Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/4e5902-e283-4916-a33c-7226a8845e01/1/KFkK81hwTMtDX0ohSkERUdloN7E.roa
File:                     KFkK81hwTMtDX0ohSkERUdloN7E.roa (raw, json)
Hash identifier:          TKEoWIReRyW2yYoxDo5E9hkfEJMEI0DuLA4nXyvX0UM=
Subject key identifier:   28:59:0A:F3:58:70:4C:CB:43:5F:4A:21:4A:41:11:51:D9:68:37:B1
Certificate issuer:       /CN=0f2f8b2b94721e928f6188b5cf15053144dedf8c
Certificate serial:       018CC6B925FC42D75B08177F10140E041066
Authority key identifier: 0F:2F:8B:2B:94:72:1E:92:8F:61:88:B5:CF:15:05:31:44:DE:DF:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Dy-LK5RyHpKPYYi1zxUFMUTe34w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/4e5902-e283-4916-a33c-7226a8845e01/1/KFkK81hwTMtDX0ohSkERUdloN7E.roa
Signing time:             Mon 01 Jan 2024 20:31:11 +0000
ROA not before:           Mon 01 Jan 2024 20:31:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210001
IP address blocks:        185.124.151.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/4e5902-e283-4916-a33c-7226a8845e01/1/Dy-LK5RyHpKPYYi1zxUFMUTe34w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/4e5902-e283-4916-a33c-7226a8845e01/1/Dy-LK5RyHpKPYYi1zxUFMUTe34w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Dy-LK5RyHpKPYYi1zxUFMUTe34w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 21:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:25:fc:42:d7:5b:08:17:7f:10:14:0e:04:10:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f2f8b2b94721e928f6188b5cf15053144dedf8c
        Validity
            Not Before: Jan  1 20:31:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=28590af358704ccb435f4a214a411151d96837b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:f0:5f:43:bb:32:a2:64:d5:f8:82:a5:0e:55:
                    a8:36:8b:32:33:c3:68:d0:42:53:f6:54:98:e0:6a:
                    34:90:ab:43:ce:eb:cb:ef:21:2a:23:5c:85:99:90:
                    69:b8:53:6b:25:33:5f:f9:3e:8d:a9:3d:f2:80:3e:
                    ef:c1:93:e2:04:1a:d8:35:c2:81:56:7f:c7:ad:0c:
                    c3:3a:f0:64:44:75:c0:04:0b:37:8c:d1:9c:2b:ab:
                    92:47:8a:3a:ac:fa:e4:65:60:bf:43:40:c8:dd:5b:
                    98:41:6d:84:4d:31:c4:e4:57:a4:77:ec:91:7a:e1:
                    3b:bb:66:2c:64:b2:f4:3e:34:7f:c5:bc:c2:e1:0e:
                    91:56:03:a4:cc:30:46:f7:b3:dd:86:6c:c6:3e:1a:
                    a3:44:ef:10:6e:6f:bd:d9:c4:a0:ad:82:64:28:86:
                    66:c7:4c:08:06:f9:e1:cd:04:0a:b0:cc:f2:40:c0:
                    1e:94:3c:0b:c7:37:98:3c:28:1d:d4:20:e9:50:e4:
                    e8:23:b4:e0:5f:3a:d0:d6:ce:d9:73:69:43:32:9e:
                    f4:5c:9c:51:4d:e2:2a:1b:16:bb:f7:fd:d4:f4:44:
                    93:15:04:12:2e:9e:e6:2c:9f:8e:93:d1:88:fb:41:
                    ba:4e:0c:42:f0:d8:dd:a5:14:75:0a:fa:87:c2:c3:
                    f1:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:59:0A:F3:58:70:4C:CB:43:5F:4A:21:4A:41:11:51:D9:68:37:B1
            X509v3 Authority Key Identifier:
                keyid:0F:2F:8B:2B:94:72:1E:92:8F:61:88:B5:CF:15:05:31:44:DE:DF:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Dy-LK5RyHpKPYYi1zxUFMUTe34w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/4e5902-e283-4916-a33c-7226a8845e01/1/KFkK81hwTMtDX0ohSkERUdloN7E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/4e5902-e283-4916-a33c-7226a8845e01/1/Dy-LK5RyHpKPYYi1zxUFMUTe34w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.124.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:7a:4e:48:7d:31:7b:72:3e:95:0a:1f:7a:e1:34:28:32:01:
         89:dc:fc:d8:2c:70:1a:af:52:26:60:72:db:7f:1f:5e:3f:96:
         89:5c:de:b0:70:b6:2a:3b:a5:cf:60:9c:84:1c:4a:8a:08:78:
         d7:f4:5f:1b:51:a5:24:ba:48:ee:f4:79:80:24:79:43:1d:cf:
         32:04:66:ce:e8:70:71:2c:dc:f5:b9:85:b7:21:6b:f6:e7:64:
         5b:76:00:94:cd:d2:b4:2d:a2:a9:da:33:d9:94:32:a2:73:13:
         9c:96:85:3d:4c:86:3d:55:ee:00:53:d6:1d:89:ba:50:03:bd:
         a8:e4:7d:4b:d6:7f:8d:9d:cb:a7:99:6a:9e:26:8c:8c:d2:74:
         5a:87:b5:51:00:ca:98:48:6f:2d:bd:61:38:d8:5c:bb:6f:4f:
         24:f0:50:f6:cb:28:94:3c:45:97:e7:71:48:66:59:5d:49:07:
         d7:6c:c4:c9:b6:62:5c:50:f5:14:f4:66:d5:2c:fd:dd:d8:66:
         0b:84:96:df:c7:3c:4f:b2:91:1b:81:70:ca:b2:27:72:a3:c4:
         61:c9:82:00:ef:61:20:0a:e0:70:d3:59:cf:c3:05:03:96:d6:
         61:38:55:1a:80:9f:24:b6:63:46:b9:13:81:87:2a:aa:3c:3e:
         67:75:79:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuSX8QtdbCBd/EBQOBBBmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmMmY4YjJiOTQ3MjFlOTI4ZjYxODhiNWNmMTUwNTMxNDRk
ZWRmOGMwHhcNMjQwMTAxMjAzMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODU5MGFmMzU4NzA0Y2NiNDM1ZjRhMjE0YTQxMTE1MWQ5NjgzN2IxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgPBfQ7syomTV+IKlDlWoNosyM8No
0EJT9lSY4Go0kKtDzuvL7yEqI1yFmZBpuFNrJTNf+T6NqT3ygD7vwZPiBBrYNcKB
Vn/HrQzDOvBkRHXABAs3jNGcK6uSR4o6rPrkZWC/Q0DI3VuYQW2ETTHE5Fekd+yR
euE7u2YsZLL0PjR/xbzC4Q6RVgOkzDBG97PdhmzGPhqjRO8Qbm+92cSgrYJkKIZm
x0wIBvnhzQQKsMzyQMAelDwLxzeYPCgd1CDpUOToI7TgXzrQ1s7Zc2lDMp70XJxR
TeIqGxa79/3U9ESTFQQSLp7mLJ+Ok9GI+0G6TgxC8NjdpRR1CvqHwsPxkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFChZCvNYcEzLQ19KIUpBEVHZaDexMB8GA1UdIwQY
MBaAFA8viyuUch6Sj2GItc8VBTFE3t+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHktTEs1UnlIcEtQWVlpMXp4VUZNVVRlMzR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi80ZTU5MDItZTI4My00OTE2LWEzM2Mt
NzIyNmE4ODQ1ZTAxLzEvS0ZrSzgxaHdUTXREWDBvaFNrRVJVZGxvTjdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi80ZTU5MDItZTI4My00OTE2LWEzM2MtNzIyNmE4ODQ1ZTAx
LzEvRHktTEs1UnlIcEtQWVlpMXp4VUZNVVRlMzR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXyXMA0G
CSqGSIb3DQEBCwUAA4IBAQAIek5IfTF7cj6VCh964TQoMgGJ3PzYLHAar1ImYHLb
fx9eP5aJXN6wcLYqO6XPYJyEHEqKCHjX9F8bUaUkukju9HmAJHlDHc8yBGbO6HBx
LNz1uYW3IWv252RbdgCUzdK0LaKp2jPZlDKicxOcloU9TIY9Ve4AU9YdibpQA72o
5H1L1n+NncunmWqeJoyM0nRah7VRAMqYSG8tvWE42Fy7b08k8FD2yyiUPEWX53FI
ZlldSQfXbMTJtmJcUPUU9GbVLP3d2GYLhJbfxzxPspEbgXDKsidyo8RhyYIA72Eg
CuBw01nPwwUDltZhOFUagJ8ktmNGuROBhyqqPD5ndXmQ
-----END CERTIFICATE-----