Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/4cea79-2a09-4ae7-a50c-f8a836f01b21/1/kg5DzowdBRghas0rvr18IN-HqsE.roa
File:                     kg5DzowdBRghas0rvr18IN-HqsE.roa (raw, json)
Hash identifier:          fdC/Ma7e1scZ1g6mOiGy/w7Ian+cJI4pbHgZTMAF+u4=
Subject key identifier:   92:0E:43:CE:8C:1D:05:18:21:6A:CD:2B:BE:BD:7C:20:DF:87:AA:C1
Certificate issuer:       /CN=8a5d86aab4c0974f0c27f43d968df426f53df5d2
Certificate serial:       018D64C9B1979AD7DB84BF2B4FAF13BAB2AF
Authority key identifier: 8A:5D:86:AA:B4:C0:97:4F:0C:27:F4:3D:96:8D:F4:26:F5:3D:F5:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/il2GqrTAl08MJ_Q9lo30JvU99dI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/4cea79-2a09-4ae7-a50c-f8a836f01b21/1/kg5DzowdBRghas0rvr18IN-HqsE.roa
Signing time:             Thu 01 Feb 2024 13:09:16 +0000
ROA not before:           Thu 01 Feb 2024 13:09:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        46.174.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/4cea79-2a09-4ae7-a50c-f8a836f01b21/1/il2GqrTAl08MJ_Q9lo30JvU99dI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/4cea79-2a09-4ae7-a50c-f8a836f01b21/1/il2GqrTAl08MJ_Q9lo30JvU99dI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/il2GqrTAl08MJ_Q9lo30JvU99dI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:64:c9:b1:97:9a:d7:db:84:bf:2b:4f:af:13:ba:b2:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a5d86aab4c0974f0c27f43d968df426f53df5d2
        Validity
            Not Before: Feb  1 13:09:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=920e43ce8c1d0518216acd2bbebd7c20df87aac1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:45:44:94:8f:a4:1a:20:58:a4:94:90:91:6d:
                    9c:40:f8:e4:92:ac:ce:e2:47:32:79:8a:53:cb:46:
                    54:27:8a:fd:a0:a1:e9:51:6a:95:7e:fd:cc:e5:eb:
                    14:da:81:3a:47:c3:5f:07:91:86:37:88:a1:e6:ca:
                    66:3d:9c:55:6a:40:dc:6d:55:e1:cb:0c:18:6d:c3:
                    df:f3:19:44:f1:2c:46:79:b4:1d:4c:3d:1c:b0:d6:
                    b9:d8:d2:c9:6b:e8:24:52:d5:a4:b1:60:06:ae:95:
                    82:8b:ea:b5:ba:47:01:bc:ae:01:cb:a6:a0:b6:29:
                    83:1e:9f:b9:c8:46:d1:b0:ed:7e:ef:f3:1a:93:9d:
                    d7:dc:92:12:05:5e:a9:65:5c:d6:1f:68:71:8d:6a:
                    d7:56:d7:9d:09:10:e9:d2:fb:bd:94:22:cb:86:9f:
                    16:29:6f:91:9e:59:cc:9d:fc:b6:6e:02:a4:b2:19:
                    3f:d0:62:a6:26:c3:8c:c2:88:98:b9:bc:29:dd:29:
                    6a:ca:6f:47:58:3d:b3:13:88:42:8a:4f:76:9a:33:
                    6f:df:cf:39:6d:2b:b2:99:59:b5:3a:c0:0f:fa:68:
                    bf:2f:7c:bc:2a:7f:8a:ef:30:5b:c2:de:a0:ef:78:
                    c0:f9:7b:15:23:6e:20:a4:41:79:0a:8d:fe:ef:15:
                    b2:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:0E:43:CE:8C:1D:05:18:21:6A:CD:2B:BE:BD:7C:20:DF:87:AA:C1
            X509v3 Authority Key Identifier:
                keyid:8A:5D:86:AA:B4:C0:97:4F:0C:27:F4:3D:96:8D:F4:26:F5:3D:F5:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/il2GqrTAl08MJ_Q9lo30JvU99dI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/4cea79-2a09-4ae7-a50c-f8a836f01b21/1/kg5DzowdBRghas0rvr18IN-HqsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/4cea79-2a09-4ae7-a50c-f8a836f01b21/1/il2GqrTAl08MJ_Q9lo30JvU99dI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.174.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:ff:97:31:1a:31:7f:fe:7c:30:30:3b:02:e3:94:7d:56:e4:
         5d:0c:cc:86:b2:f6:6a:00:33:52:9a:a5:24:df:a2:89:a7:f0:
         05:2c:d8:02:c9:d1:c1:e8:b4:43:bd:61:a6:a8:d5:20:73:0e:
         07:d1:19:06:ed:55:70:9e:e5:80:cb:30:43:72:36:f6:f8:d1:
         f7:06:3a:08:5c:a4:6b:aa:4b:f8:e1:b8:1c:89:05:28:db:98:
         51:83:ab:2d:d8:c0:2e:11:ce:6c:3d:39:b0:a6:71:ab:2e:5f:
         32:ad:d2:8d:68:8c:a1:ad:2a:0b:ec:64:de:a6:ec:8d:eb:60:
         92:37:42:63:1f:bb:e9:dc:de:7c:41:ab:d1:69:93:06:56:f5:
         d0:fc:82:7f:b8:b3:cf:7b:fe:22:9e:e5:36:6a:b6:8b:2d:20:
         57:8c:17:1e:f7:15:92:b8:76:f5:01:5d:eb:42:06:b0:8c:20:
         b6:53:a2:7f:a6:ae:21:09:65:4b:cb:7f:8f:8c:42:64:e6:65:
         d9:05:7f:52:55:5d:e0:39:44:03:99:4d:9b:35:15:a5:ad:41:
         88:db:7d:10:fa:f8:4a:0a:ff:0e:b5:af:56:37:e3:43:45:12:
         ad:58:bc:70:3d:5b:02:56:67:9c:86:2a:7d:0c:b4:7c:c0:2b:
         29:c3:16:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1kybGXmtfbhL8rT68TurKvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhNWQ4NmFhYjRjMDk3NGYwYzI3ZjQzZDk2OGRmNDI2ZjUz
ZGY1ZDIwHhcNMjQwMjAxMTMwOTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjBlNDNjZThjMWQwNTE4MjE2YWNkMmJiZWJkN2MyMGRmODdhYWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvEVElI+kGiBYpJSQkW2cQPjkkqzO
4kcyeYpTy0ZUJ4r9oKHpUWqVfv3M5esU2oE6R8NfB5GGN4ih5spmPZxVakDcbVXh
ywwYbcPf8xlE8SxGebQdTD0csNa52NLJa+gkUtWksWAGrpWCi+q1ukcBvK4By6ag
timDHp+5yEbRsO1+7/Mak53X3JISBV6pZVzWH2hxjWrXVtedCRDp0vu9lCLLhp8W
KW+RnlnMnfy2bgKkshk/0GKmJsOMwoiYubwp3Slqym9HWD2zE4hCik92mjNv3885
bSuymVm1OsAP+mi/L3y8Kn+K7zBbwt6g73jA+XsVI24gpEF5Co3+7xWygQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJIOQ86MHQUYIWrNK769fCDfh6rBMB8GA1UdIwQY
MBaAFIpdhqq0wJdPDCf0PZaN9Cb1PfXSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWwyR3FyVEFsMDhNSl9ROWxvMzBKdlU5OWRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi80Y2VhNzktMmEwOS00YWU3LWE1MGMt
ZjhhODM2ZjAxYjIxLzEva2c1RHpvd2RCUmdoYXMwcnZyMThJTi1IcXNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi80Y2VhNzktMmEwOS00YWU3LWE1MGMtZjhhODM2ZjAxYjIx
LzEvaWwyR3FyVEFsMDhNSl9ROWxvMzBKdlU5OWRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALq6LMA0G
CSqGSIb3DQEBCwUAA4IBAQBW/5cxGjF//nwwMDsC45R9VuRdDMyGsvZqADNSmqUk
36KJp/AFLNgCydHB6LRDvWGmqNUgcw4H0RkG7VVwnuWAyzBDcjb2+NH3BjoIXKRr
qkv44bgciQUo25hRg6st2MAuEc5sPTmwpnGrLl8yrdKNaIyhrSoL7GTepuyN62CS
N0JjH7vp3N58QavRaZMGVvXQ/IJ/uLPPe/4inuU2araLLSBXjBce9xWSuHb1AV3r
QgawjCC2U6J/pq4hCWVLy3+PjEJk5mXZBX9SVV3gOUQDmU2bNRWlrUGI230Q+vhK
Cv8Ota9WN+NDRRKtWLxwPVsCVmechip9DLR8wCspwxY+
-----END CERTIFICATE-----