Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/8ff537-71e0-403b-979e-1ef7ef17fa43/1/KWBpE_vq11TOYQtDQegGmCOxt3U.roa
File:                     KWBpE_vq11TOYQtDQegGmCOxt3U.roa (raw, json)
Hash identifier:          Axz5haOlAjNXcBpWePEphTyWnxv+RUAnuTUUa6E3SUc=
Subject key identifier:   29:60:69:13:FB:EA:D7:54:CE:61:0B:43:41:E8:06:98:23:B1:B7:75
Certificate issuer:       /CN=6dbd51576b4a93460a465af35e6bf550f5548894
Certificate serial:       018CC8DED9C60B1AF6020329A4B5CC77696A
Authority key identifier: 6D:BD:51:57:6B:4A:93:46:0A:46:5A:F3:5E:6B:F5:50:F5:54:88:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bb1RV2tKk0YKRlrzXmv1UPVUiJQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/8ff537-71e0-403b-979e-1ef7ef17fa43/1/KWBpE_vq11TOYQtDQegGmCOxt3U.roa
Signing time:             Tue 02 Jan 2024 06:31:37 +0000
ROA not before:           Tue 02 Jan 2024 06:31:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199619
IP address blocks:        185.5.143.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/8ff537-71e0-403b-979e-1ef7ef17fa43/1/bb1RV2tKk0YKRlrzXmv1UPVUiJQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/8ff537-71e0-403b-979e-1ef7ef17fa43/1/bb1RV2tKk0YKRlrzXmv1UPVUiJQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bb1RV2tKk0YKRlrzXmv1UPVUiJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:d9:c6:0b:1a:f6:02:03:29:a4:b5:cc:77:69:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6dbd51576b4a93460a465af35e6bf550f5548894
        Validity
            Not Before: Jan  2 06:31:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=29606913fbead754ce610b4341e8069823b1b775
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:8e:a1:de:db:b5:52:c7:f1:dd:c4:ac:bd:db:
                    41:5d:72:bb:06:f7:ae:b3:6a:67:4c:44:52:56:b6:
                    1b:da:a7:bc:7b:64:fb:1b:42:28:a7:86:8e:c9:fc:
                    72:ac:9f:3a:68:17:63:89:cd:cb:9b:3e:62:6b:ae:
                    e0:22:bb:a0:8f:bd:bd:fa:1c:f6:84:03:1b:c7:2b:
                    79:06:69:87:15:18:11:74:65:ed:e1:c9:9c:5c:37:
                    c2:d1:7e:a5:0d:9b:a1:9f:cd:ff:1d:08:a9:8c:89:
                    74:04:44:13:d1:4e:0f:a8:df:6f:80:c4:9b:49:b9:
                    4b:25:a9:87:4a:7a:3c:e6:1d:48:75:32:96:13:0e:
                    2d:83:30:ec:76:65:c8:1a:ec:7f:01:71:c8:81:ea:
                    de:4d:26:b1:71:d8:c9:15:3f:2d:29:b1:db:76:ff:
                    7f:44:0a:53:ee:75:e0:7c:3b:01:c1:c0:fd:b3:d9:
                    b2:37:92:35:35:02:06:5b:c7:52:76:ea:fb:94:e2:
                    db:88:31:eb:a1:57:d5:64:d8:2b:6e:93:a3:07:1a:
                    fe:34:6d:c2:46:84:d7:5d:5c:dc:2c:9c:d0:cc:a8:
                    63:f6:15:42:a2:c5:ac:54:a9:7f:35:a0:0c:b6:e6:
                    72:c8:79:c6:27:dd:47:b5:f9:b1:e9:a0:a4:0b:06:
                    ae:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:60:69:13:FB:EA:D7:54:CE:61:0B:43:41:E8:06:98:23:B1:B7:75
            X509v3 Authority Key Identifier:
