Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/a3fb67-d514-4aee-adb9-72bad9d73c80/1/CKlb_jCKSU5WneqetYnL3tbRKEY.roa
File:                     CKlb_jCKSU5WneqetYnL3tbRKEY.roa (raw, json)
Hash identifier:          Zxb8yfKCp47LQZ4BUCjpOjjNCqcgJnohPLwIHoRSeM0=
Subject key identifier:   08:A9:5B:FE:30:8A:49:4E:56:9D:EA:9E:B5:89:CB:DE:D6:D1:28:46
Certificate issuer:       /CN=d0b849b9bc9042a1557331937e4ad71518af61cf
Certificate serial:       018CC4932F7BB91FCB5E2217F6E7D1111483
Authority key identifier: D0:B8:49:B9:BC:90:42:A1:55:73:31:93:7E:4A:D7:15:18:AF:61:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0LhJubyQQqFVczGTfkrXFRivYc8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/a3fb67-d514-4aee-adb9-72bad9d73c80/1/CKlb_jCKSU5WneqetYnL3tbRKEY.roa
Signing time:             Mon 01 Jan 2024 10:30:29 +0000
ROA not before:           Mon 01 Jan 2024 10:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8708
IP address blocks:        194.36.142.0/24 maxlen: 24
                          185.234.131.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/a3fb67-d514-4aee-adb9-72bad9d73c80/1/0LhJubyQQqFVczGTfkrXFRivYc8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/a3fb67-d514-4aee-adb9-72bad9d73c80/1/0LhJubyQQqFVczGTfkrXFRivYc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0LhJubyQQqFVczGTfkrXFRivYc8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:2f:7b:b9:1f:cb:5e:22:17:f6:e7:d1:11:14:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0b849b9bc9042a1557331937e4ad71518af61cf
        Validity
            Not Before: Jan  1 10:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=08a95bfe308a494e569dea9eb589cbded6d12846
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:3f:6d:fb:18:c1:32:3c:9e:fd:35:32:3d:c5:
                    cf:1b:39:e4:d6:95:8d:6a:c4:6d:b6:f0:ea:1f:c5:
                    2e:9e:4d:77:85:40:fc:f9:75:c1:1d:4d:fa:28:64:
                    17:53:86:59:51:90:3e:cd:29:0f:57:3a:1f:2f:c1:
                    0e:92:a7:de:ff:1d:b1:d3:df:a0:d2:39:48:e9:c2:
                    63:2e:b4:6c:87:ff:96:b6:02:e5:55:2f:50:30:b5:
                    dd:65:cd:3b:03:91:f0:39:60:7a:f1:85:71:00:9d:
                    0c:a8:b5:8f:c6:1b:20:d6:54:ac:d5:b2:15:af:4a:
                    8a:6f:a4:ca:19:33:02:27:b1:3f:24:5d:30:43:cf:
                    d1:db:09:29:6f:5e:37:9c:1d:5b:a8:85:d5:52:41:
                    b6:ea:a3:6e:03:22:34:ff:47:90:3e:91:72:53:6b:
                    1c:50:c9:3c:50:5d:69:c8:32:a5:55:df:e5:37:f9:
                    1a:6f:59:2b:a9:30:25:a5:ab:fd:32:c0:0f:37:2c:
                    51:83:51:e6:5c:5c:a2:fe:85:77:9a:60:9d:a4:29:
                    02:7a:38:40:7d:5a:e1:a9:9b:4d:02:67:a5:08:f2:
                    ff:f2:5a:4e:cc:a1:bb:e2:0c:db:79:f9:b6:67:1a:
                    bc:1f:f7:12:5c:fd:5b:13:f0:46:2e:4a:35:2c:4c:
                    f7:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:A9:5B:FE:30:8A:49:4E:56:9D:EA:9E:B5:89:CB:DE:D6:D1:28:46
            X509v3 Authority Key Identifier:
