Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/06c734-09a1-4da3-8992-bd4d54445a95/1/K1nNj8QvCdpZReVbybBnUTHjrUI.roa
File:                     K1nNj8QvCdpZReVbybBnUTHjrUI.roa (raw, json)
Hash identifier:          nqNus7iInZh+GfpovpKsy8YNvegjUx96jVEh8vyh5I0=
Subject key identifier:   2B:59:CD:8F:C4:2F:09:DA:59:45:E5:5B:C9:B0:67:51:31:E3:AD:42
Certificate issuer:       /CN=d703ceac906d07f74ca94c446303d954666b583a
Certificate serial:       018CC794B8D9C679003755E13F14BA4626FF
Authority key identifier: D7:03:CE:AC:90:6D:07:F7:4C:A9:4C:44:63:03:D9:54:66:6B:58:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1wPOrJBtB_dMqUxEYwPZVGZrWDo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/06c734-09a1-4da3-8992-bd4d54445a95/1/K1nNj8QvCdpZReVbybBnUTHjrUI.roa
Signing time:             Tue 02 Jan 2024 00:31:01 +0000
ROA not before:           Tue 02 Jan 2024 00:31:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62571
IP address blocks:        185.64.9.0/24 maxlen: 24
                          185.64.10.0/24 maxlen: 24
                          185.64.8.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/06c734-09a1-4da3-8992-bd4d54445a95/1/1wPOrJBtB_dMqUxEYwPZVGZrWDo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/06c734-09a1-4da3-8992-bd4d54445a95/1/1wPOrJBtB_dMqUxEYwPZVGZrWDo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1wPOrJBtB_dMqUxEYwPZVGZrWDo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:b8:d9:c6:79:00:37:55:e1:3f:14:ba:46:26:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d703ceac906d07f74ca94c446303d954666b583a
        Validity
            Not Before: Jan  2 00:31:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2b59cd8fc42f09da5945e55bc9b0675131e3ad42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:6e:fa:76:86:ee:78:03:46:f6:f3:ac:71:ad:
                    ef:b5:bb:d2:9c:20:f3:38:1a:eb:e2:f7:27:c1:78:
                    03:c9:e3:5f:cb:e7:4d:8f:7d:d4:f3:ea:d6:48:e3:
                    e2:77:0a:87:4d:a8:4f:03:f6:dd:91:5e:aa:f0:0f:
                    79:8a:9a:3b:2c:3b:60:be:c2:49:83:0d:e1:e1:8b:
                    40:d1:d8:b2:d8:e3:e9:0c:a0:ea:34:d2:ba:5d:3e:
                    7a:8e:54:2c:ca:92:20:e6:48:44:e3:ba:ce:43:3d:
                    72:af:70:25:86:ee:f4:61:7a:f7:59:52:19:7d:98:
                    b2:01:46:d0:10:ae:92:09:3c:8d:d7:4e:fd:1f:e0:
                    f2:a0:04:d7:d9:6f:d2:7c:ed:4b:1b:1c:08:cd:71:
                    1b:b1:6c:05:49:f7:44:73:bf:42:4e:a0:e7:9a:19:
                    5d:6a:ef:3f:de:04:cd:99:ee:e4:fb:4f:af:fd:5a:
                    9e:fb:c3:40:7c:5a:c3:ab:b6:dc:ad:9f:71:67:cc:
                    2f:ea:17:9b:3f:36:b7:73:c9:95:67:ee:c6:54:a5:
                    bf:90:92:81:f4:80:7c:f8:4c:a4:6d:b2:83:2b:e9:
                    32:91:8c:43:18:9b:4d:c0:c7:fe:9b:d0:e7:f4:ba:
                    29:42:04:99:82:9f:ac:18:48:82:f7:99:dd:f2:55:
                    e8:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:59:CD:8F:C4:2F:09:DA:59:45:E5:5B:C9:B0:67:51:31:E3:AD:42
            X509v3 Authority Key Identifier:
                keyid:D7:03:CE:AC:90:6D:07:F7:4C:A9:4C:44:63:03:D9:54:66:6B:58:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1wPOrJBtB_dMqUxEYwPZVGZrWDo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/06c734-09a1-4da3-8992-bd4d54445a95/1/K1nNj8QvCdpZReVbybBnUTHjrUI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/06c734-09a1-4da3-8992-bd4d54445a95/1/1wPOrJBtB_dMqUxEYwPZVGZrWDo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.64.8.0-185.64.10.255

    Signature Algorithm: sha256WithRSAEncryption
         2a:bc:86:4b:76:f0:e5:1e:7e:36:d3:d3:aa:4e:1d:8e:62:4d:
         5b:61:f4:24:03:01:83:16:77:c3:94:20:bc:1f:09:a5:44:0e:
         fd:6a:8d:66:0e:8d:3d:bb:71:1b:62:1f:3d:a4:bd:f2:4b:3c:
         7d:3d:d8:40:c7:48:9a:65:04:1e:aa:21:89:79:e8:4c:c0:7d:
         87:b8:d2:ff:8c:82:a4:68:37:9a:b7:01:e1:a1:7a:68:34:0a:
         eb:c3:04:1c:2d:2a:7a:58:f3:58:4d:9c:1c:17:88:f1:9f:3c:
         d3:ec:e8:b9:c0:57:2e:25:57:e2:82:2c:f7:f0:76:2f:e0:46:
         86:82:01:8f:10:8c:e2:bc:96:3b:96:24:b0:58:c1:59:66:55:
         80:f4:b8:40:51:65:02:1e:1d:d5:a1:3d:84:f6:e0:a1:f8:8c:
         48:73:d2:da:96:c6:b6:36:66:a8:81:21:bf:06:19:09:45:5b:
         dc:bf:b3:8c:9f:35:65:49:78:7b:00:68:fb:ee:32:27:3b:06:
         86:a6:24:2c:b1:d6:48:a3:f1:24:74:ed:a9:e5:0b:21:ec:a6:
         1d:d8:b1:d1:52:87:4d:ba:de:a1:4b:e9:1c:50:b5:31:5e:a9:
         60:04:39:af:c0:1c:7a:44:20:a8:8e:cf:dd:9b:5f:ea:3b:7b:
         36:85:27:3a
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzHlLjZxnkAN1XhPxS6Rib/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3MDNjZWFjOTA2ZDA3Zjc0Y2E5NGM0NDYzMDNkOTU0NjY2
YjU4M2EwHhcNMjQwMTAyMDAzMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjU5Y2Q4ZmM0MmYwOWRhNTk0NWU1NWJjOWIwNjc1MTMxZTNhZDQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjm76dobueANG9vOsca3vtbvSnCDz
OBrr4vcnwXgDyeNfy+dNj33U8+rWSOPidwqHTahPA/bdkV6q8A95ipo7LDtgvsJJ
gw3h4YtA0diy2OPpDKDqNNK6XT56jlQsypIg5khE47rOQz1yr3Alhu70YXr3WVIZ
fZiyAUbQEK6SCTyN1079H+DyoATX2W/SfO1LGxwIzXEbsWwFSfdEc79CTqDnmhld
au8/3gTNme7k+0+v/Vqe+8NAfFrDq7bcrZ9xZ8wv6hebPza3c8mVZ+7GVKW/kJKB
9IB8+EykbbKDK+kykYxDGJtNwMf+m9Dn9LopQgSZgp+sGEiC95nd8lXoPQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFCtZzY/ELwnaWUXlW8mwZ1Ex461CMB8GA1UdIwQY
MBaAFNcDzqyQbQf3TKlMRGMD2VRma1g6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXdQT3JKQnRCX2RNcVV4RVl3UFpWR1pyV0RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS8wNmM3MzQtMDlhMS00ZGEzLTg5OTIt
YmQ0ZDU0NDQ1YTk1LzEvSzFuTmo4UXZDZHBaUmVWYnliQm5VVEhqclVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS8wNmM3MzQtMDlhMS00ZGEzLTg5OTItYmQ0ZDU0NDQ1YTk1
LzEvMXdQT3JKQnRCX2RNcVV4RVl3UFpWR1pyV0RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAO5QAgD
BAC5QAowDQYJKoZIhvcNAQELBQADggEBACq8hkt28OUefjbT06pOHY5iTVth9CQD
AYMWd8OUILwfCaVEDv1qjWYOjT27cRtiHz2kvfJLPH092EDHSJplBB6qIYl56EzA
fYe40v+MgqRoN5q3AeGhemg0CuvDBBwtKnpY81hNnBwXiPGfPNPs6LnAVy4lV+KC
LPfwdi/gRoaCAY8QjOK8ljuWJLBYwVlmVYD0uEBRZQIeHdWhPYT24KH4jEhz0tqW
xrY2ZqiBIb8GGQlFW9y/s4yfNWVJeHsAaPvuMic7BoamJCyx1kij8SR07anlCyHs
ph3YsdFSh0263qFL6RxQtTFeqWAEOa/AHHpEIKiOz92bX+o7ezaFJzo=
-----END CERTIFICATE-----