Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/kmps_wc-AB0wVobjsGYS1D_jeNI.roa
File:                     kmps_wc-AB0wVobjsGYS1D_jeNI.roa (raw, json)
Hash identifier:          /kX2b2yK3ycxvbAMXjF5yIEdjsEkyhBOAnzs4rcWumU=
Subject key identifier:   92:6A:6C:FF:07:3E:00:1D:30:56:86:E3:B0:66:12:D4:3F:E3:78:D2
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       018CC3B73C0ACEC7EC42A00307E285FA40DB
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/kmps_wc-AB0wVobjsGYS1D_jeNI.roa
Signing time:             Mon 01 Jan 2024 06:30:14 +0000
ROA not before:           Mon 01 Jan 2024 06:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198855
IP address blocks:        90.83.124.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 13:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:3c:0a:ce:c7:ec:42:a0:03:07:e2:85:fa:40:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jan  1 06:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=926a6cff073e001d305686e3b06612d43fe378d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:68:10:44:c2:6e:90:14:34:ca:af:f6:20:9c:
                    12:82:87:df:b6:76:7a:14:bc:df:2c:b7:16:e7:bc:
                    3a:66:9d:39:84:07:b6:d2:47:3b:d6:e7:e7:31:8b:
                    0e:3c:8e:3f:79:82:4e:16:02:47:8d:4e:60:29:9e:
                    55:da:70:60:ab:9d:e5:15:44:b6:93:14:ef:5e:f2:
                    c4:02:29:05:3d:0e:4f:5e:cc:80:2e:25:e3:7e:77:
                    f4:5f:fd:7a:8a:44:de:1c:0e:8a:89:4d:0d:c9:d5:
                    ab:8a:97:2c:e2:dc:3b:d5:96:28:b7:84:bc:1b:6e:
                    53:e6:6b:ac:7a:80:91:3b:85:b9:5a:71:34:9f:9c:
                    66:9e:21:25:e6:7b:26:3f:d7:8c:81:bd:0e:7d:4b:
                    9f:75:ee:32:a6:70:f1:50:ce:9e:d0:9e:1a:c3:5e:
                    7b:a2:2f:0a:15:1c:44:60:92:c6:fd:06:8a:7e:cb:
                    be:ff:41:a1:46:28:2b:63:ca:65:3d:cd:cf:79:ba:
                    cd:09:e7:be:7b:c3:fc:9c:56:3a:28:66:50:36:13:
                    5b:39:88:7c:d4:ca:99:6c:e9:2f:5c:94:6f:2f:b2:
                    9c:7b:2a:7d:6a:72:3f:16:dd:46:f9:40:38:6a:b4:
                    49:9d:54:39:13:85:4b:4c:ef:86:98:9f:39:e8:10:
                    49:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:6A:6C:FF:07:3E:00:1D:30:56:86:E3:B0:66:12:D4:3F:E3:78:D2
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/kmps_wc-AB0wVobjsGYS1D_jeNI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  90.83.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:58:c3:02:89:10:f7:b9:78:35:37:ce:a8:04:52:0e:1b:ea:
         40:78:a2:0d:30:b5:cd:0f:22:35:f4:9a:f6:5e:02:42:59:b0:
         32:7b:8f:1f:3c:36:38:6b:5e:ff:b1:7c:78:64:88:09:cc:34:
         69:88:74:bc:c1:08:32:09:8f:a9:76:4c:31:16:34:34:e8:fb:
         95:86:d8:45:ab:b3:c0:95:ed:74:c2:cf:cc:00:46:45:10:45:
         58:eb:21:86:10:9d:7f:f8:ab:59:a4:b9:95:7c:37:2c:6e:c8:
         98:0a:af:82:80:2e:52:39:86:81:22:9c:cb:6c:d2:4f:0e:48:
         a1:4a:50:4f:4c:b8:c3:4a:d7:f9:55:3d:47:42:72:5e:01:15:
         ba:b0:f9:56:4d:99:88:b3:d0:37:38:cc:5c:9d:7b:fa:da:1a:
         32:e8:d6:e2:6c:cf:f2:c9:30:77:4b:c7:49:ee:29:48:c0:b2:
         4c:99:91:a0:bc:02:f2:4b:c3:34:db:31:5e:9a:af:c2:0a:f1:
         79:3b:a4:db:e6:37:09:a8:f4:e1:ba:21:6f:a6:17:22:dd:ea:
         c9:dc:0f:da:e6:81:7f:39:0d:a4:8d:10:2c:6a:a6:31:0f:16:
         72:ab:4e:d7:3b:3f:24:1a:81:c2:6a:85:5d:d1:9f:94:0d:ba:
         7d:a4:3b:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtzwKzsfsQqADB+KF+kDbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjQwMTAxMDYzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjZhNmNmZjA3M2UwMDFkMzA1Njg2ZTNiMDY2MTJkNDNmZTM3OGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxWgQRMJukBQ0yq/2IJwSgofftnZ6
FLzfLLcW57w6Zp05hAe20kc71ufnMYsOPI4/eYJOFgJHjU5gKZ5V2nBgq53lFUS2
kxTvXvLEAikFPQ5PXsyALiXjfnf0X/16ikTeHA6KiU0NydWripcs4tw71ZYot4S8
G25T5museoCRO4W5WnE0n5xmniEl5nsmP9eMgb0OfUufde4ypnDxUM6e0J4aw157
oi8KFRxEYJLG/QaKfsu+/0GhRigrY8plPc3PebrNCee+e8P8nFY6KGZQNhNbOYh8
1MqZbOkvXJRvL7Kceyp9anI/Ft1G+UA4arRJnVQ5E4VLTO+GmJ856BBJPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJJqbP8HPgAdMFaG47BmEtQ/43jSMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEva21wc193Yy1BQjB3Vm9ianNHWVMxRF9qZU5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWlN8MA0G
CSqGSIb3DQEBCwUAA4IBAQBfWMMCiRD3uXg1N86oBFIOG+pAeKINMLXNDyI19Jr2
XgJCWbAye48fPDY4a17/sXx4ZIgJzDRpiHS8wQgyCY+pdkwxFjQ06PuVhthFq7PA
le10ws/MAEZFEEVY6yGGEJ1/+KtZpLmVfDcsbsiYCq+CgC5SOYaBIpzLbNJPDkih
SlBPTLjDStf5VT1HQnJeARW6sPlWTZmIs9A3OMxcnXv62hoy6NbibM/yyTB3S8dJ
7ilIwLJMmZGgvALyS8M02zFemq/CCvF5O6Tb5jcJqPThuiFvphci3erJ3A/a5oF/
OQ2kjRAsaqYxDxZyq07XOz8kGoHCaoVd0Z+UDbp9pDsn
-----END CERTIFICATE-----