Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/11dc71-8170-45b5-8c5b-4d73730f7d32/1/kkefGVobSRoZGeyq0zTj36F5WH0.roa
File:                     kkefGVobSRoZGeyq0zTj36F5WH0.roa (raw, json)
Hash identifier:          iAuwyf6JGu7D/I8EW9ObRslOoYOaF/2weBw8lwjjNkw=
Subject key identifier:   92:47:9F:19:5A:1B:49:1A:19:19:EC:AA:D3:34:E3:DF:A1:79:58:7D
Certificate issuer:       /CN=21698c1cdc66dc285d0f807629c46261a88b2de7
Certificate serial:       018CC6B929BD313E18A1A15408FA793F63C6
Authority key identifier: 21:69:8C:1C:DC:66:DC:28:5D:0F:80:76:29:C4:62:61:A8:8B:2D:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IWmMHNxm3ChdD4B2KcRiYaiLLec.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/11dc71-8170-45b5-8c5b-4d73730f7d32/1/kkefGVobSRoZGeyq0zTj36F5WH0.roa
Signing time:             Mon 01 Jan 2024 20:31:12 +0000
ROA not before:           Mon 01 Jan 2024 20:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41584
IP address blocks:        193.164.80.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/11dc71-8170-45b5-8c5b-4d73730f7d32/1/IWmMHNxm3ChdD4B2KcRiYaiLLec.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/11dc71-8170-45b5-8c5b-4d73730f7d32/1/IWmMHNxm3ChdD4B2KcRiYaiLLec.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IWmMHNxm3ChdD4B2KcRiYaiLLec.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 04:01:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:29:bd:31:3e:18:a1:a1:54:08:fa:79:3f:63:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21698c1cdc66dc285d0f807629c46261a88b2de7
        Validity
            Not Before: Jan  1 20:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=92479f195a1b491a1919ecaad334e3dfa179587d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:7e:9f:bb:86:20:63:e0:fb:06:65:ca:0c:74:
                    f4:8d:a3:5b:f3:ea:36:c0:44:07:a5:6b:15:d2:04:
                    84:17:cc:eb:d9:07:5a:8a:0f:3b:e5:24:09:83:76:
                    12:eb:12:a8:b0:11:fe:a6:38:40:01:3d:ec:8e:28:
                    7c:1c:da:77:ea:95:30:13:46:42:1c:5d:9f:6c:56:
                    e0:87:63:6b:e0:62:d5:24:4a:97:1c:9d:f7:34:16:
                    33:35:d9:11:b4:16:82:f6:51:2f:87:78:c0:a0:2c:
                    11:cd:b3:58:7f:20:e1:c3:ba:c6:3a:34:13:ee:d0:
                    11:68:6b:1f:eb:b6:02:70:c2:85:28:2b:e6:18:26:
                    1c:09:a3:ed:d2:6d:43:f4:6f:bd:6d:f5:b5:7d:07:
                    f9:4a:7c:f5:61:e1:26:23:38:05:7f:23:b8:8e:04:
                    fd:ac:b0:89:22:60:3b:bd:72:59:13:72:1f:7b:73:
                    71:ed:af:40:10:2b:af:6a:ef:a1:a4:0a:ac:e2:f9:
                    e2:aa:15:bf:f1:55:61:ee:24:43:91:77:8f:b2:a6:
                    0f:9d:0e:05:05:2e:a9:00:2b:85:c7:4c:24:71:a8:
                    92:39:82:a0:99:8f:03:a2:4e:7d:31:21:ee:94:33:
                    64:b4:a6:4b:46:52:aa:fd:f8:b4:e7:93:ff:fa:e0:
                    69:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:47:9F:19:5A:1B:49:1A:19:19:EC:AA:D3:34:E3:DF:A1:79:58:7D
            X509v3 Authority Key Identifier:
