Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/66af07-3318-4f4a-89ff-40c5ebc6f736/1/koOmRpt80U1XMDBcl-wHPVI1a0M.roa
File:                     koOmRpt80U1XMDBcl-wHPVI1a0M.roa (raw, json)
Hash identifier:          TQUJZDDIMDMtvti9yGtB4z9nMUGYmpbFPB7hN+A3dIg=
Subject key identifier:   92:83:A6:46:9B:7C:D1:4D:57:30:30:5C:97:EC:07:3D:52:35:6B:43
Certificate issuer:       /CN=6d23ce7b0c10068fbc44c021943e339013f2aee0
Certificate serial:       018CC64ACE9CF7BCAA56EB9B6D3D30E60654
Authority key identifier: 6D:23:CE:7B:0C:10:06:8F:BC:44:C0:21:94:3E:33:90:13:F2:AE:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bSPOewwQBo-8RMAhlD4zkBPyruA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/66af07-3318-4f4a-89ff-40c5ebc6f736/1/koOmRpt80U1XMDBcl-wHPVI1a0M.roa
Signing time:             Mon 01 Jan 2024 18:30:40 +0000
ROA not before:           Mon 01 Jan 2024 18:30:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58291
IP address blocks:        45.11.28.0/22 maxlen: 24
                          2a0e:5700::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/66af07-3318-4f4a-89ff-40c5ebc6f736/1/bSPOewwQBo-8RMAhlD4zkBPyruA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/66af07-3318-4f4a-89ff-40c5ebc6f736/1/bSPOewwQBo-8RMAhlD4zkBPyruA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bSPOewwQBo-8RMAhlD4zkBPyruA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:ce:9c:f7:bc:aa:56:eb:9b:6d:3d:30:e6:06:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d23ce7b0c10068fbc44c021943e339013f2aee0
        Validity
            Not Before: Jan  1 18:30:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9283a6469b7cd14d5730305c97ec073d52356b43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:51:55:cf:c9:70:25:f7:b3:01:eb:c3:4d:fc:
                    e9:dd:c1:b9:f2:d3:1d:81:24:5b:87:46:40:f7:6d:
                    6e:8f:e0:b3:0f:01:d7:7a:ac:2d:99:66:42:89:2d:
                    b1:45:8d:d1:47:3b:f4:57:e0:d0:53:8e:cb:d1:ef:
                    bc:4c:04:70:41:00:75:b4:ea:12:61:06:de:b7:93:
                    53:d3:7d:9c:6e:20:cc:f4:d3:ca:f4:7c:4f:7d:22:
                    2f:1c:59:7b:f3:87:f0:38:08:7a:1c:0f:59:dd:24:
                    e5:ea:34:6c:2b:06:41:d5:c6:77:36:8d:53:7e:f7:
                    6e:55:00:fc:d1:0b:bf:cf:6a:29:79:64:31:44:17:
                    4b:06:e4:24:5f:74:45:81:16:a8:ea:a9:48:0e:a0:
                    05:e3:2c:d8:0c:05:90:7b:71:1b:80:06:48:a4:18:
                    89:a7:63:fe:a0:a7:51:af:fe:44:34:a6:51:a2:38:
                    cb:82:b1:c4:5b:a9:28:33:87:56:a5:c2:dc:e6:b7:
                    a5:07:04:c9:2c:07:08:04:bf:7b:ee:82:00:a8:d8:
                    96:f1:71:fd:a5:13:75:19:ee:bf:be:f9:e3:c2:d6:
                    29:5c:60:f0:29:97:c7:f8:35:b7:c4:96:e3:59:e5:
                    a7:04:30:20:a7:df:0e:73:c9:5b:fa:18:26:06:43:
                    0b:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:83:A6:46:9B:7C:D1:4D:57:30:30:5C:97:EC:07:3D:52:35:6B:43
            X509v3 Authority Key Identifier:
                keyid:6D:23:CE:7B:0C:10:06:8F:BC:44:C0:21:94:3E:33:90:13:F2:AE:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bSPOewwQBo-8RMAhlD4zkBPyruA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/66af07-3318-4f4a-89ff-40c5ebc6f736/1/koOmRpt80U1XMDBcl-wHPVI1a0M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/66af07-3318-4f4a-89ff-40c5ebc6f736/1/bSPOewwQBo-8RMAhlD4zkBPyruA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.28.0/22
                IPv6:
                  2a0e:5700::/32

    Signature Algorithm: sha256WithRSAEncryption
         29:57:ea:0d:e7:46:79:0d:65:37:c6:e1:76:ad:65:0b:cb:13:
         e8:b7:61:27:34:67:07:dd:f1:87:3b:9a:82:b7:3c:2e:4c:90:
         2d:62:92:69:01:88:99:6b:5a:85:49:2d:9c:ed:2f:22:9d:3e:
         fd:f0:63:97:79:71:f4:c3:9c:5a:86:f5:14:29:7e:2a:ed:da:
         9f:ba:db:a8:5d:29:b0:3b:d9:df:68:fd:e8:87:29:fd:8a:f4:
         b3:9c:13:89:6a:ff:c7:29:46:6b:34:7b:43:83:77:db:c3:9f:
         8f:de:d9:59:09:63:71:ee:c1:07:2e:0d:77:31:0b:c1:db:e7:
         9b:33:b9:3b:a7:50:d7:3d:aa:ed:04:72:be:e5:45:6b:db:3c:
         08:92:99:88:9b:b2:e2:e8:2b:53:9b:90:51:36:f4:a9:bc:30:
         ae:b8:ce:33:69:fd:8a:f2:53:d8:65:91:a8:aa:1b:d2:c1:c3:
         62:f2:48:80:05:61:c5:93:f7:7b:2d:40:37:98:de:e0:83:a2:
         33:11:9a:74:18:44:bf:e3:4a:25:f4:33:e6:26:fd:a4:f2:bf:
         61:2f:3e:98:65:4b:39:8a:70:d6:a0:02:89:f7:92:5f:c1:14:
         b7:82:90:4f:3f:c5:cc:80:d7:f9:5a:ce:3a:a9:d4:d1:83:b7:
         0c:ab:92:c8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGSs6c97yqVuubbT0w5gZUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMjNjZTdiMGMxMDA2OGZiYzQ0YzAyMTk0M2UzMzkwMTNm
MmFlZTAwHhcNMjQwMTAxMTgzMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjgzYTY0NjliN2NkMTRkNTczMDMwNWM5N2VjMDczZDUyMzU2YjQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApFFVz8lwJfezAevDTfzp3cG58tMd
gSRbh0ZA921uj+CzDwHXeqwtmWZCiS2xRY3RRzv0V+DQU47L0e+8TARwQQB1tOoS
YQbet5NT032cbiDM9NPK9HxPfSIvHFl784fwOAh6HA9Z3STl6jRsKwZB1cZ3No1T
fvduVQD80Qu/z2opeWQxRBdLBuQkX3RFgRao6qlIDqAF4yzYDAWQe3EbgAZIpBiJ
p2P+oKdRr/5ENKZRojjLgrHEW6koM4dWpcLc5relBwTJLAcIBL977oIAqNiW8XH9
pRN1Ge6/vvnjwtYpXGDwKZfH+DW3xJbjWeWnBDAgp98Oc8lb+hgmBkML2wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJKDpkabfNFNVzAwXJfsBz1SNWtDMB8GA1UdIwQY
MBaAFG0jznsMEAaPvETAIZQ+M5AT8q7gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlNQT2V3d1FCby04Uk1BaGxENHprQlB5cnVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My82NmFmMDctMzMxOC00ZjRhLTg5ZmYt
NDBjNWViYzZmNzM2LzEva29PbVJwdDgwVTFYTURCY2wtd0hQVkkxYTBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My82NmFmMDctMzMxOC00ZjRhLTg5ZmYtNDBjNWViYzZmNzM2
LzEvYlNQT2V3d1FCby04Uk1BaGxENHprQlB5cnVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLQscMA0E
AgACMAcDBQAqDlcAMA0GCSqGSIb3DQEBCwUAA4IBAQApV+oN50Z5DWU3xuF2rWUL
yxPot2EnNGcH3fGHO5qCtzwuTJAtYpJpAYiZa1qFSS2c7S8inT798GOXeXH0w5xa
hvUUKX4q7dqfutuoXSmwO9nfaP3ohyn9ivSznBOJav/HKUZrNHtDg3fbw5+P3tlZ
CWNx7sEHLg13MQvB2+ebM7k7p1DXPartBHK+5UVr2zwIkpmIm7Li6CtTm5BRNvSp
vDCuuM4zaf2K8lPYZZGoqhvSwcNi8kiABWHFk/d7LUA3mN7gg6IzEZp0GES/40ol
9DPmJv2k8r9hLz6YZUs5inDWoAKJ95JfwRS3gpBPP8XMgNf5Ws46qdTRg7cMq5LI
-----END CERTIFICATE-----