Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/KjM0pDVOikf30ab8npERrzc6sDY.roa
File:                     KjM0pDVOikf30ab8npERrzc6sDY.roa (raw, json)
Hash identifier:          goNFGfmihmvd0nOi2mzj2LBN5mHupmqGlOCSV7V8wv0=
Subject key identifier:   2A:33:34:A4:35:4E:8A:47:F7:D1:A6:FC:9E:91:11:AF:37:3A:B0:36
Certificate issuer:       /CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
Certificate serial:       018CC94E32A9906BD1A9349EFF8E14EFA598
Authority key identifier: A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/KjM0pDVOikf30ab8npERrzc6sDY.roa
Signing time:             Tue 02 Jan 2024 08:33:14 +0000
ROA not before:           Tue 02 Jan 2024 08:33:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35238
IP address blocks:        86.63.224.0/19 maxlen: 19
                          91.91.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 03:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:32:a9:90:6b:d1:a9:34:9e:ff:8e:14:ef:a5:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
        Validity
            Not Before: Jan  2 08:33:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a3334a4354e8a47f7d1a6fc9e9111af373ab036
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:d1:d9:2e:01:bc:f3:bc:e2:50:23:78:85:a4:
                    01:63:81:df:b1:96:24:7f:a5:5a:aa:ce:52:04:a3:
                    df:03:9b:94:64:73:88:4f:21:4d:c1:14:43:c3:c0:
                    b7:22:ca:a0:ad:f5:e5:ec:39:b5:84:6f:02:bf:78:
                    a5:20:cc:a8:79:ee:62:b2:7d:6d:29:5a:7b:30:cb:
                    75:ce:c1:da:88:43:d1:9a:b1:67:d3:d4:e5:91:05:
                    cd:32:2e:ee:e0:99:11:ed:b8:92:3c:70:96:bb:ae:
                    c3:e4:5e:9c:22:de:54:4b:78:29:73:3a:9d:de:71:
                    b1:bf:3b:ff:b2:11:9b:c9:72:fe:d0:98:b5:91:01:
                    1a:40:f6:72:7d:cf:89:bd:af:9e:2b:6d:7e:4b:8e:
                    0f:c2:8a:3d:cb:bd:6f:60:15:a0:da:4e:8b:28:07:
                    3c:13:29:b0:05:d9:58:5a:e7:6b:42:45:0f:03:5b:
                    ac:5e:22:29:a0:ae:45:ab:80:dc:4a:14:d8:b8:fb:
                    8a:4a:f4:10:09:f9:f2:85:e9:c9:63:19:a6:7c:5f:
                    e1:e5:76:58:59:3f:15:b4:52:05:b6:d4:18:b5:93:
                    6f:29:8e:ec:32:4f:b1:b8:e1:58:7c:c2:07:cc:64:
                    a4:24:4b:e4:8a:06:27:99:c2:26:b9:23:e6:f3:23:
                    75:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:33:34:A4:35:4E:8A:47:F7:D1:A6:FC:9E:91:11:AF:37:3A:B0:36
            X509v3 Authority Key Identifier:
                keyid:A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/KjM0pDVOikf30ab8npERrzc6sDY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.63.224.0/19
                  91.91.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         52:71:c8:96:43:61:dd:28:9b:7e:59:3f:90:52:ee:bf:bd:bc:
         b9:79:40:7f:5b:be:eb:ad:a4:3f:3e:4c:ff:15:dd:c0:56:37:
         89:af:28:71:35:87:79:98:42:b5:ab:69:b2:78:28:04:b2:5c:
         63:62:95:da:5d:d8:9f:a1:fb:a4:f5:f0:2f:14:d7:51:eb:bd:
         f2:e4:3b:72:ce:1f:1a:cd:e8:b3:8e:e4:48:88:1e:d4:ef:36:
         36:cc:e0:33:9b:f0:09:5e:a2:61:3b:64:7e:40:1a:50:21:9c:
         5f:44:10:ab:e2:db:3b:82:90:e3:3f:77:a4:53:c5:10:05:03:
         20:51:96:04:f3:1d:63:9c:8c:5b:34:77:25:d5:ec:3c:bf:d0:
         35:c2:58:6d:1b:d3:06:0d:ba:f8:6e:3c:01:df:a2:38:73:97:
         13:fb:07:8b:7a:ee:bd:a7:c1:65:32:16:89:be:78:9c:4a:f0:
         41:9f:7d:1b:f4:47:45:15:1f:40:81:14:13:92:5e:c7:c4:80:
         00:87:7c:fb:d7:4d:21:ec:3b:bc:23:c8:18:e9:0d:d3:d2:86:
         06:1f:60:b2:2e:e0:1b:ae:40:34:d5:b3:2d:9b:de:16:5a:ac:
         ce:c9:86:dc:49:0e:9b:2f:72:5d:db:9a:f5:4d:05:49:8a:cf:
         3e:ab:0c:55
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAYzJTjKpkGvRqTSe/44U76WYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZWY1ZmJiZmNhN2E5M2NmZWU5NjVlZWI2YmRlZTZmYjQz
YzQwM2UwHhcNMjQwMTAyMDgzMzE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTMzMzRhNDM1NGU4YTQ3ZjdkMWE2ZmM5ZTkxMTFhZjM3M2FiMDM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj9HZLgG887ziUCN4haQBY4HfsZYk
f6Vaqs5SBKPfA5uUZHOITyFNwRRDw8C3IsqgrfXl7Dm1hG8Cv3ilIMyoee5isn1t
KVp7MMt1zsHaiEPRmrFn09TlkQXNMi7u4JkR7biSPHCWu67D5F6cIt5US3gpczqd
3nGxvzv/shGbyXL+0Ji1kQEaQPZyfc+Jva+eK21+S44Pwoo9y71vYBWg2k6LKAc8
EymwBdlYWudrQkUPA1usXiIpoK5Fq4DcShTYuPuKSvQQCfnyhenJYxmmfF/h5XZY
WT8VtFIFttQYtZNvKY7sMk+xuOFYfMIHzGSkJEvkigYnmcImuSPm8yN13wIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFCozNKQ1TopH99Gm/J6REa83OrA2MB8GA1UdIwQY
MBaAFKDvX7v8p6k8/ull7ra97m+0PEA+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2Mt
MDI5MmIwMjAxNTBhLzEvS2pNMHBEVk9pa2YzMGFiOG5wRVJyemM2c0RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2MtMDI5MmIwMjAxNTBh
LzEvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAATALAwQFVj/gAwMA
W1swDQYJKoZIhvcNAQELBQADggEBAFJxyJZDYd0om35ZP5BS7r+9vLl5QH9bvuut
pD8+TP8V3cBWN4mvKHE1h3mYQrWrabJ4KASyXGNildpd2J+h+6T18C8U11HrvfLk
O3LOHxrN6LOO5EiIHtTvNjbM4DOb8AleomE7ZH5AGlAhnF9EEKvi2zuCkOM/d6RT
xRAFAyBRlgTzHWOcjFs0dyXV7Dy/0DXCWG0b0wYNuvhuPAHfojhzlxP7B4t67r2n
wWUyFom+eJxK8EGffRv0R0UVH0CBFBOSXsfEgACHfPvXTSHsO7wjyBjpDdPShgYf
YLIu4BuuQDTVsy2b3hZarM7JhtxJDpsvcl3bmvVNBUmKzz6rDFU=
-----END CERTIFICATE-----