Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/5af7a5-b67c-459a-9893-c6fadeb285ba/1/Kmlt2OnDfyr-xvUq2wtLaJFFd2Q.roa
File:                     Kmlt2OnDfyr-xvUq2wtLaJFFd2Q.roa (raw, json)
Hash identifier:          WbhRtVuWF6be/CtAbJTFROvLmiN5iCcmflupCqioaKQ=
Subject key identifier:   2A:69:6D:D8:E9:C3:7F:2A:FE:C6:F5:2A:DB:0B:4B:68:91:45:77:64
Certificate issuer:       /CN=cd3bbc195cda7e58245a61cb30b96fe572fd7811
Certificate serial:       018CC86F51C50EB184389AE82AF2FEF75C7F
Authority key identifier: CD:3B:BC:19:5C:DA:7E:58:24:5A:61:CB:30:B9:6F:E5:72:FD:78:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zTu8GVzaflgkWmHLMLlv5XL9eBE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/5af7a5-b67c-459a-9893-c6fadeb285ba/1/Kmlt2OnDfyr-xvUq2wtLaJFFd2Q.roa
Signing time:             Tue 02 Jan 2024 04:29:47 +0000
ROA not before:           Tue 02 Jan 2024 04:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210692
IP address blocks:        62.106.88.0/24 maxlen: 24
                          94.154.112.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/5af7a5-b67c-459a-9893-c6fadeb285ba/1/zTu8GVzaflgkWmHLMLlv5XL9eBE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/5af7a5-b67c-459a-9893-c6fadeb285ba/1/zTu8GVzaflgkWmHLMLlv5XL9eBE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zTu8GVzaflgkWmHLMLlv5XL9eBE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:51:c5:0e:b1:84:38:9a:e8:2a:f2:fe:f7:5c:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd3bbc195cda7e58245a61cb30b96fe572fd7811
        Validity
            Not Before: Jan  2 04:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a696dd8e9c37f2afec6f52adb0b4b6891457764
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:47:0b:09:67:e8:95:77:cf:61:91:5d:f6:b1:
                    b4:16:32:f8:11:8e:c3:77:2b:08:e7:34:5c:88:2f:
                    d3:41:04:7f:6e:a1:af:ff:5f:47:87:28:4f:20:7b:
                    fa:cc:cd:4b:e1:7f:d2:fc:6c:c6:d7:6e:a8:86:8c:
                    47:2e:06:40:76:34:4c:8d:b9:d3:13:d1:66:ad:a5:
                    da:11:00:f1:62:09:60:8d:b3:4c:7b:6f:fa:7b:d0:
                    78:23:d2:3d:de:16:47:ae:27:fe:f9:40:06:63:c9:
                    4a:e4:69:b1:4f:51:76:89:44:98:4d:e1:66:d7:6c:
                    99:1c:29:c7:70:62:cb:02:a5:4d:0a:0c:b0:c6:d4:
                    13:b9:a4:02:ba:bd:e3:60:4a:2f:e1:e5:5f:e1:af:
                    d8:cb:9c:2b:ed:dd:e8:bd:5e:7e:9a:37:92:a7:25:
                    bc:22:d5:0b:a2:e8:7f:e5:83:ad:fc:e2:df:d9:d2:
                    c4:e1:d9:1f:fa:b1:b4:3e:3e:54:91:4a:83:50:23:
                    61:bb:38:54:62:14:54:43:49:02:b9:e5:3d:65:bf:
                    f6:cf:98:38:44:27:96:fc:09:3e:97:4f:c5:7f:bd:
                    dd:87:ef:f8:cd:bb:a9:97:02:2f:1a:4c:8d:0a:d0:
                    fa:b5:ca:53:29:54:fa:0d:46:60:df:53:0e:80:1d:
                    37:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:69:6D:D8:E9:C3:7F:2A:FE:C6:F5:2A:DB:0B:4B:68:91:45:77:64
            X509v3 Authority Key Identifier:
