Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/a166a7-7d07-409a-aed0-639315dca580/1/KzKonY-T9PLtA1kHZkLLS4_oR7Q.roa
File:                     KzKonY-T9PLtA1kHZkLLS4_oR7Q.roa (raw, json)
Hash identifier:          l8jd4G6i2//aWJKokziOqD1M1XeTzfs3q/IlET0aBRU=
Subject key identifier:   2B:32:A8:9D:8F:93:F4:F2:ED:03:59:07:66:42:CB:4B:8F:E8:47:B4
Certificate issuer:       /CN=26bab8c6915851f4efd40274f742509b7ac7e22e
Certificate serial:       018CC94E4666FFB949DAA9AAB37B12011F5E
Authority key identifier: 26:BA:B8:C6:91:58:51:F4:EF:D4:02:74:F7:42:50:9B:7A:C7:E2:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Jrq4xpFYUfTv1AJ090JQm3rH4i4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/a166a7-7d07-409a-aed0-639315dca580/1/KzKonY-T9PLtA1kHZkLLS4_oR7Q.roa
Signing time:             Tue 02 Jan 2024 08:33:19 +0000
ROA not before:           Tue 02 Jan 2024 08:33:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1213
IP address blocks:        157.190.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/a166a7-7d07-409a-aed0-639315dca580/1/Jrq4xpFYUfTv1AJ090JQm3rH4i4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/a166a7-7d07-409a-aed0-639315dca580/1/Jrq4xpFYUfTv1AJ090JQm3rH4i4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Jrq4xpFYUfTv1AJ090JQm3rH4i4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 11:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:46:66:ff:b9:49:da:a9:aa:b3:7b:12:01:1f:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=26bab8c6915851f4efd40274f742509b7ac7e22e
        Validity
            Not Before: Jan  2 08:33:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2b32a89d8f93f4f2ed0359076642cb4b8fe847b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:7d:e9:51:d0:a7:d3:20:ae:b3:e4:a4:26:df:
                    9e:d0:7b:e9:de:6b:2c:41:3a:57:47:a8:9c:d6:66:
                    92:f0:69:32:a9:95:3d:3f:c6:70:b5:d3:f3:11:94:
                    1a:44:6f:8a:39:7c:08:9a:61:9a:7b:42:71:ef:93:
                    1a:37:34:19:c9:cf:69:46:2a:e6:e8:f4:7c:f9:e7:
                    a7:40:c3:6b:da:59:55:10:17:7b:f8:37:6b:8b:61:
                    fd:e1:ca:67:23:58:82:81:19:91:b4:e9:96:0b:ee:
                    4f:93:a1:ea:17:52:92:a2:86:cd:b7:60:30:dc:c5:
                    8f:3c:7a:d2:6a:85:ca:e6:98:d8:f5:4f:94:5d:81:
                    50:8e:06:7b:c0:4e:d3:67:49:d7:f7:77:ff:74:d4:
                    54:62:91:9b:c4:f1:e6:01:f1:3c:74:31:d3:d8:b9:
                    6d:a6:14:24:31:13:a0:3b:0f:ff:39:aa:e4:00:f2:
                    f3:f2:8b:b6:b1:4b:74:62:d5:65:f6:0c:11:c5:74:
                    cb:e7:86:8d:5c:2d:1e:28:15:a6:ef:40:cf:33:95:
                    ab:ba:0d:29:e1:a6:88:3f:e6:77:2e:e0:79:ee:c7:
                    9d:8e:1e:b5:8c:d6:92:55:f2:07:40:6a:1e:ae:02:
                    ee:d8:b4:db:a9:97:83:c7:5d:14:74:84:ef:fd:fb:
                    d1:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:32:A8:9D:8F:93:F4:F2:ED:03:59:07:66:42:CB:4B:8F:E8:47:B4
            X509v3 Authority Key Identifier:
                keyid:26:BA:B8:C6:91:58:51:F4:EF:D4:02:74:F7:42:50:9B:7A:C7:E2:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Jrq4xpFYUfTv1AJ090JQm3rH4i4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/a166a7-7d07-409a-aed0-639315dca580/1/KzKonY-T9PLtA1kHZkLLS4_oR7Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/a166a7-7d07-409a-aed0-639315dca580/1/Jrq4xpFYUfTv1AJ090JQm3rH4i4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.190.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         4b:81:61:41:e9:ef:50:f6:54:50:10:ad:7b:52:54:1e:bf:d4:
         94:ac:db:76:f0:3c:d5:0e:d8:d3:c9:c8:b6:d3:0c:18:e2:32:
         6e:58:80:7c:8c:7e:07:af:0f:75:f7:46:3b:93:26:55:99:47:
         4e:ea:54:77:4c:0e:81:0f:0a:53:4c:6d:40:32:87:42:6a:07:
         92:b1:a9:05:b2:66:7b:54:f1:e8:3a:77:7a:b8:0b:12:61:9a:
         46:cc:5a:db:fc:6d:fc:83:98:6c:59:2b:1c:4a:43:5a:32:98:
         12:2c:35:92:9f:75:59:4f:80:aa:88:ef:b1:a5:c0:9c:d7:17:
         b0:e9:1e:df:c6:fe:42:9d:d9:6a:43:a6:29:42:05:27:3e:3f:
         b5:97:e7:f7:7e:6c:5f:87:13:42:6a:89:1b:ef:73:7c:e6:d0:
         d1:e0:be:d7:21:5f:64:9d:a4:9f:10:8f:46:7c:c3:b1:4e:12:
         fd:ec:26:1e:c3:83:58:e6:b3:ca:33:53:d4:7f:6f:30:7c:85:
         bd:fc:de:81:99:4e:46:42:89:85:cd:c2:7e:a4:eb:4f:21:24:
         8f:95:38:7c:fa:97:97:71:98:a1:e7:03:b8:a1:38:02:48:c9:
         58:18:0b:d8:9c:64:74:5c:1b:9e:4a:b2:51:58:64:ae:b9:6d:
         ce:3f:d7:29
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzJTkZm/7lJ2qmqs3sSAR9eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2YmFiOGM2OTE1ODUxZjRlZmQ0MDI3NGY3NDI1MDliN2Fj
N2UyMmUwHhcNMjQwMTAyMDgzMzE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjMyYTg5ZDhmOTNmNGYyZWQwMzU5MDc2NjQyY2I0YjhmZTg0N2I0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkn3pUdCn0yCus+SkJt+e0Hvp3mss
QTpXR6ic1maS8GkyqZU9P8ZwtdPzEZQaRG+KOXwImmGae0Jx75MaNzQZyc9pRirm
6PR8+eenQMNr2llVEBd7+Ddri2H94cpnI1iCgRmRtOmWC+5Pk6HqF1KSoobNt2Aw
3MWPPHrSaoXK5pjY9U+UXYFQjgZ7wE7TZ0nX93f/dNRUYpGbxPHmAfE8dDHT2Llt
phQkMROgOw//OarkAPLz8ou2sUt0YtVl9gwRxXTL54aNXC0eKBWm70DPM5Wrug0p
4aaIP+Z3LuB57sedjh61jNaSVfIHQGoergLu2LTbqZeDx10UdITv/fvRGQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFCsyqJ2Pk/Ty7QNZB2ZCy0uP6Ee0MB8GA1UdIwQY
MBaAFCa6uMaRWFH079QCdPdCUJt6x+IuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnJxNHhwRllVZlR2MUFKMDkwSlFtM3JINGk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9hMTY2YTctN2QwNy00MDlhLWFlZDAt
NjM5MzE1ZGNhNTgwLzEvS3pLb25ZLVQ5UEx0QTFrSFprTExTNF9vUjdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9hMTY2YTctN2QwNy00MDlhLWFlZDAtNjM5MzE1ZGNhNTgw
LzEvSnJxNHhwRllVZlR2MUFKMDkwSlFtM3JINGk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAnb4wDQYJ
KoZIhvcNAQELBQADggEBAEuBYUHp71D2VFAQrXtSVB6/1JSs23bwPNUO2NPJyLbT
DBjiMm5YgHyMfgevD3X3RjuTJlWZR07qVHdMDoEPClNMbUAyh0JqB5KxqQWyZntU
8eg6d3q4CxJhmkbMWtv8bfyDmGxZKxxKQ1oymBIsNZKfdVlPgKqI77GlwJzXF7Dp
Ht/G/kKd2WpDpilCBSc+P7WX5/d+bF+HE0JqiRvvc3zm0NHgvtchX2SdpJ8Qj0Z8
w7FOEv3sJh7Dg1jms8ozU9R/bzB8hb383oGZTkZCiYXNwn6k608hJI+VOHz6l5dx
mKHnA7ihOAJIyVgYC9icZHRcG55KslFYZK65bc4/1yk=
-----END CERTIFICATE-----