Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/Ka1KkY_MoW0BDcVhZM1ZtwodNWc.roa
File:                     Ka1KkY_MoW0BDcVhZM1ZtwodNWc.roa (raw, json)
Hash identifier:          7kcIiH5D0EOObIHdw8WcLbphGObZD/+IUJ51DiSoJ9I=
Subject key identifier:   29:AD:4A:91:8F:CC:A1:6D:01:0D:C5:61:64:CD:59:B7:0A:1D:35:67
Certificate issuer:       /CN=4456c14cd8724f9a909627b94e006cf69d12307b
Certificate serial:       018CC49356440E2D3522E54332D2DF28DB40
Authority key identifier: 44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/Ka1KkY_MoW0BDcVhZM1ZtwodNWc.roa
Signing time:             Mon 01 Jan 2024 10:30:39 +0000
ROA not before:           Mon 01 Jan 2024 10:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30823
IP address blocks:        109.205.8.0/24 maxlen: 24
                          109.205.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 09:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:56:44:0e:2d:35:22:e5:43:32:d2:df:28:db:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4456c14cd8724f9a909627b94e006cf69d12307b
        Validity
            Not Before: Jan  1 10:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=29ad4a918fcca16d010dc56164cd59b70a1d3567
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:a9:01:6e:44:4e:33:ac:95:24:4c:99:a2:ef:
                    68:a6:11:64:07:e8:9f:26:64:81:34:ae:e7:2a:8d:
                    3f:0c:6c:57:5e:5b:45:82:e7:69:38:61:71:2f:c9:
                    37:0e:36:3a:74:42:0d:bb:c1:f1:23:9f:16:77:80:
                    2b:19:0f:c7:86:c2:b5:58:c7:e5:2a:77:18:69:9c:
                    1d:10:7d:a3:92:7a:53:a2:80:0e:1f:89:ca:39:a3:
                    bc:b2:9a:f9:f9:ec:0e:54:47:50:3e:42:e7:53:9e:
                    60:db:7b:14:0c:61:9c:4e:c0:a9:4f:11:75:73:0d:
                    ac:c6:3c:42:a7:cd:cf:df:b2:7e:8d:70:40:e3:a9:
                    6e:e4:1d:6f:94:fa:14:66:84:35:e8:18:2d:51:7a:
                    88:ad:d2:e2:fb:c3:a9:d1:96:24:5e:03:62:e7:5c:
                    7c:b7:dd:7b:74:29:1c:8f:0b:44:66:15:94:98:24:
                    40:a9:00:88:0d:47:8e:7b:8f:0e:72:1c:8e:dd:53:
                    31:f6:f4:2a:27:e9:a0:ab:16:8d:de:df:be:00:02:
                    b1:63:ee:f8:3a:c6:22:53:21:c4:91:19:29:1e:66:
                    4b:03:b2:e5:76:88:55:8e:a9:9a:ab:39:b0:33:b5:
                    5c:19:86:b5:a4:7f:12:eb:a8:b0:33:80:dd:c1:04:
                    20:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:AD:4A:91:8F:CC:A1:6D:01:0D:C5:61:64:CD:59:B7:0A:1D:35:67
            X509v3 Authority Key Identifier:
                keyid:44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/Ka1KkY_MoW0BDcVhZM1ZtwodNWc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.205.8.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8d:49:a6:1d:bd:e7:b7:c7:3c:83:94:ca:9d:88:a0:39:37:0b:
         f4:c6:8f:d9:fb:e6:66:af:ae:ba:69:a3:c5:4c:98:16:dd:fc:
         e0:2e:39:ec:18:99:db:08:d6:c1:63:f9:44:0c:f0:ec:4e:9b:
         fb:9f:fe:a3:26:5e:2a:d6:48:e3:f5:41:7e:49:47:99:d0:d6:
         18:11:8f:2f:f8:40:3b:dc:c6:db:c3:9a:94:94:bd:ee:58:73:
         bf:bc:69:fa:6b:05:77:a7:53:d7:1b:3e:ba:ed:a5:71:bb:95:
         33:ab:18:af:8e:a5:ee:ca:1a:a4:9d:73:d3:39:69:67:49:07:
         26:a2:b2:47:2d:5e:07:08:f1:9c:b6:6a:90:ee:87:3f:2b:1b:
         e1:0f:83:1b:0e:bc:4b:1b:8e:a8:b8:bc:20:c2:6f:ca:1e:89:
         95:34:53:ec:07:c0:01:93:b0:85:00:5e:00:ee:6d:1f:1e:1a:
         33:29:25:72:6e:86:7c:1b:81:8d:48:c8:2b:f8:71:09:b9:cc:
         2b:4c:03:1f:70:8b:57:6f:24:36:f2:9f:00:ee:10:72:25:3f:
         6b:d7:29:26:10:1e:52:d3:5b:64:0f:1e:ee:bd:5f:27:13:96:
         ee:08:d1:ef:d9:ae:ba:84:a5:ad:45:5f:0c:e3:b0:19:a7:c7:
         08:60:d3:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk1ZEDi01IuVDMtLfKNtAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTZjMTRjZDg3MjRmOWE5MDk2MjdiOTRlMDA2Y2Y2OWQx
MjMwN2IwHhcNMjQwMTAxMTAzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWFkNGE5MThmY2NhMTZkMDEwZGM1NjE2NGNkNTliNzBhMWQzNTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6kBbkROM6yVJEyZou9ophFkB+if
JmSBNK7nKo0/DGxXXltFgudpOGFxL8k3DjY6dEINu8HxI58Wd4ArGQ/HhsK1WMfl
KncYaZwdEH2jknpTooAOH4nKOaO8spr5+ewOVEdQPkLnU55g23sUDGGcTsCpTxF1
cw2sxjxCp83P37J+jXBA46lu5B1vlPoUZoQ16BgtUXqIrdLi+8Op0ZYkXgNi51x8
t917dCkcjwtEZhWUmCRAqQCIDUeOe48OchyO3VMx9vQqJ+mgqxaN3t++AAKxY+74
OsYiUyHEkRkpHmZLA7LldohVjqmaqzmwM7VcGYa1pH8S66iwM4DdwQQgTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCmtSpGPzKFtAQ3FYWTNWbcKHTVnMB8GA1UdIwQY
MBaAFERWwUzYck+akJYnuU4AbPadEjB7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYt
NWI4NzgyNWMwN2VlLzEvS2ExS2tZX01vVzBCRGNWaFpNMVp0d29kTldjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYtNWI4NzgyNWMwN2Vl
LzEvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBbc0IMA0G
CSqGSIb3DQEBCwUAA4IBAQCNSaYdvee3xzyDlMqdiKA5Nwv0xo/Z++Zmr666aaPF
TJgW3fzgLjnsGJnbCNbBY/lEDPDsTpv7n/6jJl4q1kjj9UF+SUeZ0NYYEY8v+EA7
3Mbbw5qUlL3uWHO/vGn6awV3p1PXGz667aVxu5UzqxivjqXuyhqknXPTOWlnSQcm
orJHLV4HCPGctmqQ7oc/KxvhD4MbDrxLG46ouLwgwm/KHomVNFPsB8ABk7CFAF4A
7m0fHhozKSVyboZ8G4GNSMgr+HEJucwrTAMfcItXbyQ28p8A7hByJT9r1ykmEB5S
01tkDx7uvV8nE5buCNHv2a66hKWtRV8M47AZp8cIYNMY
-----END CERTIFICATE-----