Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/kF2-ExabUa8tvR3gaJ2CCaAjJKo.roa
File:                     kF2-ExabUa8tvR3gaJ2CCaAjJKo.roa (raw, json)
Hash identifier:          qyV5PcCe8u7P9IY5iTYibEbiQTogn8gCfb3zCOnDBxo=
Subject key identifier:   90:5D:BE:13:16:9B:51:AF:2D:BD:1D:E0:68:9D:82:09:A0:23:24:AA
Certificate issuer:       /CN=27c8b427c313598a92e8d8ec60e2950da39fc2c9
Certificate serial:       01909CB213D4DDF59729B0795E5F2F994655
Authority key identifier: 27:C8:B4:27:C3:13:59:8A:92:E8:D8:EC:60:E2:95:0D:A3:9F:C2:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J8i0J8MTWYqS6NjsYOKVDaOfwsk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/kF2-ExabUa8tvR3gaJ2CCaAjJKo.roa
Signing time:             Wed 10 Jul 2024 12:50:34 +0000
ROA not before:           Wed 10 Jul 2024 12:50:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        91.102.165.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/J8i0J8MTWYqS6NjsYOKVDaOfwsk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/J8i0J8MTWYqS6NjsYOKVDaOfwsk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J8i0J8MTWYqS6NjsYOKVDaOfwsk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:9c:b2:13:d4:dd:f5:97:29:b0:79:5e:5f:2f:99:46:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27c8b427c313598a92e8d8ec60e2950da39fc2c9
        Validity
            Not Before: Jul 10 12:50:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=905dbe13169b51af2dbd1de0689d8209a02324aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:5d:1b:25:dc:29:1f:4e:1e:91:71:34:be:48:
                    4e:1e:d2:f0:75:7a:7d:b1:53:bc:2b:3e:ef:b7:18:
                    6c:c4:88:80:72:40:69:80:9e:ca:ea:0d:3d:b0:d8:
                    e1:e7:af:a2:ff:15:c6:de:6c:a3:eb:d9:ec:5a:83:
                    e3:1f:a7:6e:14:4c:4c:a9:5f:ce:30:9c:52:b2:37:
                    ba:b5:dc:66:77:f4:05:13:62:8d:b6:e3:dc:81:45:
                    4e:c0:d6:f5:8d:d4:85:d8:3b:1d:3a:ce:de:99:8f:
                    59:81:a1:d0:b0:12:5e:59:c9:f4:08:52:0b:2e:60:
                    e8:0e:a0:3b:db:2d:4a:69:1b:0c:e2:1b:25:d6:dc:
                    76:4e:85:06:02:b9:da:78:b5:13:c6:96:96:eb:ee:
                    34:af:33:75:34:fb:fe:48:10:56:99:93:a5:13:da:
                    3e:d2:56:56:ae:85:75:3c:d6:f6:fd:85:44:5c:4c:
                    ac:f2:04:67:b6:9c:99:e4:59:52:82:52:93:dd:60:
                    b3:47:04:8a:a0:3e:89:42:8d:2e:a6:70:9e:04:f3:
                    e6:ee:80:34:a1:7d:d2:af:a1:fd:16:74:b2:10:ea:
                    d1:51:ad:21:df:b4:7f:b0:b1:e1:4c:d0:b0:eb:f5:
                    41:70:11:dd:77:6f:d1:af:6c:43:97:63:11:f2:da:
                    23:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:5D:BE:13:16:9B:51:AF:2D:BD:1D:E0:68:9D:82:09:A0:23:24:AA
            X509v3 Authority Key Identifier:
                keyid:27:C8:B4:27:C3:13:59:8A:92:E8:D8:EC:60:E2:95:0D:A3:9F:C2:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J8i0J8MTWYqS6NjsYOKVDaOfwsk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/kF2-ExabUa8tvR3gaJ2CCaAjJKo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/J8i0J8MTWYqS6NjsYOKVDaOfwsk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.102.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:a7:c5:6b:a9:a9:17:96:2c:80:39:58:0b:47:4b:4a:3d:7c:
         a5:21:d0:c6:3a:a8:98:a8:7e:1a:45:0a:c7:6c:d9:7b:69:c2:
         60:bb:85:af:8e:b4:88:e2:00:46:bf:aa:c0:98:ca:32:25:ec:
         a3:ee:db:3e:4d:9a:75:fc:83:c2:eb:95:33:f5:3c:59:54:4d:
         d8:4b:22:5d:93:3e:31:df:54:35:8a:9a:33:10:d6:23:cc:b2:
         68:b9:ff:46:3c:e1:11:be:f5:13:85:46:33:12:44:9e:2a:8f:
         23:7e:69:41:26:e3:ce:a3:3b:f4:a6:d0:52:22:02:d8:17:71:
         d3:5d:d2:41:38:df:36:56:f7:87:af:5d:7a:6c:6f:05:c8:96:
         b8:2d:5a:fd:06:0e:7b:dc:95:61:6b:e7:0b:47:e5:9f:33:35:
         79:2f:a0:94:11:39:b8:20:58:24:f3:41:f2:ff:45:e1:9f:4c:
         57:e6:19:cf:a9:48:65:0b:70:d1:fa:e0:fa:8d:58:06:23:ce:
         35:86:1a:7c:c8:33:f2:b1:af:a0:ce:5b:1f:b7:6a:6d:72:34:
         c8:dd:ea:41:00:96:6c:2d:3b:e3:95:a7:9d:42:aa:eb:59:17:
         0c:34:cf:c0:ab:90:8f:95:47:5b:1f:62:58:71:be:ea:78:42:
         82:65:16:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCcshPU3fWXKbB5Xl8vmUZVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YzhiNDI3YzMxMzU5OGE5MmU4ZDhlYzYwZTI5NTBkYTM5
ZmMyYzkwHhcNMjQwNzEwMTI1MDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDVkYmUxMzE2OWI1MWFmMmRiZDFkZTA2ODlkODIwOWEwMjMyNGFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8l0bJdwpH04ekXE0vkhOHtLwdXp9
sVO8Kz7vtxhsxIiAckBpgJ7K6g09sNjh56+i/xXG3myj69nsWoPjH6duFExMqV/O
MJxSsje6tdxmd/QFE2KNtuPcgUVOwNb1jdSF2DsdOs7emY9ZgaHQsBJeWcn0CFIL
LmDoDqA72y1KaRsM4hsl1tx2ToUGArnaeLUTxpaW6+40rzN1NPv+SBBWmZOlE9o+
0lZWroV1PNb2/YVEXEys8gRntpyZ5FlSglKT3WCzRwSKoD6JQo0upnCeBPPm7oA0
oX3Sr6H9FnSyEOrRUa0h37R/sLHhTNCw6/VBcBHdd2/Rr2xDl2MR8tojUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJBdvhMWm1GvLb0d4GidggmgIySqMB8GA1UdIwQY
MBaAFCfItCfDE1mKkujY7GDilQ2jn8LJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjhpMEo4TVRXWXFTNk5qc1lPS1ZEYU9md3NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9hN2NkYmYtZGE4ZS00ZDQzLWJkYzct
MWM2ZWU0NGUxMWFkLzEva0YyLUV4YWJVYTh0dlIzZ2FKMkNDYUFqSktvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9hN2NkYmYtZGE4ZS00ZDQzLWJkYzctMWM2ZWU0NGUxMWFk
LzEvSjhpMEo4TVRXWXFTNk5qc1lPS1ZEYU9md3NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW2alMA0G
CSqGSIb3DQEBCwUAA4IBAQBNp8VrqakXliyAOVgLR0tKPXylIdDGOqiYqH4aRQrH
bNl7acJgu4WvjrSI4gBGv6rAmMoyJeyj7ts+TZp1/IPC65Uz9TxZVE3YSyJdkz4x
31Q1ipozENYjzLJouf9GPOERvvUThUYzEkSeKo8jfmlBJuPOozv0ptBSIgLYF3HT
XdJBON82VveHr116bG8FyJa4LVr9Bg573JVha+cLR+WfMzV5L6CUETm4IFgk80Hy
/0Xhn0xX5hnPqUhlC3DR+uD6jVgGI841hhp8yDPysa+gzlsft2ptcjTI3epBAJZs
LTvjlaedQqrrWRcMNM/Aq5CPlUdbH2JYcb7qeEKCZRZL
-----END CERTIFICATE-----