Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/a5b368-3313-4132-9897-d017957ea39e/1/K_iJ4ZCPbYh1dInHWokSxA-6mV4.roa
File:                     K_iJ4ZCPbYh1dInHWokSxA-6mV4.roa (raw, json)
Hash identifier:          91vFbQ2+uWlAbX7i6zrQqzRiKV9nOk/pkYn5aNd8aEo=
Subject key identifier:   2B:F8:89:E1:90:8F:6D:88:75:74:89:C7:5A:89:12:C4:0F:BA:99:5E
Certificate issuer:       /CN=04b1e756edb1c3bd2f57669f582bf6a951b83f48
Certificate serial:       018CC500FFFE753327A61C370E46C0DBDE67
Authority key identifier: 04:B1:E7:56:ED:B1:C3:BD:2F:57:66:9F:58:2B:F6:A9:51:B8:3F:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BLHnVu2xw70vV2afWCv2qVG4P0g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/a5b368-3313-4132-9897-d017957ea39e/1/K_iJ4ZCPbYh1dInHWokSxA-6mV4.roa
Signing time:             Mon 01 Jan 2024 12:30:26 +0000
ROA not before:           Mon 01 Jan 2024 12:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        192.124.245.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/a5b368-3313-4132-9897-d017957ea39e/1/BLHnVu2xw70vV2afWCv2qVG4P0g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/a5b368-3313-4132-9897-d017957ea39e/1/BLHnVu2xw70vV2afWCv2qVG4P0g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BLHnVu2xw70vV2afWCv2qVG4P0g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 18:17:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:ff:fe:75:33:27:a6:1c:37:0e:46:c0:db:de:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04b1e756edb1c3bd2f57669f582bf6a951b83f48
        Validity
            Not Before: Jan  1 12:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2bf889e1908f6d88757489c75a8912c40fba995e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:81:00:21:74:72:cb:3a:28:b1:f1:3b:29:19:
                    a8:ef:e5:9e:f7:44:90:b3:9d:9f:38:1d:dc:ab:ea:
                    6e:bd:ad:65:9a:ec:9a:50:47:7d:75:a2:c9:b0:5d:
                    53:9c:a3:2c:0d:7f:e3:bc:9d:6d:4c:21:35:a9:77:
                    47:75:bf:13:f0:01:fb:2c:c4:74:03:de:ee:82:9e:
                    bb:02:81:8b:79:4c:e6:f2:81:79:aa:3f:35:82:73:
                    8e:5d:ae:31:22:8c:eb:bc:fb:58:7f:bb:58:87:a1:
                    57:40:15:74:71:f7:65:02:e3:8e:fa:0e:89:45:b0:
                    62:aa:0a:69:01:5c:56:6f:7a:cd:c4:3d:ab:8f:5d:
                    e8:9e:a0:f8:15:82:00:db:68:52:fd:78:a5:33:b0:
                    67:41:c1:5d:b2:a3:4f:be:cc:85:48:67:9f:67:51:
                    33:ef:d5:67:c5:05:19:e2:21:69:d0:bf:24:d3:1e:
                    e0:3d:36:99:d8:ad:fd:82:8a:72:b6:df:39:31:1b:
                    a6:a0:45:c7:4e:a7:ee:c9:b7:40:3c:81:5a:98:f1:
                    89:c0:37:81:80:79:16:1d:34:59:9d:c3:94:2a:5d:
                    d8:d6:01:e2:1d:26:bf:ed:d3:45:f4:13:64:bb:96:
                    68:6a:b6:35:f7:8c:20:c5:16:20:c9:1d:98:86:b1:
                    58:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:F8:89:E1:90:8F:6D:88:75:74:89:C7:5A:89:12:C4:0F:BA:99:5E
            X509v3 Authority Key Identifier:
