Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/kb-ItpMgjVYudNdKRc7g-s2a9yg.roa
File:                     kb-ItpMgjVYudNdKRc7g-s2a9yg.roa (raw, json)
Hash identifier:          f2c7ckXZKOxpUVC6Jsl8fwD9beeB0PtfMBM4YN1W4Os=
Subject key identifier:   91:BF:88:B6:93:20:8D:56:2E:74:D7:4A:45:CE:E0:FA:CD:9A:F7:28
Certificate issuer:       /CN=557b0ac10b8642a27dd3d74ed6cb5ee045e67b97
Certificate serial:       018CC492C22671D8354A0A6CE801FBB97DA4
Authority key identifier: 55:7B:0A:C1:0B:86:42:A2:7D:D3:D7:4E:D6:CB:5E:E0:45:E6:7B:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VXsKwQuGQqJ909dO1ste4EXme5c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/kb-ItpMgjVYudNdKRc7g-s2a9yg.roa
Signing time:             Mon 01 Jan 2024 10:30:01 +0000
ROA not before:           Mon 01 Jan 2024 10:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44118
IP address blocks:        95.169.194.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/VXsKwQuGQqJ909dO1ste4EXme5c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/VXsKwQuGQqJ909dO1ste4EXme5c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VXsKwQuGQqJ909dO1ste4EXme5c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:c2:26:71:d8:35:4a:0a:6c:e8:01:fb:b9:7d:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=557b0ac10b8642a27dd3d74ed6cb5ee045e67b97
        Validity
            Not Before: Jan  1 10:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91bf88b693208d562e74d74a45cee0facd9af728
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:a1:34:69:f0:e7:b0:ea:c5:31:53:74:b9:15:
                    30:a1:1b:0b:72:b6:10:b9:73:a2:fe:97:51:c4:ca:
                    09:c6:9a:e8:e6:8a:19:a5:c1:ef:0d:c0:d1:e5:c5:
                    24:5d:45:d1:91:9f:ef:7f:43:0b:e9:76:40:7a:dc:
                    5d:f0:4d:5d:c2:13:f2:8a:a0:a5:8e:c8:7b:fa:07:
                    9c:e7:0f:e2:24:37:91:cb:04:21:f8:4e:0d:42:5f:
                    fc:a0:c8:6f:02:1c:64:dc:f5:1a:7e:1d:04:bb:0d:
                    14:3b:d3:98:3b:3a:94:d8:da:86:c8:a8:f9:b9:6a:
                    c2:e9:ce:fe:da:0a:ca:ef:fa:19:9c:c3:1a:bb:fc:
                    76:09:6e:98:1e:50:09:6b:d7:31:5a:ae:d3:9c:62:
                    3e:79:a9:57:e7:42:56:ce:81:a6:fd:af:06:10:29:
                    4b:5f:59:c4:9b:bf:12:96:6c:42:59:a1:c4:de:0b:
                    c0:0d:c2:0a:1b:48:6c:f3:e1:7e:69:bd:50:53:f4:
                    b8:13:96:cf:54:eb:bf:fc:28:80:c1:b3:35:1e:7f:
                    c6:66:24:bc:29:c5:58:3a:91:39:d2:e5:f2:81:e9:
                    07:de:e3:44:05:43:8c:c4:32:2d:7f:12:9a:bf:62:
                    ef:c9:67:ca:af:ba:f8:17:40:fe:64:de:2b:9e:78:
                    11:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:BF:88:B6:93:20:8D:56:2E:74:D7:4A:45:CE:E0:FA:CD:9A:F7:28
            X509v3 Authority Key Identifier:
