Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/20c7e7-a49f-4031-ba77-63df603161c9/1/KBoMDD3vy6cb7_xSn_kVkZRtmdw.roa
File:                     KBoMDD3vy6cb7_xSn_kVkZRtmdw.roa (raw, json)
Hash identifier:          A8D5IeGOu9viEDfuO8PMMIUNcztJez165ognvPEdkIk=
Subject key identifier:   28:1A:0C:0C:3D:EF:CB:A7:1B:EF:FC:52:9F:F9:15:91:94:6D:99:DC
Certificate issuer:       /CN=82fe7d00e94cd2a7cbf7f9e82cf0992417418df6
Certificate serial:       018CC94AAE8BC43A4B684C34A094DFB2CAA9
Authority key identifier: 82:FE:7D:00:E9:4C:D2:A7:CB:F7:F9:E8:2C:F0:99:24:17:41:8D:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gv59AOlM0qfL9_noLPCZJBdBjfY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/20c7e7-a49f-4031-ba77-63df603161c9/1/KBoMDD3vy6cb7_xSn_kVkZRtmdw.roa
Signing time:             Tue 02 Jan 2024 08:29:23 +0000
ROA not before:           Tue 02 Jan 2024 08:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48920
IP address blocks:        195.88.84.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/20c7e7-a49f-4031-ba77-63df603161c9/1/gv59AOlM0qfL9_noLPCZJBdBjfY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/20c7e7-a49f-4031-ba77-63df603161c9/1/gv59AOlM0qfL9_noLPCZJBdBjfY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gv59AOlM0qfL9_noLPCZJBdBjfY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:ae:8b:c4:3a:4b:68:4c:34:a0:94:df:b2:ca:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=82fe7d00e94cd2a7cbf7f9e82cf0992417418df6
        Validity
            Not Before: Jan  2 08:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=281a0c0c3defcba71beffc529ff91591946d99dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:52:99:eb:6d:b0:ee:c1:bf:37:1c:bf:e6:2f:
                    68:57:a6:b3:3d:81:e7:08:a6:6f:df:2c:4f:95:e0:
                    c9:dc:89:82:bd:e1:ff:84:b6:8d:45:25:e5:41:ef:
                    49:3c:47:f9:95:bc:5d:b9:46:ed:b5:26:ee:7a:0d:
                    97:01:1b:9d:80:46:73:50:43:fe:24:90:3c:95:4b:
                    39:fe:a0:88:9b:ec:00:4f:fa:1a:9d:4d:c8:72:26:
                    df:e4:98:39:15:b8:bf:2d:32:bf:81:0e:63:1c:bb:
                    78:f4:a1:e3:18:79:eb:4e:d1:d0:5c:97:1b:70:3b:
                    f5:e5:50:1d:e9:c9:06:b7:71:80:b2:1c:e3:9d:87:
                    75:83:1b:68:96:ad:0f:fa:a0:da:9a:35:31:79:e9:
                    eb:36:d4:36:31:6f:af:6e:f3:1b:ce:01:4c:76:c5:
                    bf:78:80:27:aa:9f:e9:c4:ce:2e:a5:b0:28:d7:9a:
                    21:a1:63:68:fc:06:1f:a3:6b:86:a8:2f:75:26:32:
                    64:29:1b:e1:38:54:d1:a3:f9:b7:0d:2b:5b:b4:c8:
                    ed:8c:31:07:58:98:01:fc:f7:6d:67:2d:bc:6d:0f:
                    72:f3:b3:b9:aa:81:24:61:29:a7:2b:a6:85:45:12:
                    1e:c8:8b:10:ec:b6:d0:7a:a3:6e:0a:28:a7:61:e3:
                    b9:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:1A:0C:0C:3D:EF:CB:A7:1B:EF:FC:52:9F:F9:15:91:94:6D:99:DC
            X509v3 Authority Key Identifier:
                keyid:82:FE:7D:00:E9:4C:D2:A7:CB:F7:F9:E8:2C:F0:99:24:17:41:8D:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gv59AOlM0qfL9_noLPCZJBdBjfY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/20c7e7-a49f-4031-ba77-63df603161c9/1/KBoMDD3vy6cb7_xSn_kVkZRtmdw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/20c7e7-a49f-4031-ba77-63df603161c9/1/gv59AOlM0qfL9_noLPCZJBdBjfY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.88.84.0/23

    Signature Algorithm: sha256WithRSAEncryption
         60:8b:83:66:0b:27:1e:71:24:ad:26:0e:65:24:57:df:5d:7b:
         62:b7:cc:32:62:5e:b1:da:dd:4b:ec:be:ce:df:4c:58:98:d3:
         ef:50:f0:75:bf:13:76:5d:24:8d:bc:ff:63:36:65:86:53:77:
         1f:82:2b:6c:53:c5:1f:dc:d9:41:63:9b:74:aa:68:20:0f:18:
         76:74:e7:63:44:66:fd:c4:71:d5:9d:1d:b7:74:3d:c5:c5:ac:
         2d:c0:0e:97:20:ef:b9:1f:76:4c:0b:af:7b:02:98:28:6b:2b:
         76:46:e3:09:1e:48:b6:10:86:4f:55:18:92:1c:1d:d6:16:97:
         fa:25:10:dc:31:02:ed:02:86:ad:14:d4:ab:5e:8d:65:bb:9a:
         36:e0:cb:24:4c:2d:8f:7f:b5:ea:7c:c2:5f:af:b4:70:98:a8:
         b6:d2:8d:d7:70:d6:3d:05:fd:38:05:9b:6f:ad:0a:49:7e:f4:
         35:d4:d5:94:e4:43:32:e2:57:b1:2f:90:d8:ae:e6:f4:6d:85:
         61:1c:4e:f7:1e:be:47:98:a5:f0:a8:37:db:f9:e4:6a:2c:11:
         b3:44:c9:88:0a:7c:f7:73:eb:cf:34:9a:48:ba:40:69:4c:d0:
         3e:b6:e1:62:3d:54:d0:77:f8:64:7a:a9:39:82:a1:9b:fb:cb:
         13:27:8c:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJSq6LxDpLaEw0oJTfssqpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyZmU3ZDAwZTk0Y2QyYTdjYmY3ZjllODJjZjA5OTI0MTc0
MThkZjYwHhcNMjQwMTAyMDgyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODFhMGMwYzNkZWZjYmE3MWJlZmZjNTI5ZmY5MTU5MTk0NmQ5OWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzlKZ622w7sG/Nxy/5i9oV6azPYHn
CKZv3yxPleDJ3ImCveH/hLaNRSXlQe9JPEf5lbxduUbttSbueg2XARudgEZzUEP+
JJA8lUs5/qCIm+wAT/oanU3Icibf5Jg5Fbi/LTK/gQ5jHLt49KHjGHnrTtHQXJcb
cDv15VAd6ckGt3GAshzjnYd1gxtolq0P+qDamjUxeenrNtQ2MW+vbvMbzgFMdsW/
eIAnqp/pxM4upbAo15ohoWNo/AYfo2uGqC91JjJkKRvhOFTRo/m3DStbtMjtjDEH
WJgB/PdtZy28bQ9y87O5qoEkYSmnK6aFRRIeyIsQ7LbQeqNuCiinYeO5twIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCgaDAw978unG+/8Up/5FZGUbZncMB8GA1UdIwQY
MBaAFIL+fQDpTNKny/f56CzwmSQXQY32MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3Y1OUFPbE0wcWZMOV9ub0xQQ1pKQmRCamZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy8yMGM3ZTctYTQ5Zi00MDMxLWJhNzct
NjNkZjYwMzE2MWM5LzEvS0JvTUREM3Z5NmNiN194U25fa1ZrWlJ0bWR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy8yMGM3ZTctYTQ5Zi00MDMxLWJhNzctNjNkZjYwMzE2MWM5
LzEvZ3Y1OUFPbE0wcWZMOV9ub0xQQ1pKQmRCamZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw1hUMA0G
CSqGSIb3DQEBCwUAA4IBAQBgi4NmCycecSStJg5lJFffXXtit8wyYl6x2t1L7L7O
30xYmNPvUPB1vxN2XSSNvP9jNmWGU3cfgitsU8Uf3NlBY5t0qmggDxh2dOdjRGb9
xHHVnR23dD3FxawtwA6XIO+5H3ZMC697Apgoayt2RuMJHki2EIZPVRiSHB3WFpf6
JRDcMQLtAoatFNSrXo1lu5o24MskTC2Pf7XqfMJfr7RwmKi20o3XcNY9Bf04BZtv
rQpJfvQ11NWU5EMy4lexL5DYrub0bYVhHE73Hr5HmKXwqDfb+eRqLBGzRMmICnz3
c+vPNJpIukBpTNA+tuFiPVTQd/hkeqk5gqGb+8sTJ4zG
-----END CERTIFICATE-----