Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/c12541-27b0-465c-b577-12e431c0b933/1/KcQ5_rlr8B3UUKpvwYoaJQ7AGiM.roa
File:                     KcQ5_rlr8B3UUKpvwYoaJQ7AGiM.roa (raw, json)
Hash identifier:          CpvU52qnN5Ry6S7kQUOAwZkNs79rbvDLj3Xj4FBPZws=
Subject key identifier:   29:C4:39:FE:B9:6B:F0:1D:D4:50:AA:6F:C1:8A:1A:25:0E:C0:1A:23
Certificate issuer:       /CN=9d7b6f1793bf2802cb3a3d7fad32ccaad8d8ad2e
Certificate serial:       018CCA29B7625D6D01307C8EA96182EE9DF8
Authority key identifier: 9D:7B:6F:17:93:BF:28:02:CB:3A:3D:7F:AD:32:CC:AA:D8:D8:AD:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nXtvF5O_KALLOj1_rTLMqtjYrS4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/c12541-27b0-465c-b577-12e431c0b933/1/KcQ5_rlr8B3UUKpvwYoaJQ7AGiM.roa
Signing time:             Tue 02 Jan 2024 12:33:00 +0000
ROA not before:           Tue 02 Jan 2024 12:33:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56798
IP address blocks:        91.207.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/c12541-27b0-465c-b577-12e431c0b933/1/nXtvF5O_KALLOj1_rTLMqtjYrS4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/c12541-27b0-465c-b577-12e431c0b933/1/nXtvF5O_KALLOj1_rTLMqtjYrS4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nXtvF5O_KALLOj1_rTLMqtjYrS4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:b7:62:5d:6d:01:30:7c:8e:a9:61:82:ee:9d:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d7b6f1793bf2802cb3a3d7fad32ccaad8d8ad2e
        Validity
            Not Before: Jan  2 12:33:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=29c439feb96bf01dd450aa6fc18a1a250ec01a23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:18:0e:a0:d1:69:07:e3:17:ef:a1:1a:83:a4:
                    e2:e5:4d:bf:1f:de:a7:28:b3:85:c7:b9:11:91:8e:
                    75:6e:2e:df:08:d6:12:21:59:89:f9:d9:ee:2e:7b:
                    30:6a:cf:60:0d:a8:17:e6:dd:fe:e7:a1:f4:73:30:
                    de:0f:ae:f0:65:80:fb:d7:e0:3c:44:41:dc:4e:b9:
                    97:20:84:95:ca:75:49:05:e4:69:36:d7:96:a2:1f:
                    ad:38:2d:9b:04:cf:0a:81:7a:bc:8f:24:1a:ef:20:
                    7a:93:7c:90:b8:ed:6a:f5:91:c7:2a:ce:33:03:13:
                    d0:ef:98:07:89:d7:cf:20:a7:eb:6f:1e:18:a7:2b:
                    df:d9:bc:4a:cc:03:55:86:56:c4:1e:09:4f:96:cb:
                    a2:8d:09:65:0d:86:f0:37:44:ee:9b:97:8d:0a:a3:
                    d6:8c:7e:08:2d:3a:68:cd:1b:88:f7:82:5a:24:f1:
                    28:28:cf:ca:a9:13:67:3f:e3:03:92:56:9d:0c:b4:
                    16:1d:89:9f:ac:eb:c8:cd:dc:66:e9:f2:f0:fb:7c:
                    20:7a:53:88:02:53:6f:07:28:75:b6:aa:f1:03:4b:
                    4b:3b:70:a4:f8:7b:47:eb:6e:8c:ac:2b:54:63:84:
                    56:ed:18:e2:db:75:c2:fc:b9:89:ef:95:05:b4:76:
                    a2:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:C4:39:FE:B9:6B:F0:1D:D4:50:AA:6F:C1:8A:1A:25:0E:C0:1A:23
            X509v3 Authority Key Identifier:
                keyid:9D:7B:6F:17:93:BF:28:02:CB:3A:3D:7F:AD:32:CC:AA:D8:D8:AD:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nXtvF5O_KALLOj1_rTLMqtjYrS4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/c12541-27b0-465c-b577-12e431c0b933/1/KcQ5_rlr8B3UUKpvwYoaJQ7AGiM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/c12541-27b0-465c-b577-12e431c0b933/1/nXtvF5O_KALLOj1_rTLMqtjYrS4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:29:5b:00:d6:d9:bb:a7:91:a8:c6:8a:21:fa:c7:d8:c4:41:
         56:ec:4c:c5:2e:e2:f0:5c:6e:bb:3f:65:07:63:fa:3d:c8:de:
         dd:e3:0a:8d:b9:1d:fc:5b:c2:12:b1:90:52:c8:dd:28:54:e7:
         59:ee:a6:e5:48:99:fc:19:06:a3:ad:ec:a3:21:cc:ba:0e:67:
         6b:e8:2b:95:fb:03:8f:40:00:5d:ba:7a:dc:fe:1d:1c:44:e8:
         ac:d7:23:f5:1a:e3:72:ba:a9:69:fe:da:2b:54:ff:42:aa:0e:
         01:79:54:2d:ca:19:17:7f:c9:bb:7c:14:12:31:f7:86:d5:89:
         3b:9f:b5:ec:f1:b2:58:27:c3:4f:1b:e8:ad:4c:11:24:4f:15:
         ae:b0:12:61:d1:3b:fe:df:46:f0:9d:89:25:40:aa:3e:14:a1:
         c5:3f:29:f7:4a:ef:86:e9:ab:b4:4d:31:28:10:c5:53:ac:68:
         9a:a0:95:84:60:d7:35:69:ad:ef:dd:00:de:6a:a9:a0:ec:f5:
         1e:30:1b:fc:09:1e:37:47:5f:b3:e7:58:43:c9:9f:a1:3f:c9:
         39:0d:64:8c:ce:2f:79:ca:96:cd:a3:da:76:55:fc:8c:06:b6:
         25:a7:db:1c:4d:0f:cc:69:fb:ca:95:52:75:05:1c:91:dc:8c:
         62:bf:02:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKbdiXW0BMHyOqWGC7p34MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkN2I2ZjE3OTNiZjI4MDJjYjNhM2Q3ZmFkMzJjY2FhZDhk
OGFkMmUwHhcNMjQwMTAyMTIzMzAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWM0MzlmZWI5NmJmMDFkZDQ1MGFhNmZjMThhMWEyNTBlYzAxYTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhBgOoNFpB+MX76Eag6Ti5U2/H96n
KLOFx7kRkY51bi7fCNYSIVmJ+dnuLnswas9gDagX5t3+56H0czDeD67wZYD71+A8
REHcTrmXIISVynVJBeRpNteWoh+tOC2bBM8KgXq8jyQa7yB6k3yQuO1q9ZHHKs4z
AxPQ75gHidfPIKfrbx4Ypyvf2bxKzANVhlbEHglPlsuijQllDYbwN0Tum5eNCqPW
jH4ILTpozRuI94JaJPEoKM/KqRNnP+MDkladDLQWHYmfrOvIzdxm6fLw+3wgelOI
AlNvByh1tqrxA0tLO3Ck+HtH626MrCtUY4RW7Rji23XC/LmJ75UFtHaibQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCnEOf65a/Ad1FCqb8GKGiUOwBojMB8GA1UdIwQY
MBaAFJ17bxeTvygCyzo9f60yzKrY2K0uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblh0dkY1T19LQUxMT2oxX3JUTE1xdGpZclM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni9jMTI1NDEtMjdiMC00NjVjLWI1Nzct
MTJlNDMxYzBiOTMzLzEvS2NRNV9ybHI4QjNVVUtwdndZb2FKUTdBR2lNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni9jMTI1NDEtMjdiMC00NjVjLWI1NzctMTJlNDMxYzBiOTMz
LzEvblh0dkY1T19LQUxMT2oxX3JUTE1xdGpZclM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8/PMA0G
CSqGSIb3DQEBCwUAA4IBAQBfKVsA1tm7p5Goxooh+sfYxEFW7EzFLuLwXG67P2UH
Y/o9yN7d4wqNuR38W8ISsZBSyN0oVOdZ7qblSJn8GQajreyjIcy6Dmdr6CuV+wOP
QABdunrc/h0cROis1yP1GuNyuqlp/torVP9Cqg4BeVQtyhkXf8m7fBQSMfeG1Yk7
n7Xs8bJYJ8NPG+itTBEkTxWusBJh0Tv+30bwnYklQKo+FKHFPyn3Su+G6au0TTEo
EMVTrGiaoJWEYNc1aa3v3QDeaqmg7PUeMBv8CR43R1+z51hDyZ+hP8k5DWSMzi95
ypbNo9p2VfyMBrYlp9scTQ/MafvKlVJ1BRyR3IxivwLG
-----END CERTIFICATE-----