Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/29c915-2cbc-4768-840c-aadfa9c06742/1/KpMQAtPuHdlX7rG5Rn7GkNjdkvo.roa
File:                     KpMQAtPuHdlX7rG5Rn7GkNjdkvo.roa (raw, json)
Hash identifier:          mLO9YcGJa5MjqoJDWHsNEflkwos3bDXmJkVUum24YVI=
Subject key identifier:   2A:93:10:02:D3:EE:1D:D9:57:EE:B1:B9:46:7E:C6:90:D8:DD:92:FA
Certificate issuer:       /CN=b82e7b8068c4ae9ae4ca4c3a6b2096199a741ff2
Certificate serial:       018CC7945807A6572D4DBA4294B485387B72
Authority key identifier: B8:2E:7B:80:68:C4:AE:9A:E4:CA:4C:3A:6B:20:96:19:9A:74:1F:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uC57gGjErprkykw6ayCWGZp0H_I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/29c915-2cbc-4768-840c-aadfa9c06742/1/KpMQAtPuHdlX7rG5Rn7GkNjdkvo.roa
Signing time:             Tue 02 Jan 2024 00:30:36 +0000
ROA not before:           Tue 02 Jan 2024 00:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     26548
IP address blocks:        178.159.100.0/24 maxlen: 24
                          178.159.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/29c915-2cbc-4768-840c-aadfa9c06742/1/uC57gGjErprkykw6ayCWGZp0H_I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/29c915-2cbc-4768-840c-aadfa9c06742/1/uC57gGjErprkykw6ayCWGZp0H_I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uC57gGjErprkykw6ayCWGZp0H_I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:58:07:a6:57:2d:4d:ba:42:94:b4:85:38:7b:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b82e7b8068c4ae9ae4ca4c3a6b2096199a741ff2
        Validity
            Not Before: Jan  2 00:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a931002d3ee1dd957eeb1b9467ec690d8dd92fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:7f:2c:f2:fc:af:9e:1e:cb:d0:a6:e6:29:fd:
                    3a:6e:e4:18:3e:7c:04:4c:a6:3f:8d:cd:e9:8a:e9:
                    4b:4e:c0:e3:91:44:3a:4c:3a:ec:2a:71:93:0c:5e:
                    ab:ce:f7:71:30:7f:0f:66:6c:d5:b2:78:13:c5:d5:
                    58:7e:01:b2:3b:7e:23:7f:64:45:16:b2:b7:8d:33:
                    85:a8:a4:bd:24:7d:9d:09:c9:88:a9:d3:e5:90:4c:
                    9e:0f:32:b1:40:55:e5:f1:24:51:bd:cf:13:5f:72:
                    f5:ac:68:1f:17:46:6d:e2:3f:a9:83:63:80:26:4d:
                    86:95:5b:d7:a5:a3:11:6e:fd:d1:c1:8f:d2:28:b3:
                    e1:e8:ba:87:23:c7:48:21:0d:44:1a:b0:e2:34:b9:
                    c2:47:58:fb:a1:04:5b:37:46:65:d3:20:9b:5a:1d:
                    7f:40:6f:5b:c2:ac:77:40:38:37:78:c7:41:eb:06:
                    5e:b9:48:f7:d0:05:24:a7:9c:c3:8e:12:f4:84:f4:
                    6e:57:fb:f4:56:3d:82:56:50:d2:98:52:f3:88:d1:
                    a9:0f:37:20:0f:d6:c3:b8:81:fd:88:ed:11:95:20:
                    12:bc:d4:43:06:9d:77:e5:55:2a:e8:c2:57:6b:74:
                    5b:91:bd:7c:b8:85:0a:f3:c4:cf:ba:ed:8a:6d:73:
                    26:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:93:10:02:D3:EE:1D:D9:57:EE:B1:B9:46:7E:C6:90:D8:DD:92:FA
            X509v3 Authority Key Identifier:
                keyid:B8:2E:7B:80:68:C4:AE:9A:E4:CA:4C:3A:6B:20:96:19:9A:74:1F:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uC57gGjErprkykw6ayCWGZp0H_I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/29c915-2cbc-4768-840c-aadfa9c06742/1/KpMQAtPuHdlX7rG5Rn7GkNjdkvo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/29c915-2cbc-4768-840c-aadfa9c06742/1/uC57gGjErprkykw6ayCWGZp0H_I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.159.100.0/24
                  178.159.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:f4:a0:d0:2d:4a:5f:26:f6:9c:19:97:ed:cc:e3:aa:14:83:
         b1:5c:f8:dd:5b:e7:3c:9c:f2:f1:b4:d7:eb:05:12:d4:54:36:
         8e:85:ad:ec:f8:a5:9b:88:5c:14:ca:5d:54:74:d5:2f:dd:af:
         78:66:3b:2b:a1:01:53:c5:0d:f5:47:5b:d4:3d:2f:ea:62:77:
         b2:dc:9a:f5:17:e4:d8:33:6a:ad:61:f6:49:43:bb:d7:26:25:
         a7:b8:1f:a1:44:7b:57:b4:e2:d4:57:de:cf:62:40:1c:e3:7e:
         7d:d7:1b:58:d4:3f:cf:ec:f9:f9:03:5c:cc:da:32:2f:b4:39:
         8a:64:6b:82:b8:08:3b:7d:27:c3:90:ac:2e:2a:49:a0:de:5e:
         99:73:50:33:6e:9c:87:88:0e:de:03:b1:1b:74:a9:e6:76:54:
         bf:2a:79:fb:25:5d:42:5a:3e:79:20:76:8f:a2:b1:f0:bd:c6:
         83:43:18:23:39:19:31:34:ba:3f:45:7f:a6:0c:9f:dd:e6:49:
         b5:a8:ca:e3:e7:ff:81:23:cc:42:44:e2:bf:26:59:cb:51:32:
         03:32:83:5a:63:cf:69:68:0e:10:29:03:34:e8:4c:32:45:90:
         03:37:4d:b2:bb:39:f0:32:29:b4:61:1d:7d:16:cf:6e:76:2b:
         d7:e6:ad:7c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlFgHplctTbpClLSFOHtyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MmU3YjgwNjhjNGFlOWFlNGNhNGMzYTZiMjA5NjE5OWE3
NDFmZjIwHhcNMjQwMTAyMDAzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTkzMTAwMmQzZWUxZGQ5NTdlZWIxYjk0NjdlYzY5MGQ4ZGQ5MmZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtH8s8vyvnh7L0KbmKf06buQYPnwE
TKY/jc3piulLTsDjkUQ6TDrsKnGTDF6rzvdxMH8PZmzVsngTxdVYfgGyO34jf2RF
FrK3jTOFqKS9JH2dCcmIqdPlkEyeDzKxQFXl8SRRvc8TX3L1rGgfF0Zt4j+pg2OA
Jk2GlVvXpaMRbv3RwY/SKLPh6LqHI8dIIQ1EGrDiNLnCR1j7oQRbN0Zl0yCbWh1/
QG9bwqx3QDg3eMdB6wZeuUj30AUkp5zDjhL0hPRuV/v0Vj2CVlDSmFLziNGpDzcg
D9bDuIH9iO0RlSASvNRDBp135VUq6MJXa3Rbkb18uIUK88TPuu2KbXMmBQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCqTEALT7h3ZV+6xuUZ+xpDY3ZL6MB8GA1UdIwQY
MBaAFLgue4BoxK6a5MpMOmsglhmadB/yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUM1N2dHakVycHJreWt3NmF5Q1dHWnAwSF9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny8yOWM5MTUtMmNiYy00NzY4LTg0MGMt
YWFkZmE5YzA2NzQyLzEvS3BNUUF0UHVIZGxYN3JHNVJuN0drTmpka3ZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny8yOWM5MTUtMmNiYy00NzY4LTg0MGMtYWFkZmE5YzA2NzQy
LzEvdUM1N2dHakVycHJreWt3NmF5Q1dHWnAwSF9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsp9kAwQA
sp9rMA0GCSqGSIb3DQEBCwUAA4IBAQAK9KDQLUpfJvacGZftzOOqFIOxXPjdW+c8
nPLxtNfrBRLUVDaOha3s+KWbiFwUyl1UdNUv3a94ZjsroQFTxQ31R1vUPS/qYney
3Jr1F+TYM2qtYfZJQ7vXJiWnuB+hRHtXtOLUV97PYkAc43591xtY1D/P7Pn5A1zM
2jIvtDmKZGuCuAg7fSfDkKwuKkmg3l6Zc1AzbpyHiA7eA7EbdKnmdlS/Knn7JV1C
Wj55IHaPorHwvcaDQxgjORkxNLo/RX+mDJ/d5km1qMrj5/+BI8xCROK/JlnLUTID
MoNaY89paA4QKQM06EwyRZADN02yuznwMim0YR19Fs9udivX5q18
-----END CERTIFICATE-----