Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/1fa27e-aaf0-4be2-a522-a80c94761d23/1/K___JX0xaoQjOYiwyFAtK2CskcM.roa
File:                     K___JX0xaoQjOYiwyFAtK2CskcM.roa (raw, json)
Hash identifier:          XeKZgwBGpzwaLfoHwKRW+mGFA+zgojE1MftLCNkwqAQ=
Subject key identifier:   2B:FF:FF:25:7D:31:6A:84:23:39:88:B0:C8:50:2D:2B:60:AC:91:C3
Certificate issuer:       /CN=dd8aaba0f46baa144fdb0938e91c14f94c61650c
Certificate serial:       018CC64B10C540CC1B50851946CF6794C77E
Authority key identifier: DD:8A:AB:A0:F4:6B:AA:14:4F:DB:09:38:E9:1C:14:F9:4C:61:65:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3YqroPRrqhRP2wk46RwU-UxhZQw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/1fa27e-aaf0-4be2-a522-a80c94761d23/1/K___JX0xaoQjOYiwyFAtK2CskcM.roa
Signing time:             Mon 01 Jan 2024 18:30:57 +0000
ROA not before:           Mon 01 Jan 2024 18:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39645
IP address blocks:        195.246.252.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/1fa27e-aaf0-4be2-a522-a80c94761d23/1/3YqroPRrqhRP2wk46RwU-UxhZQw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/1fa27e-aaf0-4be2-a522-a80c94761d23/1/3YqroPRrqhRP2wk46RwU-UxhZQw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3YqroPRrqhRP2wk46RwU-UxhZQw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 01:03:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:10:c5:40:cc:1b:50:85:19:46:cf:67:94:c7:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd8aaba0f46baa144fdb0938e91c14f94c61650c
        Validity
            Not Before: Jan  1 18:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2bffff257d316a84233988b0c8502d2b60ac91c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:0f:bd:b1:5b:e5:6d:b1:3d:14:47:24:81:9b:
                    c5:d5:b9:38:5c:89:ff:e8:f4:5b:d3:58:9d:c8:ed:
                    c5:f5:80:12:9c:3c:61:86:83:27:b7:f1:43:f0:5b:
                    ae:3a:01:42:95:03:fe:b9:80:e1:a0:8c:67:78:e2:
                    e8:1c:c4:25:69:86:5d:c3:44:4c:a2:55:81:ab:ab:
                    99:91:ff:a0:23:48:97:39:a8:66:7b:5d:ac:0a:52:
                    fe:c7:a6:f2:dd:a0:dc:9c:7e:70:ec:18:63:62:b1:
                    5d:63:9b:bc:99:8f:5c:48:33:d8:e9:98:aa:27:4c:
                    ed:7d:51:5e:5a:bf:41:d0:7b:af:b3:2e:bb:1e:d0:
                    7c:29:e6:5a:3b:84:12:bb:53:60:55:0e:ec:eb:c6:
                    88:31:4a:da:6f:96:b7:f9:3f:95:6c:80:75:6c:23:
                    22:4a:a9:0e:c1:69:72:13:bd:64:9d:36:1f:8d:81:
                    4b:56:fd:28:95:b0:c7:79:11:d4:e2:fc:01:8e:3b:
                    6d:02:62:88:3d:0e:a7:c1:7a:71:a1:05:24:9a:c2:
                    1e:22:6f:56:1b:a4:19:50:8f:01:b9:22:fa:5e:95:
                    bc:60:75:d4:30:aa:29:d9:fe:7a:9d:74:d1:f2:4d:
                    47:97:32:79:81:77:44:d0:7b:42:4d:79:39:3f:79:
                    f9:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:FF:FF:25:7D:31:6A:84:23:39:88:B0:C8:50:2D:2B:60:AC:91:C3
            X509v3 Authority Key Identifier:
