Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/5a7d2f-5168-4720-8ce0-704149619c46/1/kMXPU5CC7cVcdzaf7WQw3c4xK98.roa
File:                     kMXPU5CC7cVcdzaf7WQw3c4xK98.roa (raw, json)
Hash identifier:          3CxWaASiUecd0etUCPnNX78fq71Dv7n6O0wAa3/VNd8=
Subject key identifier:   90:C5:CF:53:90:82:ED:C5:5C:77:36:9F:ED:64:30:DD:CE:31:2B:DF
Certificate issuer:       /CN=458cc52a0707cc340ac9c7f6e9028b64b70267bc
Certificate serial:       018E1DF4B9BB36AF6437360C751B3173EB61
Authority key identifier: 45:8C:C5:2A:07:07:CC:34:0A:C9:C7:F6:E9:02:8B:64:B7:02:67:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RYzFKgcHzDQKycf26QKLZLcCZ7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/5a7d2f-5168-4720-8ce0-704149619c46/1/kMXPU5CC7cVcdzaf7WQw3c4xK98.roa
Signing time:             Fri 08 Mar 2024 12:06:01 +0000
ROA not before:           Fri 08 Mar 2024 12:06:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216054
IP address blocks:        194.1.155.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/5a7d2f-5168-4720-8ce0-704149619c46/1/RYzFKgcHzDQKycf26QKLZLcCZ7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/5a7d2f-5168-4720-8ce0-704149619c46/1/RYzFKgcHzDQKycf26QKLZLcCZ7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RYzFKgcHzDQKycf26QKLZLcCZ7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 00:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:1d:f4:b9:bb:36:af:64:37:36:0c:75:1b:31:73:eb:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=458cc52a0707cc340ac9c7f6e9028b64b70267bc
        Validity
            Not Before: Mar  8 12:06:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=90c5cf539082edc55c77369fed6430ddce312bdf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:e7:04:8b:31:e3:73:7b:e1:33:4f:fc:ab:3e:
                    1b:04:25:25:d4:49:90:12:97:f0:27:cb:2a:4b:f3:
                    a0:2c:e6:f4:ff:5c:d2:a6:77:21:b3:2f:29:f7:33:
                    98:20:5a:03:dc:b5:80:78:4e:60:88:98:c3:91:e2:
                    91:d9:04:e1:56:4d:36:ed:19:8f:92:44:c1:7c:67:
                    ed:69:9f:b0:de:85:e0:6c:f3:75:85:54:0c:70:9e:
                    67:de:64:19:89:e4:2a:db:53:3c:fc:8b:77:51:03:
                    18:98:52:ec:15:db:5a:39:a0:72:78:31:ee:1b:b6:
                    65:83:a4:06:86:43:64:c9:17:3b:81:8a:b0:2a:ff:
                    b1:03:a7:49:88:8e:d3:dc:c0:8d:f6:44:d7:08:a8:
                    8a:a9:c5:04:05:e4:2e:78:1d:9b:a3:e6:69:7a:bf:
                    99:49:7a:e6:6f:79:e0:a4:d3:ac:71:4b:f6:37:61:
                    a8:1a:3b:9d:08:65:02:74:f9:c9:f8:c4:b6:31:d6:
                    38:2d:67:8d:3a:5a:cc:e8:b7:61:fc:78:7a:8f:05:
                    ee:9c:fc:b4:ca:c4:31:65:9d:f7:27:12:a5:ac:7e:
                    95:8e:7f:5b:39:ff:1a:25:ff:99:45:02:4a:54:4b:
                    87:25:9f:e9:70:fd:46:20:a6:42:e8:4d:a5:e6:e6:
                    51:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:C5:CF:53:90:82:ED:C5:5C:77:36:9F:ED:64:30:DD:CE:31:2B:DF
            X509v3 Authority Key Identifier:
                keyid:45:8C:C5:2A:07:07:CC:34:0A:C9:C7:F6:E9:02:8B:64:B7:02:67:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RYzFKgcHzDQKycf26QKLZLcCZ7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/5a7d2f-5168-4720-8ce0-704149619c46/1/kMXPU5CC7cVcdzaf7WQw3c4xK98.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/5a7d2f-5168-4720-8ce0-704149619c46/1/RYzFKgcHzDQKycf26QKLZLcCZ7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.1.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:e0:63:25:04:79:4a:36:c2:f7:11:24:e4:81:3c:05:e1:5f:
         d7:59:92:43:8a:39:dc:94:23:26:fd:42:7e:ad:ff:62:cc:a2:
         cf:23:84:d1:90:66:e2:10:c2:ca:0f:b9:0d:74:f3:07:5e:75:
         7c:1d:d8:98:a6:b3:83:0e:b2:d8:39:2f:3c:bd:4d:02:04:a9:
         76:b2:03:91:94:65:3d:5b:59:37:f5:ec:b0:e5:ae:7a:e2:94:
         39:30:30:b6:b5:e2:a8:be:68:46:59:1b:51:f0:24:d0:28:5e:
         80:bc:5e:fb:28:f9:fc:dc:b8:93:fe:07:b6:08:73:5a:fc:e3:
         51:ef:04:ec:b6:76:97:a2:6c:bb:2f:e1:6e:7c:55:74:55:04:
         46:76:32:02:fb:9b:91:a3:81:05:76:91:01:1e:ba:05:39:30:
         e9:db:9b:13:c1:a5:7e:a2:82:95:47:57:11:7f:87:05:78:7e:
         47:cb:f4:51:aa:07:f1:af:ce:af:b3:f6:bd:67:69:2f:fd:3a:
         f5:eb:da:3e:d3:53:3e:90:7f:35:c1:0b:8d:95:65:af:0a:c5:
         a1:c1:e7:76:ef:09:d9:53:84:4a:29:f0:05:56:1e:34:9d:9e:
         30:67:4d:2b:b9:d7:b1:04:be:f3:14:f6:a8:89:36:a7:b6:15:
         66:1b:40:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4d9Lm7Nq9kNzYMdRsxc+thMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1OGNjNTJhMDcwN2NjMzQwYWM5YzdmNmU5MDI4YjY0Yjcw
MjY3YmMwHhcNMjQwMzA4MTIwNjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGM1Y2Y1MzkwODJlZGM1NWM3NzM2OWZlZDY0MzBkZGNlMzEyYmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgecEizHjc3vhM0/8qz4bBCUl1EmQ
EpfwJ8sqS/OgLOb0/1zSpnchsy8p9zOYIFoD3LWAeE5giJjDkeKR2QThVk027RmP
kkTBfGftaZ+w3oXgbPN1hVQMcJ5n3mQZieQq21M8/It3UQMYmFLsFdtaOaByeDHu
G7Zlg6QGhkNkyRc7gYqwKv+xA6dJiI7T3MCN9kTXCKiKqcUEBeQueB2bo+Zper+Z
SXrmb3ngpNOscUv2N2GoGjudCGUCdPnJ+MS2MdY4LWeNOlrM6Ldh/Hh6jwXunPy0
ysQxZZ33JxKlrH6Vjn9bOf8aJf+ZRQJKVEuHJZ/pcP1GIKZC6E2l5uZROwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJDFz1OQgu3FXHc2n+1kMN3OMSvfMB8GA1UdIwQY
MBaAFEWMxSoHB8w0CsnH9ukCi2S3Ame8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUll6RktnY0h6RFFLeWNmMjZRS0xaTGNDWjd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS81YTdkMmYtNTE2OC00NzIwLThjZTAt
NzA0MTQ5NjE5YzQ2LzEva01YUFU1Q0M3Y1ZjZHphZjdXUXczYzR4Szk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS81YTdkMmYtNTE2OC00NzIwLThjZTAtNzA0MTQ5NjE5YzQ2
LzEvUll6RktnY0h6RFFLeWNmMjZRS0xaTGNDWjd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgGbMA0G
CSqGSIb3DQEBCwUAA4IBAQCK4GMlBHlKNsL3ESTkgTwF4V/XWZJDijnclCMm/UJ+
rf9izKLPI4TRkGbiEMLKD7kNdPMHXnV8HdiYprODDrLYOS88vU0CBKl2sgORlGU9
W1k39eyw5a564pQ5MDC2teKovmhGWRtR8CTQKF6AvF77KPn83LiT/ge2CHNa/ONR
7wTstnaXomy7L+FufFV0VQRGdjIC+5uRo4EFdpEBHroFOTDp25sTwaV+ooKVR1cR
f4cFeH5Hy/RRqgfxr86vs/a9Z2kv/Tr169o+01M+kH81wQuNlWWvCsWhwed27wnZ
U4RKKfAFVh40nZ4wZ00rudexBL7zFPaoiTanthVmG0B/
-----END CERTIFICATE-----