Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/64666e-af1b-4118-823d-5de99a52aa39/1/kulmMUKXDkb1sHf07hU3PGDx5GU.roa
File:                     kulmMUKXDkb1sHf07hU3PGDx5GU.roa (raw, json)
Hash identifier:          SLpOP1yaeujk+Mmef6e4rVPSYH0F+KNHwUTshCM/NJY=
Subject key identifier:   92:E9:66:31:42:97:0E:46:F5:B0:77:F4:EE:15:37:3C:60:F1:E4:65
Certificate issuer:       /CN=d26e4538f1ddea77f57396bb93b907f152df697c
Certificate serial:       0190C0C8A9CCBCA30883162CD71A0BC7D08F
Authority key identifier: D2:6E:45:38:F1:DD:EA:77:F5:73:96:BB:93:B9:07:F1:52:DF:69:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0m5FOPHd6nf1c5a7k7kH8VLfaXw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/64666e-af1b-4118-823d-5de99a52aa39/1/kulmMUKXDkb1sHf07hU3PGDx5GU.roa
Signing time:             Wed 17 Jul 2024 13:01:34 +0000
ROA not before:           Wed 17 Jul 2024 13:01:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204983
IP address blocks:        185.233.172.0/22 maxlen: 22
                          2a0c:eb00::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/64666e-af1b-4118-823d-5de99a52aa39/1/0m5FOPHd6nf1c5a7k7kH8VLfaXw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/64666e-af1b-4118-823d-5de99a52aa39/1/0m5FOPHd6nf1c5a7k7kH8VLfaXw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0m5FOPHd6nf1c5a7k7kH8VLfaXw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 22:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:c0:c8:a9:cc:bc:a3:08:83:16:2c:d7:1a:0b:c7:d0:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d26e4538f1ddea77f57396bb93b907f152df697c
        Validity
            Not Before: Jul 17 13:01:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=92e9663142970e46f5b077f4ee15373c60f1e465
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:51:8b:83:c1:2c:63:06:b7:fc:9c:7b:56:68:
                    d5:02:7d:a6:58:67:2c:b6:58:a3:1c:fb:fe:09:31:
                    d7:27:16:38:27:11:84:50:16:3b:c7:73:34:cf:bf:
                    79:d6:db:f2:7a:19:68:4f:ed:f3:fa:44:d7:bb:8d:
                    c1:2e:69:5d:ab:39:e7:6c:57:19:67:28:af:34:7b:
                    41:80:a1:15:de:3b:0d:45:46:6b:b6:e6:b1:5f:af:
                    22:72:f5:47:59:57:b9:1d:24:7c:f0:84:96:67:f2:
                    a2:4c:5c:3c:46:49:8e:2a:31:a8:95:fd:9b:88:5d:
                    97:87:cb:30:f7:50:2b:1d:2d:96:55:17:1f:cf:ba:
                    56:08:7a:1a:17:4d:ec:d9:35:8a:fd:f4:41:e9:2c:
                    8b:fc:28:61:45:0b:ec:cf:d5:54:d5:4d:ea:d9:0e:
                    7b:27:5e:92:09:4a:45:20:1e:f4:4d:cd:bc:dc:6d:
                    f8:62:02:f7:52:35:4d:af:f2:08:a6:64:0f:ec:b0:
                    92:e5:86:65:f1:ca:18:9c:d9:3e:ff:22:97:02:b6:
                    7d:3b:8a:d5:46:ff:f3:5c:54:89:90:15:79:4f:94:
                    45:c5:4b:8c:9f:58:e9:79:9d:e4:c2:13:43:06:d6:
                    f7:be:08:6e:2c:01:33:b9:7a:96:5f:5a:2d:3b:d3:
                    51:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:E9:66:31:42:97:0E:46:F5:B0:77:F4:EE:15:37:3C:60:F1:E4:65
            X509v3 Authority Key Identifier:
                keyid:D2:6E:45:38:F1:DD:EA:77:F5:73:96:BB:93:B9:07:F1:52:DF:69:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0m5FOPHd6nf1c5a7k7kH8VLfaXw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/64666e-af1b-4118-823d-5de99a52aa39/1/kulmMUKXDkb1sHf07hU3PGDx5GU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/64666e-af1b-4118-823d-5de99a52aa39/1/0m5FOPHd6nf1c5a7k7kH8VLfaXw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.233.172.0/22
                IPv6:
                  2a0c:eb00::/32

    Signature Algorithm: sha256WithRSAEncryption
         44:c3:d8:62:37:f0:8d:ce:87:55:5b:4e:e9:21:e8:e5:96:b6:
         17:74:df:47:68:67:cd:29:61:26:94:19:bb:98:b2:c4:6d:36:
         cb:b7:8a:a7:ec:42:8b:b0:76:3a:d7:ea:22:70:71:74:27:08:
         59:67:64:4d:47:f1:3d:ef:5c:0f:8b:01:a3:d5:3f:43:67:80:
         b4:4b:33:b1:bf:ae:27:0e:cc:90:83:2e:5a:75:08:06:60:c5:
         38:86:17:c7:7a:24:0f:92:90:e7:bc:01:20:8a:55:bd:cd:ab:
         06:b9:2e:9a:59:89:90:5e:6f:d0:ec:1b:f8:ec:72:6f:b3:38:
         22:e4:80:70:e8:70:11:d5:64:a0:da:72:42:ae:ab:ad:76:d7:
         7f:db:b2:e8:f3:6f:eb:84:20:9b:82:40:c3:88:17:88:fc:d0:
         73:52:0f:8d:e1:2b:c2:d7:4e:00:1b:22:ca:52:96:26:f2:e2:
         e4:30:b1:5c:cb:cf:a5:78:55:68:c4:18:56:8b:b9:1e:16:1c:
         c8:93:1b:e3:c6:a2:06:3e:f2:6c:e7:65:23:99:b7:dd:7c:f2:
         74:2a:1c:53:02:ec:54:17:59:cc:5d:d8:5b:61:12:3c:d6:3b:
         52:89:d4:34:7b:94:20:cf:af:4e:d2:c1:1b:f5:cb:51:b3:45:
         43:bb:00:30
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZDAyKnMvKMIgxYs1xoLx9CPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNmU0NTM4ZjFkZGVhNzdmNTczOTZiYjkzYjkwN2YxNTJk
ZjY5N2MwHhcNMjQwNzE3MTMwMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmU5NjYzMTQyOTcwZTQ2ZjViMDc3ZjRlZTE1MzczYzYwZjFlNDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqVGLg8EsYwa3/Jx7VmjVAn2mWGcs
tlijHPv+CTHXJxY4JxGEUBY7x3M0z7951tvyehloT+3z+kTXu43BLmldqznnbFcZ
ZyivNHtBgKEV3jsNRUZrtuaxX68icvVHWVe5HSR88ISWZ/KiTFw8RkmOKjGolf2b
iF2Xh8sw91ArHS2WVRcfz7pWCHoaF03s2TWK/fRB6SyL/ChhRQvsz9VU1U3q2Q57
J16SCUpFIB70Tc283G34YgL3UjVNr/IIpmQP7LCS5YZl8coYnNk+/yKXArZ9O4rV
Rv/zXFSJkBV5T5RFxUuMn1jpeZ3kwhNDBtb3vghuLAEzuXqWX1otO9NR+wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJLpZjFClw5G9bB39O4VNzxg8eRlMB8GA1UdIwQY
MBaAFNJuRTjx3ep39XOWu5O5B/FS32l8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMG01Rk9QSGQ2bmYxYzVhN2s3a0g4VkxmYVh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS82NDY2NmUtYWYxYi00MTE4LTgyM2Qt
NWRlOTlhNTJhYTM5LzEva3VsbU1VS1hEa2Ixc0hmMDdoVTNQR0R4NUdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS82NDY2NmUtYWYxYi00MTE4LTgyM2QtNWRlOTlhNTJhYTM5
LzEvMG01Rk9QSGQ2bmYxYzVhN2s3a0g4VkxmYVh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuemsMA0E
AgACMAcDBQAqDOsAMA0GCSqGSIb3DQEBCwUAA4IBAQBEw9hiN/CNzodVW07pIejl
lrYXdN9HaGfNKWEmlBm7mLLEbTbLt4qn7EKLsHY61+oicHF0JwhZZ2RNR/E971wP
iwGj1T9DZ4C0SzOxv64nDsyQgy5adQgGYMU4hhfHeiQPkpDnvAEgilW9zasGuS6a
WYmQXm/Q7Bv47HJvszgi5IBw6HAR1WSg2nJCrqutdtd/27Lo82/rhCCbgkDDiBeI
/NBzUg+N4SvC104AGyLKUpYm8uLkMLFcy8+leFVoxBhWi7keFhzIkxvjxqIGPvJs
52UjmbfdfPJ0KhxTAuxUF1nMXdhbYRI81jtSidQ0e5Qgz69O0sEb9ctRs0VDuwAw
-----END CERTIFICATE-----