                keyid:DD:8A:AB:A0:F4:6B:AA:14:4F:DB:09:38:E9:1C:14:F9:4C:61:65:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3YqroPRrqhRP2wk46RwU-UxhZQw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/1fa27e-aaf0-4be2-a522-a80c94761d23/1/K___JX0xaoQjOYiwyFAtK2CskcM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/1fa27e-aaf0-4be2-a522-a80c94761d23/1/3YqroPRrqhRP2wk46RwU-UxhZQw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.246.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7b:6a:05:30:de:bd:4f:6c:74:eb:9c:51:59:a6:c0:4c:5f:42:
         71:3c:40:a5:fc:21:0b:a9:58:df:fc:21:8f:41:26:38:9f:6d:
         ca:a1:5b:3a:d1:d9:c9:00:02:a9:5e:a7:6a:86:a9:48:64:dd:
         ec:9d:dd:ae:c4:54:f9:69:4e:65:7d:0d:ee:96:11:3e:7b:0d:
         76:db:fb:27:98:21:5c:06:1e:9b:1e:cd:06:c1:d1:a9:d2:30:
         ae:1a:cd:60:b9:a9:32:a5:a6:39:c4:e1:df:b9:4f:61:42:80:
         99:c1:d3:b8:03:a0:d2:b1:2d:f4:78:13:65:76:ba:18:94:1f:
         1e:66:7e:63:50:f0:de:9e:40:91:ae:7f:07:71:ee:0a:da:bf:
         7d:a7:05:ff:94:71:96:e5:8f:7b:27:d2:78:3f:06:c3:31:f0:
         b1:d5:49:d2:32:7b:81:54:e7:60:15:54:f3:ed:2b:f5:af:b7:
         6a:bd:57:0b:67:5b:e2:7a:a1:2a:ad:d5:63:2b:85:e3:a3:6c:
         dc:5f:16:b0:56:6f:17:67:fe:90:b8:b5:a7:b0:fc:81:6a:f6:
         4a:a4:78:d4:38:3e:fb:cb:dc:72:68:02:02:c8:50:65:8d:31:
         5e:3e:9c:49:b2:d9:a2:8d:6e:5d:32:29:d4:82:9c:5c:71:0b:
         6d:f2:34:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSxDFQMwbUIUZRs9nlMd+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkOGFhYmEwZjQ2YmFhMTQ0ZmRiMDkzOGU5MWMxNGY5NGM2
MTY1MGMwHhcNMjQwMTAxMTgzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmZmZmYyNTdkMzE2YTg0MjMzOTg4YjBjODUwMmQyYjYwYWM5MWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjw+9sVvlbbE9FEckgZvF1bk4XIn/
6PRb01idyO3F9YASnDxhhoMnt/FD8FuuOgFClQP+uYDhoIxneOLoHMQlaYZdw0RM
olWBq6uZkf+gI0iXOahme12sClL+x6by3aDcnH5w7BhjYrFdY5u8mY9cSDPY6Ziq
J0ztfVFeWr9B0Huvsy67HtB8KeZaO4QSu1NgVQ7s68aIMUrab5a3+T+VbIB1bCMi
SqkOwWlyE71knTYfjYFLVv0olbDHeRHU4vwBjjttAmKIPQ6nwXpxoQUkmsIeIm9W
G6QZUI8BuSL6XpW8YHXUMKop2f56nXTR8k1HlzJ5gXdE0HtCTXk5P3n5sQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCv//yV9MWqEIzmIsMhQLStgrJHDMB8GA1UdIwQY
MBaAFN2Kq6D0a6oUT9sJOOkcFPlMYWUMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1lxcm9QUnJxaFJQMndrNDZSd1UtVXhoWlF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi8xZmEyN2UtYWFmMC00YmUyLWE1MjIt
YTgwYzk0NzYxZDIzLzEvS19fX0pYMHhhb1FqT1lpd3lGQXRLMkNza2NNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi8xZmEyN2UtYWFmMC00YmUyLWE1MjItYTgwYzk0NzYxZDIz
LzEvM1lxcm9QUnJxaFJQMndrNDZSd1UtVXhoWlF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw/b8MA0G
CSqGSIb3DQEBCwUAA4IBAQB7agUw3r1PbHTrnFFZpsBMX0JxPECl/CELqVjf/CGP
QSY4n23KoVs60dnJAAKpXqdqhqlIZN3snd2uxFT5aU5lfQ3ulhE+ew122/snmCFc
Bh6bHs0GwdGp0jCuGs1guakypaY5xOHfuU9hQoCZwdO4A6DSsS30eBNldroYlB8e
Zn5jUPDenkCRrn8Hce4K2r99pwX/lHGW5Y97J9J4PwbDMfCx1UnSMnuBVOdgFVTz
7Sv1r7dqvVcLZ1vieqEqrdVjK4Xjo2zcXxawVm8XZ/6QuLWnsPyBavZKpHjUOD77
y9xyaAICyFBljTFePpxJstmijW5dMinUgpxccQtt8jQJ
-----END CERTIFICATE-----