                keyid:6D:BD:51:57:6B:4A:93:46:0A:46:5A:F3:5E:6B:F5:50:F5:54:88:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb1RV2tKk0YKRlrzXmv1UPVUiJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/8ff537-71e0-403b-979e-1ef7ef17fa43/1/KWBpE_vq11TOYQtDQegGmCOxt3U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/8ff537-71e0-403b-979e-1ef7ef17fa43/1/bb1RV2tKk0YKRlrzXmv1UPVUiJQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.5.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:f0:41:75:0c:06:21:1e:5a:86:1c:98:b6:a1:ac:4d:7b:ff:
         78:1c:20:86:7b:90:d6:c6:77:33:5d:53:4d:ae:9e:1b:fe:79:
         e2:0e:e1:cb:a3:c7:3c:54:8f:9a:37:13:38:44:55:2d:b4:a9:
         fc:c9:11:e9:79:ac:cb:38:11:c8:e3:6f:28:70:dd:ac:2d:1d:
         c1:53:ac:c0:c9:51:2e:bf:cc:ad:1a:38:47:98:08:6d:5a:be:
         3c:b7:dc:da:4f:69:9d:10:40:c5:ad:d7:34:0f:85:c5:e0:b5:
         e3:8f:6a:f7:83:89:f0:8b:82:68:76:21:ac:44:3a:13:a4:68:
         d8:31:94:98:a2:8c:a7:f5:f6:ab:3c:b1:00:57:d7:6e:eb:29:
         26:ef:2a:64:1d:45:2e:e2:5c:29:8a:0a:ee:76:1f:6e:89:e4:
         34:b5:55:0f:86:4f:3d:e4:ee:51:2e:1a:31:9f:3d:6a:18:e5:
         97:ac:fd:fa:15:06:19:c8:2b:83:6a:57:d1:91:06:68:24:18:
         b3:fc:2c:b3:17:a1:af:b3:28:79:4f:09:fd:b4:28:81:36:8c:
         f5:7d:9d:d8:20:18:15:a4:0b:5c:32:80:a2:09:e1:08:89:36:
         47:c6:ca:e2:9b:94:df:b0:1f:54:56:25:0f:c2:a9:13:af:4e:
         c9:3a:78:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3tnGCxr2AgMppLXMd2lqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkYmQ1MTU3NmI0YTkzNDYwYTQ2NWFmMzVlNmJmNTUwZjU1
NDg4OTQwHhcNMjQwMTAyMDYzMTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTYwNjkxM2ZiZWFkNzU0Y2U2MTBiNDM0MWU4MDY5ODIzYjFiNzc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyY6h3tu1Usfx3cSsvdtBXXK7Bveu
s2pnTERSVrYb2qe8e2T7G0Iop4aOyfxyrJ86aBdjic3Lmz5ia67gIrugj729+hz2
hAMbxyt5BmmHFRgRdGXt4cmcXDfC0X6lDZuhn83/HQipjIl0BEQT0U4PqN9vgMSb
SblLJamHSno85h1IdTKWEw4tgzDsdmXIGux/AXHIgereTSaxcdjJFT8tKbHbdv9/
RApT7nXgfDsBwcD9s9myN5I1NQIGW8dSdur7lOLbiDHroVfVZNgrbpOjBxr+NG3C
RoTXXVzcLJzQzKhj9hVCosWsVKl/NaAMtuZyyHnGJ91Htfmx6aCkCwauWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFClgaRP76tdUzmELQ0HoBpgjsbd1MB8GA1UdIwQY
MBaAFG29UVdrSpNGCkZa815r9VD1VIiUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmIxUlYydEtrMFlLUmxyelhtdjFVUFZVaUpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS84ZmY1MzctNzFlMC00MDNiLTk3OWUt
MWVmN2VmMTdmYTQzLzEvS1dCcEVfdnExMVRPWVF0RFFlZ0dtQ094dDNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS84ZmY1MzctNzFlMC00MDNiLTk3OWUtMWVmN2VmMTdmYTQz
LzEvYmIxUlYydEtrMFlLUmxyelhtdjFVUFZVaUpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQWPMA0G
CSqGSIb3DQEBCwUAA4IBAQCL8EF1DAYhHlqGHJi2oaxNe/94HCCGe5DWxnczXVNN
rp4b/nniDuHLo8c8VI+aNxM4RFUttKn8yRHpeazLOBHI428ocN2sLR3BU6zAyVEu
v8ytGjhHmAhtWr48t9zaT2mdEEDFrdc0D4XF4LXjj2r3g4nwi4JodiGsRDoTpGjY
MZSYooyn9farPLEAV9du6ykm7ypkHUUu4lwpigrudh9uieQ0tVUPhk895O5RLhox
nz1qGOWXrP36FQYZyCuDalfRkQZoJBiz/CyzF6Gvsyh5Twn9tCiBNoz1fZ3YIBgV
pAtcMoCiCeEIiTZHxsrim5TfsB9UViUPwqkTr07JOnh8
-----END CERTIFICATE-----