Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/kKwX08ZswU2GmmWJBHJ9inQatNA.roa
File:                     kKwX08ZswU2GmmWJBHJ9inQatNA.roa (raw, json)
Hash identifier:          d350c+a2bPKOjBUc3aqRqkp6TGssgDuOfXpapNeKFVw=
Subject key identifier:   90:AC:17:D3:C6:6C:C1:4D:86:9A:65:89:04:72:7D:8A:74:1A:B4:D0
Certificate issuer:       /CN=18101772248996b87d90840c2d27d62549458173
Certificate serial:       0190BDE4020193043CC681983280353DC19F
Authority key identifier: 18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/kKwX08ZswU2GmmWJBHJ9inQatNA.roa
Signing time:             Tue 16 Jul 2024 23:32:34 +0000
ROA not before:           Tue 16 Jul 2024 23:32:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     152179
IP address blocks:        185.179.218.0/23 maxlen: 24
                          188.64.104.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:bd:e4:02:01:93:04:3c:c6:81:98:32:80:35:3d:c1:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18101772248996b87d90840c2d27d62549458173
        Validity
            Not Before: Jul 16 23:32:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=90ac17d3c66cc14d869a658904727d8a741ab4d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:f1:0d:73:83:80:96:ae:03:12:75:ca:83:70:
                    ef:2a:5f:10:04:82:e4:cf:17:31:51:da:d4:ef:83:
                    4f:75:a0:21:9c:34:ff:3a:33:fb:d1:2a:6b:e6:1b:
                    61:18:2e:3f:d9:55:f8:99:b7:a5:40:dc:11:a7:c7:
                    c2:92:e7:e1:ef:be:90:a9:86:f5:18:6d:ff:5b:fc:
                    ce:27:f8:e3:ed:0c:18:35:79:36:26:1f:ac:ac:1e:
                    3e:d9:1b:9b:77:eb:6d:09:f7:95:3e:fa:c1:ba:a9:
                    46:c7:c6:4e:98:16:22:e2:69:8d:4f:d1:30:e9:fa:
                    6e:a8:9f:1e:60:77:22:66:be:85:d0:84:a7:c9:9c:
                    8d:30:6d:35:62:8f:10:fc:35:fc:6e:7f:96:8f:19:
                    dc:7f:0f:2f:e6:6b:95:de:6f:2b:f8:4e:66:c9:d1:
                    85:5d:4b:67:c8:0c:0a:02:42:16:1e:bc:24:cc:79:
                    fb:09:4f:c6:9f:6e:85:21:fb:4b:a5:da:53:a0:e3:
                    b6:c5:3a:e5:24:f7:f1:35:4e:82:b8:9b:cb:a6:f7:
                    b6:4d:0b:f0:e9:46:09:03:30:12:4f:f5:f4:c0:e0:
                    da:a4:6c:ed:77:bf:35:82:ff:53:74:93:00:fc:2d:
                    f1:ca:bb:d5:26:e9:52:24:a3:44:a6:0d:6d:74:99:
                    80:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:AC:17:D3:C6:6C:C1:4D:86:9A:65:89:04:72:7D:8A:74:1A:B4:D0
            X509v3 Authority Key Identifier:
                keyid:18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/kKwX08ZswU2GmmWJBHJ9inQatNA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.179.218.0/23
                  188.64.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         45:59:37:91:db:a5:3d:43:a3:15:24:ac:25:5b:29:ff:9b:08:
         1f:b2:4c:4a:57:14:64:b4:86:de:f1:b0:7a:29:ef:c2:7d:6d:
         e5:0a:e5:4a:22:18:4c:3d:8b:27:bb:9f:39:21:5f:53:db:46:
         81:d8:2e:92:ae:26:65:cd:b1:4a:39:90:85:23:af:df:c2:a2:
         65:e3:43:84:08:5c:b8:61:e8:83:7a:2b:26:9a:06:6b:79:3f:
         a8:80:9a:c2:64:6c:d0:f6:25:be:33:e9:9e:3b:00:ac:49:d5:
         1a:1d:2f:61:fc:26:df:21:ec:d5:10:f0:ce:64:ba:97:b0:2c:
         cc:d1:61:6f:2e:6a:64:2d:8d:fb:07:bf:41:2b:cd:6f:ba:15:
         f5:bf:de:dc:57:c8:96:3e:c9:ec:56:9e:9d:d9:f4:ff:3c:ec:
         85:3c:73:30:71:32:0d:cd:f8:3b:50:b8:8b:10:b0:76:28:f2:
         bd:5c:1b:b3:ad:ad:0e:f8:d4:62:5b:c0:a8:ad:b2:83:d2:18:
         b7:9c:f3:28:96:bc:7c:cb:05:6f:21:4c:82:e0:9d:f5:e5:e6:
         f7:70:15:7f:09:ac:bb:c2:d5:c8:07:76:0e:76:f3:c5:34:e5:
         b6:80:0a:b8:62:25:63:bf:5a:ea:bd:9b:b1:3b:f3:c4:15:08:
         ac:b8:6a:f7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZC95AIBkwQ8xoGYMoA1PcGfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MTAxNzcyMjQ4OTk2Yjg3ZDkwODQwYzJkMjdkNjI1NDk0
NTgxNzMwHhcNMjQwNzE2MjMzMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGFjMTdkM2M2NmNjMTRkODY5YTY1ODkwNDcyN2Q4YTc0MWFiNGQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvPENc4OAlq4DEnXKg3DvKl8QBILk
zxcxUdrU74NPdaAhnDT/OjP70Spr5hthGC4/2VX4mbelQNwRp8fCkufh776QqYb1
GG3/W/zOJ/jj7QwYNXk2Jh+srB4+2Rubd+ttCfeVPvrBuqlGx8ZOmBYi4mmNT9Ew
6fpuqJ8eYHciZr6F0ISnyZyNMG01Yo8Q/DX8bn+Wjxncfw8v5muV3m8r+E5mydGF
XUtnyAwKAkIWHrwkzHn7CU/Gn26FIftLpdpToOO2xTrlJPfxNU6CuJvLpve2TQvw
6UYJAzAST/X0wODapGztd781gv9TdJMA/C3xyrvVJulSJKNEpg1tdJmA9wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJCsF9PGbMFNhppliQRyfYp0GrTQMB8GA1UdIwQY
MBaAFBgQF3IkiZa4fZCEDC0n1iVJRYFzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQt
M2NjODVhZDNjMTkwLzEva0t3WDA4WnN3VTJHbW1XSkJISjlpblFhdE5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQtM2NjODVhZDNjMTkw
LzEvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBubPaAwQC
vEBoMA0GCSqGSIb3DQEBCwUAA4IBAQBFWTeR26U9Q6MVJKwlWyn/mwgfskxKVxRk
tIbe8bB6Ke/CfW3lCuVKIhhMPYsnu585IV9T20aB2C6SriZlzbFKOZCFI6/fwqJl
40OECFy4YeiDeismmgZreT+ogJrCZGzQ9iW+M+meOwCsSdUaHS9h/CbfIezVEPDO
ZLqXsCzM0WFvLmpkLY37B79BK81vuhX1v97cV8iWPsnsVp6d2fT/POyFPHMwcTIN
zfg7ULiLELB2KPK9XBuzra0O+NRiW8CorbKD0hi3nPMolrx8ywVvIUyC4J315eb3
cBV/Cay7wtXIB3YOdvPFNOW2gAq4YiVjv1rqvZuxO/PEFQisuGr3
-----END CERTIFICATE-----