                keyid:55:7B:0A:C1:0B:86:42:A2:7D:D3:D7:4E:D6:CB:5E:E0:45:E6:7B:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VXsKwQuGQqJ909dO1ste4EXme5c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/kb-ItpMgjVYudNdKRc7g-s2a9yg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/VXsKwQuGQqJ909dO1ste4EXme5c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.169.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:b4:2e:20:0b:0f:4f:b7:91:63:17:d7:9c:ac:68:dd:93:44:
         4c:7f:28:7f:e2:34:cd:68:49:1d:87:28:90:a6:7f:63:43:8f:
         ac:61:f6:8d:a1:7a:c5:08:6b:aa:ba:31:29:7e:91:3b:7b:50:
         1c:d0:60:08:f4:83:9a:6e:99:06:33:32:98:a6:7c:2b:37:be:
         a4:98:8a:1b:df:84:1c:38:60:dd:eb:fc:9c:73:8b:67:ca:f0:
         be:c3:6f:12:86:9b:72:06:7b:b6:84:9b:42:98:dc:5d:f0:25:
         13:24:dd:4d:1d:10:c0:65:95:a5:f3:93:11:e5:7e:00:da:06:
         a1:73:32:a3:0f:38:ec:60:e7:fa:90:62:24:36:ef:f7:b9:76:
         da:b7:5b:2c:c1:5e:7b:f2:4e:05:c0:f9:43:01:b7:3c:4c:44:
         5c:5d:68:3e:7d:fa:7e:d8:28:a1:9a:c1:28:04:83:c1:bb:c7:
         db:65:cc:b7:9d:69:45:39:df:26:9a:87:0b:87:ab:94:ec:04:
         f8:8e:b1:4f:61:29:23:17:71:ef:47:b6:82:ef:c5:c6:04:7c:
         b5:22:e3:c4:5a:1b:2a:78:3c:b7:be:5a:85:0c:9e:5c:bc:56:
         e9:67:02:d5:80:dd:90:86:8f:02:62:ff:c1:3f:5f:3e:81:5a:
         f3:f5:d3:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEksImcdg1Sgps6AH7uX2kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1N2IwYWMxMGI4NjQyYTI3ZGQzZDc0ZWQ2Y2I1ZWUwNDVl
NjdiOTcwHhcNMjQwMTAxMTAzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWJmODhiNjkzMjA4ZDU2MmU3NGQ3NGE0NWNlZTBmYWNkOWFmNzI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhqE0afDnsOrFMVN0uRUwoRsLcrYQ
uXOi/pdRxMoJxpro5ooZpcHvDcDR5cUkXUXRkZ/vf0ML6XZAetxd8E1dwhPyiqCl
jsh7+gec5w/iJDeRywQh+E4NQl/8oMhvAhxk3PUafh0Euw0UO9OYOzqU2NqGyKj5
uWrC6c7+2grK7/oZnMMau/x2CW6YHlAJa9cxWq7TnGI+ealX50JWzoGm/a8GEClL
X1nEm78SlmxCWaHE3gvADcIKG0hs8+F+ab1QU/S4E5bPVOu//CiAwbM1Hn/GZiS8
KcVYOpE50uXygekH3uNEBUOMxDItfxKav2LvyWfKr7r4F0D+ZN4rnngR7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJG/iLaTII1WLnTXSkXO4PrNmvcoMB8GA1UdIwQY
MBaAFFV7CsELhkKifdPXTtbLXuBF5nuXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlhzS3dRdUdRcUo5MDlkTzFzdGU0RVhtZTVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi81ZTVjMzAtOGFhNC00N2U4LWJkOGYt
ZmJlMWEwZDBhYTk4LzEva2ItSXRwTWdqVll1ZE5kS1JjN2ctczJhOXlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi81ZTVjMzAtOGFhNC00N2U4LWJkOGYtZmJlMWEwZDBhYTk4
LzEvVlhzS3dRdUdRcUo5MDlkTzFzdGU0RVhtZTVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX6nCMA0G
CSqGSIb3DQEBCwUAA4IBAQBvtC4gCw9Pt5FjF9ecrGjdk0RMfyh/4jTNaEkdhyiQ
pn9jQ4+sYfaNoXrFCGuqujEpfpE7e1Ac0GAI9IOabpkGMzKYpnwrN76kmIob34Qc
OGDd6/ycc4tnyvC+w28ShptyBnu2hJtCmNxd8CUTJN1NHRDAZZWl85MR5X4A2gah
czKjDzjsYOf6kGIkNu/3uXbat1sswV578k4FwPlDAbc8TERcXWg+ffp+2CihmsEo
BIPBu8fbZcy3nWlFOd8mmocLh6uU7AT4jrFPYSkjF3HvR7aC78XGBHy1IuPEWhsq
eDy3vlqFDJ5cvFbpZwLVgN2Qho8CYv/BP18+gVrz9dME
-----END CERTIFICATE-----