Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/32b4a2-2b2f-4f6a-9b48-c1f3b9ede4db/1/KjH1_pGJzEWw5tI7eCrmw3mcnWQ.roa
File:                     KjH1_pGJzEWw5tI7eCrmw3mcnWQ.roa (raw, json)
Hash identifier:          YCHZcqH5jthPhdYc2iMhEp+dhG2VS7J0RhoKLenoCng=
Subject key identifier:   2A:31:F5:FE:91:89:CC:45:B0:E6:D2:3B:78:2A:E6:C3:79:9C:9D:64
Certificate issuer:       /CN=78bd1c6c688a175abc8d598fbcd107fca5254bde
Certificate serial:       018CC3495C2E656FDBC7742279BB8360CA91
Authority key identifier: 78:BD:1C:6C:68:8A:17:5A:BC:8D:59:8F:BC:D1:07:FC:A5:25:4B:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eL0cbGiKF1q8jVmPvNEH_KUlS94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/32b4a2-2b2f-4f6a-9b48-c1f3b9ede4db/1/KjH1_pGJzEWw5tI7eCrmw3mcnWQ.roa
Signing time:             Mon 01 Jan 2024 04:30:13 +0000
ROA not before:           Mon 01 Jan 2024 04:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60419
IP address blocks:        185.31.84.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/32b4a2-2b2f-4f6a-9b48-c1f3b9ede4db/1/eL0cbGiKF1q8jVmPvNEH_KUlS94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/32b4a2-2b2f-4f6a-9b48-c1f3b9ede4db/1/eL0cbGiKF1q8jVmPvNEH_KUlS94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eL0cbGiKF1q8jVmPvNEH_KUlS94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 07:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:5c:2e:65:6f:db:c7:74:22:79:bb:83:60:ca:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=78bd1c6c688a175abc8d598fbcd107fca5254bde
        Validity
            Not Before: Jan  1 04:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a31f5fe9189cc45b0e6d23b782ae6c3799c9d64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:97:3e:25:ee:24:60:17:51:7e:72:b2:a0:ab:
                    8d:c6:b7:5c:35:c1:b5:b2:84:27:38:5f:4e:3d:45:
                    1e:85:fc:03:ac:5a:bc:84:5c:c4:cb:ec:b7:90:9f:
                    05:d8:aa:47:e4:69:69:57:40:f5:25:d3:83:b5:ee:
                    4c:3a:85:e7:61:56:4a:7f:7c:21:ca:13:d8:ec:ff:
                    c5:f7:51:d7:37:30:c1:e9:11:22:51:50:06:35:80:
                    db:cb:f5:2c:97:a5:59:9e:c4:c1:d1:20:c7:c1:57:
                    b8:60:df:6e:24:9c:44:cb:24:a4:49:e5:01:52:60:
                    39:1a:e1:5d:45:be:7f:3c:3b:d6:62:68:57:7f:61:
                    c6:27:db:de:e4:dd:0e:46:0a:12:9e:17:5c:89:c7:
                    fa:d8:4b:c5:91:47:71:14:26:cc:9b:ee:20:ef:6d:
                    ba:c4:c4:75:2c:9c:b5:52:cb:46:94:1a:8d:6b:81:
                    7e:0a:6e:71:38:12:8c:6a:e5:fd:4d:f3:e9:9c:49:
                    63:cf:93:0c:d7:a2:74:cc:c3:3e:52:88:ac:e6:80:
                    f9:1b:ca:99:69:44:42:30:4b:f5:0a:a5:5c:5a:7b:
                    d1:ba:f7:36:62:9d:13:2b:d5:50:5d:72:2c:cd:e3:
                    1b:91:d5:a0:49:39:d8:07:dd:4a:0a:fb:f9:31:49:
                    dc:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:31:F5:FE:91:89:CC:45:B0:E6:D2:3B:78:2A:E6:C3:79:9C:9D:64
            X509v3 Authority Key Identifier:
                keyid:78:BD:1C:6C:68:8A:17:5A:BC:8D:59:8F:BC:D1:07:FC:A5:25:4B:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eL0cbGiKF1q8jVmPvNEH_KUlS94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/32b4a2-2b2f-4f6a-9b48-c1f3b9ede4db/1/KjH1_pGJzEWw5tI7eCrmw3mcnWQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/32b4a2-2b2f-4f6a-9b48-c1f3b9ede4db/1/eL0cbGiKF1q8jVmPvNEH_KUlS94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.31.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         41:a7:8d:ce:c6:a5:c4:51:67:9a:58:78:a4:5f:2a:c1:61:7e:
         8c:8c:83:78:c3:96:e1:53:ba:de:64:6d:61:ca:e7:93:1b:b1:
         eb:47:71:1a:4b:98:0e:d9:c8:b2:cc:33:d6:de:b8:02:30:19:
         4c:68:52:26:6d:e6:a2:4e:4b:e9:87:54:a3:77:24:e8:f6:f7:
         7a:bd:e5:08:7d:f3:7f:32:e6:b1:c9:dd:08:1b:13:5e:a9:cc:
         ea:ce:49:a6:a9:1d:34:16:b7:21:fa:bb:f5:f9:a6:0c:a8:e3:
         5f:a9:ca:a4:f5:0b:6e:a2:b3:ee:b7:d5:a3:73:46:51:11:9a:
         77:01:a7:f7:c0:04:9c:e9:d5:ec:63:04:83:58:c2:b5:3b:fe:
         fc:64:a4:a6:6a:80:11:7a:c5:d3:5b:6b:62:10:d7:e8:cb:8b:
         a7:0b:9e:f6:e6:6e:a6:1a:7a:79:4e:65:e0:83:bb:65:fe:6a:
         fd:6c:f5:9d:77:a1:45:31:68:c4:2b:77:46:93:af:fc:16:82:
         0e:e2:b6:fb:3e:5d:ef:d3:ab:0c:d0:fc:0d:e0:fa:e2:71:c6:
         7b:05:ab:a6:08:3e:29:e6:bc:08:d2:f2:eb:ce:3f:fc:35:91:
         19:b1:61:5a:b0:9d:65:70:cd:70:e8:6c:56:c7:16:77:3d:f9:
         6b:8e:fa:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSVwuZW/bx3QiebuDYMqRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4YmQxYzZjNjg4YTE3NWFiYzhkNTk4ZmJjZDEwN2ZjYTUy
NTRiZGUwHhcNMjQwMTAxMDQzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTMxZjVmZTkxODljYzQ1YjBlNmQyM2I3ODJhZTZjMzc5OWM5ZDY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkJc+Je4kYBdRfnKyoKuNxrdcNcG1
soQnOF9OPUUehfwDrFq8hFzEy+y3kJ8F2KpH5GlpV0D1JdODte5MOoXnYVZKf3wh
yhPY7P/F91HXNzDB6REiUVAGNYDby/Usl6VZnsTB0SDHwVe4YN9uJJxEyySkSeUB
UmA5GuFdRb5/PDvWYmhXf2HGJ9ve5N0ORgoSnhdcicf62EvFkUdxFCbMm+4g7226
xMR1LJy1UstGlBqNa4F+Cm5xOBKMauX9TfPpnEljz5MM16J0zMM+Uois5oD5G8qZ
aURCMEv1CqVcWnvRuvc2Yp0TK9VQXXIszeMbkdWgSTnYB91KCvv5MUncqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCox9f6RicxFsObSO3gq5sN5nJ1kMB8GA1UdIwQY
MBaAFHi9HGxoihdavI1Zj7zRB/ylJUveMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUwwY2JHaUtGMXE4alZtUHZORUhfS1VsUzk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMmI0YTItMmIyZi00ZjZhLTliNDgt
YzFmM2I5ZWRlNGRiLzEvS2pIMV9wR0p6RVd3NXRJN2VDcm13M21jbldRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMmI0YTItMmIyZi00ZjZhLTliNDgtYzFmM2I5ZWRlNGRi
LzEvZUwwY2JHaUtGMXE4alZtUHZORUhfS1VsUzk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuR9UMA0G
CSqGSIb3DQEBCwUAA4IBAQBBp43OxqXEUWeaWHikXyrBYX6MjIN4w5bhU7reZG1h
yueTG7HrR3EaS5gO2ciyzDPW3rgCMBlMaFImbeaiTkvph1SjdyTo9vd6veUIffN/
Muaxyd0IGxNeqczqzkmmqR00Frch+rv1+aYMqONfqcqk9QtuorPut9Wjc0ZREZp3
Aaf3wASc6dXsYwSDWMK1O/78ZKSmaoAResXTW2tiENfoy4unC5725m6mGnp5TmXg
g7tl/mr9bPWdd6FFMWjEK3dGk6/8FoIO4rb7Pl3v06sM0PwN4PriccZ7BaumCD4p
5rwI0vLrzj/8NZEZsWFasJ1lcM1w6GxWxxZ3Pflrjvr3
-----END CERTIFICATE-----