Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/1c347d-f1c9-4897-bf2c-ca3074cd9968/1/KV-kiWU3FoqNUe8lrpAcdDgf7Q8.roa
File:                     KV-kiWU3FoqNUe8lrpAcdDgf7Q8.roa (raw, json)
Hash identifier:          z6BC3I2OsjafqMGRJuJJiuCZ0pD1AaFoYmAkm1k5zmI=
Subject key identifier:   29:5F:A4:89:65:37:16:8A:8D:51:EF:25:AE:90:1C:74:38:1F:ED:0F
Certificate issuer:       /CN=2e39d330a5f04067eff9173473d67088abe9196f
Certificate serial:       018CC7947324A6B52C8EC49C398D0EA5C5B8
Authority key identifier: 2E:39:D3:30:A5:F0:40:67:EF:F9:17:34:73:D6:70:88:AB:E9:19:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LjnTMKXwQGfv-Rc0c9ZwiKvpGW8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/1c347d-f1c9-4897-bf2c-ca3074cd9968/1/KV-kiWU3FoqNUe8lrpAcdDgf7Q8.roa
Signing time:             Tue 02 Jan 2024 00:30:43 +0000
ROA not before:           Tue 02 Jan 2024 00:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29205
IP address blocks:        193.135.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/1c347d-f1c9-4897-bf2c-ca3074cd9968/1/LjnTMKXwQGfv-Rc0c9ZwiKvpGW8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/1c347d-f1c9-4897-bf2c-ca3074cd9968/1/LjnTMKXwQGfv-Rc0c9ZwiKvpGW8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LjnTMKXwQGfv-Rc0c9ZwiKvpGW8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:73:24:a6:b5:2c:8e:c4:9c:39:8d:0e:a5:c5:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e39d330a5f04067eff9173473d67088abe9196f
        Validity
            Not Before: Jan  2 00:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=295fa4896537168a8d51ef25ae901c74381fed0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:db:42:ee:e3:cd:98:1a:4c:45:58:b4:2d:5f:
                    ec:71:54:eb:2d:5d:e6:d5:b4:91:e7:a4:65:a4:43:
                    81:1c:76:9b:8b:0b:92:74:3e:43:75:db:53:51:54:
                    a4:1d:48:9e:86:e1:1a:b3:15:e1:9e:a6:95:6c:d7:
                    68:f8:bb:0c:6f:0c:51:cd:56:42:c4:9f:9e:d3:03:
                    13:89:8b:06:b2:02:32:b1:46:df:6e:f3:06:80:a1:
                    49:c8:ab:0a:9e:d1:4b:ee:9f:1b:e2:64:b5:54:43:
                    e2:32:7a:37:c2:e3:89:05:de:18:c5:ab:d0:6c:4f:
                    e2:c0:3e:b3:98:94:3d:3f:ba:9b:cb:fe:7b:7c:50:
                    92:5d:eb:13:54:9f:27:86:de:35:80:99:e6:37:92:
                    7e:76:5c:d4:be:f2:78:85:3f:3f:51:d4:12:2c:22:
                    ed:76:47:31:0e:0a:14:c8:b0:54:f7:d8:32:64:e2:
                    da:e5:d4:ae:30:33:48:ec:9e:00:fc:72:fa:1d:91:
                    af:6a:3e:e4:fb:e9:89:c0:5f:5c:c0:9a:c5:b7:c5:
                    58:a6:15:91:09:97:43:97:68:65:45:99:9d:05:91:
                    ed:e9:12:e7:2f:8d:7f:fd:c3:49:3d:39:68:9f:07:
                    5a:f2:69:d8:a1:40:23:cc:0d:26:45:cf:05:ae:27:
                    d5:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:5F:A4:89:65:37:16:8A:8D:51:EF:25:AE:90:1C:74:38:1F:ED:0F
            X509v3 Authority Key Identifier:
                keyid:2E:39:D3:30:A5:F0:40:67:EF:F9:17:34:73:D6:70:88:AB:E9:19:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LjnTMKXwQGfv-Rc0c9ZwiKvpGW8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/1c347d-f1c9-4897-bf2c-ca3074cd9968/1/KV-kiWU3FoqNUe8lrpAcdDgf7Q8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/1c347d-f1c9-4897-bf2c-ca3074cd9968/1/LjnTMKXwQGfv-Rc0c9ZwiKvpGW8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.135.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:8a:36:0b:a2:09:bd:b2:b8:59:e0:bc:5c:b2:45:ea:be:42:
         c9:0b:98:a9:18:6b:24:7b:15:e7:ca:ca:c8:cc:1d:80:45:5a:
         a1:39:b5:99:24:bd:78:6a:52:04:2f:44:8c:31:84:0a:bf:13:
         89:5a:c0:43:43:36:c5:49:ea:36:4f:af:0d:4f:8b:40:55:21:
         1c:3e:c5:aa:9e:aa:87:c2:7d:8c:5f:9f:19:14:be:ed:3b:a8:
         46:d5:0d:7c:7c:b5:43:ee:b6:92:5b:b8:19:2f:70:56:8f:37:
         b7:98:b1:ca:e2:95:36:fe:78:bf:a3:30:6a:08:1e:f0:01:88:
         07:60:fd:24:e4:84:1e:92:5c:45:58:06:7d:19:bd:67:b3:bd:
         6c:28:a9:b1:5c:b1:68:91:4f:d2:43:5a:ff:f8:34:22:f6:07:
         ba:95:5f:12:74:e6:68:1d:c7:18:9e:82:d6:c8:0f:b5:ee:0a:
         56:2d:d5:af:b6:bc:89:d5:c1:0d:01:44:d3:9b:e0:89:ab:82:
         72:53:8f:62:d7:ff:b5:49:e0:7d:b2:ea:d4:b9:fa:1a:7e:5b:
         98:bc:4e:5c:06:55:53:b9:d2:6a:61:2b:06:20:01:b8:61:d6:
         da:b9:0b:31:d5:90:12:71:57:bb:db:3c:38:53:ec:27:77:f6:
         28:de:a2:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlHMkprUsjsScOY0OpcW4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMzlkMzMwYTVmMDQwNjdlZmY5MTczNDczZDY3MDg4YWJl
OTE5NmYwHhcNMjQwMTAyMDAzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTVmYTQ4OTY1MzcxNjhhOGQ1MWVmMjVhZTkwMWM3NDM4MWZlZDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzttC7uPNmBpMRVi0LV/scVTrLV3m
1bSR56RlpEOBHHabiwuSdD5DddtTUVSkHUiehuEasxXhnqaVbNdo+LsMbwxRzVZC
xJ+e0wMTiYsGsgIysUbfbvMGgKFJyKsKntFL7p8b4mS1VEPiMno3wuOJBd4YxavQ
bE/iwD6zmJQ9P7qby/57fFCSXesTVJ8nht41gJnmN5J+dlzUvvJ4hT8/UdQSLCLt
dkcxDgoUyLBU99gyZOLa5dSuMDNI7J4A/HL6HZGvaj7k++mJwF9cwJrFt8VYphWR
CZdDl2hlRZmdBZHt6RLnL41//cNJPTlonwda8mnYoUAjzA0mRc8FrifVwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFClfpIllNxaKjVHvJa6QHHQ4H+0PMB8GA1UdIwQY
MBaAFC450zCl8EBn7/kXNHPWcIir6RlvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGpuVE1LWHdRR2Z2LVJjMGM5WndpS3ZwR1c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni8xYzM0N2QtZjFjOS00ODk3LWJmMmMt
Y2EzMDc0Y2Q5OTY4LzEvS1Yta2lXVTNGb3FOVWU4bHJwQWNkRGdmN1E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni8xYzM0N2QtZjFjOS00ODk3LWJmMmMtY2EzMDc0Y2Q5OTY4
LzEvTGpuVE1LWHdRR2Z2LVJjMGM5WndpS3ZwR1c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwYcVMA0G
CSqGSIb3DQEBCwUAA4IBAQCnijYLogm9srhZ4LxcskXqvkLJC5ipGGskexXnysrI
zB2ARVqhObWZJL14alIEL0SMMYQKvxOJWsBDQzbFSeo2T68NT4tAVSEcPsWqnqqH
wn2MX58ZFL7tO6hG1Q18fLVD7raSW7gZL3BWjze3mLHK4pU2/ni/ozBqCB7wAYgH
YP0k5IQeklxFWAZ9Gb1ns71sKKmxXLFokU/SQ1r/+DQi9ge6lV8SdOZoHccYnoLW
yA+17gpWLdWvtryJ1cENAUTTm+CJq4JyU49i1/+1SeB9surUufoafluYvE5cBlVT
udJqYSsGIAG4YdbauQsx1ZAScVe72zw4U+wnd/Yo3qJl
-----END CERTIFICATE-----