAd
/Nn6+licXJmPZ2A2CsaeslD20CX6UNy3CBTqNeGwwxq8soSovMnoPYp5GHHFryAQ
JaXtHQHJqUGBixxImELE4kQGAv5XLGvXo8XOwDbzujxq5Rt70fKXNnbMRaOaYMst
ELQKEg9wqw4Llzwz3ZNbyfAHA+vKIixDhXR9JBzPAcgUdTo/1aoDHcBnYW1IwPgk
4bvfid7pVcf/srrMX9HISktKugZI6f5qJZju9ql8YDVP
-----END CERTIFICATE-----