Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/kK-pQd-x-ePcBAXXCMT4m_2x-kk.roa
File:                     kK-pQd-x-ePcBAXXCMT4m_2x-kk.roa (raw, json)
Hash identifier:          MVyPfEIQy/qowKr8i7TkP7F+h7X7v2Sea/HYO2xbjng=
Subject key identifier:   90:AF:A9:41:DF:B1:F9:E3:DC:04:05:D7:08:C4:F8:9B:FD:B1:FA:49
Certificate issuer:       /CN=3ad734cf90c773428806b968209515b914831a9d
Certificate serial:       018CC80266C474AF3494EE8844045D15DCB6
Authority key identifier: 3A:D7:34:CF:90:C7:73:42:88:06:B9:68:20:95:15:B9:14:83:1A:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/kK-pQd-x-ePcBAXXCMT4m_2x-kk.roa
Signing time:             Tue 02 Jan 2024 02:30:49 +0000
ROA not before:           Tue 02 Jan 2024 02:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48894
IP address blocks:        152.89.232.0/23 maxlen: 23
                          152.89.235.0/24 maxlen: 24
                          152.89.234.0/24 maxlen: 24
                          2a09:37c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 05:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:66:c4:74:af:34:94:ee:88:44:04:5d:15:dc:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ad734cf90c773428806b968209515b914831a9d
        Validity
            Not Before: Jan  2 02:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=90afa941dfb1f9e3dc0405d708c4f89bfdb1fa49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:ba:78:ad:b5:4e:f9:8e:69:bc:05:5b:41:3b:
                    07:9e:3c:95:05:43:be:ce:81:59:cc:b2:59:c4:97:
                    9d:00:28:b6:c6:c8:d4:e9:e2:fa:5b:83:94:7e:c7:
                    fe:9e:f6:ca:e3:b1:7c:73:54:2b:28:f1:74:23:76:
                    2a:6e:75:90:11:1b:e3:c9:1b:1d:b7:99:49:ea:6f:
                    77:c3:f4:ef:5f:cc:c9:8a:f0:05:32:8f:4d:7f:71:
                    52:df:74:33:d3:db:b6:00:01:b0:27:75:d5:3c:75:
                    0f:8a:4a:a3:6a:26:0a:6e:4c:43:37:22:ef:f3:6c:
                    20:c5:af:1b:ed:ef:d7:2b:c6:8f:be:dc:9c:75:b5:
                    01:f4:d9:e7:c1:fe:db:df:eb:dc:50:61:e5:97:3c:
                    66:02:98:40:48:c0:00:38:72:8a:46:07:89:4f:2c:
                    05:b0:8c:5a:9f:26:be:ab:fd:cb:de:fc:61:f9:e2:
                    59:7c:05:23:5e:f5:89:8a:7a:1e:2d:57:61:9c:f2:
                    c2:c1:f7:c9:84:9b:1b:39:cd:ab:0a:e1:6f:f4:a9:
                    1b:25:fd:fe:be:a6:b9:95:ca:db:76:cf:33:d4:fa:
                    b2:1f:1d:bb:5e:a7:f0:bf:02:77:13:0b:8a:95:fd:
                    38:9a:a0:69:d6:a1:2b:61:1f:1b:af:08:58:88:4f:
                    09:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:AF:A9:41:DF:B1:F9:E3:DC:04:05:D7:08:C4:F8:9B:FD:B1:FA:49
            X509v3 Authority Key Identifier:
                keyid:3A:D7:34:CF:90:C7:73:42:88:06:B9:68:20:95:15:B9:14:83:1A:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/kK-pQd-x-ePcBAXXCMT4m_2x-kk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.232.0/22
                IPv6:
                  2a09:37c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         1b:d2:02:56:a1:75:76:7f:bc:1b:14:1f:ba:61:97:8c:dd:8d:
         13:88:a7:28:b7:0e:f8:fe:97:17:c4:07:9d:18:f4:82:11:87:
         fb:03:1b:ff:c4:f5:d4:b7:76:9b:bf:92:02:a2:79:8f:9a:34:
         8f:66:1a:52:b5:2f:84:71:b1:a4:5e:8d:76:07:dc:fa:4c:6c:
         6a:39:a0:b1:49:b3:7b:51:79:ff:e1:13:5d:b6:54:1d:0a:2b:
         90:cb:af:9e:97:d4:3b:ff:a7:32:b9:fb:c5:6c:e8:c4:ee:35:
         25:5e:c9:d4:0c:c2:60:b3:cd:49:4f:71:e2:4a:73:99:a5:bc:
         d7:d2:38:78:e9:0b:70:fd:6d:7f:14:d7:a8:a1:8c:75:19:4e:
         8f:bd:2e:77:4b:58:16:d1:72:99:d9:a8:0b:f2:0f:05:a5:30:
         20:0f:46:2b:87:b7:8b:d4:27:5f:af:20:34:dd:75:cb:c1:f4:
         6a:4d:4b:df:b2:1e:3b:77:bd:9d:b7:45:02:df:51:84:e0:80:
         f0:dd:11:5a:65:7d:9d:02:12:3a:16:25:42:dd:e5:e6:58:76:
         b4:26:99:08:b4:d7:2b:84:2a:5a:e8:92:25:eb:b2:87:2d:3d:
         01:1f:52:cf:d4:3d:55:72:85:13:a3:ea:f4:bf:3e:88:4a:37:
         5a:25:a4:2f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIAmbEdK80lO6IRARdFdy2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZDczNGNmOTBjNzczNDI4ODA2Yjk2ODIwOTUxNWI5MTQ4
MzFhOWQwHhcNMjQwMTAyMDIzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGFmYTk0MWRmYjFmOWUzZGMwNDA1ZDcwOGM0Zjg5YmZkYjFmYTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArrp4rbVO+Y5pvAVbQTsHnjyVBUO+
zoFZzLJZxJedACi2xsjU6eL6W4OUfsf+nvbK47F8c1QrKPF0I3YqbnWQERvjyRsd
t5lJ6m93w/TvX8zJivAFMo9Nf3FS33Qz09u2AAGwJ3XVPHUPikqjaiYKbkxDNyLv
82wgxa8b7e/XK8aPvtycdbUB9Nnnwf7b3+vcUGHllzxmAphASMAAOHKKRgeJTywF
sIxanya+q/3L3vxh+eJZfAUjXvWJinoeLVdhnPLCwffJhJsbOc2rCuFv9KkbJf3+
vqa5lcrbds8z1PqyHx27XqfwvwJ3EwuKlf04mqBp1qErYR8brwhYiE8JswIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJCvqUHfsfnj3AQF1wjE+Jv9sfpJMB8GA1UdIwQY
MBaAFDrXNM+Qx3NCiAa5aCCVFbkUgxqdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3RjMHo1REhjMEtJQnJsb0lKVVZ1UlNER3AwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lYmYzODEtMDBjOC00ODBkLWE2NmMt
NzZhMWQ0ZDgzMTk3LzEva0stcFFkLXgtZVBjQkFYWENNVDRtXzJ4LWtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lYmYzODEtMDBjOC00ODBkLWE2NmMtNzZhMWQ0ZDgzMTk3
LzEvT3RjMHo1REhjMEtJQnJsb0lKVVZ1UlNER3AwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCmFnoMA0E
AgACMAcDBQMqCTfAMA0GCSqGSIb3DQEBCwUAA4IBAQAb0gJWoXV2f7wbFB+6YZeM
3Y0TiKcotw74/pcXxAedGPSCEYf7Axv/xPXUt3abv5IConmPmjSPZhpStS+EcbGk
Xo12B9z6TGxqOaCxSbN7UXn/4RNdtlQdCiuQy6+el9Q7/6cyufvFbOjE7jUlXsnU
DMJgs81JT3HiSnOZpbzX0jh46Qtw/W1/FNeooYx1GU6PvS53S1gW0XKZ2agL8g8F
pTAgD0Yrh7eL1CdfryA03XXLwfRqTUvfsh47d72dt0UC31GE4IDw3RFaZX2dAhI6
FiVC3eXmWHa0JpkItNcrhCpa6JIl67KHLT0BH1LP1D1VcoUTo+r0vz6ISjdaJaQv
-----END CERTIFICATE-----