Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/e9c8e9-b954-4d20-a426-8e0c31223db8/1/KKy9jBy-az3AO-7A7rirw9cUDOg.roa
File:                     KKy9jBy-az3AO-7A7rirw9cUDOg.roa (raw, json)
Hash identifier:          5yzLfN7qnYN9usQXbpJFO2XzH/E35fZE4DNpmqcKHCo=
Subject key identifier:   28:AC:BD:8C:1C:BE:6B:3D:C0:3B:EE:C0:EE:B8:AB:C3:D7:14:0C:E8
Certificate issuer:       /CN=efa842e67147252505f41551f0f735b7f72e3e97
Certificate serial:       018E98A0E4F3C7E66A08DBEA4C91AA68EF80
Authority key identifier: EF:A8:42:E6:71:47:25:25:05:F4:15:51:F0:F7:35:B7:F7:2E:3E:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/76hC5nFHJSUF9BVR8Pc1t_cuPpc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/e9c8e9-b954-4d20-a426-8e0c31223db8/1/KKy9jBy-az3AO-7A7rirw9cUDOg.roa
Signing time:             Mon 01 Apr 2024 07:47:44 +0000
ROA not before:           Mon 01 Apr 2024 07:47:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30058
IP address blocks:        185.165.190.0/24 maxlen: 24
                          185.165.191.0/24 maxlen: 24
                          2a07:85c5::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/e9c8e9-b954-4d20-a426-8e0c31223db8/1/76hC5nFHJSUF9BVR8Pc1t_cuPpc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/e9c8e9-b954-4d20-a426-8e0c31223db8/1/76hC5nFHJSUF9BVR8Pc1t_cuPpc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/76hC5nFHJSUF9BVR8Pc1t_cuPpc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 16:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:98:a0:e4:f3:c7:e6:6a:08:db:ea:4c:91:aa:68:ef:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=efa842e67147252505f41551f0f735b7f72e3e97
        Validity
            Not Before: Apr  1 07:47:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=28acbd8c1cbe6b3dc03beec0eeb8abc3d7140ce8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:28:63:40:8d:0f:dc:d2:9b:09:f5:9b:85:30:
                    7d:75:2d:33:69:cd:5d:9a:ce:e6:d1:d8:7d:95:a9:
                    cb:24:b1:6f:19:1b:84:f4:f8:d6:58:18:89:01:45:
                    02:04:ff:e3:62:3f:5d:d4:ff:86:22:3e:df:4b:6e:
                    a8:ad:19:71:06:fd:ef:f6:39:e0:57:da:bc:57:d5:
                    d6:6d:16:d1:cc:27:3c:1d:cc:7b:5d:0a:42:14:c3:
                    a7:ee:27:be:38:2f:01:c2:b8:16:4b:06:6e:91:cb:
                    f1:0b:d3:e2:42:17:97:66:95:de:dd:3f:8e:8b:13:
                    9a:8f:98:7d:33:7e:51:81:b1:58:72:b8:7a:8f:28:
                    ad:99:58:6c:31:61:91:9b:33:6d:98:e9:46:3c:b7:
                    f9:fe:24:cf:e4:4d:67:27:36:1e:16:d5:4a:e2:ab:
                    d2:88:9b:3f:6b:8c:01:10:fa:4b:64:31:9a:f0:2d:
                    13:d9:f6:42:bd:d7:7e:8f:55:e8:0d:28:79:31:c5:
                    c8:8c:ef:49:e2:d1:62:27:8d:37:37:f9:f7:d0:4e:
                    28:11:8f:6a:d5:4f:4b:8c:c3:eb:f8:b9:15:e4:12:
                    1d:4a:52:e6:ee:25:d5:ab:00:c9:40:a2:ed:86:48:
                    6e:21:89:a4:03:e9:1a:6b:55:ae:d3:15:5d:eb:6c:
                    08:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:AC:BD:8C:1C:BE:6B:3D:C0:3B:EE:C0:EE:B8:AB:C3:D7:14:0C:E8
            X509v3 Authority Key Identifier:
