Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/59d987-fa5d-406f-9c6a-1d6076e0e290/1/KUaDHv08gCh9RbbENTykqGym_SM.roa
File:                     KUaDHv08gCh9RbbENTykqGym_SM.roa (raw, json)
Hash identifier:          mhQyKwG2XRnx63EeovwsAilPJkfrW3kfQRTh29dsWJs=
Subject key identifier:   29:46:83:1E:FD:3C:80:28:7D:45:B6:C4:35:3C:A4:A8:6C:A6:FD:23
Certificate issuer:       /CN=335d831afcc9d74ccf3ee40a0eb68f99085b98dd
Certificate serial:       018CC5DC2A20ED8622449F376BB12D7E67D5
Authority key identifier: 33:5D:83:1A:FC:C9:D7:4C:CF:3E:E4:0A:0E:B6:8F:99:08:5B:98:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M12DGvzJ10zPPuQKDraPmQhbmN0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/59d987-fa5d-406f-9c6a-1d6076e0e290/1/KUaDHv08gCh9RbbENTykqGym_SM.roa
Signing time:             Mon 01 Jan 2024 16:29:49 +0000
ROA not before:           Mon 01 Jan 2024 16:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212665
IP address blocks:        91.196.6.0/24 maxlen: 24
                          2a12:64c0::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/59d987-fa5d-406f-9c6a-1d6076e0e290/1/M12DGvzJ10zPPuQKDraPmQhbmN0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/59d987-fa5d-406f-9c6a-1d6076e0e290/1/M12DGvzJ10zPPuQKDraPmQhbmN0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M12DGvzJ10zPPuQKDraPmQhbmN0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:2a:20:ed:86:22:44:9f:37:6b:b1:2d:7e:67:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=335d831afcc9d74ccf3ee40a0eb68f99085b98dd
        Validity
            Not Before: Jan  1 16:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2946831efd3c80287d45b6c4353ca4a86ca6fd23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:c5:70:4f:1b:0c:c5:bf:95:db:a3:d2:2d:a9:
                    43:61:bd:33:2c:0b:c9:1b:43:8e:df:39:9c:06:d1:
                    db:97:39:aa:b9:3a:14:4d:2b:2e:d3:46:f7:e0:5b:
                    31:b1:52:9b:aa:07:bb:d7:53:7c:65:43:67:b5:c8:
                    19:47:66:31:4e:bd:05:3f:05:23:4a:8a:85:47:98:
                    72:2d:29:3e:23:0d:96:ec:19:24:31:57:04:84:3c:
                    8c:b5:31:59:9e:43:1f:d7:f9:9d:0b:46:df:47:f0:
                    88:c5:e1:4f:61:91:90:9d:8d:c5:e5:52:e6:97:0d:
                    de:f2:56:01:b5:50:b1:87:42:dc:e5:b8:1b:55:d7:
                    d2:a0:2a:90:ba:c8:d3:84:85:34:a9:5f:21:df:6a:
                    cc:08:c4:b0:7b:f2:8e:bd:eb:06:3d:fe:a7:00:7a:
                    9e:32:88:5f:92:33:ec:53:09:62:d6:aa:84:cd:6a:
                    89:b1:9f:6d:2f:d9:7b:92:4e:fd:1b:b2:28:45:b8:
                    ce:2d:23:b7:1b:1d:78:ca:d3:0d:ca:59:22:85:57:
                    27:20:cc:fd:13:a6:ba:a8:a8:86:17:fc:75:89:40:
                    87:a0:cf:48:05:a4:a7:35:0a:a3:f2:65:96:6f:42:
                    b1:a0:0c:4f:da:8f:ec:d6:e9:f9:a6:87:d5:e4:0b:
                    fe:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:46:83:1E:FD:3C:80:28:7D:45:B6:C4:35:3C:A4:A8:6C:A6:FD:23
            X509v3 Authority Key Identifier:
