Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/4cc4d8-8091-4581-92f4-196f8f064ee4/1/KJWYNaY7Bcx8FX7L6sUedRnIZ8A.roa
File:                     KJWYNaY7Bcx8FX7L6sUedRnIZ8A.roa (raw, json)
Hash identifier:          U6BLWOzo6T3emcopgU8TaikYBEuRCFjPlH41HBa2b7w=
Subject key identifier:   28:95:98:35:A6:3B:05:CC:7C:15:7E:CB:EA:C5:1E:75:19:C8:67:C0
Certificate issuer:       /CN=ba5b651791119f8ebaa3be26f1c756b86309be8e
Certificate serial:       018CC79436211DC0BBA26D415B8688958006
Authority key identifier: BA:5B:65:17:91:11:9F:8E:BA:A3:BE:26:F1:C7:56:B8:63:09:BE:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ultlF5ERn466o74m8cdWuGMJvo4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/4cc4d8-8091-4581-92f4-196f8f064ee4/1/KJWYNaY7Bcx8FX7L6sUedRnIZ8A.roa
Signing time:             Tue 02 Jan 2024 00:30:28 +0000
ROA not before:           Tue 02 Jan 2024 00:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25111
IP address blocks:        194.0.134.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/4cc4d8-8091-4581-92f4-196f8f064ee4/1/ultlF5ERn466o74m8cdWuGMJvo4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/4cc4d8-8091-4581-92f4-196f8f064ee4/1/ultlF5ERn466o74m8cdWuGMJvo4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ultlF5ERn466o74m8cdWuGMJvo4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:36:21:1d:c0:bb:a2:6d:41:5b:86:88:95:80:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba5b651791119f8ebaa3be26f1c756b86309be8e
        Validity
            Not Before: Jan  2 00:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=28959835a63b05cc7c157ecbeac51e7519c867c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:e4:70:02:06:de:f6:78:ec:92:e3:09:c9:13:
                    4f:b0:4d:8d:a4:e0:25:bd:5b:f2:7d:c4:f0:3c:59:
                    73:e3:f0:2d:7e:cb:20:82:0d:45:7d:36:18:c1:d8:
                    c7:33:8b:5f:87:68:80:d9:bd:9f:b4:90:e4:43:88:
                    0c:b1:8d:f0:62:e8:bc:c3:8d:c2:a1:22:0d:af:69:
                    a8:c6:4c:1e:23:a0:64:d0:ef:13:de:ba:77:2b:a1:
                    c6:a4:8f:92:14:04:85:76:da:92:39:dc:45:ed:8b:
                    b8:06:dc:ee:13:a1:64:e7:40:f3:51:ca:ff:4b:07:
                    cf:e9:47:83:2d:92:a1:a5:6c:71:e2:d1:42:e5:94:
                    f0:e5:39:c1:72:0d:87:a2:e0:6e:c5:a0:4f:cf:63:
                    49:9b:c9:6d:82:ff:1a:e5:a5:bd:78:0b:98:b8:5b:
                    f8:a6:df:0e:98:e6:2f:40:1e:3b:ad:d9:60:1e:98:
                    90:94:f5:b5:ae:d5:03:6e:26:50:40:a7:58:ae:38:
                    4a:77:81:45:8c:d1:a6:bc:14:30:26:a6:bd:0d:bb:
                    78:1e:4e:37:68:a4:19:20:eb:ac:2c:17:bf:88:99:
                    52:57:4d:c7:8e:1b:cb:0c:f9:25:a4:bc:99:43:31:
                    98:41:79:c2:81:7e:59:58:e2:2e:34:fe:ba:9d:9e:
                    b4:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:95:98:35:A6:3B:05:CC:7C:15:7E:CB:EA:C5:1E:75:19:C8:67:C0
            X509v3 Authority Key Identifier:
                keyid:BA:5B:65:17:91:11:9F:8E:BA:A3:BE:26:F1:C7:56:B8:63:09:BE:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ultlF5ERn466o74m8cdWuGMJvo4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/4cc4d8-8091-4581-92f4-196f8f064ee4/1/KJWYNaY7Bcx8FX7L6sUedRnIZ8A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/4cc4d8-8091-4581-92f4-196f8f064ee4/1/ultlF5ERn466o74m8cdWuGMJvo4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:3f:e1:e1:31:c6:04:03:cb:75:50:93:7a:c0:1b:02:c8:48:
         fc:c9:24:71:3f:42:91:fd:ff:a8:94:74:03:9c:78:18:43:4b:
         2d:91:0d:76:79:4a:68:24:ea:e2:1e:62:c8:69:4f:ff:70:d7:
         10:66:09:09:61:3b:5c:3f:94:d1:49:26:49:bd:ff:fb:d1:a9:
         e1:dc:51:e6:80:44:89:23:cc:70:e2:0b:93:5f:58:96:0a:88:
         97:ba:ce:1f:cc:0c:92:17:b1:ba:f1:53:2c:6a:07:e8:1e:30:
         f3:a8:36:f8:e1:8b:ff:96:87:31:ad:11:70:a4:3d:8d:50:9f:
         ff:fc:de:c1:74:e2:51:e8:88:4b:36:ce:ee:80:41:57:fb:9d:
         df:bc:69:32:e4:1b:46:9d:fa:a6:4a:a2:f6:9b:14:a7:24:eb:
         08:04:4e:5d:3b:6e:f3:78:c2:30:71:fc:94:66:b1:e4:c7:ae:
         10:87:42:c9:8e:a2:04:9c:89:39:d2:b7:38:1d:07:ad:07:d0:
         7b:54:05:bf:36:ce:6f:dd:15:32:bc:b2:16:b1:dc:48:e6:f8:
         69:a7:f1:af:57:8d:5b:d8:64:21:e7:60:2d:4a:40:f3:66:9e:
         29:da:88:01:b9:86:dd:0b:68:70:ef:48:a7:f2:19:74:7e:d5:
         eb:a3:b2:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlDYhHcC7om1BW4aIlYAGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNWI2NTE3OTExMTlmOGViYWEzYmUyNmYxYzc1NmI4NjMw
OWJlOGUwHhcNMjQwMTAyMDAzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODk1OTgzNWE2M2IwNWNjN2MxNTdlY2JlYWM1MWU3NTE5Yzg2N2MwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAieRwAgbe9njskuMJyRNPsE2NpOAl
vVvyfcTwPFlz4/Atfssggg1FfTYYwdjHM4tfh2iA2b2ftJDkQ4gMsY3wYui8w43C
oSINr2moxkweI6Bk0O8T3rp3K6HGpI+SFASFdtqSOdxF7Yu4BtzuE6Fk50DzUcr/
SwfP6UeDLZKhpWxx4tFC5ZTw5TnBcg2HouBuxaBPz2NJm8ltgv8a5aW9eAuYuFv4
pt8OmOYvQB47rdlgHpiQlPW1rtUDbiZQQKdYrjhKd4FFjNGmvBQwJqa9Dbt4Hk43
aKQZIOusLBe/iJlSV03HjhvLDPklpLyZQzGYQXnCgX5ZWOIuNP66nZ60OQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCiVmDWmOwXMfBV+y+rFHnUZyGfAMB8GA1UdIwQY
MBaAFLpbZReREZ+OuqO+JvHHVrhjCb6OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWx0bEY1RVJuNDY2bzc0bThjZFd1R01Kdm80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS80Y2M0ZDgtODA5MS00NTgxLTkyZjQt
MTk2ZjhmMDY0ZWU0LzEvS0pXWU5hWTdCY3g4Rlg3TDZzVWVkUm5JWjhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS80Y2M0ZDgtODA5MS00NTgxLTkyZjQtMTk2ZjhmMDY0ZWU0
LzEvdWx0bEY1RVJuNDY2bzc0bThjZFd1R01Kdm80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgCGMA0G
CSqGSIb3DQEBCwUAA4IBAQB6P+HhMcYEA8t1UJN6wBsCyEj8ySRxP0KR/f+olHQD
nHgYQ0stkQ12eUpoJOriHmLIaU//cNcQZgkJYTtcP5TRSSZJvf/70anh3FHmgESJ
I8xw4guTX1iWCoiXus4fzAySF7G68VMsagfoHjDzqDb44Yv/locxrRFwpD2NUJ//
/N7BdOJR6IhLNs7ugEFX+53fvGky5BtGnfqmSqL2mxSnJOsIBE5dO27zeMIwcfyU
ZrHkx64Qh0LJjqIEnIk50rc4HQetB9B7VAW/Ns5v3RUyvLIWsdxI5vhpp/GvV41b
2GQh52AtSkDzZp4p2ogBuYbdC2hw70in8hl0ftXro7Lp
-----END CERTIFICATE-----