Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/3ac761-9ad8-4513-8a32-1f55d9999eeb/1/KHcCnfyu6PL4Vtd4A5i27l--x4I.roa
File:                     KHcCnfyu6PL4Vtd4A5i27l--x4I.roa (raw, json)
Hash identifier:          1wJdSNtnrgJugpKF9tL8pMT5VDk31UiJAyybRcs7VHQ=
Subject key identifier:   28:77:02:9D:FC:AE:E8:F2:F8:56:D7:78:03:98:B6:EE:5F:BE:C7:82
Certificate issuer:       /CN=44728fb31c4ebdfb9bf129745b91bd2e2ee8ef31
Certificate serial:       018CC94ACE638D0413EA4B4CDC1E2CE5E905
Authority key identifier: 44:72:8F:B3:1C:4E:BD:FB:9B:F1:29:74:5B:91:BD:2E:2E:E8:EF:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RHKPsxxOvfub8Sl0W5G9Li7o7zE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/3ac761-9ad8-4513-8a32-1f55d9999eeb/1/KHcCnfyu6PL4Vtd4A5i27l--x4I.roa
Signing time:             Tue 02 Jan 2024 08:29:32 +0000
ROA not before:           Tue 02 Jan 2024 08:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19750
IP address blocks:        185.235.85.0/24 maxlen: 24
                          91.199.242.0/24 maxlen: 24
                          91.212.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/3ac761-9ad8-4513-8a32-1f55d9999eeb/1/RHKPsxxOvfub8Sl0W5G9Li7o7zE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/3ac761-9ad8-4513-8a32-1f55d9999eeb/1/RHKPsxxOvfub8Sl0W5G9Li7o7zE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RHKPsxxOvfub8Sl0W5G9Li7o7zE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:ce:63:8d:04:13:ea:4b:4c:dc:1e:2c:e5:e9:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44728fb31c4ebdfb9bf129745b91bd2e2ee8ef31
        Validity
            Not Before: Jan  2 08:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2877029dfcaee8f2f856d7780398b6ee5fbec782
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:b2:3c:6f:fd:a1:df:cb:10:34:8a:dd:f9:3b:
                    2a:e5:54:89:9d:79:98:36:83:34:7f:41:0e:92:a9:
                    66:e7:90:5f:e0:90:12:23:e6:fb:83:ee:09:a7:7c:
                    b2:8b:44:46:d6:a3:42:a8:e6:98:9a:9c:6b:31:b7:
                    79:bc:6c:34:8a:c9:5d:0b:f2:73:b1:31:b1:35:19:
                    96:cb:ee:bf:56:c7:d0:f4:a1:96:85:69:7b:0e:25:
                    44:e8:3b:ab:c1:bc:e5:d8:2e:5c:59:92:99:d7:aa:
                    80:bc:94:53:06:84:61:f4:41:c0:60:e7:bb:42:b7:
                    62:10:1c:2d:e4:1b:a9:73:2d:07:a5:aa:a5:8c:10:
                    c3:2c:e5:40:46:29:7c:07:d8:a4:46:3b:eb:04:24:
                    8a:e2:75:e2:a0:a4:e0:a3:77:dd:d0:00:1f:38:79:
                    67:e3:78:92:24:fc:36:12:7a:26:37:33:3d:04:df:
                    7f:cc:d4:2c:48:f5:ae:1b:22:b8:9f:ab:f2:97:31:
                    02:3e:01:2c:71:e0:87:49:e9:8c:a4:2d:96:e2:9b:
                    6d:b2:d4:3f:fc:e9:17:34:89:78:ca:80:8e:76:03:
                    9f:0f:20:d3:2c:fb:fa:7c:aa:36:18:59:99:40:b2:
                    d0:2b:b0:08:ec:94:8e:8e:17:62:1a:28:cd:3c:0f:
                    2b:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:77:02:9D:FC:AE:E8:F2:F8:56:D7:78:03:98:B6:EE:5F:BE:C7:82
            X509v3 Authority Key Identifier:
                keyid:44:72:8F:B3:1C:4E:BD:FB:9B:F1:29:74:5B:91:BD:2E:2E:E8:EF:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RHKPsxxOvfub8Sl0W5G9Li7o7zE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/3ac761-9ad8-4513-8a32-1f55d9999eeb/1/KHcCnfyu6PL4Vtd4A5i27l--x4I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/3ac761-9ad8-4513-8a32-1f55d9999eeb/1/RHKPsxxOvfub8Sl0W5G9Li7o7zE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.242.0/24
                  91.212.98.0/24
                  185.235.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:1e:a4:c1:85:75:9a:b8:bf:a5:f8:d6:a2:14:89:8d:9c:d9:
         dc:3f:ae:b1:9f:cc:62:2c:f7:fd:8f:55:e2:94:25:bd:12:da:
         28:6b:a5:91:4b:83:0b:50:dd:8f:62:46:4e:ab:da:2e:cb:13:
         b2:e7:91:1b:66:4d:34:46:6f:b8:ac:60:71:6b:fb:e4:34:2c:
         10:16:c8:50:24:8c:53:f5:c9:56:30:b8:9d:38:ae:22:b4:f5:
         bd:e9:31:a9:32:9c:a6:2b:5a:9b:f1:88:74:fb:fa:e7:82:d5:
         c4:2f:aa:a6:03:88:86:64:89:c4:a7:5e:cf:1e:37:32:fd:22:
         6c:43:ec:19:9c:35:35:ac:66:bc:b8:6a:05:99:84:2f:81:63:
         bc:54:5f:87:31:35:8e:b2:d0:bd:50:dd:5e:b1:8d:54:c5:df:
         1e:ad:7d:fe:22:ab:f8:c0:9a:d3:68:8c:13:d9:f2:30:77:57:
         2a:3b:65:a4:44:f6:a9:9e:6a:b1:63:9c:8c:9d:cc:fa:92:61:
         5c:ff:f1:44:72:24:e9:b3:b7:f2:89:90:a0:d0:cd:1f:7c:60:
         02:fc:3e:3b:be:2b:25:ac:48:cb:2d:38:4d:05:43:d7:00:5a:
         4d:d8:6b:71:53:cf:b9:39:5d:4d:b1:5d:15:b8:cc:49:84:47:
         59:d1:1f:24
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJSs5jjQQT6ktM3B4s5ekFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NzI4ZmIzMWM0ZWJkZmI5YmYxMjk3NDViOTFiZDJlMmVl
OGVmMzEwHhcNMjQwMTAyMDgyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODc3MDI5ZGZjYWVlOGYyZjg1NmQ3NzgwMzk4YjZlZTVmYmVjNzgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu7I8b/2h38sQNIrd+Tsq5VSJnXmY
NoM0f0EOkqlm55Bf4JASI+b7g+4Jp3yyi0RG1qNCqOaYmpxrMbd5vGw0isldC/Jz
sTGxNRmWy+6/VsfQ9KGWhWl7DiVE6Durwbzl2C5cWZKZ16qAvJRTBoRh9EHAYOe7
QrdiEBwt5Bupcy0HpaqljBDDLOVARil8B9ikRjvrBCSK4nXioKTgo3fd0AAfOHln
43iSJPw2EnomNzM9BN9/zNQsSPWuGyK4n6vylzECPgEsceCHSemMpC2W4pttstQ/
/OkXNIl4yoCOdgOfDyDTLPv6fKo2GFmZQLLQK7AI7JSOjhdiGijNPA8rvwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCh3Ap38rujy+FbXeAOYtu5fvseCMB8GA1UdIwQY
MBaAFERyj7McTr37m/EpdFuRvS4u6O8xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkhLUHN4eE92ZnViOFNsMFc1RzlMaTdvN3pFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS8zYWM3NjEtOWFkOC00NTEzLThhMzIt
MWY1NWQ5OTk5ZWViLzEvS0hjQ25meXU2UEw0VnRkNEE1aTI3bC0teDRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS8zYWM3NjEtOWFkOC00NTEzLThhMzItMWY1NWQ5OTk5ZWVi
LzEvUkhLUHN4eE92ZnViOFNsMFc1RzlMaTdvN3pFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW8fyAwQA
W9RiAwQAuetVMA0GCSqGSIb3DQEBCwUAA4IBAQBdHqTBhXWauL+l+NaiFImNnNnc
P66xn8xiLPf9j1XilCW9Etooa6WRS4MLUN2PYkZOq9ouyxOy55EbZk00Rm+4rGBx
a/vkNCwQFshQJIxT9clWMLidOK4itPW96TGpMpymK1qb8Yh0+/rngtXEL6qmA4iG
ZInEp17PHjcy/SJsQ+wZnDU1rGa8uGoFmYQvgWO8VF+HMTWOstC9UN1esY1Uxd8e
rX3+Iqv4wJrTaIwT2fIwd1cqO2WkRPapnmqxY5yMncz6kmFc//FEciTps7fyiZCg
0M0ffGAC/D47vislrEjLLThNBUPXAFpN2GtxU8+5OV1NsV0VuMxJhEdZ0R8k
-----END CERTIFICATE-----