                keyid:04:B1:E7:56:ED:B1:C3:BD:2F:57:66:9F:58:2B:F6:A9:51:B8:3F:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BLHnVu2xw70vV2afWCv2qVG4P0g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/a5b368-3313-4132-9897-d017957ea39e/1/K_iJ4ZCPbYh1dInHWokSxA-6mV4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/a5b368-3313-4132-9897-d017957ea39e/1/BLHnVu2xw70vV2afWCv2qVG4P0g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:4c:c7:47:c2:cd:6c:86:8b:61:35:3f:f5:48:5c:95:8d:68:
         dd:38:ae:cd:72:c0:6f:84:62:ca:04:34:09:f7:42:5c:8e:16:
         8b:f0:de:84:44:26:f2:39:a4:6e:23:f2:25:9b:35:9e:a8:76:
         46:63:2d:0d:63:5b:d5:53:63:8b:b4:7d:93:40:51:7c:84:16:
         e4:95:21:f2:30:fd:8d:ff:90:b1:bf:dc:c4:58:5b:b5:74:35:
         6c:b6:c4:96:5d:9e:0d:fb:fd:78:88:46:ff:07:92:5f:59:72:
         72:34:7c:95:75:dd:82:40:59:48:b6:c1:2c:f2:01:09:48:ab:
         23:b2:37:ec:b0:43:a1:93:a9:c6:28:79:8a:e0:80:dc:d3:12:
         18:7a:a1:bc:fd:70:90:1f:ef:a8:fd:c5:5e:4c:68:e0:d1:a5:
         87:97:29:fe:2c:52:23:a6:84:74:fa:64:b4:a7:b6:3b:92:61:
         74:b6:32:fb:b9:54:b6:d0:9c:b7:ce:79:7c:b6:43:2c:ad:a1:
         38:56:35:e5:0b:af:40:f3:45:00:77:ce:86:d3:fc:72:35:df:
         ae:d5:fb:2a:09:c9:fc:d9:b9:f8:81:ac:43:c7:5a:1b:06:35:
         6c:1a:87:af:14:06:d1:92:3b:e2:2c:09:8b:84:ec:43:c0:0c:
         62:c1:61:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAP/+dTMnphw3DkbA295nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0YjFlNzU2ZWRiMWMzYmQyZjU3NjY5ZjU4MmJmNmE5NTFi
ODNmNDgwHhcNMjQwMTAxMTIzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmY4ODllMTkwOGY2ZDg4NzU3NDg5Yzc1YTg5MTJjNDBmYmE5OTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzIEAIXRyyzoosfE7KRmo7+We90SQ
s52fOB3cq+puva1lmuyaUEd9daLJsF1TnKMsDX/jvJ1tTCE1qXdHdb8T8AH7LMR0
A97ugp67AoGLeUzm8oF5qj81gnOOXa4xIozrvPtYf7tYh6FXQBV0cfdlAuOO+g6J
RbBiqgppAVxWb3rNxD2rj13onqD4FYIA22hS/XilM7BnQcFdsqNPvsyFSGefZ1Ez
79VnxQUZ4iFp0L8k0x7gPTaZ2K39gopytt85MRumoEXHTqfuybdAPIFamPGJwDeB
gHkWHTRZncOUKl3Y1gHiHSa/7dNF9BNku5ZoarY194wgxRYgyR2YhrFYJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCv4ieGQj22IdXSJx1qJEsQPupleMB8GA1UdIwQY
MBaAFASx51btscO9L1dmn1gr9qlRuD9IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkxIblZ1Mnh3NzB2VjJhZldDdjJxVkc0UDBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9hNWIzNjgtMzMxMy00MTMyLTk4OTct
ZDAxNzk1N2VhMzllLzEvS19pSjRaQ1BiWWgxZEluSFdva1N4QS02bVY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9hNWIzNjgtMzMxMy00MTMyLTk4OTctZDAxNzk1N2VhMzll
LzEvQkxIblZ1Mnh3NzB2VjJhZldDdjJxVkc0UDBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwHz1MA0G
CSqGSIb3DQEBCwUAA4IBAQAmTMdHws1shothNT/1SFyVjWjdOK7NcsBvhGLKBDQJ
90JcjhaL8N6ERCbyOaRuI/IlmzWeqHZGYy0NY1vVU2OLtH2TQFF8hBbklSHyMP2N
/5Cxv9zEWFu1dDVstsSWXZ4N+/14iEb/B5JfWXJyNHyVdd2CQFlItsEs8gEJSKsj
sjfssEOhk6nGKHmK4IDc0xIYeqG8/XCQH++o/cVeTGjg0aWHlyn+LFIjpoR0+mS0
p7Y7kmF0tjL7uVS20Jy3znl8tkMsraE4VjXlC69A80UAd86G0/xyNd+u1fsqCcn8
2bn4gaxDx1obBjVsGoevFAbRkjviLAmLhOxDwAxiwWFw
-----END CERTIFICATE-----