Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/6920d2-a7a6-41a5-96e0-314ef746d8a6/1/KnjslgaopCmCG6TO0JqHDEEJW6w.roa
File:                     KnjslgaopCmCG6TO0JqHDEEJW6w.roa (raw, json)
Hash identifier:          F+UaxGL2gzRNJ5UYB+AUXvvmATQZnVDX+4cApftbjok=
Subject key identifier:   2A:78:EC:96:06:A8:A4:29:82:1B:A4:CE:D0:9A:87:0C:41:09:5B:AC
Certificate issuer:       /CN=b443914a48e5dae5a756b1e3b8fbe437ee0d8b0c
Certificate serial:       018E5B69D09DAB84D497A63963F2667B5F58
Authority key identifier: B4:43:91:4A:48:E5:DA:E5:A7:56:B1:E3:B8:FB:E4:37:EE:0D:8B:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tEORSkjl2uWnVrHjuPvkN-4Niww.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/6920d2-a7a6-41a5-96e0-314ef746d8a6/1/KnjslgaopCmCG6TO0JqHDEEJW6w.roa
Signing time:             Wed 20 Mar 2024 10:30:44 +0000
ROA not before:           Wed 20 Mar 2024 10:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        193.109.126.0/24 maxlen: 24
                          195.22.138.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/6920d2-a7a6-41a5-96e0-314ef746d8a6/1/tEORSkjl2uWnVrHjuPvkN-4Niww.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/6920d2-a7a6-41a5-96e0-314ef746d8a6/1/tEORSkjl2uWnVrHjuPvkN-4Niww.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tEORSkjl2uWnVrHjuPvkN-4Niww.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:5b:69:d0:9d:ab:84:d4:97:a6:39:63:f2:66:7b:5f:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b443914a48e5dae5a756b1e3b8fbe437ee0d8b0c
        Validity
            Not Before: Mar 20 10:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a78ec9606a8a429821ba4ced09a870c41095bac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:4f:2b:20:48:55:50:a5:32:18:d6:6e:1d:32:
                    9e:03:be:be:cd:82:4c:d1:21:3c:87:d7:39:cf:4b:
                    c5:50:60:7f:ba:36:a5:08:52:4f:7b:28:29:61:5f:
                    06:5d:a6:ff:3b:af:b7:45:4f:c6:d7:ee:db:44:fe:
                    7a:cc:b7:98:d9:38:a8:e1:51:f6:3f:5d:7b:c0:7d:
                    6e:fb:5e:d4:f6:96:3a:b3:dc:68:04:48:da:c5:3a:
                    19:2e:03:4b:50:15:c9:c2:e6:70:21:63:f2:14:30:
                    7a:18:fa:56:5a:31:4b:2c:9b:a3:c5:05:54:52:c2:
                    db:c8:93:e1:a3:3d:ef:80:97:c5:e8:9f:86:d4:0e:
                    8c:a8:e7:6f:13:49:e5:fe:06:04:4f:a8:c7:98:1e:
                    96:91:5e:ca:d6:8f:92:44:93:8c:c8:07:25:2e:b6:
                    fe:ac:ba:27:82:6f:62:58:de:a1:4f:07:d7:2f:d8:
                    da:02:db:33:4c:44:00:2a:db:ea:8f:e4:f5:db:c1:
                    0d:30:3e:c7:b8:1b:6c:c7:76:6c:4c:9a:90:d9:c5:
                    84:16:31:43:5d:b6:a1:41:c2:40:dd:3d:67:e7:63:
                    da:63:06:7e:e4:8b:a7:84:f4:24:3f:07:f6:34:22:
                    d7:be:c5:15:6d:5c:df:06:32:b9:ac:39:33:51:66:
                    94:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:78:EC:96:06:A8:A4:29:82:1B:A4:CE:D0:9A:87:0C:41:09:5B:AC
            X509v3 Authority Key Identifier:
                keyid:B4:43:91:4A:48:E5:DA:E5:A7:56:B1:E3:B8:FB:E4:37:EE:0D:8B:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tEORSkjl2uWnVrHjuPvkN-4Niww.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/6920d2-a7a6-41a5-96e0-314ef746d8a6/1/KnjslgaopCmCG6TO0JqHDEEJW6w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/6920d2-a7a6-41a5-96e0-314ef746d8a6/1/tEORSkjl2uWnVrHjuPvkN-4Niww.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.109.126.0/24
                  195.22.138.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4e:5f:63:af:da:58:8d:d8:cc:6a:82:62:24:ed:a6:44:9a:59:
         99:4d:19:a9:3f:ab:72:65:74:7f:04:f1:cc:22:84:93:e6:39:
         e6:06:4a:08:e6:57:d1:4c:52:16:95:c8:4e:69:7b:5d:5d:7c:
         1f:71:90:a2:7a:c1:23:d6:77:06:fa:14:ff:5d:b5:50:c8:c1:
         34:21:bb:db:5a:25:85:08:58:98:cb:79:c9:ce:13:46:a4:43:
         6f:7a:a9:2c:4a:82:fb:38:0a:2d:d0:7e:24:c8:05:eb:5c:3d:
         34:ea:7a:73:87:f9:02:b6:ec:35:09:71:d3:59:3f:d4:c0:3c:
         09:3b:3f:1d:54:71:41:99:e2:aa:0e:21:89:6e:30:b5:b6:30:
         c4:f3:9f:a0:40:ff:62:ca:7d:5e:f0:39:a1:33:2b:89:ee:11:
         e3:cb:51:a9:a4:1d:8b:22:d0:60:a8:42:e7:67:28:40:3b:df:
         b4:0a:33:97:c9:f7:88:21:cc:87:31:d5:2b:5f:90:e1:92:f2:
         a7:17:2c:38:cd:61:78:5f:10:a7:c4:e4:bb:9c:46:ba:51:96:
         71:e6:82:95:84:69:08:0b:be:9a:38:41:c6:a5:00:53:3c:a6:
         f4:54:28:82:60:34:01:ac:bd:08:1c:af:7e:26:f7:46:2a:3e:
         3e:a3:a7:aa
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY5badCdq4TUl6Y5Y/Jme19YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0NDM5MTRhNDhlNWRhZTVhNzU2YjFlM2I4ZmJlNDM3ZWUw
ZDhiMGMwHhcNMjQwMzIwMTAzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTc4ZWM5NjA2YThhNDI5ODIxYmE0Y2VkMDlhODcwYzQxMDk1YmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkU8rIEhVUKUyGNZuHTKeA76+zYJM
0SE8h9c5z0vFUGB/ujalCFJPeygpYV8GXab/O6+3RU/G1+7bRP56zLeY2Tio4VH2
P117wH1u+17U9pY6s9xoBEjaxToZLgNLUBXJwuZwIWPyFDB6GPpWWjFLLJujxQVU
UsLbyJPhoz3vgJfF6J+G1A6MqOdvE0nl/gYET6jHmB6WkV7K1o+SRJOMyAclLrb+
rLongm9iWN6hTwfXL9jaAtszTEQAKtvqj+T128ENMD7HuBtsx3ZsTJqQ2cWEFjFD
XbahQcJA3T1n52PaYwZ+5IunhPQkPwf2NCLXvsUVbVzfBjK5rDkzUWaUsQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCp47JYGqKQpghukztCahwxBCVusMB8GA1UdIwQY
MBaAFLRDkUpI5drlp1ax47j75DfuDYsMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEVPUlNramwydVduVnJIanVQdmtOLTROaXd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC82OTIwZDItYTdhNi00MWE1LTk2ZTAt
MzE0ZWY3NDZkOGE2LzEvS25qc2xnYW9wQ21DRzZUTzBKcUhERUVKVzZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC82OTIwZDItYTdhNi00MWE1LTk2ZTAtMzE0ZWY3NDZkOGE2
LzEvdEVPUlNramwydVduVnJIanVQdmtOLTROaXd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwW1+AwQB
wxaKMA0GCSqGSIb3DQEBCwUAA4IBAQBOX2Ov2liN2MxqgmIk7aZEmlmZTRmpP6ty
ZXR/BPHMIoST5jnmBkoI5lfRTFIWlchOaXtdXXwfcZCiesEj1ncG+hT/XbVQyME0
IbvbWiWFCFiYy3nJzhNGpENveqksSoL7OAot0H4kyAXrXD006npzh/kCtuw1CXHT
WT/UwDwJOz8dVHFBmeKqDiGJbjC1tjDE85+gQP9iyn1e8DmhMyuJ7hHjy1GppB2L
ItBgqELnZyhAO9+0CjOXyfeIIcyHMdUrX5DhkvKnFyw4zWF4XxCnxOS7nEa6UZZx
5oKVhGkIC76aOEHGpQBTPKb0VCiCYDQBrL0IHK9+JvdGKj4+o6eq
-----END CERTIFICATE-----