                keyid:33:5D:83:1A:FC:C9:D7:4C:CF:3E:E4:0A:0E:B6:8F:99:08:5B:98:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M12DGvzJ10zPPuQKDraPmQhbmN0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/59d987-fa5d-406f-9c6a-1d6076e0e290/1/KUaDHv08gCh9RbbENTykqGym_SM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/59d987-fa5d-406f-9c6a-1d6076e0e290/1/M12DGvzJ10zPPuQKDraPmQhbmN0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.196.6.0/24
                IPv6:
                  2a12:64c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         07:f3:d2:60:7a:9c:7a:e4:a4:e8:8b:9b:09:97:06:49:d9:94:
         33:17:50:eb:a4:31:70:31:01:48:f5:aa:25:4d:d0:8d:dd:45:
         09:c2:7d:63:2d:7d:75:8f:20:3c:51:d2:e8:74:6f:c4:c2:2c:
         c4:be:e9:52:eb:b1:21:98:8f:78:93:d8:48:b8:2a:38:cc:95:
         2d:63:31:0d:f2:cc:c6:37:a7:64:ad:2d:ab:db:6a:1c:40:c4:
         d7:44:19:83:5a:8e:68:fb:db:5d:b0:82:8b:19:d0:31:b6:ac:
         5e:00:bd:16:91:8e:b5:c9:78:3d:fe:9c:1d:dd:ae:b1:4f:12:
         1d:71:d9:06:76:a6:31:21:55:36:57:c2:ef:53:dc:ae:5e:7d:
         e9:82:fc:a8:21:45:63:18:ef:7b:e3:d0:bf:37:35:b9:17:8f:
         10:93:66:2d:ef:cb:b2:5c:e7:83:75:75:0a:1d:65:76:83:68:
         2b:ac:cd:8d:e0:b8:58:f2:93:3e:aa:fe:a2:c8:17:e5:b1:19:
         1c:9d:62:aa:24:75:84:8b:93:88:ee:28:6e:a9:ad:b0:90:86:
         f1:9e:d7:3d:26:d1:f1:10:99:5d:b1:29:2a:a0:4d:e4:0f:5d:
         9b:3b:40:db:6e:82:16:d3:09:0d:24:61:35:0b:ee:b6:df:3f:
         bd:e9:b2:05
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3Cog7YYiRJ83a7EtfmfVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzNWQ4MzFhZmNjOWQ3NGNjZjNlZTQwYTBlYjY4Zjk5MDg1
Yjk4ZGQwHhcNMjQwMTAxMTYyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTQ2ODMxZWZkM2M4MDI4N2Q0NWI2YzQzNTNjYTRhODZjYTZmZDIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxsVwTxsMxb+V26PSLalDYb0zLAvJ
G0OO3zmcBtHblzmquToUTSsu00b34FsxsVKbqge711N8ZUNntcgZR2YxTr0FPwUj
SoqFR5hyLSk+Iw2W7BkkMVcEhDyMtTFZnkMf1/mdC0bfR/CIxeFPYZGQnY3F5VLm
lw3e8lYBtVCxh0Lc5bgbVdfSoCqQusjThIU0qV8h32rMCMSwe/KOvesGPf6nAHqe
MohfkjPsUwli1qqEzWqJsZ9tL9l7kk79G7IoRbjOLSO3Gx14ytMNylkihVcnIMz9
E6a6qKiGF/x1iUCHoM9IBaSnNQqj8mWWb0KxoAxP2o/s1un5pofV5Av+hwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFClGgx79PIAofUW2xDU8pKhspv0jMB8GA1UdIwQY
MBaAFDNdgxr8yddMzz7kCg62j5kIW5jdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTEyREd2ekoxMHpQUHVRS0RyYVBtUWhibU4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC81OWQ5ODctZmE1ZC00MDZmLTljNmEt
MWQ2MDc2ZTBlMjkwLzEvS1VhREh2MDhnQ2g5UmJiRU5UeWtxR3ltX1NNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC81OWQ5ODctZmE1ZC00MDZmLTljNmEtMWQ2MDc2ZTBlMjkw
LzEvTTEyREd2ekoxMHpQUHVRS0RyYVBtUWhibU4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW8QGMA0E
AgACMAcDBQMqEmTAMA0GCSqGSIb3DQEBCwUAA4IBAQAH89Jgepx65KToi5sJlwZJ
2ZQzF1DrpDFwMQFI9aolTdCN3UUJwn1jLX11jyA8UdLodG/EwizEvulS67EhmI94
k9hIuCo4zJUtYzEN8szGN6dkrS2r22ocQMTXRBmDWo5o+9tdsIKLGdAxtqxeAL0W
kY61yXg9/pwd3a6xTxIdcdkGdqYxIVU2V8LvU9yuXn3pgvyoIUVjGO9749C/NzW5
F48Qk2Yt78uyXOeDdXUKHWV2g2grrM2N4LhY8pM+qv6iyBflsRkcnWKqJHWEi5OI
7ihuqa2wkIbxntc9JtHxEJldsSkqoE3kD12bO0DbboIW0wkNJGE1C+623z+96bIF
-----END CERTIFICATE-----