Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/2fbccc-64b6-4f66-8969-a6d27c431818/1/KGGT4Q5LP4GHgLj19xF_a7ML2Nc.roa
File:                     KGGT4Q5LP4GHgLj19xF_a7ML2Nc.roa (raw, json)
Hash identifier:          8cO4Ue7QuvPhp1QuXETvB/LofLVNnVzFP/P61drOWac=
Subject key identifier:   28:61:93:E1:0E:4B:3F:81:87:80:B8:F5:F7:11:7F:6B:B3:0B:D8:D7
Certificate issuer:       /CN=d283616f1362c25d82ec2a70c4b9750565b1197f
Certificate serial:       018CC7274F780105307FF459AD60B66A5D04
Authority key identifier: D2:83:61:6F:13:62:C2:5D:82:EC:2A:70:C4:B9:75:05:65:B1:19:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0oNhbxNiwl2C7CpwxLl1BWWxGX8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/2fbccc-64b6-4f66-8969-a6d27c431818/1/KGGT4Q5LP4GHgLj19xF_a7ML2Nc.roa
Signing time:             Mon 01 Jan 2024 22:31:31 +0000
ROA not before:           Mon 01 Jan 2024 22:31:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.54.72.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/2fbccc-64b6-4f66-8969-a6d27c431818/1/0oNhbxNiwl2C7CpwxLl1BWWxGX8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/2fbccc-64b6-4f66-8969-a6d27c431818/1/0oNhbxNiwl2C7CpwxLl1BWWxGX8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0oNhbxNiwl2C7CpwxLl1BWWxGX8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 16:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:4f:78:01:05:30:7f:f4:59:ad:60:b6:6a:5d:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d283616f1362c25d82ec2a70c4b9750565b1197f
        Validity
            Not Before: Jan  1 22:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=286193e10e4b3f818780b8f5f7117f6bb30bd8d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:7a:02:e0:11:d8:42:f9:eb:39:8b:93:94:4c:
                    69:09:d5:59:ee:1b:22:d1:7a:6b:43:84:82:cc:3c:
                    ed:56:5f:89:0b:83:81:a2:b3:29:1d:fe:29:4e:f5:
                    63:12:92:4c:54:f3:c5:8a:67:27:7b:78:18:ad:16:
                    aa:54:82:fd:d1:81:d3:e9:69:6b:02:7c:97:af:7c:
                    77:7c:0c:df:a7:80:cf:85:eb:f7:b5:89:fa:f9:26:
                    79:b0:f8:ae:9d:6e:f3:43:03:d7:fd:9b:42:9c:cf:
                    e1:ad:e3:01:8e:dd:82:c8:f3:83:4a:27:e6:cb:4f:
                    10:2a:3a:ed:6c:7d:71:fe:78:aa:f4:a8:08:5d:c1:
                    9b:93:62:8c:c8:46:49:3e:fb:85:ec:80:b0:f0:ea:
                    52:4a:a8:dd:0c:ff:fc:d1:fb:71:99:12:bc:14:ad:
                    46:45:15:cf:89:13:68:d3:b0:27:01:03:c7:34:89:
                    5e:e4:02:fb:e5:21:e0:f0:e4:a5:e0:8d:e0:98:42:
                    96:c9:db:d9:bb:9d:59:d6:ee:69:48:ef:98:3e:2e:
                    a2:4e:43:51:37:60:69:80:62:75:4c:9d:66:5c:c9:
                    86:e5:39:67:18:e8:3d:e1:a8:42:8c:90:fd:2e:23:
                    52:7a:e6:d4:07:eb:c5:3a:6d:c4:46:8a:ab:4b:26:
                    39:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:61:93:E1:0E:4B:3F:81:87:80:B8:F5:F7:11:7F:6B:B3:0B:D8:D7
            X509v3 Authority Key Identifier:
                keyid:D2:83:61:6F:13:62:C2:5D:82:EC:2A:70:C4:B9:75:05:65:B1:19:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0oNhbxNiwl2C7CpwxLl1BWWxGX8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/2fbccc-64b6-4f66-8969-a6d27c431818/1/KGGT4Q5LP4GHgLj19xF_a7ML2Nc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/2fbccc-64b6-4f66-8969-a6d27c431818/1/0oNhbxNiwl2C7CpwxLl1BWWxGX8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.54.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         59:2b:e4:38:3e:3e:6e:55:f6:98:42:f4:ca:98:09:00:ea:ac:
         0d:de:4f:20:19:91:68:81:91:13:3c:c2:26:d0:70:31:6c:f5:
         fc:1d:64:bd:ee:28:49:f1:c3:ae:45:67:2d:c6:12:32:bd:b8:
         66:1c:8f:24:7d:47:27:88:16:c8:10:2c:8c:16:34:cd:8c:e0:
         43:15:8f:b3:6c:72:9e:e2:08:12:12:47:30:83:44:69:94:2b:
         3d:89:a9:62:aa:d9:08:06:43:12:e7:ef:68:f0:c1:66:91:0a:
         e7:97:7d:f3:80:d6:67:d9:05:61:98:56:e3:e9:5a:fc:8b:88:
         95:18:90:89:b1:2d:17:f5:51:27:54:23:ed:4f:b2:58:94:64:
         cb:9b:fe:09:7b:34:f5:a7:cf:d8:c1:78:42:df:00:18:77:89:
         33:06:1b:12:4d:f3:0c:67:59:11:4b:8e:95:68:97:66:57:61:
         f6:44:82:5d:51:02:04:ee:b8:31:eb:4a:5f:2e:c3:5a:25:41:
         78:67:5c:56:e2:cf:47:40:0c:ee:61:18:c9:09:55:0e:b5:56:
         da:ae:23:7c:8e:99:4f:b8:7c:0e:f1:da:38:2f:4f:86:a0:72:
         ca:22:67:ef:60:ed:50:8f:d9:79:54:da:6e:aa:a1:c8:de:fb:
         54:54:18:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ094AQUwf/RZrWC2al0EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyODM2MTZmMTM2MmMyNWQ4MmVjMmE3MGM0Yjk3NTA1NjVi
MTE5N2YwHhcNMjQwMTAxMjIzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODYxOTNlMTBlNGIzZjgxODc4MGI4ZjVmNzExN2Y2YmIzMGJkOGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsnoC4BHYQvnrOYuTlExpCdVZ7hsi
0XprQ4SCzDztVl+JC4OBorMpHf4pTvVjEpJMVPPFimcne3gYrRaqVIL90YHT6Wlr
AnyXr3x3fAzfp4DPhev3tYn6+SZ5sPiunW7zQwPX/ZtCnM/hreMBjt2CyPODSifm
y08QKjrtbH1x/niq9KgIXcGbk2KMyEZJPvuF7ICw8OpSSqjdDP/80ftxmRK8FK1G
RRXPiRNo07AnAQPHNIle5AL75SHg8OSl4I3gmEKWydvZu51Z1u5pSO+YPi6iTkNR
N2BpgGJ1TJ1mXMmG5TlnGOg94ahCjJD9LiNSeubUB+vFOm3ERoqrSyY5HQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFChhk+EOSz+Bh4C49fcRf2uzC9jXMB8GA1UdIwQY
MBaAFNKDYW8TYsJdguwqcMS5dQVlsRl/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMG9OaGJ4Tml3bDJDN0Nwd3hMbDFCV1d4R1g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My8yZmJjY2MtNjRiNi00ZjY2LTg5Njkt
YTZkMjdjNDMxODE4LzEvS0dHVDRRNUxQNEdIZ0xqMTl4Rl9hN01MMk5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My8yZmJjY2MtNjRiNi00ZjY2LTg5NjktYTZkMjdjNDMxODE4
LzEvMG9OaGJ4Tml3bDJDN0Nwd3hMbDFCV1d4R1g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTZIMA0G
CSqGSIb3DQEBCwUAA4IBAQBZK+Q4Pj5uVfaYQvTKmAkA6qwN3k8gGZFogZETPMIm
0HAxbPX8HWS97ihJ8cOuRWctxhIyvbhmHI8kfUcniBbIECyMFjTNjOBDFY+zbHKe
4ggSEkcwg0RplCs9ialiqtkIBkMS5+9o8MFmkQrnl33zgNZn2QVhmFbj6Vr8i4iV
GJCJsS0X9VEnVCPtT7JYlGTLm/4JezT1p8/YwXhC3wAYd4kzBhsSTfMMZ1kRS46V
aJdmV2H2RIJdUQIE7rgx60pfLsNaJUF4Z1xW4s9HQAzuYRjJCVUOtVbariN8jplP
uHwO8do4L0+GoHLKImfvYO1Qj9l5VNpuqqHI3vtUVBiM
-----END CERTIFICATE-----