Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/KBSwxnwHYae2j96diYlnmHHqVbo.roa
File:                     KBSwxnwHYae2j96diYlnmHHqVbo.roa (raw, json)
Hash identifier:          ZtMZls/sc7S+U5NgtENrry0H1GkJCWAJ/26asyiYjgs=
Subject key identifier:   28:14:B0:C6:7C:07:61:A7:B6:8F:DE:9D:89:89:67:98:71:EA:55:BA
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018CC34950F9860D520553B79A1C8FE86091
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/KBSwxnwHYae2j96diYlnmHHqVbo.roa
Signing time:             Mon 01 Jan 2024 04:30:11 +0000
ROA not before:           Mon 01 Jan 2024 04:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39421
IP address blocks:        89.213.149.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:50:f9:86:0d:52:05:53:b7:9a:1c:8f:e8:60:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 04:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2814b0c67c0761a7b68fde9d8989679871ea55ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:c3:69:75:b4:16:a4:59:f0:58:96:db:9a:aa:
                    15:20:8e:b1:0d:8c:09:19:94:c4:f3:ec:4e:46:60:
                    96:ce:4a:07:1a:16:47:8c:fb:07:9a:e8:fc:4b:af:
                    2a:07:c4:4e:52:c6:13:53:f1:0d:c9:13:b2:e0:16:
                    e1:40:69:3d:8e:c0:04:69:c1:f2:45:af:0c:9a:cd:
                    3c:e8:b0:5a:66:4a:f2:6e:8d:9d:72:98:1b:e8:0a:
                    2f:a4:1c:61:91:a2:8e:29:7b:38:63:7d:bf:91:d6:
                    48:90:ed:f1:f4:cd:bb:cc:17:8c:53:77:6e:e1:7e:
                    36:b5:14:f0:56:f8:5c:ca:e0:9d:9f:d6:12:3f:2f:
                    b6:1e:89:c6:71:31:fb:30:6c:8a:6d:14:a8:56:47:
                    39:73:03:43:27:21:89:06:99:e9:33:a6:5e:d2:07:
                    bf:ce:b5:af:31:e7:bf:78:87:a9:78:b0:38:d7:c5:
                    18:a7:71:91:6a:18:bd:d1:e4:ca:1e:68:60:e2:e0:
                    6a:b3:1c:6a:07:50:b5:61:9c:e7:ed:40:ed:ec:f3:
                    46:bf:65:7f:96:49:41:8f:97:8d:d8:8d:c3:cb:44:
                    b8:3e:27:5d:07:8e:9f:0f:68:8a:b6:8e:ff:75:ca:
                    e7:f0:66:f2:cf:78:1d:6b:83:94:99:92:60:f5:46:
                    0e:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:14:B0:C6:7C:07:61:A7:B6:8F:DE:9D:89:89:67:98:71:EA:55:BA
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/KBSwxnwHYae2j96diYlnmHHqVbo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:7e:89:ef:75:cd:a2:d4:00:37:0f:25:cf:76:41:06:59:41:
         bf:42:42:e2:7c:6e:59:9f:a4:c1:ef:07:53:3a:59:d9:fd:41:
         60:3c:1e:67:67:93:11:ea:96:21:c2:de:90:3c:ef:b4:85:59:
         a0:cc:1d:8b:ae:4b:3b:b1:ff:26:ee:ff:7a:50:89:6b:c5:9f:
         69:57:21:9a:fa:cc:4d:0d:45:d6:58:ca:d8:82:20:09:68:2e:
         f9:a0:d1:9e:4b:92:4d:b7:7a:3f:cc:26:53:f5:2e:3a:98:47:
         6e:3d:3b:b0:77:75:e3:b3:af:b0:b3:d4:bf:48:f9:d6:2a:29:
         4f:53:47:63:a3:62:ad:fa:b4:f3:3d:e2:a9:e6:8a:b6:2a:5f:
         ae:e8:ba:eb:dc:fa:24:df:47:20:38:64:f0:74:17:d8:b6:42:
         cc:88:2c:ff:65:49:12:b1:7d:96:ff:22:0c:c0:c5:c3:31:ed:
         a6:6b:86:a5:9f:b1:b8:d9:87:b9:90:7e:3b:bb:e3:d1:be:b8:
         68:b7:90:f5:4f:82:85:ef:38:d0:f6:47:74:77:e3:50:e2:37:
         8b:b1:9e:66:83:28:60:89:3b:50:64:1e:b6:a5:93:7f:59:40:
         93:e8:b8:8a:7e:9f:be:91:70:da:0e:52:f9:b8:3a:ff:be:d1:
         a4:3a:40:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSVD5hg1SBVO3mhyP6GCRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMTAxMDQzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODE0YjBjNjdjMDc2MWE3YjY4ZmRlOWQ4OTg5Njc5ODcxZWE1NWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjMNpdbQWpFnwWJbbmqoVII6xDYwJ
GZTE8+xORmCWzkoHGhZHjPsHmuj8S68qB8ROUsYTU/ENyROy4BbhQGk9jsAEacHy
Ra8Mms086LBaZkrybo2dcpgb6AovpBxhkaKOKXs4Y32/kdZIkO3x9M27zBeMU3du
4X42tRTwVvhcyuCdn9YSPy+2HonGcTH7MGyKbRSoVkc5cwNDJyGJBpnpM6Ze0ge/
zrWvMee/eIepeLA418UYp3GRahi90eTKHmhg4uBqsxxqB1C1YZzn7UDt7PNGv2V/
lklBj5eN2I3Dy0S4PiddB46fD2iKto7/dcrn8Gbyz3gda4OUmZJg9UYOmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCgUsMZ8B2Gnto/enYmJZ5hx6lW6MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvS0JTd3hud0hZYWUyajk2ZGlZbG5tSEhxVmJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdWVMA0G
CSqGSIb3DQEBCwUAA4IBAQAcfonvdc2i1AA3DyXPdkEGWUG/QkLifG5Zn6TB7wdT
OlnZ/UFgPB5nZ5MR6pYhwt6QPO+0hVmgzB2Lrks7sf8m7v96UIlrxZ9pVyGa+sxN
DUXWWMrYgiAJaC75oNGeS5JNt3o/zCZT9S46mEduPTuwd3Xjs6+ws9S/SPnWKilP
U0djo2Kt+rTzPeKp5oq2Kl+u6Lrr3Pok30cgOGTwdBfYtkLMiCz/ZUkSsX2W/yIM
wMXDMe2ma4aln7G42Ye5kH47u+PRvrhot5D1T4KF7zjQ9kd0d+NQ4jeLsZ5mgyhg
iTtQZB62pZN/WUCT6LiKfp++kXDaDlL5uDr/vtGkOkCt
-----END CERTIFICATE-----