Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/71a400-4ede-45f1-b55b-8109d4089828/1/KqG3ZtUjODDQSy_CQXrsNIF9g0c.roa
File:                     KqG3ZtUjODDQSy_CQXrsNIF9g0c.roa (raw, json)
Hash identifier:          I3z2O5GIaMrrpMGQMWcsbxoI27nkd4YUhBm+oqkrpfQ=
Subject key identifier:   2A:A1:B7:66:D5:23:38:30:D0:4B:2F:C2:41:7A:EC:34:81:7D:83:47
Certificate issuer:       /CN=b090d40bfcd5a4a30875160ecc6f9fe53c05a6e6
Certificate serial:       018CC5DC5EBBA402836F86CD8150E5F30263
Authority key identifier: B0:90:D4:0B:FC:D5:A4:A3:08:75:16:0E:CC:6F:9F:E5:3C:05:A6:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sJDUC_zVpKMIdRYOzG-f5TwFpuY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/71a400-4ede-45f1-b55b-8109d4089828/1/KqG3ZtUjODDQSy_CQXrsNIF9g0c.roa
Signing time:             Mon 01 Jan 2024 16:30:02 +0000
ROA not before:           Mon 01 Jan 2024 16:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12502
IP address blocks:        193.105.105.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/71a400-4ede-45f1-b55b-8109d4089828/1/sJDUC_zVpKMIdRYOzG-f5TwFpuY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/71a400-4ede-45f1-b55b-8109d4089828/1/sJDUC_zVpKMIdRYOzG-f5TwFpuY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sJDUC_zVpKMIdRYOzG-f5TwFpuY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:5e:bb:a4:02:83:6f:86:cd:81:50:e5:f3:02:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b090d40bfcd5a4a30875160ecc6f9fe53c05a6e6
        Validity
            Not Before: Jan  1 16:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2aa1b766d5233830d04b2fc2417aec34817d8347
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:ff:2e:05:79:1d:03:ab:13:42:8a:a7:64:59:
                    57:8e:03:70:52:6d:8e:67:94:ea:46:5c:9e:30:58:
                    af:4d:99:db:30:50:ed:08:f8:9c:3b:8f:f0:ae:8c:
                    9b:9a:ec:70:e0:56:9c:9b:9c:ff:e3:13:23:44:9c:
                    1a:35:21:aa:6d:68:fb:48:38:27:4a:88:eb:3c:83:
                    68:69:8c:0c:c1:57:bd:fb:77:68:61:7d:9f:f8:e0:
                    44:eb:db:b4:7f:78:d7:61:4e:04:9a:70:e8:9d:18:
                    ac:c7:40:1b:90:cd:53:c4:1d:54:f4:6f:ad:02:e0:
                    92:fa:27:ba:70:0d:73:82:1e:0f:af:7b:63:77:2f:
                    07:10:99:94:cc:73:1f:1a:db:c5:4e:92:ae:f8:6b:
                    e1:1c:60:56:c6:fa:6c:5a:0c:39:e5:25:99:25:93:
                    8a:be:df:5f:dc:e5:85:12:37:e8:d7:8c:bf:ab:19:
                    81:d5:ca:1b:6e:38:84:c1:f5:80:8f:9d:12:d5:20:
                    ff:b1:65:75:3e:e5:9d:a1:a4:cc:80:f9:3f:e2:81:
                    14:36:f0:66:1f:55:ea:23:e0:9a:e6:6c:fd:6a:66:
                    0e:fb:61:4d:7f:9f:f4:1e:09:b4:6b:92:bf:26:e6:
                    34:77:b7:2f:42:22:1f:11:8e:b2:be:14:91:1d:1f:
                    9f:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:A1:B7:66:D5:23:38:30:D0:4B:2F:C2:41:7A:EC:34:81:7D:83:47
            X509v3 Authority Key Identifier:
                keyid:B0:90:D4:0B:FC:D5:A4:A3:08:75:16:0E:CC:6F:9F:E5:3C:05:A6:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sJDUC_zVpKMIdRYOzG-f5TwFpuY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/71a400-4ede-45f1-b55b-8109d4089828/1/KqG3ZtUjODDQSy_CQXrsNIF9g0c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/71a400-4ede-45f1-b55b-8109d4089828/1/sJDUC_zVpKMIdRYOzG-f5TwFpuY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:7a:9d:02:6a:36:43:90:ba:0a:2f:71:41:3e:b8:fa:68:12:
         4b:28:16:1c:0d:40:ff:32:1b:75:d5:21:00:d5:e2:91:15:95:
         4f:4c:13:6a:4e:83:9e:2b:48:3e:10:65:1d:66:0b:27:7c:cb:
         d2:e6:bd:54:99:69:55:f4:8f:df:d1:a9:ba:cd:3e:ad:3a:66:
         fb:80:7c:70:f5:eb:5b:30:44:e4:ba:75:48:3a:d2:eb:14:24:
         8b:cf:22:48:f5:69:84:f3:b8:20:47:2a:63:44:21:3c:2d:1a:
         fd:75:25:4f:a8:ff:94:66:33:08:da:67:d1:fb:15:03:95:a1:
         c5:34:61:3d:3e:a8:54:87:d2:77:8b:21:de:8b:26:9e:18:c0:
         30:29:4b:21:21:05:36:b2:da:ba:ad:ed:b7:9f:0a:9e:a9:e6:
         b4:44:bf:69:e8:b4:94:08:f2:ab:bb:4b:65:2a:c6:12:f4:a5:
         65:47:b2:61:b4:d1:c3:bf:c9:46:f1:df:a8:27:8e:65:2d:ce:
         f1:c1:50:45:cb:33:9e:01:2c:79:f2:e8:5a:25:85:19:22:3e:
         0b:77:a0:8a:ae:90:5d:38:07:4e:e5:2c:c6:12:8d:39:21:46:
         8e:c9:e4:f0:a9:c5:d3:4b:a3:b1:db:2c:7a:d6:08:fe:76:6b:
         51:37:38:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3F67pAKDb4bNgVDl8wJjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwOTBkNDBiZmNkNWE0YTMwODc1MTYwZWNjNmY5ZmU1M2Mw
NWE2ZTYwHhcNMjQwMTAxMTYzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWExYjc2NmQ1MjMzODMwZDA0YjJmYzI0MTdhZWMzNDgxN2Q4MzQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4f8uBXkdA6sTQoqnZFlXjgNwUm2O
Z5TqRlyeMFivTZnbMFDtCPicO4/wroybmuxw4Facm5z/4xMjRJwaNSGqbWj7SDgn
SojrPINoaYwMwVe9+3doYX2f+OBE69u0f3jXYU4EmnDonRisx0AbkM1TxB1U9G+t
AuCS+ie6cA1zgh4Pr3tjdy8HEJmUzHMfGtvFTpKu+GvhHGBWxvpsWgw55SWZJZOK
vt9f3OWFEjfo14y/qxmB1cobbjiEwfWAj50S1SD/sWV1PuWdoaTMgPk/4oEUNvBm
H1XqI+Ca5mz9amYO+2FNf5/0Hgm0a5K/JuY0d7cvQiIfEY6yvhSRHR+fywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCqht2bVIzgw0EsvwkF67DSBfYNHMB8GA1UdIwQY
MBaAFLCQ1Av81aSjCHUWDsxvn+U8BabmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0pEVUNfelZwS01JZFJZT3pHLWY1VHdGcHVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni83MWE0MDAtNGVkZS00NWYxLWI1NWIt
ODEwOWQ0MDg5ODI4LzEvS3FHM1p0VWpPRERRU3lfQ1FYcnNOSUY5ZzBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni83MWE0MDAtNGVkZS00NWYxLWI1NWItODEwOWQ0MDg5ODI4
LzEvc0pEVUNfelZwS01JZFJZT3pHLWY1VHdGcHVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWlpMA0G
CSqGSIb3DQEBCwUAA4IBAQAvep0CajZDkLoKL3FBPrj6aBJLKBYcDUD/Mht11SEA
1eKRFZVPTBNqToOeK0g+EGUdZgsnfMvS5r1UmWlV9I/f0am6zT6tOmb7gHxw9etb
METkunVIOtLrFCSLzyJI9WmE87ggRypjRCE8LRr9dSVPqP+UZjMI2mfR+xUDlaHF
NGE9PqhUh9J3iyHeiyaeGMAwKUshIQU2stq6re23nwqeqea0RL9p6LSUCPKru0tl
KsYS9KVlR7JhtNHDv8lG8d+oJ45lLc7xwVBFyzOeASx58uhaJYUZIj4Ld6CKrpBd
OAdO5SzGEo05IUaOyeTwqcXTS6Ox2yx61gj+dmtRNzhj
-----END CERTIFICATE-----