Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/KUYispO8GYgYf_MzAWW58daWtDg.roa
File:                     KUYispO8GYgYf_MzAWW58daWtDg.roa (raw, json)
Hash identifier:          hU3kXE88+RL+ka3P9YOtIrmbM9IGPxKqKlxQWGAhzUE=
Subject key identifier:   29:46:22:B2:93:BC:19:88:18:7F:F3:33:01:65:B9:F1:D6:96:B4:38
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       018CC424F5D90E2B265CF676EFD52C90FD89
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/KUYispO8GYgYf_MzAWW58daWtDg.roa
Signing time:             Mon 01 Jan 2024 08:30:05 +0000
ROA not before:           Mon 01 Jan 2024 08:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204223
IP address blocks:        160.20.111.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 May 2024 13:40:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:f5:d9:0e:2b:26:5c:f6:76:ef:d5:2c:90:fd:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Jan  1 08:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=294622b293bc1988187ff3330165b9f1d696b438
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:71:c9:03:df:2b:a9:88:b8:be:08:02:60:b2:
                    b7:d3:e6:f4:73:9e:98:54:8b:1e:b4:2f:fb:b4:cf:
                    a6:2f:f5:3f:46:3a:e2:d0:55:76:4b:bd:be:9a:d7:
                    4a:5f:d4:21:11:f3:e5:7b:31:ea:c9:3a:4f:b3:83:
                    82:ed:7e:3f:6d:98:46:48:40:43:2c:5b:f5:f6:21:
                    05:27:9e:02:23:e5:56:18:f0:c0:29:b2:9b:f6:56:
                    82:3b:6b:d2:5e:08:b1:ce:f3:ce:7a:7f:93:79:62:
                    0a:05:96:77:63:f2:a7:87:a8:98:d1:3e:4f:58:55:
                    93:08:89:1d:ea:a6:6c:7e:33:54:e2:d4:06:90:b3:
                    f7:6b:80:b1:53:10:b7:aa:5d:ca:9d:59:4d:5a:d2:
                    3a:7e:91:cb:4b:1e:6b:c9:e2:74:b8:23:29:f6:91:
                    51:8c:8b:c6:b8:20:11:be:cb:6e:4a:a6:22:c9:35:
                    a1:3e:f8:a0:af:6f:f8:36:53:38:c3:91:f6:ee:fc:
                    15:ad:ac:eb:ae:62:9c:33:7f:b3:c6:95:41:6e:6f:
                    3a:f8:bf:3e:96:6a:a3:1a:ea:56:5a:b8:56:1f:d9:
                    ce:69:72:dc:63:c2:db:7f:52:e1:42:a4:99:75:90:
                    07:fa:64:b8:a8:83:59:e1:5a:f5:6e:8f:e0:42:22:
                    e9:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:46:22:B2:93:BC:19:88:18:7F:F3:33:01:65:B9:F1:D6:96:B4:38
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/KUYispO8GYgYf_MzAWW58daWtDg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.20.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:ce:cf:2c:7b:2c:14:02:7b:a1:a9:ba:b6:f1:15:54:4b:27:
         d0:51:eb:e3:79:f1:e1:bc:b4:60:66:29:b7:17:2e:5b:7a:f6:
         53:29:67:a4:b8:5f:f1:62:f1:ae:4c:df:64:ea:2c:c0:91:0c:
         e5:25:73:1b:a5:b1:2a:a7:ad:3a:e6:37:e3:34:1a:d8:56:1c:
         b4:3b:bb:39:86:fe:a2:f9:9b:96:08:d9:b1:97:38:4b:ce:14:
         2b:b7:41:a4:c0:a8:41:f9:92:cc:6f:cf:ed:b6:45:cf:0d:03:
         df:43:f4:b6:2a:57:0b:46:b5:18:5a:66:6e:f1:01:55:81:1e:
         3e:49:ef:10:80:73:cf:1c:f7:c0:15:02:e1:81:ab:7a:ae:7c:
         56:e8:3a:0c:1b:ac:ba:13:6d:47:20:6d:da:e1:ee:39:ce:04:
         e6:5d:07:ea:bb:6b:e0:50:9a:4e:34:6b:75:5a:b5:f3:d2:22:
         ef:ad:d2:5f:e9:3a:8f:1c:28:d6:ee:8a:19:ee:90:37:b2:a4:
         1b:cc:5a:d1:a7:55:e6:45:af:25:cf:cb:7b:38:fe:8d:27:b7:
         97:65:4a:e5:68:0c:5a:2f:f5:9d:83:c5:ae:e8:3a:c1:56:ba:
         2b:e9:83:2c:9c:15:86:c5:3f:d3:9a:fe:6b:eb:de:37:2d:27:
         a3:5a:b7:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJPXZDismXPZ279UskP2JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjQwMTAxMDgzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTQ2MjJiMjkzYmMxOTg4MTg3ZmYzMzMwMTY1YjlmMWQ2OTZiNDM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyXHJA98rqYi4vggCYLK30+b0c56Y
VIsetC/7tM+mL/U/Rjri0FV2S72+mtdKX9QhEfPlezHqyTpPs4OC7X4/bZhGSEBD
LFv19iEFJ54CI+VWGPDAKbKb9laCO2vSXgixzvPOen+TeWIKBZZ3Y/Knh6iY0T5P
WFWTCIkd6qZsfjNU4tQGkLP3a4CxUxC3ql3KnVlNWtI6fpHLSx5ryeJ0uCMp9pFR
jIvGuCARvstuSqYiyTWhPvigr2/4NlM4w5H27vwVrazrrmKcM3+zxpVBbm86+L8+
lmqjGupWWrhWH9nOaXLcY8Lbf1LhQqSZdZAH+mS4qINZ4Vr1bo/gQiLppQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFClGIrKTvBmIGH/zMwFlufHWlrQ4MB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvS1VZaXNwTzhHWWdZZl9NekFXVzU4ZGFXdERnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAoBRvMA0G
CSqGSIb3DQEBCwUAA4IBAQARzs8seywUAnuhqbq28RVUSyfQUevjefHhvLRgZim3
Fy5bevZTKWekuF/xYvGuTN9k6izAkQzlJXMbpbEqp6065jfjNBrYVhy0O7s5hv6i
+ZuWCNmxlzhLzhQrt0GkwKhB+ZLMb8/ttkXPDQPfQ/S2KlcLRrUYWmZu8QFVgR4+
Se8QgHPPHPfAFQLhgat6rnxW6DoMG6y6E21HIG3a4e45zgTmXQfqu2vgUJpONGt1
WrXz0iLvrdJf6TqPHCjW7ooZ7pA3sqQbzFrRp1XmRa8lz8t7OP6NJ7eXZUrlaAxa
L/Wdg8Wu6DrBVror6YMsnBWGxT/Tmv5r6943LSejWrc1
-----END CERTIFICATE-----