Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/aae9a1-d05d-47ca-91de-d6d55c169e16/1/KnvhxTL7dpxo_BOyegXjlI3Uf7g.roa
File:                     KnvhxTL7dpxo_BOyegXjlI3Uf7g.roa (raw, json)
Hash identifier:          mxPJTf9+JvvTuMo9nE+wQn/cTfpeOOmk+MoHiCrfIbo=
Subject key identifier:   2A:7B:E1:C5:32:FB:76:9C:68:FC:13:B2:7A:05:E3:94:8D:D4:7F:B8
Certificate issuer:       /CN=06c92df2c9faa2915fc5feb5a4270183419faef2
Certificate serial:       018CCA2BA96B6374C7D7E07E9B7D22135BC3
Authority key identifier: 06:C9:2D:F2:C9:FA:A2:91:5F:C5:FE:B5:A4:27:01:83:41:9F:AE:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Bskt8sn6opFfxf61pCcBg0GfrvI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/aae9a1-d05d-47ca-91de-d6d55c169e16/1/KnvhxTL7dpxo_BOyegXjlI3Uf7g.roa
Signing time:             Tue 02 Jan 2024 12:35:08 +0000
ROA not before:           Tue 02 Jan 2024 12:35:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211447
IP address blocks:        193.200.194.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/aae9a1-d05d-47ca-91de-d6d55c169e16/1/Bskt8sn6opFfxf61pCcBg0GfrvI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/aae9a1-d05d-47ca-91de-d6d55c169e16/1/Bskt8sn6opFfxf61pCcBg0GfrvI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Bskt8sn6opFfxf61pCcBg0GfrvI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 22:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:a9:6b:63:74:c7:d7:e0:7e:9b:7d:22:13:5b:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06c92df2c9faa2915fc5feb5a4270183419faef2
        Validity
            Not Before: Jan  2 12:35:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a7be1c532fb769c68fc13b27a05e3948dd47fb8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:68:3d:7f:46:94:1f:75:b7:10:0a:4e:be:ce:
                    eb:8c:36:a5:da:3f:0d:6d:1a:8c:81:a8:cb:5a:f9:
                    31:f3:53:40:1e:8b:e9:67:19:18:e0:04:0c:d1:6c:
                    e2:d8:ab:bd:04:cc:7e:a5:a1:8a:38:cb:b7:41:39:
                    b4:cb:3c:e9:5b:6f:e8:e6:35:5e:3e:8b:9e:12:50:
                    69:6b:ea:5e:dd:95:85:24:d8:9b:f0:14:b4:22:fe:
                    ef:a4:3e:55:a9:3a:7e:9e:ac:89:40:57:2e:d7:52:
                    0a:80:09:5c:94:71:8f:c3:88:19:dc:a9:f1:9f:01:
                    42:71:49:dc:1e:26:b6:97:8e:5e:61:da:15:c0:88:
                    ca:52:1c:f8:42:ce:de:ef:c1:0b:02:d5:ae:2b:72:
                    f3:52:40:7a:85:d8:98:54:4a:b1:e4:58:7e:d0:8b:
                    78:a7:23:c2:d4:f2:f9:54:27:39:7b:5a:35:2b:e1:
                    04:73:00:4a:fa:ae:07:31:39:73:c2:91:ff:ad:cd:
                    94:43:20:4e:12:44:de:c9:a5:02:7d:5b:16:1d:95:
                    25:6e:39:da:dc:b4:0e:91:cb:f0:55:23:80:c1:f5:
                    1d:a6:4e:b0:c0:e3:bf:e5:d8:fa:26:ea:f5:0c:e5:
                    6e:18:34:cd:dd:30:92:17:38:d5:ab:3c:6e:1e:2b:
                    7a:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:7B:E1:C5:32:FB:76:9C:68:FC:13:B2:7A:05:E3:94:8D:D4:7F:B8
            X509v3 Authority Key Identifier:
                keyid:06:C9:2D:F2:C9:FA:A2:91:5F:C5:FE:B5:A4:27:01:83:41:9F:AE:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Bskt8sn6opFfxf61pCcBg0GfrvI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/aae9a1-d05d-47ca-91de-d6d55c169e16/1/KnvhxTL7dpxo_BOyegXjlI3Uf7g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/aae9a1-d05d-47ca-91de-d6d55c169e16/1/Bskt8sn6opFfxf61pCcBg0GfrvI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:51:64:e9:10:0c:5b:c1:16:8f:ff:ca:4e:07:aa:8e:18:26:
         ff:2e:26:7e:3b:92:35:50:6c:68:fe:f1:e1:37:f5:46:20:f1:
         cc:50:31:5a:9b:59:de:26:53:ad:8f:3b:4e:ab:2a:9e:1e:34:
         83:a1:0c:21:ac:68:56:47:60:1f:7e:d8:c7:5a:90:b1:28:8a:
         f7:81:d2:01:99:07:ab:15:08:d7:b3:a9:39:25:6a:d9:fd:82:
         f3:ed:51:1e:c4:47:c6:98:1a:e3:86:57:36:e1:f1:c5:38:5e:
         c5:c4:76:95:ea:89:db:78:39:44:09:09:9b:b8:85:80:c7:4f:
         ca:9a:dd:5a:ad:33:9e:89:68:49:82:07:67:ae:c2:28:e6:58:
         cb:1c:1a:5e:33:42:d5:c9:50:bd:33:f1:39:04:af:d5:96:81:
         48:e7:d7:17:45:0a:36:9e:bc:f6:2f:1c:3d:2a:86:c1:96:90:
         f0:a4:bb:8f:d0:dc:65:c5:6b:08:5b:5d:0d:9f:e9:81:84:d5:
         81:8c:67:24:01:a0:99:60:a2:8c:3c:ae:4e:a4:79:03:b5:91:
         da:a6:89:99:1e:ea:d7:36:de:1d:ad:5b:34:14:bb:99:b9:c0:
         12:54:1b:b1:2e:53:c6:de:02:d0:c1:f4:df:9a:d1:9b:94:11:
         f7:8d:29:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK6lrY3TH1+B+m30iE1vDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2YzkyZGYyYzlmYWEyOTE1ZmM1ZmViNWE0MjcwMTgzNDE5
ZmFlZjIwHhcNMjQwMTAyMTIzNTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTdiZTFjNTMyZmI3NjljNjhmYzEzYjI3YTA1ZTM5NDhkZDQ3ZmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiWg9f0aUH3W3EApOvs7rjDal2j8N
bRqMgajLWvkx81NAHovpZxkY4AQM0Wzi2Ku9BMx+paGKOMu3QTm0yzzpW2/o5jVe
PoueElBpa+pe3ZWFJNib8BS0Iv7vpD5VqTp+nqyJQFcu11IKgAlclHGPw4gZ3Knx
nwFCcUncHia2l45eYdoVwIjKUhz4Qs7e78ELAtWuK3LzUkB6hdiYVEqx5Fh+0It4
pyPC1PL5VCc5e1o1K+EEcwBK+q4HMTlzwpH/rc2UQyBOEkTeyaUCfVsWHZUlbjna
3LQOkcvwVSOAwfUdpk6wwOO/5dj6Jur1DOVuGDTN3TCSFzjVqzxuHit6wwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCp74cUy+3acaPwTsnoF45SN1H+4MB8GA1UdIwQY
MBaAFAbJLfLJ+qKRX8X+taQnAYNBn67yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnNrdDhzbjZvcEZmeGY2MXBDY0JnMEdmcnZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni9hYWU5YTEtZDA1ZC00N2NhLTkxZGUt
ZDZkNTVjMTY5ZTE2LzEvS252aHhUTDdkcHhvX0JPeWVnWGpsSTNVZjdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni9hYWU5YTEtZDA1ZC00N2NhLTkxZGUtZDZkNTVjMTY5ZTE2
LzEvQnNrdDhzbjZvcEZmeGY2MXBDY0JnMEdmcnZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcjCMA0G
CSqGSIb3DQEBCwUAA4IBAQByUWTpEAxbwRaP/8pOB6qOGCb/LiZ+O5I1UGxo/vHh
N/VGIPHMUDFam1neJlOtjztOqyqeHjSDoQwhrGhWR2AfftjHWpCxKIr3gdIBmQer
FQjXs6k5JWrZ/YLz7VEexEfGmBrjhlc24fHFOF7FxHaV6onbeDlECQmbuIWAx0/K
mt1arTOeiWhJggdnrsIo5ljLHBpeM0LVyVC9M/E5BK/VloFI59cXRQo2nrz2Lxw9
KobBlpDwpLuP0NxlxWsIW10Nn+mBhNWBjGckAaCZYKKMPK5OpHkDtZHapomZHurX
Nt4drVs0FLuZucASVBuxLlPG3gLQwfTfmtGblBH3jSma
-----END CERTIFICATE-----