                keyid:EF:A8:42:E6:71:47:25:25:05:F4:15:51:F0:F7:35:B7:F7:2E:3E:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/76hC5nFHJSUF9BVR8Pc1t_cuPpc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/e9c8e9-b954-4d20-a426-8e0c31223db8/1/KKy9jBy-az3AO-7A7rirw9cUDOg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/e9c8e9-b954-4d20-a426-8e0c31223db8/1/76hC5nFHJSUF9BVR8Pc1t_cuPpc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.165.190.0/23
                IPv6:
                  2a07:85c5::/48

    Signature Algorithm: sha256WithRSAEncryption
         8d:e4:61:62:6b:1d:ef:5c:79:79:5f:9e:e4:8c:89:db:1b:04:
         78:f2:df:6d:f3:39:a2:41:c0:64:31:8a:bf:fa:89:bc:e8:9f:
         f3:96:38:7f:6c:45:66:69:e0:8a:ec:18:ae:0e:64:ea:9a:0d:
         81:9a:99:40:91:e1:f7:46:c9:02:c8:3f:65:89:f8:d9:90:49:
         2b:9e:bc:62:2f:be:5e:76:c6:85:ee:87:a1:48:7b:73:c7:28:
         51:23:fe:1e:ee:a4:87:c0:07:ed:9f:b8:56:2b:cc:cb:5c:bc:
         53:e1:a0:24:27:a2:1d:18:89:e4:72:4b:d5:14:4b:9b:4c:47:
         f1:20:47:4a:d9:c2:61:e3:e9:c0:73:14:d1:87:e7:d3:fd:9b:
         70:c2:fd:ef:82:b8:fa:29:cc:18:ad:66:b7:1a:7b:8f:ae:9d:
         44:30:49:59:7f:af:24:d8:85:30:a9:23:05:b2:a0:8a:86:bd:
         16:48:42:ff:5b:30:73:56:47:c0:55:01:6b:a1:1c:c2:3d:6c:
         cb:24:1c:57:da:df:04:f1:3e:b2:c2:76:5e:3a:c2:0b:06:62:
         15:d9:15:76:3f:d6:f2:37:f1:71:01:7f:6a:27:5c:f1:92:76:
         9c:65:20:0b:c3:be:5c:60:d0:66:d6:bc:a7:57:45:a8:94:86:
         47:93:93:38
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY6YoOTzx+ZqCNvqTJGqaO+AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmYTg0MmU2NzE0NzI1MjUwNWY0MTU1MWYwZjczNWI3Zjcy
ZTNlOTcwHhcNMjQwNDAxMDc0NzQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGFjYmQ4YzFjYmU2YjNkYzAzYmVlYzBlZWI4YWJjM2Q3MTQwY2U4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ihjQI0P3NKbCfWbhTB9dS0zac1d
ms7m0dh9lanLJLFvGRuE9PjWWBiJAUUCBP/jYj9d1P+GIj7fS26orRlxBv3v9jng
V9q8V9XWbRbRzCc8Hcx7XQpCFMOn7ie+OC8BwrgWSwZukcvxC9PiQheXZpXe3T+O
ixOaj5h9M35RgbFYcrh6jyitmVhsMWGRmzNtmOlGPLf5/iTP5E1nJzYeFtVK4qvS
iJs/a4wBEPpLZDGa8C0T2fZCvdd+j1XoDSh5McXIjO9J4tFiJ403N/n30E4oEY9q
1U9LjMPr+LkV5BIdSlLm7iXVqwDJQKLthkhuIYmkA+kaa1Wu0xVd62wI3QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCisvYwcvms9wDvuwO64q8PXFAzoMB8GA1UdIwQY
MBaAFO+oQuZxRyUlBfQVUfD3Nbf3Lj6XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzZoQzVuRkhKU1VGOUJWUjhQYzF0X2N1UHBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9lOWM4ZTktYjk1NC00ZDIwLWE0MjYt
OGUwYzMxMjIzZGI4LzEvS0t5OWpCeS1hejNBTy03QTdyaXJ3OWNVRE9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9lOWM4ZTktYjk1NC00ZDIwLWE0MjYtOGUwYzMxMjIzZGI4
LzEvNzZoQzVuRkhKU1VGOUJWUjhQYzF0X2N1UHBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBuaW+MA8E
AgACMAkDBwAqB4XFAAAwDQYJKoZIhvcNAQELBQADggEBAI3kYWJrHe9ceXlfnuSM
idsbBHjy323zOaJBwGQxir/6ibzon/OWOH9sRWZp4IrsGK4OZOqaDYGamUCR4fdG
yQLIP2WJ+NmQSSuevGIvvl52xoXuh6FIe3PHKFEj/h7upIfAB+2fuFYrzMtcvFPh
oCQnoh0YieRyS9UUS5tMR/EgR0rZwmHj6cBzFNGH59P9m3DC/e+CuPopzBitZrca
e4+unUQwSVl/ryTYhTCpIwWyoIqGvRZIQv9bMHNWR8BVAWuhHMI9bMskHFfa3wTx
PrLCdl46wgsGYhXZFXY/1vI38XEBf2onXPGSdpxlIAvDvlxg0GbWvKdXRaiUhkeT
kzg=
-----END CERTIFICATE-----