Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/d4e434-6356-46fd-8b35-7ffd5c550385/1/KOFewROANVLTfJnYH7Mfjar_kP8.roa
File:                     KOFewROANVLTfJnYH7Mfjar_kP8.roa (raw, json)
Hash identifier:          rteKqUSWjMlXD8MglHsWIs5Let3xmvhIcxiuZFWifgI=
Subject key identifier:   28:E1:5E:C1:13:80:35:52:D3:7C:99:D8:1F:B3:1F:8D:AA:FF:90:FF
Certificate issuer:       /CN=25dd9b849c0dafae386f470123b09261ae355517
Certificate serial:       018CCA2A211B864109617AAF51267C7D4DA6
Authority key identifier: 25:DD:9B:84:9C:0D:AF:AE:38:6F:47:01:23:B0:92:61:AE:35:55:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Jd2bhJwNr644b0cBI7CSYa41VRc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/d4e434-6356-46fd-8b35-7ffd5c550385/1/KOFewROANVLTfJnYH7Mfjar_kP8.roa
Signing time:             Tue 02 Jan 2024 12:33:27 +0000
ROA not before:           Tue 02 Jan 2024 12:33:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25439
IP address blocks:        193.178.164.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/d4e434-6356-46fd-8b35-7ffd5c550385/1/Jd2bhJwNr644b0cBI7CSYa41VRc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/d4e434-6356-46fd-8b35-7ffd5c550385/1/Jd2bhJwNr644b0cBI7CSYa41VRc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Jd2bhJwNr644b0cBI7CSYa41VRc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:21:1b:86:41:09:61:7a:af:51:26:7c:7d:4d:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25dd9b849c0dafae386f470123b09261ae355517
        Validity
            Not Before: Jan  2 12:33:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=28e15ec113803552d37c99d81fb31f8daaff90ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:e3:a8:51:05:86:68:2d:fc:5d:72:aa:21:88:
                    6c:8e:a5:85:83:38:23:44:70:d7:22:27:7b:6e:b3:
                    13:32:09:bc:84:1a:41:10:bb:0c:65:e6:34:93:4e:
                    af:e2:c3:89:cc:9a:8a:1a:2f:56:55:b4:05:e2:68:
                    e8:dc:c7:81:1b:a9:2b:5e:f3:12:74:99:b4:50:3d:
                    ac:ea:30:68:1b:e6:32:14:91:ef:24:ef:ed:de:5c:
                    84:38:5e:f1:b1:d8:11:6f:90:c7:9e:35:f8:e1:20:
                    6e:d0:47:36:66:18:df:26:5c:c1:87:4e:c8:86:93:
                    53:0f:2a:78:bb:f4:ad:8a:5c:c1:fa:ab:7e:00:a3:
                    d6:9b:1c:a3:7b:ed:a2:1e:d6:48:39:7c:f1:dc:ac:
                    45:61:fe:66:63:d3:06:24:44:d3:8d:0d:0d:8d:88:
                    08:30:ba:7f:e2:0b:17:79:2f:52:98:3a:34:7e:07:
                    f4:f9:85:49:ed:f6:4e:37:3b:b0:86:99:52:b8:96:
                    89:12:db:6a:59:2a:17:1b:8f:28:46:67:e5:4c:cb:
                    09:88:18:6d:8f:61:b6:cd:a4:e3:3c:c3:b1:22:e9:
                    2d:3d:64:54:57:56:a4:5b:70:33:c4:03:80:c7:b9:
                    e3:fe:56:88:0a:a1:45:de:e2:af:93:8e:b7:c0:dd:
                    92:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:E1:5E:C1:13:80:35:52:D3:7C:99:D8:1F:B3:1F:8D:AA:FF:90:FF
            X509v3 Authority Key Identifier:
                keyid:25:DD:9B:84:9C:0D:AF:AE:38:6F:47:01:23:B0:92:61:AE:35:55:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Jd2bhJwNr644b0cBI7CSYa41VRc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/d4e434-6356-46fd-8b35-7ffd5c550385/1/KOFewROANVLTfJnYH7Mfjar_kP8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/d4e434-6356-46fd-8b35-7ffd5c550385/1/Jd2bhJwNr644b0cBI7CSYa41VRc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.178.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:6f:86:cc:81:1c:b0:90:3c:c0:2f:54:3d:bf:99:80:d1:93:
         ec:c4:cc:6b:7d:c0:26:b2:ba:e4:ea:c5:fc:ea:38:d5:ee:b6:
         01:4f:65:ca:1e:66:16:9b:9e:58:ff:f8:fe:bd:ed:64:a1:65:
         1b:e4:4e:78:7e:ae:3f:26:cc:40:3f:4c:3f:f9:30:af:5a:15:
         58:f9:81:6d:24:ca:45:ef:8d:5a:63:81:1b:20:03:30:06:46:
         fb:ed:3d:e4:f1:c2:75:1d:d2:b7:f8:8b:8b:b2:5f:4a:47:8b:
         f3:6f:f7:54:f5:4e:16:56:d3:3f:7e:21:58:a6:a4:c6:da:67:
         b9:08:05:b0:03:88:7c:cb:2c:dc:b5:3f:91:ed:bd:d2:5d:f7:
         4c:cc:78:16:f7:7f:6e:6c:26:e3:5c:12:98:ac:07:49:2b:1d:
         c7:35:4c:91:40:1e:a2:c5:37:d0:cc:a3:56:b4:9e:e3:02:59:
         8c:8f:7f:34:71:33:e8:3e:17:df:77:f1:8a:20:9f:4d:9f:a8:
         d2:83:e0:03:bf:d4:49:a2:e8:58:55:a6:99:93:d0:41:b2:9e:
         b3:22:97:60:9d:61:c1:bc:68:3b:18:e1:bb:cb:22:a6:ad:6c:
         7f:c7:d8:6e:19:8d:2d:d2:bc:c9:4e:2f:78:3e:ba:a4:c3:64:
         26:e9:49:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKiEbhkEJYXqvUSZ8fU2mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1ZGQ5Yjg0OWMwZGFmYWUzODZmNDcwMTIzYjA5MjYxYWUz
NTU1MTcwHhcNMjQwMTAyMTIzMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGUxNWVjMTEzODAzNTUyZDM3Yzk5ZDgxZmIzMWY4ZGFhZmY5MGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApOOoUQWGaC38XXKqIYhsjqWFgzgj
RHDXIid7brMTMgm8hBpBELsMZeY0k06v4sOJzJqKGi9WVbQF4mjo3MeBG6krXvMS
dJm0UD2s6jBoG+YyFJHvJO/t3lyEOF7xsdgRb5DHnjX44SBu0Ec2ZhjfJlzBh07I
hpNTDyp4u/StilzB+qt+AKPWmxyje+2iHtZIOXzx3KxFYf5mY9MGJETTjQ0NjYgI
MLp/4gsXeS9SmDo0fgf0+YVJ7fZONzuwhplSuJaJEttqWSoXG48oRmflTMsJiBht
j2G2zaTjPMOxIuktPWRUV1akW3AzxAOAx7nj/laICqFF3uKvk463wN2STwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCjhXsETgDVS03yZ2B+zH42q/5D/MB8GA1UdIwQY
MBaAFCXdm4ScDa+uOG9HASOwkmGuNVUXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmQyYmhKd05yNjQ0YjBjQkk3Q1NZYTQxVlJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9kNGU0MzQtNjM1Ni00NmZkLThiMzUt
N2ZmZDVjNTUwMzg1LzEvS09GZXdST0FOVkxUZkpuWUg3TWZqYXJfa1A4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9kNGU0MzQtNjM1Ni00NmZkLThiMzUtN2ZmZDVjNTUwMzg1
LzEvSmQyYmhKd05yNjQ0YjBjQkk3Q1NZYTQxVlJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwbKkMA0G
CSqGSIb3DQEBCwUAA4IBAQCob4bMgRywkDzAL1Q9v5mA0ZPsxMxrfcAmsrrk6sX8
6jjV7rYBT2XKHmYWm55Y//j+ve1koWUb5E54fq4/JsxAP0w/+TCvWhVY+YFtJMpF
741aY4EbIAMwBkb77T3k8cJ1HdK3+IuLsl9KR4vzb/dU9U4WVtM/fiFYpqTG2me5
CAWwA4h8yyzctT+R7b3SXfdMzHgW939ubCbjXBKYrAdJKx3HNUyRQB6ixTfQzKNW
tJ7jAlmMj380cTPoPhffd/GKIJ9Nn6jSg+ADv9RJouhYVaaZk9BBsp6zIpdgnWHB
vGg7GOG7yyKmrWx/x9huGY0t0rzJTi94Prqkw2Qm6UmP
-----END CERTIFICATE-----