Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/81f76f-d878-44a1-82c7-2ccb5f0c5f6b/1/K1WDS9HBMBBT4Rg_Fno5nlmf2Hk.roa
File:                     K1WDS9HBMBBT4Rg_Fno5nlmf2Hk.roa (raw, json)
Hash identifier:          WceQavy9CBGQwkw5sudBh9rozWId3XXyvqB7RHEZaes=
Subject key identifier:   2B:55:83:4B:D1:C1:30:10:53:E1:18:3F:16:7A:39:9E:59:9F:D8:79
Certificate issuer:       /CN=5ab25a6c392b8e67a3ad21f60fd3311d6b7f1e5c
Certificate serial:       01901570D4C477E0CB3DBA8C9799C590F1E6
Authority key identifier: 5A:B2:5A:6C:39:2B:8E:67:A3:AD:21:F6:0F:D3:31:1D:6B:7F:1E:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WrJabDkrjmejrSH2D9MxHWt_Hlw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/81f76f-d878-44a1-82c7-2ccb5f0c5f6b/1/K1WDS9HBMBBT4Rg_Fno5nlmf2Hk.roa
Signing time:             Fri 14 Jun 2024 06:30:34 +0000
ROA not before:           Fri 14 Jun 2024 06:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41737
IP address blocks:        91.202.160.0/22 maxlen: 24
                          194.145.220.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/81f76f-d878-44a1-82c7-2ccb5f0c5f6b/1/WrJabDkrjmejrSH2D9MxHWt_Hlw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/81f76f-d878-44a1-82c7-2ccb5f0c5f6b/1/WrJabDkrjmejrSH2D9MxHWt_Hlw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WrJabDkrjmejrSH2D9MxHWt_Hlw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:15:70:d4:c4:77:e0:cb:3d:ba:8c:97:99:c5:90:f1:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ab25a6c392b8e67a3ad21f60fd3311d6b7f1e5c
        Validity
            Not Before: Jun 14 06:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2b55834bd1c1301053e1183f167a399e599fd879
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:51:74:0b:ff:38:bd:3a:24:1f:ff:28:99:13:
                    5f:06:3c:94:7c:78:0c:97:f6:da:eb:77:ae:5b:7c:
                    34:0d:20:40:ef:11:a2:71:01:ff:76:ae:68:91:46:
                    fd:8a:d7:bd:2a:63:c0:a6:96:6b:df:6b:0f:61:72:
                    05:62:df:7d:cb:6c:08:e4:43:17:42:5a:8e:2d:2e:
                    6c:73:be:4d:dc:79:a4:2d:b4:4d:ef:c7:a4:b5:a3:
                    0f:49:34:70:7b:40:91:a8:80:99:47:b1:87:90:75:
                    f9:8e:57:fa:de:d9:21:89:9b:96:74:8b:e4:8d:5e:
                    34:2a:18:79:a8:ae:8e:56:07:1f:d5:9c:63:ff:4f:
                    95:95:75:7d:0a:e5:22:67:65:2e:cc:8e:4e:62:58:
                    20:0d:62:ac:82:b9:35:e6:b5:92:e1:e7:d3:97:14:
                    22:1d:83:ac:a8:1e:c4:16:ce:21:42:ad:83:e8:8c:
                    57:3b:28:14:ba:02:d6:f9:95:62:a7:c5:da:5d:e1:
                    6f:7f:1b:93:fd:ac:c3:13:be:91:f8:04:a9:07:cb:
                    b1:82:25:d2:91:8b:6e:3a:82:63:c5:7b:24:9a:59:
                    bf:31:80:57:2d:23:f5:59:db:8e:ef:67:a0:f6:fa:
                    06:e8:d1:36:72:17:f7:9f:0d:8e:10:ba:81:05:43:
                    fb:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:55:83:4B:D1:C1:30:10:53:E1:18:3F:16:7A:39:9E:59:9F:D8:79
            X509v3 Authority Key Identifier:
                keyid:5A:B2:5A:6C:39:2B:8E:67:A3:AD:21:F6:0F:D3:31:1D:6B:7F:1E:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WrJabDkrjmejrSH2D9MxHWt_Hlw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/81f76f-d878-44a1-82c7-2ccb5f0c5f6b/1/K1WDS9HBMBBT4Rg_Fno5nlmf2Hk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/81f76f-d878-44a1-82c7-2ccb5f0c5f6b/1/WrJabDkrjmejrSH2D9MxHWt_Hlw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.202.160.0/22
                  194.145.220.0/23

    Signature Algorithm: sha256WithRSAEncryption
         26:43:d7:34:31:79:17:22:92:22:2b:97:ac:b8:c9:e1:0a:8d:
         46:eb:6c:f6:08:df:35:f5:29:a4:2e:7f:05:9a:73:a2:0e:ea:
         cc:3d:b8:ad:65:d7:7b:b4:17:5a:07:e9:71:fc:46:d1:ea:31:
         36:a3:b7:af:de:d8:78:e0:96:e6:8c:08:95:fe:07:20:88:8b:
         d4:52:a8:78:02:2d:b0:dd:36:ba:74:45:ee:64:d7:54:f5:b5:
         66:35:50:25:75:d8:fb:b1:40:05:6c:59:ac:b7:4e:29:c8:91:
         ab:da:7e:57:1a:4f:d9:f3:6e:c6:bd:2f:16:95:a0:5a:da:7b:
         5c:bf:13:d5:67:6f:bd:eb:af:4e:c4:37:2c:1b:94:df:dc:f8:
         fc:d6:e4:2c:6a:7c:cc:b1:50:10:cd:08:6d:c4:c9:dd:ee:83:
         3c:d0:10:ab:c0:f1:1a:b2:2e:66:46:8f:9e:13:64:8c:8b:b4:
         dd:59:d6:17:33:e4:c9:f4:e5:93:bb:08:36:3d:26:a2:0f:73:
         04:94:ca:b8:30:48:d1:1e:bc:eb:77:4d:e4:b7:5d:1c:01:97:
         1e:ce:81:6c:e0:c4:f0:94:37:3b:69:c6:02:6f:98:de:47:a0:
         ae:b5:5b:80:b4:49:85:29:f0:ba:db:48:23:05:09:d6:7d:1e:
         67:80:a6:93
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZAVcNTEd+DLPbqMl5nFkPHmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhYjI1YTZjMzkyYjhlNjdhM2FkMjFmNjBmZDMzMTFkNmI3
ZjFlNWMwHhcNMjQwNjE0MDYzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjU1ODM0YmQxYzEzMDEwNTNlMTE4M2YxNjdhMzk5ZTU5OWZkODc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAolF0C/84vTokH/8omRNfBjyUfHgM
l/ba63euW3w0DSBA7xGicQH/dq5okUb9ite9KmPAppZr32sPYXIFYt99y2wI5EMX
QlqOLS5sc75N3HmkLbRN78ektaMPSTRwe0CRqICZR7GHkHX5jlf63tkhiZuWdIvk
jV40Khh5qK6OVgcf1Zxj/0+VlXV9CuUiZ2UuzI5OYlggDWKsgrk15rWS4efTlxQi
HYOsqB7EFs4hQq2D6IxXOygUugLW+ZVip8XaXeFvfxuT/azDE76R+ASpB8uxgiXS
kYtuOoJjxXskmlm/MYBXLSP1WduO72eg9voG6NE2chf3nw2OELqBBUP7pQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCtVg0vRwTAQU+EYPxZ6OZ5Zn9h5MB8GA1UdIwQY
MBaAFFqyWmw5K45no60h9g/TMR1rfx5cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3JKYWJEa3JqbWVqclNIMkQ5TXhIV3RfSGx3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS84MWY3NmYtZDg3OC00NGExLTgyYzct
MmNjYjVmMGM1ZjZiLzEvSzFXRFM5SEJNQkJUNFJnX0ZubzVubG1mMkhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS84MWY3NmYtZDg3OC00NGExLTgyYzctMmNjYjVmMGM1ZjZi
LzEvV3JKYWJEa3JqbWVqclNIMkQ5TXhIV3RfSGx3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW8qgAwQB
wpHcMA0GCSqGSIb3DQEBCwUAA4IBAQAmQ9c0MXkXIpIiK5esuMnhCo1G62z2CN81
9SmkLn8FmnOiDurMPbitZdd7tBdaB+lx/EbR6jE2o7ev3th44JbmjAiV/gcgiIvU
Uqh4Ai2w3Ta6dEXuZNdU9bVmNVAlddj7sUAFbFmst04pyJGr2n5XGk/Z827GvS8W
laBa2ntcvxPVZ2+9669OxDcsG5Tf3Pj81uQsanzMsVAQzQhtxMnd7oM80BCrwPEa
si5mRo+eE2SMi7TdWdYXM+TJ9OWTuwg2PSaiD3MElMq4MEjRHrzrd03kt10cAZce
zoFs4MTwlDc7acYCb5jeR6CutVuAtEmFKfC620gjBQnWfR5ngKaT
-----END CERTIFICATE-----