Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/KG99ZaelzWjeIqNtxFRm12q_bg0.roa
File:                     KG99ZaelzWjeIqNtxFRm12q_bg0.roa (raw, json)
Hash identifier:          5Oj46QZw/4vX6GsbrcfX86pMcPh1Y1M6TiSVrexkkMs=
Subject key identifier:   28:6F:7D:65:A7:A5:CD:68:DE:22:A3:6D:C4:54:66:D7:6A:BF:6E:0D
Certificate issuer:       /CN=9799140b42db6cb6bf8c6dd413747fcf4a6fd9b5
Certificate serial:       018D70F53BEC3B575ADB252033484A96110F
Authority key identifier: 97:99:14:0B:42:DB:6C:B6:BF:8C:6D:D4:13:74:7F:CF:4A:6F:D9:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/KG99ZaelzWjeIqNtxFRm12q_bg0.roa
Signing time:             Sat 03 Feb 2024 21:52:16 +0000
ROA not before:           Sat 03 Feb 2024 21:52:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216106
IP address blocks:        82.206.22.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:70:f5:3b:ec:3b:57:5a:db:25:20:33:48:4a:96:11:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9799140b42db6cb6bf8c6dd413747fcf4a6fd9b5
        Validity
            Not Before: Feb  3 21:52:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=286f7d65a7a5cd68de22a36dc45466d76abf6e0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:d9:12:6e:15:95:7b:d8:d8:d8:8e:0a:c1:01:
                    ea:22:41:73:4e:c2:3d:00:81:99:36:d3:a4:23:0f:
                    cf:03:f3:03:15:85:1f:c2:e1:ea:18:9b:ce:bb:7c:
                    d0:4f:66:53:de:e3:14:3a:df:09:67:3c:92:00:f2:
                    9d:69:d0:c6:9c:a6:d1:28:77:51:f8:e8:df:37:39:
                    b2:46:1b:b0:22:2e:12:52:5f:d2:40:c1:e1:a1:48:
                    ad:54:38:d9:00:b3:76:50:4c:61:b7:0a:1a:5f:3c:
                    0c:2a:2e:ac:05:ee:5a:14:17:58:c7:13:6d:2d:a6:
                    4a:dd:fc:29:9e:58:97:d1:c0:4f:2b:90:1a:48:df:
                    58:e5:c2:c3:17:ea:c9:a1:ca:a5:06:c6:c7:62:f4:
                    2d:33:c1:68:d4:b5:60:38:d0:31:1b:25:9e:e9:79:
                    1c:82:7f:47:c9:6d:e8:78:08:ae:27:4f:d3:fe:74:
                    b1:95:5c:13:b4:bd:94:31:5f:b9:35:bb:5f:04:18:
                    3b:5e:d4:89:ed:45:88:0d:90:89:3f:a7:01:e1:d8:
                    d5:97:f6:fc:99:7e:cd:eb:ff:55:a4:e3:10:7c:20:
                    9d:14:b8:f8:b2:70:8e:0d:77:99:4d:57:26:d5:29:
                    ae:42:d0:2d:cc:19:a6:3b:bf:52:eb:4b:cf:80:06:
                    7c:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:6F:7D:65:A7:A5:CD:68:DE:22:A3:6D:C4:54:66:D7:6A:BF:6E:0D
            X509v3 Authority Key Identifier:
                keyid:97:99:14:0B:42:DB:6C:B6:BF:8C:6D:D4:13:74:7F:CF:4A:6F:D9:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/KG99ZaelzWjeIqNtxFRm12q_bg0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.206.22.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0b:27:db:c1:be:0d:46:2d:33:40:e6:2f:7a:b3:14:ae:4d:4f:
