Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/0eeb2f-1aa0-4762-b4e8-b59c2ac951cb/1/kppqT3O0hSmSUIimztiUt8rTF6o.roa
File:                     kppqT3O0hSmSUIimztiUt8rTF6o.roa (raw, json)
Hash identifier:          0trH53DUUX4v1PXd+hDC+ZNDWjVL0s8/ZdSHmfGiqpQ=
Subject key identifier:   92:9A:6A:4F:73:B4:85:29:92:50:88:A6:CE:D8:94:B7:CA:D3:17:AA
Certificate issuer:       /CN=d1d78826e1717ec993eb64dd1187876b065e8f58
Certificate serial:       018CC42552DEBE6A8221757853BC5D369F50
Authority key identifier: D1:D7:88:26:E1:71:7E:C9:93:EB:64:DD:11:87:87:6B:06:5E:8F:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0deIJuFxfsmT62TdEYeHawZej1g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/0eeb2f-1aa0-4762-b4e8-b59c2ac951cb/1/kppqT3O0hSmSUIimztiUt8rTF6o.roa
Signing time:             Mon 01 Jan 2024 08:30:29 +0000
ROA not before:           Mon 01 Jan 2024 08:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51415
IP address blocks:        185.195.204.0/23 maxlen: 23
                          185.195.206.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/0eeb2f-1aa0-4762-b4e8-b59c2ac951cb/1/0deIJuFxfsmT62TdEYeHawZej1g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/0eeb2f-1aa0-4762-b4e8-b59c2ac951cb/1/0deIJuFxfsmT62TdEYeHawZej1g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0deIJuFxfsmT62TdEYeHawZej1g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 20:24:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:52:de:be:6a:82:21:75:78:53:bc:5d:36:9f:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1d78826e1717ec993eb64dd1187876b065e8f58
        Validity
            Not Before: Jan  1 08:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=929a6a4f73b48529925088a6ced894b7cad317aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:86:d8:d2:bb:cc:eb:b2:3b:af:21:54:cb:56:
                    ed:37:66:5c:05:00:6c:e2:34:8c:06:70:b9:46:14:
                    b0:e1:89:d0:8c:af:08:71:e5:97:b3:d9:02:84:eb:
                    08:4a:18:68:27:24:ec:ca:97:15:89:a7:cc:31:49:
                    b7:55:83:00:e4:68:49:f2:88:1e:07:ee:21:a3:e2:
                    9a:68:64:7e:54:ff:10:9a:a4:8e:26:34:57:14:7a:
                    eb:45:76:f8:64:f5:df:a1:02:76:f8:c8:14:b5:b9:
                    65:d8:34:90:2c:c9:d7:16:8f:b5:ed:d6:59:d0:02:
                    1c:2f:d9:97:dc:38:ae:5f:86:23:18:ac:ee:4d:09:
                    1d:12:82:89:3e:bf:f4:9a:f6:20:13:01:ca:6f:61:
                    8a:f9:6b:28:58:a3:bc:a6:5c:c6:b0:db:dc:b4:4d:
                    fa:2f:f1:97:b3:ed:62:83:f0:4a:04:63:98:4c:85:
                    d0:e8:30:5d:e6:f3:b2:f2:bd:29:ed:0c:43:74:63:
                    64:9c:b1:ff:88:6a:7a:eb:11:0b:9b:bf:15:d5:4d:
                    76:54:54:64:e2:cd:a4:2c:3a:2c:e8:42:da:fe:c6:
                    ac:44:9b:4f:db:24:5e:88:22:07:74:20:11:aa:56:
                    58:5f:09:59:52:a3:85:bc:b4:35:6c:a2:a1:60:d3:
                    a7:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:9A:6A:4F:73:B4:85:29:92:50:88:A6:CE:D8:94:B7:CA:D3:17:AA
            X509v3 Authority Key Identifier:
