Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/b2064b-be09-43d9-b087-a4e991b0f144/1/kfehwFlFHwGNhVtJp3iETqGUG_4.roa
File:                     kfehwFlFHwGNhVtJp3iETqGUG_4.roa (raw, json)
Hash identifier:          Cu4Dh9ngzX2RXZRYK9gbGJpD7dSrFBQ9a7S33AL91s0=
Subject key identifier:   91:F7:A1:C0:59:45:1F:01:8D:85:5B:49:A7:78:84:4E:A1:94:1B:FE
Certificate issuer:       /CN=02930f8c688c04d17433a2b9c7249bc625bce316
Certificate serial:       018CC801715438661BFDC9459ACD2BB581B6
Authority key identifier: 02:93:0F:8C:68:8C:04:D1:74:33:A2:B9:C7:24:9B:C6:25:BC:E3:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ApMPjGiMBNF0M6K5xySbxiW84xY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/b2064b-be09-43d9-b087-a4e991b0f144/1/kfehwFlFHwGNhVtJp3iETqGUG_4.roa
Signing time:             Tue 02 Jan 2024 02:29:46 +0000
ROA not before:           Tue 02 Jan 2024 02:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201921
IP address blocks:        5.63.160.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/b2064b-be09-43d9-b087-a4e991b0f144/1/ApMPjGiMBNF0M6K5xySbxiW84xY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/b2064b-be09-43d9-b087-a4e991b0f144/1/ApMPjGiMBNF0M6K5xySbxiW84xY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ApMPjGiMBNF0M6K5xySbxiW84xY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 01:03:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:71:54:38:66:1b:fd:c9:45:9a:cd:2b:b5:81:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=02930f8c688c04d17433a2b9c7249bc625bce316
        Validity
            Not Before: Jan  2 02:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91f7a1c059451f018d855b49a778844ea1941bfe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:0a:bf:9b:0a:6d:ef:e9:71:4c:08:0a:fc:49:
                    01:0e:5f:89:e0:a1:1c:d5:a3:04:33:eb:2c:39:03:
                    e9:66:e7:98:eb:e1:db:db:ff:2c:05:08:dd:c0:1e:
                    7b:71:44:71:c2:bc:14:0d:10:86:73:64:c8:55:fc:
                    05:68:cc:e1:d2:59:35:09:67:f4:26:4c:81:58:3d:
                    43:ac:96:9d:a8:77:e3:20:ba:0c:1a:0e:a9:dd:34:
                    83:da:a8:2a:76:ba:cf:b1:58:3e:f9:ac:2a:9a:86:
                    35:ea:b6:89:02:8f:5b:eb:14:1d:3c:13:03:cf:53:
                    e6:14:ec:e4:35:d2:60:00:be:26:ab:31:be:a5:d4:
                    e0:bc:87:b4:da:ca:f5:34:11:02:f8:17:d2:97:4f:
                    28:fe:34:31:6f:2c:34:f3:65:f9:02:c7:54:ce:ae:
                    70:ae:22:7e:79:4c:ba:50:ec:18:04:85:51:d1:50:
                    5f:a9:c9:77:37:f6:9d:82:73:0b:72:82:e3:99:fe:
                    82:d7:99:b9:62:e8:3c:84:1e:70:c6:13:2b:a7:df:
                    f4:0b:02:19:3b:06:8b:28:26:e0:05:93:a5:88:81:
                    f8:a2:b1:a3:71:8f:05:b5:b1:63:75:33:71:c5:70:
                    c4:46:3a:e1:bd:d9:08:be:98:51:37:70:b0:86:55:
                    ba:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:F7:A1:C0:59:45:1F:01:8D:85:5B:49:A7:78:84:4E:A1:94:1B:FE
            X509v3 Authority Key Identifier:
                keyid:02:93:0F:8C:68:8C:04:D1:74:33:A2:B9:C7:24:9B:C6:25:BC:E3:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ApMPjGiMBNF0M6K5xySbxiW84xY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/b2064b-be09-43d9-b087-a4e991b0f144/1/kfehwFlFHwGNhVtJp3iETqGUG_4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/b2064b-be09-43d9-b087-a4e991b0f144/1/ApMPjGiMBNF0M6K5xySbxiW84xY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.63.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:5e:e5:01:f7:2b:9b:a7:89:e1:a6:98:c6:6c:ab:c8:1e:34:
         79:0c:2a:af:97:77:af:f2:3c:a4:61:15:76:49:8f:cb:6d:c1:
         17:1c:92:2e:23:be:69:ea:76:d4:95:76:69:d7:1b:bf:6c:41:
         59:c4:40:30:34:68:b1:4b:82:95:92:b0:7e:18:e0:3a:66:29:
         ba:14:78:08:52:54:07:0a:00:4a:f3:3c:f5:b1:c1:2d:e7:70:
         31:77:e2:86:e1:b2:c0:92:20:4a:26:dc:55:fe:44:08:d5:5a:
         b1:21:cf:4f:b9:0c:19:3c:1b:fd:62:a1:4a:40:f3:b6:38:fc:
         7f:a7:0e:d6:80:a4:37:5b:4e:de:07:55:b0:2f:93:4e:70:ec:
         95:88:f3:98:99:c4:d8:a0:21:c0:93:9f:d5:5f:ac:ff:c2:38:
         e3:5c:81:45:cb:e9:5a:bd:0e:25:74:36:41:c5:69:2a:cf:23:
         e8:68:3a:d3:f8:70:5a:8c:09:cb:df:4c:7d:73:d7:60:c4:53:
         0b:ed:8f:b8:65:50:5d:c0:18:4c:31:8e:6a:93:eb:fb:7c:27:
         35:0f:93:29:f9:4a:2c:1d:c3:89:9b:89:a5:e0:5f:7d:31:dd:
         88:e4:6b:74:28:7d:d5:8d:0e:5a:30:57:8c:43:68:d4:7b:3e:
         7c:95:20:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAXFUOGYb/clFms0rtYG2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyOTMwZjhjNjg4YzA0ZDE3NDMzYTJiOWM3MjQ5YmM2MjVi
Y2UzMTYwHhcNMjQwMTAyMDIyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWY3YTFjMDU5NDUxZjAxOGQ4NTViNDlhNzc4ODQ0ZWExOTQxYmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzwq/mwpt7+lxTAgK/EkBDl+J4KEc
1aMEM+ssOQPpZueY6+Hb2/8sBQjdwB57cURxwrwUDRCGc2TIVfwFaMzh0lk1CWf0
JkyBWD1DrJadqHfjILoMGg6p3TSD2qgqdrrPsVg++awqmoY16raJAo9b6xQdPBMD
z1PmFOzkNdJgAL4mqzG+pdTgvIe02sr1NBEC+BfSl08o/jQxbyw082X5AsdUzq5w
riJ+eUy6UOwYBIVR0VBfqcl3N/adgnMLcoLjmf6C15m5Yug8hB5wxhMrp9/0CwIZ
OwaLKCbgBZOliIH4orGjcY8FtbFjdTNxxXDERjrhvdkIvphRN3CwhlW6fwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJH3ocBZRR8BjYVbSad4hE6hlBv+MB8GA1UdIwQY
MBaAFAKTD4xojATRdDOiucckm8YlvOMWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXBNUGpHaU1CTkYwTTZLNXh5U2J4aVc4NHhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9iMjA2NGItYmUwOS00M2Q5LWIwODct
YTRlOTkxYjBmMTQ0LzEva2ZlaHdGbEZId0dOaFZ0SnAzaUVUcUdVR180LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9iMjA2NGItYmUwOS00M2Q5LWIwODctYTRlOTkxYjBmMTQ0
LzEvQXBNUGpHaU1CTkYwTTZLNXh5U2J4aVc4NHhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABT+gMA0G
CSqGSIb3DQEBCwUAA4IBAQBUXuUB9yubp4nhppjGbKvIHjR5DCqvl3ev8jykYRV2
SY/LbcEXHJIuI75p6nbUlXZp1xu/bEFZxEAwNGixS4KVkrB+GOA6Zim6FHgIUlQH
CgBK8zz1scEt53Axd+KG4bLAkiBKJtxV/kQI1VqxIc9PuQwZPBv9YqFKQPO2OPx/
pw7WgKQ3W07eB1WwL5NOcOyViPOYmcTYoCHAk5/VX6z/wjjjXIFFy+lavQ4ldDZB
xWkqzyPoaDrT+HBajAnL30x9c9dgxFML7Y+4ZVBdwBhMMY5qk+v7fCc1D5Mp+Uos
HcOJm4ml4F99Md2I5Gt0KH3VjQ5aMFeMQ2jUez58lSD6
-----END CERTIFICATE-----