Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/00a95d-937c-473c-a85f-f87787b1d03c/1/KVaIZQjmJQtVI_yoXdhuTuB3LyA.roa
File:                     KVaIZQjmJQtVI_yoXdhuTuB3LyA.roa (raw, json)
Hash identifier:          2gsUES62Ed89deRYvNB3kC56ZAGr7aFYIRxWqkdKkBA=
Subject key identifier:   29:56:88:65:08:E6:25:0B:55:23:FC:A8:5D:D8:6E:4E:E0:77:2F:20
Certificate issuer:       /CN=8df893edf33208d7a2cf62268613769fb4967c66
Certificate serial:       018CC8DCECFA05D9F74CC6A9D9CD51A1BA7B
Authority key identifier: 8D:F8:93:ED:F3:32:08:D7:A2:CF:62:26:86:13:76:9F:B4:96:7C:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jfiT7fMyCNeiz2ImhhN2n7SWfGY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/00a95d-937c-473c-a85f-f87787b1d03c/1/KVaIZQjmJQtVI_yoXdhuTuB3LyA.roa
Signing time:             Tue 02 Jan 2024 06:29:30 +0000
ROA not before:           Tue 02 Jan 2024 06:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20910
IP address blocks:        91.228.4.0/22 maxlen: 22
                          195.28.26.0/23 maxlen: 23
                          91.194.76.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/00a95d-937c-473c-a85f-f87787b1d03c/1/jfiT7fMyCNeiz2ImhhN2n7SWfGY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/00a95d-937c-473c-a85f-f87787b1d03c/1/jfiT7fMyCNeiz2ImhhN2n7SWfGY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jfiT7fMyCNeiz2ImhhN2n7SWfGY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:ec:fa:05:d9:f7:4c:c6:a9:d9:cd:51:a1:ba:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8df893edf33208d7a2cf62268613769fb4967c66
        Validity
            Not Before: Jan  2 06:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2956886508e6250b5523fca85dd86e4ee0772f20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:1f:7a:a1:90:db:0b:0e:7e:0d:c8:48:b4:be:
                    97:f8:ca:ce:cd:53:a3:11:97:13:b5:16:76:40:09:
                    22:0e:91:62:08:53:6d:8d:6b:ee:7e:6c:02:0a:3d:
                    ba:04:97:83:7b:73:f0:91:b1:08:c4:1c:b9:fb:c6:
                    6d:f8:28:53:e0:d5:61:af:11:0c:dd:dd:a5:77:7c:
                    df:6c:4f:71:e0:ee:46:7c:3d:f3:1f:e9:26:1a:82:
                    96:ed:8b:66:7c:21:87:79:a9:e7:80:4b:4e:cc:5f:
                    21:89:0d:58:d1:b4:46:7f:6f:11:03:72:25:31:9c:
                    f3:12:59:e2:fa:96:ee:94:f3:bb:ad:80:55:dd:07:
                    c0:51:58:ec:fd:2a:2c:3a:71:bb:7b:c0:45:6c:29:
                    58:a0:98:a4:52:2d:fb:2e:85:16:56:43:12:6f:c7:
                    d5:b2:2b:2f:29:c5:90:b0:21:a1:eb:94:e2:ba:08:
                    0b:e0:33:ac:06:62:0b:b1:61:62:3e:d4:12:93:76:
                    0c:d9:81:25:4d:ae:81:e7:0c:17:c0:c3:08:86:b2:
                    6d:68:9f:ab:17:e1:22:d3:29:c9:43:be:e9:da:55:
                    6c:0d:c8:60:d7:35:92:83:b4:36:e4:0d:73:07:f2:
                    08:7c:cf:b7:cc:5d:25:ea:d4:39:3d:8b:f3:dc:12:
                    07:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:56:88:65:08:E6:25:0B:55:23:FC:A8:5D:D8:6E:4E:E0:77:2F:20
            X509v3 Authority Key Identifier:
                keyid:8D:F8:93:ED:F3:32:08:D7:A2:CF:62:26:86:13:76:9F:B4:96:7C:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jfiT7fMyCNeiz2ImhhN2n7SWfGY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/00a95d-937c-473c-a85f-f87787b1d03c/1/KVaIZQjmJQtVI_yoXdhuTuB3LyA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/00a95d-937c-473c-a85f-f87787b1d03c/1/jfiT7fMyCNeiz2ImhhN2n7SWfGY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.194.76.0/23
                  91.228.4.0/22
                  195.28.26.0/23

    Signature Algorithm: sha256WithRSAEncryption
         20:56:bb:cd:b8:48:ad:b6:cf:32:6d:19:be:88:c6:7f:13:4f:
         73:b5:b6:fa:4f:08:17:10:58:cc:fb:6c:9e:00:77:66:89:80:
         c8:66:3e:5f:2d:f5:42:16:ee:13:22:d3:13:4a:70:a2:d5:e6:
         2f:ae:25:b0:2f:25:8d:a7:8a:8b:7d:f9:c5:44:43:d5:ab:01:
         1b:a5:86:8a:33:6b:10:4c:31:f2:c1:ed:4b:3c:af:57:86:df:
         cd:74:7d:e4:2b:63:99:7d:09:c7:f0:bf:20:21:d4:8f:e7:c3:
         4d:69:96:04:33:6e:53:20:9d:21:aa:18:91:45:b4:a7:1c:f6:
         e4:9f:6f:4b:f9:51:ba:ee:ba:61:51:e7:1b:f5:6a:19:e0:31:
         fc:b0:72:a5:d6:35:fc:15:2c:72:c6:30:a6:f8:af:7e:fe:69:
         63:58:99:18:63:7b:e4:e8:45:27:05:f0:6c:10:35:cc:ef:3c:
         ee:5e:67:75:7f:d1:62:9e:67:1c:7d:3f:dc:c4:85:0b:43:80:
         64:c0:d1:62:cb:17:0a:0b:e1:71:e7:cd:2d:4e:f0:9f:e5:88:
         73:56:d7:5b:3a:17:91:b9:31:84:23:b7:da:ef:84:bc:5e:64:
         0d:a3:89:00:47:81:7f:c2:d9:eb:5c:b8:ac:27:ee:b4:04:5f:
         38:6b:68:18
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzI3Oz6Bdn3TMap2c1Robp7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkZjg5M2VkZjMzMjA4ZDdhMmNmNjIyNjg2MTM3NjlmYjQ5
NjdjNjYwHhcNMjQwMTAyMDYyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTU2ODg2NTA4ZTYyNTBiNTUyM2ZjYTg1ZGQ4NmU0ZWUwNzcyZjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqB96oZDbCw5+DchItL6X+MrOzVOj
EZcTtRZ2QAkiDpFiCFNtjWvufmwCCj26BJeDe3PwkbEIxBy5+8Zt+ChT4NVhrxEM
3d2ld3zfbE9x4O5GfD3zH+kmGoKW7YtmfCGHeanngEtOzF8hiQ1Y0bRGf28RA3Il
MZzzElni+pbulPO7rYBV3QfAUVjs/SosOnG7e8BFbClYoJikUi37LoUWVkMSb8fV
sisvKcWQsCGh65TiuggL4DOsBmILsWFiPtQSk3YM2YElTa6B5wwXwMMIhrJtaJ+r
F+Ei0ynJQ77p2lVsDchg1zWSg7Q25A1zB/IIfM+3zF0l6tQ5PYvz3BIHDQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFClWiGUI5iULVSP8qF3Ybk7gdy8gMB8GA1UdIwQY
MBaAFI34k+3zMgjXos9iJoYTdp+0lnxmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamZpVDdmTXlDTmVpejJJbWhoTjJuN1NXZkdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8wMGE5NWQtOTM3Yy00NzNjLWE4NWYt
Zjg3Nzg3YjFkMDNjLzEvS1ZhSVpRam1KUXRWSV95b1hkaHVUdUIzTHlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8wMGE5NWQtOTM3Yy00NzNjLWE4NWYtZjg3Nzg3YjFkMDNj
LzEvamZpVDdmTXlDTmVpejJJbWhoTjJuN1NXZkdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBW8JMAwQC
W+QEAwQBwxwaMA0GCSqGSIb3DQEBCwUAA4IBAQAgVrvNuEitts8ybRm+iMZ/E09z
tbb6TwgXEFjM+2yeAHdmiYDIZj5fLfVCFu4TItMTSnCi1eYvriWwLyWNp4qLffnF
REPVqwEbpYaKM2sQTDHywe1LPK9Xht/NdH3kK2OZfQnH8L8gIdSP58NNaZYEM25T
IJ0hqhiRRbSnHPbkn29L+VG67rphUecb9WoZ4DH8sHKl1jX8FSxyxjCm+K9+/mlj
WJkYY3vk6EUnBfBsEDXM7zzuXmd1f9FinmccfT/cxIULQ4BkwNFiyxcKC+Fx580t
TvCf5YhzVtdbOheRuTGEI7fa74S8XmQNo4kAR4F/wtnrXLisJ+60BF84a2gY
-----END CERTIFICATE-----