                keyid:21:69:8C:1C:DC:66:DC:28:5D:0F:80:76:29:C4:62:61:A8:8B:2D:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IWmMHNxm3ChdD4B2KcRiYaiLLec.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/11dc71-8170-45b5-8c5b-4d73730f7d32/1/kkefGVobSRoZGeyq0zTj36F5WH0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/11dc71-8170-45b5-8c5b-4d73730f7d32/1/IWmMHNxm3ChdD4B2KcRiYaiLLec.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.164.80.0/23

    Signature Algorithm: sha256WithRSAEncryption
         45:0a:7b:eb:7b:8e:08:5c:f9:95:4c:2e:76:aa:36:4a:cc:ce:
         1b:a4:3a:d7:db:89:48:95:43:c6:9b:0e:4a:0d:3b:2e:bb:d0:
         b1:b8:c3:e1:78:04:72:eb:59:57:b3:13:d1:1c:f9:f1:19:e1:
         63:43:a8:de:b1:f6:ec:ed:05:28:c9:06:8f:0a:b4:8f:e1:7f:
         c8:43:15:d1:29:ca:6d:af:e9:9f:87:85:75:46:1b:07:95:e2:
         41:fa:d0:ba:b3:22:4e:75:e1:49:a9:0c:22:e5:a9:cc:a9:ca:
         f3:2f:b4:03:b8:db:6b:ed:64:5c:8e:6f:2f:92:20:72:65:4c:
         51:64:27:2d:b2:cb:63:68:2c:d1:9a:eb:9f:72:05:7e:1a:4d:
         4c:bc:e9:00:1b:31:51:24:e4:ce:34:2c:32:d4:bb:b0:fe:6f:
         13:04:82:38:42:8f:f1:37:cc:b9:49:9a:e1:30:45:2d:e1:76:
         48:32:e4:93:7d:96:51:3d:14:93:4c:e0:df:de:0c:50:fc:e1:
         5b:c9:0f:db:ca:f1:a1:ae:a9:35:3a:c3:e0:29:6a:c6:c6:b6:
         f5:42:bd:e7:7d:6d:f6:14:8a:0c:8a:80:be:74:b8:20:4b:40:
         f8:90:46:9d:51:a1:90:20:c2:da:77:ae:77:27:82:6d:9f:f8:
         81:4c:7c:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuSm9MT4YoaFUCPp5P2PGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNjk4YzFjZGM2NmRjMjg1ZDBmODA3NjI5YzQ2MjYxYTg4
YjJkZTcwHhcNMjQwMTAxMjAzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjQ3OWYxOTVhMWI0OTFhMTkxOWVjYWFkMzM0ZTNkZmExNzk1ODdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr36fu4YgY+D7BmXKDHT0jaNb8+o2
wEQHpWsV0gSEF8zr2Qdaig875SQJg3YS6xKosBH+pjhAAT3sjih8HNp36pUwE0ZC
HF2fbFbgh2Nr4GLVJEqXHJ33NBYzNdkRtBaC9lEvh3jAoCwRzbNYfyDhw7rGOjQT
7tARaGsf67YCcMKFKCvmGCYcCaPt0m1D9G+9bfW1fQf5Snz1YeEmIzgFfyO4jgT9
rLCJImA7vXJZE3Ife3Nx7a9AECuvau+hpAqs4vniqhW/8VVh7iRDkXePsqYPnQ4F
BS6pACuFx0wkcaiSOYKgmY8Dok59MSHulDNktKZLRlKq/fi055P/+uBpHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJJHnxlaG0kaGRnsqtM049+heVh9MB8GA1UdIwQY
MBaAFCFpjBzcZtwoXQ+AdinEYmGoiy3nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVdtTUhOeG0zQ2hkRDRCMktjUmlZYWlMTGVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny8xMWRjNzEtODE3MC00NWI1LThjNWIt
NGQ3MzczMGY3ZDMyLzEva2tlZkdWb2JTUm9aR2V5cTB6VGozNkY1V0gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny8xMWRjNzEtODE3MC00NWI1LThjNWItNGQ3MzczMGY3ZDMy
LzEvSVdtTUhOeG0zQ2hkRDRCMktjUmlZYWlMTGVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwaRQMA0G
CSqGSIb3DQEBCwUAA4IBAQBFCnvre44IXPmVTC52qjZKzM4bpDrX24lIlUPGmw5K
DTsuu9CxuMPheARy61lXsxPRHPnxGeFjQ6jesfbs7QUoyQaPCrSP4X/IQxXRKcpt
r+mfh4V1RhsHleJB+tC6syJOdeFJqQwi5anMqcrzL7QDuNtr7WRcjm8vkiByZUxR
ZCctsstjaCzRmuufcgV+Gk1MvOkAGzFRJOTONCwy1Luw/m8TBII4Qo/xN8y5SZrh
MEUt4XZIMuSTfZZRPRSTTODf3gxQ/OFbyQ/byvGhrqk1OsPgKWrGxrb1Qr3nfW32
FIoMioC+dLggS0D4kEadUaGQIMLad653J4Jtn/iBTHxy
-----END CERTIFICATE-----