Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/73f1c9-82b0-4ede-b899-f742f395aaf9/1/kk8mwqkZ31qPDZZsGKV3zFk4WJ4.roa
File:                     kk8mwqkZ31qPDZZsGKV3zFk4WJ4.roa (raw, json)
Hash identifier:          mhFWyYNpC8JKt41Lqy/l0GTxjYIr1g82MIUogpupavY=
Subject key identifier:   92:4F:26:C2:A9:19:DF:5A:8F:0D:96:6C:18:A5:77:CC:59:38:58:9E
Certificate issuer:       /CN=23b1943087ce69623e76b2145b3479ac204ba1c9
Certificate serial:       018CC726F227F8ACE7B52581F411103E788B
Authority key identifier: 23:B1:94:30:87:CE:69:62:3E:76:B2:14:5B:34:79:AC:20:4B:A1:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I7GUMIfOaWI-drIUWzR5rCBLock.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/73f1c9-82b0-4ede-b899-f742f395aaf9/1/kk8mwqkZ31qPDZZsGKV3zFk4WJ4.roa
Signing time:             Mon 01 Jan 2024 22:31:07 +0000
ROA not before:           Mon 01 Jan 2024 22:31:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        87.236.67.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/73f1c9-82b0-4ede-b899-f742f395aaf9/1/I7GUMIfOaWI-drIUWzR5rCBLock.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/73f1c9-82b0-4ede-b899-f742f395aaf9/1/I7GUMIfOaWI-drIUWzR5rCBLock.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I7GUMIfOaWI-drIUWzR5rCBLock.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 16:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:f2:27:f8:ac:e7:b5:25:81:f4:11:10:3e:78:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23b1943087ce69623e76b2145b3479ac204ba1c9
        Validity
            Not Before: Jan  1 22:31:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=924f26c2a919df5a8f0d966c18a577cc5938589e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:07:5c:2f:06:31:b7:fa:bc:8c:9c:c3:55:fa:
                    47:79:69:89:3b:65:60:97:c6:11:9f:96:10:cc:87:
                    a7:4f:97:59:11:99:86:82:00:cc:35:12:00:f3:56:
                    71:e9:9f:19:fc:1c:fe:4a:c7:ad:dd:1f:14:11:37:
                    fb:dc:9c:c7:5c:c5:cf:fe:73:82:f7:55:00:a2:15:
                    96:d0:5c:a4:ab:a7:7d:eb:a7:db:1b:f2:da:3a:c3:
                    74:53:f4:ad:b3:d7:4c:fa:d5:ec:4c:e3:7c:78:e7:
                    3f:9b:9e:45:84:49:a3:fe:8b:a9:49:06:5b:34:3a:
                    bb:fa:f3:f0:b6:f6:a1:86:ed:e5:b7:f1:1b:9d:93:
                    52:2e:dd:e5:f3:60:db:5c:55:ad:07:3e:dc:ae:d4:
                    9f:a6:fe:70:51:df:3e:8e:c0:d3:b7:ae:a0:5f:05:
                    af:aa:0a:9a:c6:4b:e1:be:f1:b4:dd:55:29:7f:d2:
                    b3:67:2b:04:ed:a6:3d:9b:65:30:33:5f:6f:08:43:
                    19:af:c8:09:7f:74:51:a2:68:2e:af:49:e8:01:c8:
                    14:b3:14:7b:49:e6:57:e2:2d:99:ff:25:ac:72:e6:
                    42:97:59:03:7d:fc:57:7a:3f:9c:1b:a3:27:e5:ef:
                    77:bd:b3:01:5f:8b:82:83:0d:30:cf:b7:0e:47:2c:
                    c3:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:4F:26:C2:A9:19:DF:5A:8F:0D:96:6C:18:A5:77:CC:59:38:58:9E
            X509v3 Authority Key Identifier:
                keyid:23:B1:94:30:87:CE:69:62:3E:76:B2:14:5B:34:79:AC:20:4B:A1:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I7GUMIfOaWI-drIUWzR5rCBLock.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/73f1c9-82b0-4ede-b899-f742f395aaf9/1/kk8mwqkZ31qPDZZsGKV3zFk4WJ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/73f1c9-82b0-4ede-b899-f742f395aaf9/1/I7GUMIfOaWI-drIUWzR5rCBLock.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.236.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:58:59:88:da:a3:43:49:ae:2b:4b:1d:c9:94:4d:90:4a:6d:
         d7:e0:82:47:71:cd:16:3a:8b:dc:7a:de:6f:81:e4:8b:cb:65:
         7c:51:6b:d6:bf:53:78:f8:13:6c:50:e0:48:28:bf:61:dd:2a:
         81:20:c5:a2:e3:b2:af:cc:3f:58:aa:2d:77:f2:1e:57:a3:5d:
         dd:7f:f0:f8:0a:66:5e:51:ec:c3:f5:5d:64:c7:fe:75:7d:71:
         68:37:44:2f:43:77:3f:1c:e9:24:89:8b:0e:55:45:90:39:8e:
         57:97:e1:c5:8c:f9:fd:95:48:d2:bc:fb:2b:29:b5:c5:77:7f:
         01:d7:e2:ca:9f:db:86:c4:e6:ab:f2:d8:64:d2:0c:7f:44:49:
         e2:b0:09:8a:f3:27:54:47:e4:c7:d9:73:8e:78:a8:3b:97:1d:
         59:cc:ca:bf:0e:15:b4:2e:d6:42:f3:52:ca:ab:1e:f0:c6:5a:
         52:db:34:84:49:bf:8f:57:30:05:51:81:5b:77:9c:53:43:b0:
         41:32:1a:d3:01:0a:d4:2c:67:56:98:5b:71:a1:de:b9:3f:57:
         02:49:9e:e2:07:6e:5a:01:1a:11:52:d9:22:9f:70:94:61:69:
         db:ac:0a:98:6e:41:2d:b7:13:6a:eb:7b:7c:48:5b:29:23:ee:
         f1:90:5f:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJvIn+KzntSWB9BEQPniLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzYjE5NDMwODdjZTY5NjIzZTc2YjIxNDViMzQ3OWFjMjA0
YmExYzkwHhcNMjQwMTAxMjIzMTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjRmMjZjMmE5MTlkZjVhOGYwZDk2NmMxOGE1NzdjYzU5Mzg1ODllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkQdcLwYxt/q8jJzDVfpHeWmJO2Vg
l8YRn5YQzIenT5dZEZmGggDMNRIA81Zx6Z8Z/Bz+Sset3R8UETf73JzHXMXP/nOC
91UAohWW0Fykq6d966fbG/LaOsN0U/Sts9dM+tXsTON8eOc/m55FhEmj/oupSQZb
NDq7+vPwtvahhu3lt/EbnZNSLt3l82DbXFWtBz7crtSfpv5wUd8+jsDTt66gXwWv
qgqaxkvhvvG03VUpf9KzZysE7aY9m2UwM19vCEMZr8gJf3RRomgur0noAcgUsxR7
SeZX4i2Z/yWscuZCl1kDffxXej+cG6Mn5e93vbMBX4uCgw0wz7cORyzD8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJJPJsKpGd9ajw2WbBild8xZOFieMB8GA1UdIwQY
MBaAFCOxlDCHzmliPnayFFs0eawgS6HJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTdHVU1JZk9hV0ktZHJJVVd6UjVyQ0JMb2NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC83M2YxYzktODJiMC00ZWRlLWI4OTkt
Zjc0MmYzOTVhYWY5LzEva2s4bXdxa1ozMXFQRFpac0dLVjN6Rms0V0o0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC83M2YxYzktODJiMC00ZWRlLWI4OTktZjc0MmYzOTVhYWY5
LzEvSTdHVU1JZk9hV0ktZHJJVVd6UjVyQ0JMb2NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+xDMA0G
CSqGSIb3DQEBCwUAA4IBAQBPWFmI2qNDSa4rSx3JlE2QSm3X4IJHcc0WOovcet5v
geSLy2V8UWvWv1N4+BNsUOBIKL9h3SqBIMWi47KvzD9Yqi138h5Xo13df/D4CmZe
UezD9V1kx/51fXFoN0QvQ3c/HOkkiYsOVUWQOY5Xl+HFjPn9lUjSvPsrKbXFd38B
1+LKn9uGxOar8thk0gx/REnisAmK8ydUR+TH2XOOeKg7lx1ZzMq/DhW0LtZC81LK
qx7wxlpS2zSESb+PVzAFUYFbd5xTQ7BBMhrTAQrULGdWmFtxod65P1cCSZ7iB25a
ARoRUtkin3CUYWnbrAqYbkEttxNq63t8SFspI+7xkF9n
-----END CERTIFICATE-----