                keyid:CD:3B:BC:19:5C:DA:7E:58:24:5A:61:CB:30:B9:6F:E5:72:FD:78:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zTu8GVzaflgkWmHLMLlv5XL9eBE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/5af7a5-b67c-459a-9893-c6fadeb285ba/1/Kmlt2OnDfyr-xvUq2wtLaJFFd2Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/5af7a5-b67c-459a-9893-c6fadeb285ba/1/zTu8GVzaflgkWmHLMLlv5XL9eBE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.106.88.0/24
                  94.154.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:57:c1:b7:1f:7f:c8:50:e5:77:07:6b:ba:cc:42:a7:55:64:
         8b:7b:0c:3f:04:1c:bd:85:52:1f:41:ab:3e:2d:7c:d3:f4:20:
         68:3f:38:6c:d6:00:49:17:11:d9:83:3b:bf:85:b9:32:fa:93:
         93:0a:c5:a6:f5:b4:82:d6:c2:b1:cf:f9:ca:95:34:83:d5:d0:
         fb:f9:19:52:27:04:65:16:66:57:57:98:d3:62:d0:bd:88:40:
         f6:be:35:3b:e4:30:c1:95:77:54:85:db:62:4e:57:20:73:c6:
         65:51:83:33:07:d3:82:c8:be:ee:f7:36:1c:53:39:ba:8f:b1:
         ca:d8:37:83:07:1c:a5:6f:29:64:c7:68:00:2e:8f:33:5f:71:
         83:cf:1f:cb:ef:80:68:b1:f2:3e:a0:b4:68:0c:5e:42:ab:3f:
         8a:22:7a:35:6d:fb:30:fe:d6:cd:5c:70:e7:69:82:2f:b9:ea:
         0e:77:a0:e0:8d:45:f4:09:52:ac:43:90:a6:55:54:cd:0a:51:
         48:37:ec:8e:c3:da:92:b4:8c:e8:4e:a7:85:36:65:a5:fc:09:
         51:c7:fd:d7:b2:9a:43:6d:9e:e0:ea:03:51:85:60:c9:f9:25:
         0f:c4:0e:42:6c:df:c2:7f:b4:7f:c6:da:50:cc:2a:4e:3c:f9:
         bb:46:95:3c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIb1HFDrGEOJroKvL+91x/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkM2JiYzE5NWNkYTdlNTgyNDVhNjFjYjMwYjk2ZmU1NzJm
ZDc4MTEwHhcNMjQwMTAyMDQyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTY5NmRkOGU5YzM3ZjJhZmVjNmY1MmFkYjBiNGI2ODkxNDU3NzY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiUcLCWfolXfPYZFd9rG0FjL4EY7D
dysI5zRciC/TQQR/bqGv/19HhyhPIHv6zM1L4X/S/GzG126ohoxHLgZAdjRMjbnT
E9FmraXaEQDxYglgjbNMe2/6e9B4I9I93hZHrif++UAGY8lK5GmxT1F2iUSYTeFm
12yZHCnHcGLLAqVNCgywxtQTuaQCur3jYEov4eVf4a/Yy5wr7d3ovV5+mjeSpyW8
ItULouh/5YOt/OLf2dLE4dkf+rG0Pj5UkUqDUCNhuzhUYhRUQ0kCueU9Zb/2z5g4
RCeW/Ak+l0/Ff73dh+/4zbuplwIvGkyNCtD6tcpTKVT6DUZg31MOgB03ewIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCppbdjpw38q/sb1KtsLS2iRRXdkMB8GA1UdIwQY
MBaAFM07vBlc2n5YJFphyzC5b+Vy/XgRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelR1OEdWemFmbGdrV21ITE1MbHY1WEw5ZUJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny81YWY3YTUtYjY3Yy00NTlhLTk4OTMt
YzZmYWRlYjI4NWJhLzEvS21sdDJPbkRmeXIteHZVcTJ3dExhSkZGZDJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny81YWY3YTUtYjY3Yy00NTlhLTk4OTMtYzZmYWRlYjI4NWJh
LzEvelR1OEdWemFmbGdrV21ITE1MbHY1WEw5ZUJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPmpYAwQA
XppwMA0GCSqGSIb3DQEBCwUAA4IBAQCPV8G3H3/IUOV3B2u6zEKnVWSLeww/BBy9
hVIfQas+LXzT9CBoPzhs1gBJFxHZgzu/hbky+pOTCsWm9bSC1sKxz/nKlTSD1dD7
+RlSJwRlFmZXV5jTYtC9iED2vjU75DDBlXdUhdtiTlcgc8ZlUYMzB9OCyL7u9zYc
Uzm6j7HK2DeDBxylbylkx2gALo8zX3GDzx/L74BosfI+oLRoDF5Cqz+KIno1bfsw
/tbNXHDnaYIvueoOd6DgjUX0CVKsQ5CmVVTNClFIN+yOw9qStIzoTqeFNmWl/AlR
x/3XsppDbZ7g6gNRhWDJ+SUPxA5CbN/Cf7R/xtpQzCpOPPm7RpU8
-----END CERTIFICATE-----