         d6:20:89:ad:1f:82:67:73:7b:21:fa:19:09:64:31:20:a6:cf:
         97:e1:9d:18:b3:44:b4:14:ed:f7:20:ad:49:8c:f7:a9:8c:2c:
         d5:fc:1e:03:2e:76:5b:55:c7:e8:f4:a9:bb:7a:01:c6:83:20:
         4b:f1:11:fd:49:50:bc:fe:82:bd:b0:bc:1d:81:88:d0:5b:5a:
         fa:4b:ba:df:d5:f8:90:b1:58:90:f5:c3:e7:f9:e4:bb:de:09:
         7d:a4:37:19:9c:5b:5c:b4:e3:31:3f:e3:a7:9d:ba:2f:89:d4:
         81:df:ea:76:72:6e:3e:4f:88:f8:49:3e:7b:67:d5:b0:db:63:
         e6:93:a7:3b:1c:b4:18:88:b6:99:75:5a:2d:2f:57:23:1d:9e:
         1e:ab:66:43:25:ce:82:60:e0:f6:5d:79:08:10:d4:54:6f:fe:
         87:c7:49:13:77:68:c7:62:47:57:59:fe:18:4b:42:39:34:60:
         84:5d:10:eb:7e:83:a3:9e:1f:5d:a2:96:54:50:ab:f0:62:fe:
         97:47:74:39:65:f1:1a:d5:3c:98:ce:5f:c4:26:36:09:fd:cd:
         e4:89:12:43:a4:4d:dd:98:36:bc:a3:da:9d:d3:ad:65:fc:15:
         65:93:97:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1w9TvsO1da2yUgM0hKlhEPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3OTkxNDBiNDJkYjZjYjZiZjhjNmRkNDEzNzQ3ZmNmNGE2
ZmQ5YjUwHhcNMjQwMjAzMjE1MjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODZmN2Q2NWE3YTVjZDY4ZGUyMmEzNmRjNDU0NjZkNzZhYmY2ZTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgdkSbhWVe9jY2I4KwQHqIkFzTsI9
AIGZNtOkIw/PA/MDFYUfwuHqGJvOu3zQT2ZT3uMUOt8JZzySAPKdadDGnKbRKHdR
+OjfNzmyRhuwIi4SUl/SQMHhoUitVDjZALN2UExhtwoaXzwMKi6sBe5aFBdYxxNt
LaZK3fwpnliX0cBPK5AaSN9Y5cLDF+rJocqlBsbHYvQtM8Fo1LVgONAxGyWe6Xkc
gn9HyW3oeAiuJ0/T/nSxlVwTtL2UMV+5NbtfBBg7XtSJ7UWIDZCJP6cB4djVl/b8
mX7N6/9VpOMQfCCdFLj4snCODXeZTVcm1SmuQtAtzBmmO79S60vPgAZ8ywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFChvfWWnpc1o3iKjbcRUZtdqv24NMB8GA1UdIwQY
MBaAFJeZFAtC22y2v4xt1BN0f89Kb9m1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDVrVUMwTGJiTGFfakczVUUzUl96MHB2MmJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS80ZWVmMDMtOTFmZS00NDVhLWE3Y2Qt
NTk1OTE5YmUwZjUyLzEvS0c5OVphZWx6V2plSXFOdHhGUm0xMnFfYmcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS80ZWVmMDMtOTFmZS00NDVhLWE3Y2QtNTk1OTE5YmUwZjUy
LzEvbDVrVUMwTGJiTGFfakczVUUzUl96MHB2MmJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUs4WMA0G
CSqGSIb3DQEBCwUAA4IBAQALJ9vBvg1GLTNA5i96sxSuTU/WIImtH4Jnc3sh+hkJ
ZDEgps+X4Z0Ys0S0FO33IK1JjPepjCzV/B4DLnZbVcfo9Km7egHGgyBL8RH9SVC8
/oK9sLwdgYjQW1r6S7rf1fiQsViQ9cPn+eS73gl9pDcZnFtctOMxP+OnnbovidSB
3+p2cm4+T4j4ST57Z9Ww22Pmk6c7HLQYiLaZdVotL1cjHZ4eq2ZDJc6CYOD2XXkI
ENRUb/6Hx0kTd2jHYkdXWf4YS0I5NGCEXRDrfoOjnh9dopZUUKvwYv6XR3Q5ZfEa
1TyYzl/EJjYJ/c3kiRJDpE3dmDa8o9qd061l/BVlk5d1
-----END CERTIFICATE-----