Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/c885e7-4d6f-4b45-9e4a-b16d219b3592/1/kz-9ZGLsy2dKn5SEabnHs_SBpWI.roa
File:                     kz-9ZGLsy2dKn5SEabnHs_SBpWI.roa (raw, json)
Hash identifier:          Fmmq4OEnqBvxnH8zWH0oXt2KDdrf61+AoO3f1wgV4uM=
Subject key identifier:   93:3F:BD:64:62:EC:CB:67:4A:9F:94:84:69:B9:C7:B3:F4:81:A5:62
Certificate issuer:       /CN=054409a1d8b072f7db024528b9720339bdbbb106
Certificate serial:       018CC94E541841ECB629761583F42F1591FF
Authority key identifier: 05:44:09:A1:D8:B0:72:F7:DB:02:45:28:B9:72:03:39:BD:BB:B1:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUQJodiwcvfbAkUouXIDOb27sQY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/c885e7-4d6f-4b45-9e4a-b16d219b3592/1/kz-9ZGLsy2dKn5SEabnHs_SBpWI.roa
Signing time:             Tue 02 Jan 2024 08:33:22 +0000
ROA not before:           Tue 02 Jan 2024 08:33:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64465
IP address blocks:        91.212.251.0/24 maxlen: 24
                          2001:67c:179c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/c885e7-4d6f-4b45-9e4a-b16d219b3592/1/BUQJodiwcvfbAkUouXIDOb27sQY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/c885e7-4d6f-4b45-9e4a-b16d219b3592/1/BUQJodiwcvfbAkUouXIDOb27sQY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUQJodiwcvfbAkUouXIDOb27sQY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 08:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:54:18:41:ec:b6:29:76:15:83:f4:2f:15:91:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=054409a1d8b072f7db024528b9720339bdbbb106
        Validity
            Not Before: Jan  2 08:33:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=933fbd6462eccb674a9f948469b9c7b3f481a562
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:38:15:85:32:d3:e9:8d:0f:3e:b7:60:00:7a:
                    85:ca:2e:d8:e3:b1:5b:78:c2:d1:f6:67:07:ab:7d:
                    63:9f:5a:41:d5:30:9f:8b:5b:4c:18:b0:cc:59:98:
                    54:82:b2:fa:ea:d7:3c:11:83:97:33:e6:dc:8c:11:
                    17:2e:43:a8:96:38:9c:e8:7a:a3:de:bd:ca:35:95:
                    63:6e:4c:a2:09:b5:8a:e4:27:fa:4c:d7:de:78:0e:
                    3e:70:f8:0d:54:15:cc:20:fa:56:d1:3e:06:90:46:
                    d1:f4:2a:03:7f:0e:25:92:97:97:1e:a6:67:a6:81:
                    31:27:d8:f5:69:bf:a0:01:4b:ce:c5:9a:1a:e3:84:
                    8b:3d:a5:3a:21:0b:08:41:61:08:bf:04:07:d9:b7:
                    29:5a:fc:f0:77:20:33:2e:22:a8:e7:df:11:d9:57:
                    b4:8f:5a:9a:82:d3:fa:61:73:b5:00:6a:18:90:0e:
                    60:13:ea:18:ca:89:4c:9d:53:18:24:39:04:23:48:
                    13:b0:85:8b:fb:45:a9:b1:b6:58:d1:04:e2:58:8e:
                    d2:df:37:e3:46:e6:3f:0c:2a:7f:7b:c9:2e:a0:6b:
                    f6:27:fa:09:4b:d6:b1:cb:9f:56:be:37:60:8c:4a:
                    a8:5b:ee:74:7b:68:f7:8a:7b:b1:92:00:e0:53:e6:
                    4c:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:3F:BD:64:62:EC:CB:67:4A:9F:94:84:69:B9:C7:B3:F4:81:A5:62
            X509v3 Authority Key Identifier:
                keyid:05:44:09:A1:D8:B0:72:F7:DB:02:45:28:B9:72:03:39:BD:BB:B1:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUQJodiwcvfbAkUouXIDOb27sQY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/c885e7-4d6f-4b45-9e4a-b16d219b3592/1/kz-9ZGLsy2dKn5SEabnHs_SBpWI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/c885e7-4d6f-4b45-9e4a-b16d219b3592/1/BUQJodiwcvfbAkUouXIDOb27sQY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.251.0/24
                IPv6:
                  2001:67c:179c::/48

    Signature Algorithm: sha256WithRSAEncryption
         a2:bf:51:58:d2:15:97:49:68:23:b2:f4:5a:ff:1e:e0:10:8e:
         f2:41:ad:25:f0:2a:98:8c:eb:2d:82:e6:23:af:6d:ea:b2:11:
         78:fc:93:2a:93:d8:cf:5e:25:42:7b:67:6a:ce:7d:c9:49:17:
         48:3e:f3:ca:7e:b1:a7:e8:d5:71:2a:c0:e3:54:bb:69:ca:84:
         a9:de:65:0d:eb:5f:42:b7:56:16:78:69:df:7f:f0:df:e2:47:
         8c:bf:c2:b3:c6:2a:6a:7e:1b:e2:4b:b7:39:d0:7e:62:f2:06:
         5c:4f:80:77:a7:8d:9a:ad:aa:dc:e5:c0:86:48:1c:e3:3a:15:
         82:95:e6:6a:1e:fd:fa:47:77:e3:ca:cd:33:d0:7b:a9:5a:9f:
         06:93:88:83:e2:a4:7e:fe:17:50:a3:18:92:7f:d5:ab:c6:a6:
         cd:ee:75:f1:d1:fc:74:db:ab:5a:21:f5:95:02:6b:ba:1e:88:
         06:fc:4e:18:e6:13:60:f3:a3:d8:69:24:df:d3:b8:b6:5e:19:
         69:78:a6:e5:a1:81:3b:2c:4c:4c:d9:df:5c:a2:6b:23:fb:a4:
         64:46:3e:34:05:d8:62:f8:3e:42:84:02:42:76:b9:2d:8c:b2:
         cf:3e:f8:a8:b6:89:47:0f:53:65:22:67:5c:7c:b9:27:59:26:
         dd:86:76:a0
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzJTlQYQey2KXYVg/QvFZH/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDQwOWExZDhiMDcyZjdkYjAyNDUyOGI5NzIwMzM5YmRi
YmIxMDYwHhcNMjQwMTAyMDgzMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzNmYmQ2NDYyZWNjYjY3NGE5Zjk0ODQ2OWI5YzdiM2Y0ODFhNTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkTgVhTLT6Y0PPrdgAHqFyi7Y47Fb
eMLR9mcHq31jn1pB1TCfi1tMGLDMWZhUgrL66tc8EYOXM+bcjBEXLkOoljic6Hqj
3r3KNZVjbkyiCbWK5Cf6TNfeeA4+cPgNVBXMIPpW0T4GkEbR9CoDfw4lkpeXHqZn
poExJ9j1ab+gAUvOxZoa44SLPaU6IQsIQWEIvwQH2bcpWvzwdyAzLiKo598R2Ve0
j1qagtP6YXO1AGoYkA5gE+oYyolMnVMYJDkEI0gTsIWL+0WpsbZY0QTiWI7S3zfj
RuY/DCp/e8kuoGv2J/oJS9axy59WvjdgjEqoW+50e2j3inuxkgDgU+ZM1QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJM/vWRi7MtnSp+UhGm5x7P0gaViMB8GA1UdIwQY
MBaAFAVECaHYsHL32wJFKLlyAzm9u7EGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVRSm9kaXdjdmZiQWtVb3VYSURPYjI3c1FZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC9jODg1ZTctNGQ2Zi00YjQ1LTllNGEt
YjE2ZDIxOWIzNTkyLzEva3otOVpHTHN5MmRLbjVTRWFibkhzX1NCcFdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC9jODg1ZTctNGQ2Zi00YjQ1LTllNGEtYjE2ZDIxOWIzNTky
LzEvQlVRSm9kaXdjdmZiQWtVb3VYSURPYjI3c1FZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW9T7MA8E
AgACMAkDBwAgAQZ8F5wwDQYJKoZIhvcNAQELBQADggEBAKK/UVjSFZdJaCOy9Fr/
HuAQjvJBrSXwKpiM6y2C5iOvbeqyEXj8kyqT2M9eJUJ7Z2rOfclJF0g+88p+safo
1XEqwONUu2nKhKneZQ3rX0K3VhZ4ad9/8N/iR4y/wrPGKmp+G+JLtznQfmLyBlxP
gHenjZqtqtzlwIZIHOM6FYKV5moe/fpHd+PKzTPQe6lanwaTiIPipH7+F1CjGJJ/
1avGps3udfHR/HTbq1oh9ZUCa7oeiAb8ThjmE2Dzo9hpJN/TuLZeGWl4puWhgTss
TEzZ31yiayP7pGRGPjQF2GL4PkKEAkJ2uS2Mss8++Ki2iUcPU2UiZ1x8uSdZJt2G
dqA=
-----END CERTIFICATE-----