                keyid:D0:B8:49:B9:BC:90:42:A1:55:73:31:93:7E:4A:D7:15:18:AF:61:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0LhJubyQQqFVczGTfkrXFRivYc8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/a3fb67-d514-4aee-adb9-72bad9d73c80/1/CKlb_jCKSU5WneqetYnL3tbRKEY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/a3fb67-d514-4aee-adb9-72bad9d73c80/1/0LhJubyQQqFVczGTfkrXFRivYc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.234.131.0/24
                  194.36.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:bc:8b:7d:3c:65:57:ef:6e:41:79:f4:2b:0d:e8:18:2d:f5:
         58:09:cb:2d:10:64:ae:90:3f:92:0f:9d:7b:3d:ea:8e:40:82:
         22:e8:18:e8:cb:2e:a6:a5:b5:ad:fa:51:8c:24:08:13:a0:b9:
         16:62:4e:dd:fb:65:0a:8a:3e:90:ce:66:4e:d8:8e:f4:45:40:
         fb:a3:39:03:d9:33:d7:fa:f6:9d:df:40:36:68:a1:f2:92:15:
         8d:7f:06:79:3b:5a:68:8a:d9:7b:79:62:9a:5f:52:94:83:4d:
         b2:de:43:89:33:8f:1f:e4:50:b5:ab:18:76:b9:1c:a4:1d:aa:
         01:c4:bb:e7:89:67:ca:47:60:db:1d:b2:6f:ee:b6:86:a5:6d:
         35:39:73:07:d9:63:9a:80:cd:2e:a7:09:e7:df:cf:2a:34:e2:
         72:fd:3b:63:9c:bd:3f:89:1c:81:4d:07:f7:fd:82:4e:27:3d:
         4b:ce:05:48:dc:fd:89:9e:c8:22:d8:d2:40:46:9a:eb:09:3d:
         ec:b4:cc:43:ed:85:1d:47:68:aa:cd:39:52:41:16:84:2d:46:
         d7:66:d7:09:9f:f4:1e:36:c3:2a:36:66:17:aa:7b:6f:61:3c:
         94:03:68:7b:9d:2e:80:83:34:d8:9b:9d:88:91:45:e2:4b:ca:
         3f:f5:5f:6b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEky97uR/LXiIX9ufRERSDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwYjg0OWI5YmM5MDQyYTE1NTczMzE5MzdlNGFkNzE1MThh
ZjYxY2YwHhcNMjQwMTAxMTAzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGE5NWJmZTMwOGE0OTRlNTY5ZGVhOWViNTg5Y2JkZWQ2ZDEyODQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxj9t+xjBMjye/TUyPcXPGznk1pWN
asRttvDqH8Uunk13hUD8+XXBHU36KGQXU4ZZUZA+zSkPVzofL8EOkqfe/x2x09+g
0jlI6cJjLrRsh/+WtgLlVS9QMLXdZc07A5HwOWB68YVxAJ0MqLWPxhsg1lSs1bIV
r0qKb6TKGTMCJ7E/JF0wQ8/R2wkpb143nB1bqIXVUkG26qNuAyI0/0eQPpFyU2sc
UMk8UF1pyDKlVd/lN/kab1krqTAlpav9MsAPNyxRg1HmXFyi/oV3mmCdpCkCejhA
fVrhqZtNAmelCPL/8lpOzKG74gzbefm2Zxq8H/cSXP1bE/BGLko1LEz3IQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAipW/4wiklOVp3qnrWJy97W0ShGMB8GA1UdIwQY
MBaAFNC4Sbm8kEKhVXMxk35K1xUYr2HPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMExoSnVieVFRcUZWY3pHVGZrclhGUml2WWM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9hM2ZiNjctZDUxNC00YWVlLWFkYjkt
NzJiYWQ5ZDczYzgwLzEvQ0tsYl9qQ0tTVTVXbmVxZXRZbkwzdGJSS0VZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9hM2ZiNjctZDUxNC00YWVlLWFkYjktNzJiYWQ5ZDczYzgw
LzEvMExoSnVieVFRcUZWY3pHVGZrclhGUml2WWM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAueqDAwQA
wiSOMA0GCSqGSIb3DQEBCwUAA4IBAQBAvIt9PGVX725BefQrDegYLfVYCcstEGSu
kD+SD517PeqOQIIi6Bjoyy6mpbWt+lGMJAgToLkWYk7d+2UKij6QzmZO2I70RUD7
ozkD2TPX+vad30A2aKHykhWNfwZ5O1poitl7eWKaX1KUg02y3kOJM48f5FC1qxh2
uRykHaoBxLvniWfKR2DbHbJv7raGpW01OXMH2WOagM0upwnn388qNOJy/TtjnL0/
iRyBTQf3/YJOJz1LzgVI3P2Jnsgi2NJARprrCT3stMxD7YUdR2iqzTlSQRaELUbX
ZtcJn/QeNsMqNmYXqntvYTyUA2h7nS6AgzTYm52IkUXiS8o/9V9r
-----END CERTIFICATE-----