Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/3cac6b-2c2a-4b66-adee-d52325de6b08/1/kArDKH-KtA8VA5AmPH3h4pi7njc.roa
File:                     kArDKH-KtA8VA5AmPH3h4pi7njc.roa (raw, json)
Hash identifier:          2b6lK8j1Ej3C8q53Yo8doOW1BNbsrU7u2zHdp8vir0E=
Subject key identifier:   90:0A:C3:28:7F:8A:B4:0F:15:03:90:26:3C:7D:E1:E2:98:BB:9E:37
Certificate issuer:       /CN=d350a076ce4a8ce6fb69f1fda4a194614a941afa
Certificate serial:       018E4DA99C7C2AB603A9EB7E4883AAFD4626
Authority key identifier: D3:50:A0:76:CE:4A:8C:E6:FB:69:F1:FD:A4:A1:94:61:4A:94:1A:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/01Cgds5KjOb7afH9pKGUYUqUGvo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/3cac6b-2c2a-4b66-adee-d52325de6b08/1/kArDKH-KtA8VA5AmPH3h4pi7njc.roa
Signing time:             Sun 17 Mar 2024 18:25:45 +0000
ROA not before:           Sun 17 Mar 2024 18:25:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204177
IP address blocks:        91.229.72.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/3cac6b-2c2a-4b66-adee-d52325de6b08/1/01Cgds5KjOb7afH9pKGUYUqUGvo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/3cac6b-2c2a-4b66-adee-d52325de6b08/1/01Cgds5KjOb7afH9pKGUYUqUGvo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/01Cgds5KjOb7afH9pKGUYUqUGvo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 18:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:4d:a9:9c:7c:2a:b6:03:a9:eb:7e:48:83:aa:fd:46:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d350a076ce4a8ce6fb69f1fda4a194614a941afa
        Validity
            Not Before: Mar 17 18:25:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=900ac3287f8ab40f150390263c7de1e298bb9e37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:54:25:53:a1:ad:32:46:62:11:52:6a:5e:d8:
                    e3:d8:b8:43:3d:8d:cc:b5:b6:3d:56:f8:b1:e5:30:
                    ad:d8:65:3a:69:b0:41:7b:d8:3b:e9:0a:25:9e:9b:
                    08:b4:7e:7f:85:51:60:cb:6d:0f:89:a8:64:a1:c0:
                    33:2a:7a:e9:83:d4:90:23:82:75:f6:b8:39:53:45:
                    b4:df:a9:b2:c3:bb:33:08:e3:c2:db:f0:eb:5c:1d:
                    1b:15:8b:54:c9:82:ed:9c:17:4c:87:50:98:1a:a1:
                    90:4d:25:8c:de:ca:fc:ca:12:25:e3:08:e2:2d:45:
                    dd:4b:06:08:7f:3e:b5:a3:2e:54:f9:83:61:b5:18:
                    dd:44:ce:80:b4:1a:03:39:81:36:28:56:84:5d:3c:
                    24:5e:e1:51:4b:91:6c:c3:b3:ae:9c:d5:b9:8a:ef:
                    82:ef:c6:20:f1:43:af:3a:45:09:1a:ca:dd:33:e7:
                    04:10:7e:ec:e7:39:cb:50:16:80:b6:c4:85:fd:c8:
                    f0:9a:1a:0a:a2:23:7b:2b:55:1d:ce:ff:d9:be:12:
                    15:d9:58:86:8a:b3:10:79:72:09:9c:3d:4f:4e:1e:
                    7d:e8:9b:a6:c8:46:06:2e:d5:ad:0f:28:6e:f2:14:
                    fa:e7:37:b7:8b:66:97:17:65:d1:51:f8:00:ce:0e:
                    8e:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:0A:C3:28:7F:8A:B4:0F:15:03:90:26:3C:7D:E1:E2:98:BB:9E:37
            X509v3 Authority Key Identifier:
                keyid:D3:50:A0:76:CE:4A:8C:E6:FB:69:F1:FD:A4:A1:94:61:4A:94:1A:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/01Cgds5KjOb7afH9pKGUYUqUGvo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/3cac6b-2c2a-4b66-adee-d52325de6b08/1/kArDKH-KtA8VA5AmPH3h4pi7njc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/3cac6b-2c2a-4b66-adee-d52325de6b08/1/01Cgds5KjOb7afH9pKGUYUqUGvo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:25:67:a7:7d:2f:ed:92:4c:bb:9a:44:82:3a:57:29:5e:06:
         0c:96:e3:03:fb:45:a8:a3:1e:3c:28:08:77:92:cb:2a:05:2b:
         1d:57:56:9b:f3:fc:98:48:49:73:a2:6c:4a:a0:59:03:f5:71:
         f5:61:bc:e7:f5:a9:cc:b3:e5:07:5e:6f:87:cc:b0:30:67:12:
         ea:6c:f4:20:6c:b7:02:69:97:b9:49:52:92:cc:d2:95:19:1a:
         0e:99:14:51:9c:7a:50:10:46:37:d4:dc:0a:a2:95:5f:d8:30:
         9e:69:8a:21:d2:c0:52:43:e2:46:7b:6d:fd:a4:ac:35:9e:c2:
         92:94:08:41:1d:33:a5:33:7d:48:27:88:c1:ad:fa:2f:ec:27:
         a0:59:fc:69:19:7e:eb:90:22:ff:91:bd:75:7a:26:26:d4:11:
         26:1f:92:57:dd:ee:d1:8c:7e:81:bc:e5:f6:1b:41:e7:4d:58:
         e8:ef:ca:19:3b:65:c7:70:9e:23:60:93:87:a6:d6:8e:96:b1:
         95:bb:20:63:b9:e5:55:39:c4:df:32:a3:1b:23:eb:d8:8b:97:
         07:ef:77:7d:1b:9f:c8:df:c9:dc:32:7f:48:b5:7c:f3:98:18:
         4b:1b:52:e7:73:3c:25:33:71:ab:64:17:40:bb:b8:01:f3:d5:
         7d:d9:35:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5NqZx8KrYDqet+SIOq/UYmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzNTBhMDc2Y2U0YThjZTZmYjY5ZjFmZGE0YTE5NDYxNGE5
NDFhZmEwHhcNMjQwMzE3MTgyNTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDBhYzMyODdmOGFiNDBmMTUwMzkwMjYzYzdkZTFlMjk4YmI5ZTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzVQlU6GtMkZiEVJqXtjj2LhDPY3M
tbY9Vvix5TCt2GU6abBBe9g76QolnpsItH5/hVFgy20PiahkocAzKnrpg9SQI4J1
9rg5U0W036myw7szCOPC2/DrXB0bFYtUyYLtnBdMh1CYGqGQTSWM3sr8yhIl4wji
LUXdSwYIfz61oy5U+YNhtRjdRM6AtBoDOYE2KFaEXTwkXuFRS5Fsw7OunNW5iu+C
78Yg8UOvOkUJGsrdM+cEEH7s5znLUBaAtsSF/cjwmhoKoiN7K1Udzv/ZvhIV2ViG
irMQeXIJnD1PTh596JumyEYGLtWtDyhu8hT65ze3i2aXF2XRUfgAzg6OvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJAKwyh/irQPFQOQJjx94eKYu543MB8GA1UdIwQY
MBaAFNNQoHbOSozm+2nx/aShlGFKlBr6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDFDZ2RzNUtqT2I3YWZIOXBLR1VZVXFVR3ZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8zY2FjNmItMmMyYS00YjY2LWFkZWUt
ZDUyMzI1ZGU2YjA4LzEva0FyREtILUt0QThWQTVBbVBIM2g0cGk3bmpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8zY2FjNmItMmMyYS00YjY2LWFkZWUtZDUyMzI1ZGU2YjA4
LzEvMDFDZ2RzNUtqT2I3YWZIOXBLR1VZVXFVR3ZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+VIMA0G
CSqGSIb3DQEBCwUAA4IBAQAkJWenfS/tkky7mkSCOlcpXgYMluMD+0Woox48KAh3
kssqBSsdV1ab8/yYSElzomxKoFkD9XH1Ybzn9anMs+UHXm+HzLAwZxLqbPQgbLcC
aZe5SVKSzNKVGRoOmRRRnHpQEEY31NwKopVf2DCeaYoh0sBSQ+JGe239pKw1nsKS
lAhBHTOlM31IJ4jBrfov7CegWfxpGX7rkCL/kb11eiYm1BEmH5JX3e7RjH6BvOX2
G0HnTVjo78oZO2XHcJ4jYJOHptaOlrGVuyBjueVVOcTfMqMbI+vYi5cH73d9G5/I
38ncMn9ItXzzmBhLG1LnczwlM3GrZBdAu7gB89V92TXN
-----END CERTIFICATE-----