                keyid:D1:D7:88:26:E1:71:7E:C9:93:EB:64:DD:11:87:87:6B:06:5E:8F:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0deIJuFxfsmT62TdEYeHawZej1g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/0eeb2f-1aa0-4762-b4e8-b59c2ac951cb/1/kppqT3O0hSmSUIimztiUt8rTF6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/0eeb2f-1aa0-4762-b4e8-b59c2ac951cb/1/0deIJuFxfsmT62TdEYeHawZej1g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.195.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8f:5b:97:54:56:af:0f:42:47:94:e0:c3:e5:be:dd:c0:90:9e:
         fb:28:64:e1:95:75:87:09:9c:b5:98:ed:e3:b0:cf:69:33:b9:
         4e:9f:03:e6:5a:cb:86:32:64:b9:35:06:80:e7:b7:45:14:36:
         d7:fa:fb:5e:8a:03:64:f5:0e:dc:32:94:a5:fb:96:7d:64:14:
         a8:90:8c:a1:bf:0f:6c:f4:a2:3c:53:27:b6:94:91:22:4f:d5:
         e2:0d:80:b3:2d:34:7d:c5:26:5d:b4:71:6d:1c:ce:7d:8a:26:
         ef:29:83:50:b5:a6:02:ca:93:ff:8f:14:9b:f4:20:1f:6c:35:
         66:6b:2b:79:e0:d7:7e:ed:0a:e3:f6:d8:68:bb:e3:ed:78:50:
         c5:52:77:92:ad:f3:ed:eb:90:70:fc:7f:39:b4:c5:fb:0b:cc:
         8e:91:f5:bb:f3:bf:99:3b:1c:4a:76:07:c0:8f:49:cc:a0:59:
         2d:94:35:fd:0f:64:2d:0d:24:b9:68:75:c8:30:a7:0b:46:bf:
         8e:45:7f:3d:8c:85:e4:32:a2:49:09:a1:a1:3b:a3:ff:68:5c:
         38:6c:70:98:e3:13:45:e6:a6:0f:1a:bb:89:e8:75:b1:f8:6f:
         67:ee:b4:be:18:38:f2:6a:e0:db:50:19:d4:c6:a1:d5:23:3e:
         80:e5:44:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJVLevmqCIXV4U7xdNp9QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxZDc4ODI2ZTE3MTdlYzk5M2ViNjRkZDExODc4NzZiMDY1
ZThmNTgwHhcNMjQwMTAxMDgzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjlhNmE0ZjczYjQ4NTI5OTI1MDg4YTZjZWQ4OTRiN2NhZDMxN2FhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo4bY0rvM67I7ryFUy1btN2ZcBQBs
4jSMBnC5RhSw4YnQjK8IceWXs9kChOsIShhoJyTsypcViafMMUm3VYMA5GhJ8oge
B+4ho+KaaGR+VP8QmqSOJjRXFHrrRXb4ZPXfoQJ2+MgUtbll2DSQLMnXFo+17dZZ
0AIcL9mX3DiuX4YjGKzuTQkdEoKJPr/0mvYgEwHKb2GK+WsoWKO8plzGsNvctE36
L/GXs+1ig/BKBGOYTIXQ6DBd5vOy8r0p7QxDdGNknLH/iGp66xELm78V1U12VFRk
4s2kLDos6ELa/sasRJtP2yReiCIHdCARqlZYXwlZUqOFvLQ1bKKhYNOn9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJKaak9ztIUpklCIps7YlLfK0xeqMB8GA1UdIwQY
MBaAFNHXiCbhcX7Jk+tk3RGHh2sGXo9YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGRlSUp1Rnhmc21UNjJUZEVZZUhhd1plajFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS8wZWViMmYtMWFhMC00NzYyLWI0ZTgt
YjU5YzJhYzk1MWNiLzEva3BwcVQzTzBoU21TVUlpbXp0aVV0OHJURjZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS8wZWViMmYtMWFhMC00NzYyLWI0ZTgtYjU5YzJhYzk1MWNi
LzEvMGRlSUp1Rnhmc21UNjJUZEVZZUhhd1plajFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucPMMA0G
CSqGSIb3DQEBCwUAA4IBAQCPW5dUVq8PQkeU4MPlvt3AkJ77KGThlXWHCZy1mO3j
sM9pM7lOnwPmWsuGMmS5NQaA57dFFDbX+vteigNk9Q7cMpSl+5Z9ZBSokIyhvw9s
9KI8Uye2lJEiT9XiDYCzLTR9xSZdtHFtHM59iibvKYNQtaYCypP/jxSb9CAfbDVm
ayt54Nd+7Qrj9thou+PteFDFUneSrfPt65Bw/H85tMX7C8yOkfW787+ZOxxKdgfA
j0nMoFktlDX9D2QtDSS5aHXIMKcLRr+ORX89jIXkMqJJCaGhO6P/aFw4bHCY4xNF
5qYPGruJ6HWx+G9n7rS+GDjyauDbUBnUxqHVIz6A5UQG
-----END CERTIFICATE-----