Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/7b127b-44ce-4cad-ad8f-089c1c3d4357/1/KKLvJZjW6AP3iT_q47j-V8H7Eak.roa
File:                     KKLvJZjW6AP3iT_q47j-V8H7Eak.roa (raw, json)
Hash identifier:          /WXBXX5NT+nD+FMqD1gZJwRZQ+REkejP8oXVvLFHtOA=
Subject key identifier:   28:A2:EF:25:98:D6:E8:03:F7:89:3F:EA:E3:B8:FE:57:C1:FB:11:A9
Certificate issuer:       /CN=2ac3ed794adafb91cb81a969eb8a9b2905fee2ec
Certificate serial:       018CC64B1506AB706EF299080ED325925E8C
Authority key identifier: 2A:C3:ED:79:4A:DA:FB:91:CB:81:A9:69:EB:8A:9B:29:05:FE:E2:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPteUra-5HLgalp64qbKQX-4uw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/7b127b-44ce-4cad-ad8f-089c1c3d4357/1/KKLvJZjW6AP3iT_q47j-V8H7Eak.roa
Signing time:             Mon 01 Jan 2024 18:30:58 +0000
ROA not before:           Mon 01 Jan 2024 18:30:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9051
IP address blocks:        185.192.160.0/22 maxlen: 24
                          46.19.192.0/21 maxlen: 24
                          2a0a:2d40::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/7b127b-44ce-4cad-ad8f-089c1c3d4357/1/KsPteUra-5HLgalp64qbKQX-4uw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/7b127b-44ce-4cad-ad8f-089c1c3d4357/1/KsPteUra-5HLgalp64qbKQX-4uw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPteUra-5HLgalp64qbKQX-4uw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:15:06:ab:70:6e:f2:99:08:0e:d3:25:92:5e:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3ed794adafb91cb81a969eb8a9b2905fee2ec
        Validity
            Not Before: Jan  1 18:30:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=28a2ef2598d6e803f7893feae3b8fe57c1fb11a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:40:99:35:31:79:2a:bc:3e:5d:e5:db:a7:39:
                    5a:33:82:7e:2c:63:f8:c0:25:c4:67:58:c7:5b:3c:
                    ce:85:79:18:41:ef:99:07:41:53:40:4f:dc:6f:b3:
                    73:f3:17:9a:b2:a1:e6:67:f9:45:60:0c:41:ec:3e:
                    3a:10:9c:4e:de:79:7a:6e:17:47:d9:dd:19:80:62:
                    21:9d:bd:26:21:35:73:ec:eb:ef:2f:94:cd:e3:05:
                    a5:69:ff:53:d4:c0:d8:5f:5e:f2:6b:50:33:68:dc:
                    b4:d0:ce:e2:59:98:44:65:3b:95:82:df:37:f4:9e:
                    22:e0:04:b7:09:d1:73:39:5d:d1:37:eb:82:ad:5a:
                    80:1e:f2:a6:c5:16:31:15:29:b2:c0:10:6a:53:fe:
                    b3:19:a6:14:55:5c:82:70:8c:3c:6f:98:59:f3:68:
                    0d:3a:45:7b:93:0c:4f:d3:59:ca:f9:de:9b:90:fb:
                    30:21:cc:73:84:13:8b:e7:ab:8c:ad:f8:c3:d4:8f:
                    3c:05:7d:c5:6b:b1:d4:0f:d8:f1:30:c3:81:8e:67:
                    11:11:bc:a8:da:6f:92:a8:74:4d:05:d4:13:fe:62:
                    16:2b:99:96:ea:75:7a:c1:40:6a:a3:bf:28:94:84:
                    16:2a:99:a0:f5:b9:f8:88:84:e5:96:bd:d5:d0:ed:
                    a1:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:A2:EF:25:98:D6:E8:03:F7:89:3F:EA:E3:B8:FE:57:C1:FB:11:A9
            X509v3 Authority Key Identifier:
                keyid:2A:C3:ED:79:4A:DA:FB:91:CB:81:A9:69:EB:8A:9B:29:05:FE:E2:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPteUra-5HLgalp64qbKQX-4uw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/7b127b-44ce-4cad-ad8f-089c1c3d4357/1/KKLvJZjW6AP3iT_q47j-V8H7Eak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/7b127b-44ce-4cad-ad8f-089c1c3d4357/1/KsPteUra-5HLgalp64qbKQX-4uw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.19.192.0/21
                  185.192.160.0/22
                IPv6:
                  2a0a:2d40::/29

    Signature Algorithm: sha256WithRSAEncryption
         59:fc:34:a5:fc:33:f5:1f:4a:cb:2d:ea:ef:c1:c0:9a:ce:91:
         bc:2b:57:bb:7f:e9:c7:f1:46:7b:05:6a:aa:05:65:de:81:22:
         d6:b1:5b:28:06:7e:c4:c7:46:7e:ea:05:94:29:84:1c:f8:06:
         cc:3d:72:73:1e:48:0f:3b:ae:be:4a:58:6a:48:03:7b:36:be:
         01:8f:1f:1c:11:21:12:86:d2:b8:fc:5d:73:e5:8a:5a:4b:12:
         58:30:6e:71:36:21:9c:cf:0d:32:89:f6:07:05:04:9f:83:43:
         f8:22:a3:17:7b:cc:c6:42:4a:fe:3f:ae:0f:2e:48:ee:c0:9a:
         97:50:9b:5b:64:48:a8:7c:13:14:14:1d:57:70:f8:41:64:68:
         7c:65:4e:0b:87:84:b9:f0:95:0b:94:c0:2c:54:7e:8a:96:3c:
         81:9b:14:25:4d:63:48:dd:70:f8:ed:9c:72:fd:b6:85:52:8a:
         27:ff:6c:86:86:49:06:7a:6f:40:2a:34:18:2a:88:c9:c4:32:
         e2:cf:41:55:ac:2e:d1:bd:47:b1:8c:b1:3f:87:4f:69:5e:f4:
         b2:b8:dd:4a:ca:d2:8a:67:93:a1:6f:e2:02:3f:ea:4b:25:73:
         ef:e5:b7:05:52:6c:6d:00:73:9c:96:aa:80:20:34:bd:f5:76:
         f5:33:4e:13
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzGSxUGq3Bu8pkIDtMlkl6MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNlZDc5NGFkYWZiOTFjYjgxYTk2OWViOGE5YjI5MDVm
ZWUyZWMwHhcNMjQwMTAxMTgzMDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGEyZWYyNTk4ZDZlODAzZjc4OTNmZWFlM2I4ZmU1N2MxZmIxMWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0UCZNTF5Krw+XeXbpzlaM4J+LGP4
wCXEZ1jHWzzOhXkYQe+ZB0FTQE/cb7Nz8xeasqHmZ/lFYAxB7D46EJxO3nl6bhdH
2d0ZgGIhnb0mITVz7OvvL5TN4wWlaf9T1MDYX17ya1AzaNy00M7iWZhEZTuVgt83
9J4i4AS3CdFzOV3RN+uCrVqAHvKmxRYxFSmywBBqU/6zGaYUVVyCcIw8b5hZ82gN
OkV7kwxP01nK+d6bkPswIcxzhBOL56uMrfjD1I88BX3Fa7HUD9jxMMOBjmcREbyo
2m+SqHRNBdQT/mIWK5mW6nV6wUBqo78olIQWKpmg9bn4iITllr3V0O2hPwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCii7yWY1ugD94k/6uO4/lfB+xGpMB8GA1UdIwQY
MBaAFCrD7XlK2vuRy4GpaeuKmykF/uLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQdGVVcmEtNUhMZ2FscDY0cWJLUVgtNHV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi83YjEyN2ItNDRjZS00Y2FkLWFkOGYt
MDg5YzFjM2Q0MzU3LzEvS0tMdkpaalc2QVAzaVRfcTQ3ai1WOEg3RWFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi83YjEyN2ItNDRjZS00Y2FkLWFkOGYtMDg5YzFjM2Q0MzU3
LzEvS3NQdGVVcmEtNUhMZ2FscDY0cWJLUVgtNHV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDLhPAAwQC
ucCgMA0EAgACMAcDBQMqCi1AMA0GCSqGSIb3DQEBCwUAA4IBAQBZ/DSl/DP1H0rL
LervwcCazpG8K1e7f+nH8UZ7BWqqBWXegSLWsVsoBn7Ex0Z+6gWUKYQc+AbMPXJz
HkgPO66+SlhqSAN7Nr4Bjx8cESEShtK4/F1z5YpaSxJYMG5xNiGczw0yifYHBQSf
g0P4IqMXe8zGQkr+P64PLkjuwJqXUJtbZEiofBMUFB1XcPhBZGh8ZU4Lh4S58JUL
lMAsVH6KljyBmxQlTWNI3XD47Zxy/baFUoon/2yGhkkGem9AKjQYKojJxDLiz0FV
rC7RvUexjLE/h09pXvSyuN1KytKKZ5Ohb+ICP+pLJXPv5bcFUmxtAHOclqqAIDS9
9Xb1M04T
-----END CERTIFICATE-----