Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/c00a5b-6a59-41dd-b13b-73495fc08fc4/1/KekzUhfBQYFQZGcRuWebr8cRetc.roa
File:                     KekzUhfBQYFQZGcRuWebr8cRetc.roa (raw, json)
Hash identifier:          RgHufRNf1yYjeGH+qNgQ32WSCe5JjAusvJl+PWgZIq0=
Subject key identifier:   29:E9:33:52:17:C1:41:81:50:64:67:11:B9:67:9B:AF:C7:11:7A:D7
Certificate issuer:       /CN=2ee6d560a08a013f3fe0e66dadaf6fd02beaf43f
Certificate serial:       018CC9BCE579A351126D48AC14E5C972EA2B
Authority key identifier: 2E:E6:D5:60:A0:8A:01:3F:3F:E0:E6:6D:AD:AF:6F:D0:2B:EA:F4:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LubVYKCKAT8_4OZtra9v0Cvq9D8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/c00a5b-6a59-41dd-b13b-73495fc08fc4/1/KekzUhfBQYFQZGcRuWebr8cRetc.roa
Signing time:             Tue 02 Jan 2024 10:34:09 +0000
ROA not before:           Tue 02 Jan 2024 10:34:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49697
IP address blocks:        46.251.230.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/c00a5b-6a59-41dd-b13b-73495fc08fc4/1/LubVYKCKAT8_4OZtra9v0Cvq9D8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/c00a5b-6a59-41dd-b13b-73495fc08fc4/1/LubVYKCKAT8_4OZtra9v0Cvq9D8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LubVYKCKAT8_4OZtra9v0Cvq9D8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:e5:79:a3:51:12:6d:48:ac:14:e5:c9:72:ea:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ee6d560a08a013f3fe0e66dadaf6fd02beaf43f
        Validity
            Not Before: Jan  2 10:34:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=29e9335217c1418150646711b9679bafc7117ad7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:07:fa:41:76:de:20:3a:cc:07:65:0d:b9:a1:
                    31:2f:79:e6:e8:4f:75:d1:8e:29:eb:cb:f7:9a:f8:
                    8b:7c:a9:78:0a:35:37:75:62:07:10:76:e5:83:0c:
                    c0:e4:2f:df:28:86:69:2d:e9:68:5f:15:a6:01:bc:
                    8d:44:19:02:42:1f:74:42:08:b3:a0:d0:ec:f4:cf:
                    63:87:d0:cb:46:05:6d:1a:0b:6a:50:95:6b:e3:2c:
                    15:37:01:c8:2c:8c:52:58:09:de:b2:9c:13:88:37:
                    25:ee:b8:af:89:95:2a:61:e2:cc:6d:f7:02:b0:a0:
                    53:17:8f:2f:b4:90:c7:85:36:39:6f:65:1d:80:97:
                    f4:fa:e9:a2:a3:3e:54:ec:31:b4:57:f3:90:47:13:
                    02:cd:ab:83:96:d9:65:98:7b:0e:2a:d2:ea:9c:c2:
                    42:86:e2:c4:af:bb:2a:80:61:33:e4:3a:c7:94:60:
                    1d:c0:f8:11:90:11:8a:81:09:a2:0a:93:e2:03:af:
                    40:c8:1b:55:66:78:9c:15:99:74:c2:56:70:6f:13:
                    05:21:fc:5b:1f:c1:77:43:66:12:16:e8:ec:1a:e7:
                    55:bf:8e:41:31:c6:4f:2d:6e:01:f6:fb:b4:78:dd:
                    9a:64:b8:7e:10:e5:44:2a:d2:f6:90:db:1e:b2:6e:
                    93:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:E9:33:52:17:C1:41:81:50:64:67:11:B9:67:9B:AF:C7:11:7A:D7
            X509v3 Authority Key Identifier:
                keyid:2E:E6:D5:60:A0:8A:01:3F:3F:E0:E6:6D:AD:AF:6F:D0:2B:EA:F4:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LubVYKCKAT8_4OZtra9v0Cvq9D8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/c00a5b-6a59-41dd-b13b-73495fc08fc4/1/KekzUhfBQYFQZGcRuWebr8cRetc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/c00a5b-6a59-41dd-b13b-73495fc08fc4/1/LubVYKCKAT8_4OZtra9v0Cvq9D8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.251.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:62:e8:bd:4d:1e:82:a7:b0:c4:1a:d9:09:a6:2c:c8:e4:e7:
         2a:ef:d6:cf:bc:4c:e4:54:6f:44:5e:45:e1:3c:4c:06:78:46:
         b9:3b:1d:58:e3:52:5e:23:5b:51:2e:99:d2:16:b5:96:e8:59:
         8e:9c:55:23:5b:58:69:a5:f4:6f:5f:4c:0e:96:06:49:dd:62:
         38:aa:45:bb:9f:bb:4f:5c:62:a4:fa:f9:43:c8:a6:e8:3f:6b:
         16:49:dc:67:b3:c7:6e:2b:3f:8d:4d:f6:6d:00:46:9c:a8:42:
         d5:35:c1:19:c4:6e:ed:64:8b:4c:46:4c:8a:c2:86:16:cb:a8:
         7f:d4:79:12:ef:ee:50:b7:fa:5f:ed:57:7d:7e:ed:89:0b:2f:
         37:df:08:95:ef:d7:2e:5c:55:42:99:55:db:bc:c2:28:62:a1:
         d7:bd:1b:13:21:a9:77:42:e8:8b:64:eb:f8:5f:cf:a4:de:dd:
         8c:a2:b1:f1:a1:c2:f7:83:de:4b:c0:cf:1d:86:bf:5c:51:8a:
         9d:b7:3f:b9:de:9e:dd:75:f0:de:dc:c9:8b:8c:ed:14:36:bc:
         7d:76:2d:bc:60:69:c7:3d:95:18:31:14:1b:fc:a4:09:42:05:
         e7:79:4e:13:7c:dd:2c:52:aa:fe:2f:3c:c6:79:b7:9b:2f:ab:
         df:0d:fa:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvOV5o1ESbUisFOXJcuorMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlZTZkNTYwYTA4YTAxM2YzZmUwZTY2ZGFkYWY2ZmQwMmJl
YWY0M2YwHhcNMjQwMTAyMTAzNDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWU5MzM1MjE3YzE0MTgxNTA2NDY3MTFiOTY3OWJhZmM3MTE3YWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqgf6QXbeIDrMB2UNuaExL3nm6E91
0Y4p68v3mviLfKl4CjU3dWIHEHblgwzA5C/fKIZpLeloXxWmAbyNRBkCQh90Qgiz
oNDs9M9jh9DLRgVtGgtqUJVr4ywVNwHILIxSWAnespwTiDcl7riviZUqYeLMbfcC
sKBTF48vtJDHhTY5b2UdgJf0+umioz5U7DG0V/OQRxMCzauDltllmHsOKtLqnMJC
huLEr7sqgGEz5DrHlGAdwPgRkBGKgQmiCpPiA69AyBtVZnicFZl0wlZwbxMFIfxb
H8F3Q2YSFujsGudVv45BMcZPLW4B9vu0eN2aZLh+EOVEKtL2kNsesm6T+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCnpM1IXwUGBUGRnEblnm6/HEXrXMB8GA1UdIwQY
MBaAFC7m1WCgigE/P+Dmba2vb9Ar6vQ/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHViVllLQ0tBVDhfNE9adHJhOXYwQ3ZxOUQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9jMDBhNWItNmE1OS00MWRkLWIxM2It
NzM0OTVmYzA4ZmM0LzEvS2VrelVoZkJRWUZRWkdjUnVXZWJyOGNSZXRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9jMDBhNWItNmE1OS00MWRkLWIxM2ItNzM0OTVmYzA4ZmM0
LzEvTHViVllLQ0tBVDhfNE9adHJhOXYwQ3ZxOUQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALvvmMA0G
CSqGSIb3DQEBCwUAA4IBAQCKYui9TR6Cp7DEGtkJpizI5Ocq79bPvEzkVG9EXkXh
PEwGeEa5Ox1Y41JeI1tRLpnSFrWW6FmOnFUjW1hppfRvX0wOlgZJ3WI4qkW7n7tP
XGKk+vlDyKboP2sWSdxns8duKz+NTfZtAEacqELVNcEZxG7tZItMRkyKwoYWy6h/
1HkS7+5Qt/pf7Vd9fu2JCy833wiV79cuXFVCmVXbvMIoYqHXvRsTIal3QuiLZOv4
X8+k3t2MorHxocL3g95LwM8dhr9cUYqdtz+53p7ddfDe3MmLjO0UNrx9di28YGnH
PZUYMRQb/KQJQgXneU4TfN0sUqr+LzzGebebL6vfDfp9
-----END CERTIFICATE-----