Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/kEL9j3_TSaCDRX5IqpRUK8OB1L0.roa
File:                     kEL9j3_TSaCDRX5IqpRUK8OB1L0.roa (raw, json)
Hash identifier:          jGuJjXoYKyK4PqOpAAQnJ3d49vdamcwK+vCzXZeaf4w=
Subject key identifier:   90:42:FD:8F:7F:D3:49:A0:83:45:7E:48:AA:94:54:2B:C3:81:D4:BD
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       018CC348D1A4F53C98CA85AB1C410EC084EF
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/kEL9j3_TSaCDRX5IqpRUK8OB1L0.roa
Signing time:             Mon 01 Jan 2024 04:29:38 +0000
ROA not before:           Mon 01 Jan 2024 04:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13277
IP address blocks:        194.209.13.0/24 maxlen: 24
                          194.209.211.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:d1:a4:f5:3c:98:ca:85:ab:1c:41:0e:c0:84:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 04:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9042fd8f7fd349a083457e48aa94542bc381d4bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:a5:60:75:35:14:af:0d:77:56:d4:99:27:36:
                    4e:a8:9a:b5:ee:be:9b:c2:c9:73:d4:9f:1f:10:1f:
                    79:a5:c1:08:07:b9:db:7f:06:4b:ad:a0:fd:83:12:
                    93:14:89:d2:58:ea:1a:73:6e:68:a5:22:d7:3e:b1:
                    18:91:1a:2a:c1:5f:9f:17:ec:38:b5:3a:ec:f9:17:
                    49:23:96:d2:a5:e0:c8:84:0a:7c:3d:01:64:95:f1:
                    87:a9:6e:ac:3f:0d:c4:53:92:cc:41:0c:3c:82:13:
                    a4:d9:dd:0f:c0:bb:48:5f:93:a2:5f:f8:79:a3:b3:
                    4e:16:66:0e:94:60:f0:50:a3:5c:8c:b2:b8:5e:2f:
                    49:75:d7:ce:65:b1:f3:cd:c9:83:6c:9e:dc:3e:77:
                    9c:e1:dc:1a:8c:b5:5b:43:df:67:0c:88:a9:60:c6:
                    3f:57:15:35:89:7b:e5:94:78:ea:d4:25:f6:fe:a0:
                    89:f0:57:3b:db:cf:34:8d:53:2d:33:e3:d6:30:48:
                    11:8b:ba:88:e8:13:f8:b4:83:a7:d7:c0:12:87:26:
                    94:d3:38:d8:35:6c:85:c5:fc:b6:17:95:fa:c3:74:
                    6a:54:e8:fe:89:e0:81:31:3e:c0:1e:ee:2e:a2:71:
                    b3:be:dc:eb:b7:f6:80:1d:e3:39:44:bc:51:db:1e:
                    09:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:42:FD:8F:7F:D3:49:A0:83:45:7E:48:AA:94:54:2B:C3:81:D4:BD
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/kEL9j3_TSaCDRX5IqpRUK8OB1L0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.209.13.0/24
                  194.209.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:c7:df:88:bb:2a:bd:43:ca:06:eb:64:0b:06:ed:f8:5e:a7:
         fe:e9:c8:b3:43:07:74:3f:c5:ca:e6:7f:60:e3:e3:50:c8:2e:
         63:21:89:88:c0:69:ac:ad:6a:b5:ef:09:f1:ae:7d:12:aa:05:
         c8:d3:5f:f7:54:6b:48:2b:e8:b1:22:c0:c3:dd:75:f2:cb:c9:
         05:a0:88:50:d3:62:45:91:59:17:6a:04:61:7b:30:ac:96:7c:
         5e:cc:66:06:a5:90:91:4f:72:31:f6:52:36:89:15:52:0a:c9:
         80:c7:fd:3f:dc:7d:e6:4f:8b:d0:c8:8e:7a:bd:49:f5:4d:88:
         85:19:92:6e:39:5c:3f:0e:84:76:45:39:10:b6:18:1b:f9:88:
         05:d3:27:04:82:30:ab:da:5e:92:12:ce:06:77:db:e7:b4:56:
         6a:37:44:f9:9d:c9:3b:cb:a2:07:90:ae:5d:38:71:19:d5:a7:
         af:8e:66:11:07:dd:6a:1e:5f:f9:5f:0a:ec:42:ef:71:72:28:
         77:59:45:0a:93:66:43:d7:62:c2:9b:6c:5b:7c:5f:45:f5:d2:
         50:a3:f1:ad:72:5f:69:83:40:12:ea:2d:62:bf:e4:35:d6:e3:
         72:9c:45:b3:7a:00:99:de:e2:35:0c:7e:31:50:82:0f:41:8f:
         74:61:80:7e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSNGk9TyYyoWrHEEOwITvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjQwMTAxMDQyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDQyZmQ4ZjdmZDM0OWEwODM0NTdlNDhhYTk0NTQyYmMzODFkNGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjqVgdTUUrw13VtSZJzZOqJq17r6b
wslz1J8fEB95pcEIB7nbfwZLraD9gxKTFInSWOoac25opSLXPrEYkRoqwV+fF+w4
tTrs+RdJI5bSpeDIhAp8PQFklfGHqW6sPw3EU5LMQQw8ghOk2d0PwLtIX5OiX/h5
o7NOFmYOlGDwUKNcjLK4Xi9JddfOZbHzzcmDbJ7cPnec4dwajLVbQ99nDIipYMY/
VxU1iXvllHjq1CX2/qCJ8Fc72880jVMtM+PWMEgRi7qI6BP4tIOn18AShyaU0zjY
NWyFxfy2F5X6w3RqVOj+ieCBMT7AHu4uonGzvtzrt/aAHeM5RLxR2x4JvwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJBC/Y9/00mgg0V+SKqUVCvDgdS9MB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEva0VMOWozX1RTYUNEUlg1SXFwUlVLOE9CMUwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwtENAwQA
wtHTMA0GCSqGSIb3DQEBCwUAA4IBAQAOx9+Iuyq9Q8oG62QLBu34Xqf+6cizQwd0
P8XK5n9g4+NQyC5jIYmIwGmsrWq17wnxrn0SqgXI01/3VGtIK+ixIsDD3XXyy8kF
oIhQ02JFkVkXagRhezCslnxezGYGpZCRT3Ix9lI2iRVSCsmAx/0/3H3mT4vQyI56
vUn1TYiFGZJuOVw/DoR2RTkQthgb+YgF0ycEgjCr2l6SEs4Gd9vntFZqN0T5nck7
y6IHkK5dOHEZ1aevjmYRB91qHl/5XwrsQu9xcih3WUUKk2ZD12LCm2xbfF9F9dJQ
o/Gtcl9pg0AS6i1iv+Q11uNynEWzegCZ3uI1DH4xUIIPQY90YYB+
-----END CERTIFICATE-----