Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/6745fe-e475-4c58-a31e-f2c0da61ac13/1/KIGZ9IfxocWm-0h0xo1FYKgUj3k.roa
File:                     KIGZ9IfxocWm-0h0xo1FYKgUj3k.roa (raw, json)
Hash identifier:          Jz2Vzn5SmBA3xSCW5L7Dzt9trl1Q8S4SNw0x6jF6jS8=
Subject key identifier:   28:81:99:F4:87:F1:A1:C5:A6:FB:48:74:C6:8D:45:60:A8:14:8F:79
Certificate issuer:       /CN=29590774e77a8994a4283128c35921d037b06f21
Certificate serial:       018CC2DAF9CA9B1FE39FF6EC866CB86F9ABB
Authority key identifier: 29:59:07:74:E7:7A:89:94:A4:28:31:28:C3:59:21:D0:37:B0:6F:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KVkHdOd6iZSkKDEow1kh0DewbyE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/6745fe-e475-4c58-a31e-f2c0da61ac13/1/KIGZ9IfxocWm-0h0xo1FYKgUj3k.roa
Signing time:             Mon 01 Jan 2024 02:29:39 +0000
ROA not before:           Mon 01 Jan 2024 02:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210198
IP address blocks:        185.137.128.0/22 maxlen: 24
                          2a0c:a980::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/6745fe-e475-4c58-a31e-f2c0da61ac13/1/KVkHdOd6iZSkKDEow1kh0DewbyE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/6745fe-e475-4c58-a31e-f2c0da61ac13/1/KVkHdOd6iZSkKDEow1kh0DewbyE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KVkHdOd6iZSkKDEow1kh0DewbyE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:f9:ca:9b:1f:e3:9f:f6:ec:86:6c:b8:6f:9a:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29590774e77a8994a4283128c35921d037b06f21
        Validity
            Not Before: Jan  1 02:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=288199f487f1a1c5a6fb4874c68d4560a8148f79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:b2:ac:30:2b:7d:05:97:8e:5e:53:a3:8f:23:
                    03:29:fe:f3:53:50:48:00:97:af:4e:58:71:e8:c3:
                    38:e7:2a:d9:38:0d:7c:99:68:e5:78:64:93:8a:97:
                    a8:40:35:38:e5:34:6f:ee:ab:57:f2:39:25:08:2f:
                    c6:3d:96:23:a8:6c:81:e9:ce:3e:82:f5:5c:ac:2d:
                    bb:6d:c6:3c:b3:73:87:2c:eb:1e:e7:3e:7f:66:5e:
                    2d:b6:cf:09:b7:df:f3:a8:8a:3b:9a:2f:42:1b:4f:
                    bb:c8:72:db:5e:3b:05:ae:ff:fd:c9:e4:03:74:eb:
                    43:05:86:a0:45:13:7f:41:ad:9b:40:40:32:95:ef:
                    3b:0b:65:92:36:2d:35:2a:e8:3a:58:34:13:87:d6:
                    bb:57:a5:69:47:e9:9d:b4:73:60:07:a4:f7:fd:86:
                    dd:a6:fc:80:5f:61:3c:86:aa:7b:0d:fb:33:c6:79:
                    8b:e9:68:e0:47:6a:4d:0f:20:95:bc:ec:c2:23:b7:
                    b9:aa:9e:1d:c6:3b:90:ff:1b:9b:04:ea:82:43:4a:
                    cd:10:40:53:c8:94:fc:32:bd:e7:73:bf:2e:46:74:
                    31:1e:f1:fc:25:df:96:fe:3e:26:59:6c:38:de:34:
                    03:7f:74:bb:d4:e8:80:7b:6f:6c:c0:c4:9e:24:4e:
                    4b:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:81:99:F4:87:F1:A1:C5:A6:FB:48:74:C6:8D:45:60:A8:14:8F:79
            X509v3 Authority Key Identifier:
                keyid:29:59:07:74:E7:7A:89:94:A4:28:31:28:C3:59:21:D0:37:B0:6F:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KVkHdOd6iZSkKDEow1kh0DewbyE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/6745fe-e475-4c58-a31e-f2c0da61ac13/1/KIGZ9IfxocWm-0h0xo1FYKgUj3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/6745fe-e475-4c58-a31e-f2c0da61ac13/1/KVkHdOd6iZSkKDEow1kh0DewbyE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.137.128.0/22
                IPv6:
                  2a0c:a980::/29

    Signature Algorithm: sha256WithRSAEncryption
         7e:3f:3b:f2:c5:ad:73:b5:3a:b3:1b:91:0e:83:f9:a5:c5:f1:
         05:3b:f6:4f:ab:23:fa:1d:87:70:d3:55:63:47:25:57:b2:8f:
         a4:ea:77:50:d6:7d:da:91:54:fe:9b:30:4f:fd:24:0d:b6:8e:
         63:9c:b8:09:25:b4:3b:48:85:61:21:01:44:06:8f:f4:4d:b3:
         18:84:75:ff:8f:e0:9a:71:dc:d7:04:ea:47:b2:b6:2d:e2:b7:
         86:85:46:75:11:dd:d6:26:ef:64:4e:34:66:37:c1:47:b7:ba:
         ef:45:29:f3:93:82:38:e0:8e:ea:85:4f:49:63:cf:f8:55:1a:
         fd:e1:c4:e4:d1:fa:61:eb:8e:d6:05:05:94:c0:44:71:05:f1:
         e2:47:48:f8:c0:13:f8:5b:81:66:c1:b1:65:1c:2a:79:6b:62:
         7a:9e:7a:4b:e3:b7:f5:36:df:cb:95:fb:20:e9:54:cb:92:eb:
         8d:cc:af:96:70:8a:9e:f8:de:83:1f:92:69:3b:6d:10:14:03:
         ae:e3:db:6b:a3:64:64:e1:c7:28:e1:20:e0:00:4b:1b:f1:9f:
         f2:70:95:80:da:6b:07:b9:72:fe:6c:f2:a6:60:64:e0:32:4b:
         ff:50:be:bb:f2:a2:2d:67:ba:3f:f5:f6:93:a6:0e:d6:b9:0a:
         10:53:d3:d7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzC2vnKmx/jn/bshmy4b5q7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NTkwNzc0ZTc3YTg5OTRhNDI4MzEyOGMzNTkyMWQwMzdi
MDZmMjEwHhcNMjQwMTAxMDIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODgxOTlmNDg3ZjFhMWM1YTZmYjQ4NzRjNjhkNDU2MGE4MTQ4Zjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkLKsMCt9BZeOXlOjjyMDKf7zU1BI
AJevTlhx6MM45yrZOA18mWjleGSTipeoQDU45TRv7qtX8jklCC/GPZYjqGyB6c4+
gvVcrC27bcY8s3OHLOse5z5/Zl4tts8Jt9/zqIo7mi9CG0+7yHLbXjsFrv/9yeQD
dOtDBYagRRN/Qa2bQEAyle87C2WSNi01Kug6WDQTh9a7V6VpR+mdtHNgB6T3/Ybd
pvyAX2E8hqp7DfszxnmL6WjgR2pNDyCVvOzCI7e5qp4dxjuQ/xubBOqCQ0rNEEBT
yJT8Mr3nc78uRnQxHvH8Jd+W/j4mWWw43jQDf3S71OiAe29swMSeJE5LDwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCiBmfSH8aHFpvtIdMaNRWCoFI95MB8GA1UdIwQY
MBaAFClZB3TneomUpCgxKMNZIdA3sG8hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1ZrSGRPZDZpWlNrS0RFb3cxa2gwRGV3YnlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni82NzQ1ZmUtZTQ3NS00YzU4LWEzMWUt
ZjJjMGRhNjFhYzEzLzEvS0lHWjlJZnhvY1dtLTBoMHhvMUZZS2dVajNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni82NzQ1ZmUtZTQ3NS00YzU4LWEzMWUtZjJjMGRhNjFhYzEz
LzEvS1ZrSGRPZDZpWlNrS0RFb3cxa2gwRGV3YnlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuYmAMA0E
AgACMAcDBQMqDKmAMA0GCSqGSIb3DQEBCwUAA4IBAQB+Pzvyxa1ztTqzG5EOg/ml
xfEFO/ZPqyP6HYdw01VjRyVXso+k6ndQ1n3akVT+mzBP/SQNto5jnLgJJbQ7SIVh
IQFEBo/0TbMYhHX/j+CacdzXBOpHsrYt4reGhUZ1Ed3WJu9kTjRmN8FHt7rvRSnz
k4I44I7qhU9JY8/4VRr94cTk0fph647WBQWUwERxBfHiR0j4wBP4W4FmwbFlHCp5
a2J6nnpL47f1Nt/Llfsg6VTLkuuNzK+WcIqe+N6DH5JpO20QFAOu49tro2Rk4cco
4SDgAEsb8Z/ycJWA2msHuXL+bPKmYGTgMkv/UL678qItZ7o/9faTpg7WuQoQU9PX
-----END CERTIFICATE-----