Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/KmrS0VIE9fFk001yyaaX3zu5cPk.roa
File:                     KmrS0VIE9fFk001yyaaX3zu5cPk.roa (raw, json)
Hash identifier:          +7zlWAX2ruwv3g7/BsSoYCtFogkRw2PL41IDIxTiO7k=
Subject key identifier:   2A:6A:D2:D1:52:04:F5:F1:64:D3:4D:72:C9:A6:97:DF:3B:B9:70:F9
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019219A448C4C63A8300A6EB990735A7CF3E
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/KmrS0VIE9fFk001yyaaX3zu5cPk.roa
Signing time:             Sun 22 Sep 2024 12:10:49 +0000
ROA not before:           Sun 22 Sep 2024 12:10:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214174
IP address blocks:        109.176.20.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:19:a4:48:c4:c6:3a:83:00:a6:eb:99:07:35:a7:cf:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Sep 22 12:10:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a6ad2d15204f5f164d34d72c9a697df3bb970f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:ea:4a:2b:42:48:a5:3e:3e:0e:77:25:29:f2:
                    1d:e1:22:9b:8d:da:79:78:5f:95:12:3d:66:33:9b:
                    59:68:95:d6:b7:97:9d:23:e0:34:c4:fb:cb:79:e0:
                    a1:b8:b3:42:78:af:80:a9:eb:d9:2d:e4:fb:85:da:
                    4b:8a:97:9f:d5:3c:fa:be:8c:66:97:57:b5:96:15:
                    d3:d4:fa:38:6c:97:98:1c:db:01:b0:68:c6:46:19:
                    98:72:ab:30:0b:93:cb:0c:a7:b7:74:c2:3c:e6:f9:
                    0e:11:59:98:07:d5:c6:05:15:76:7f:e9:42:0d:8f:
                    b9:37:90:e7:1a:e0:2a:ca:df:ac:aa:d3:e1:04:aa:
                    dd:97:a7:b4:6a:5d:1a:da:16:d1:e3:f7:00:8d:a3:
                    f8:f0:0e:eb:0f:3a:99:e4:45:fc:c4:da:7f:d6:0e:
                    44:07:2a:14:ca:e2:81:f2:08:a0:14:da:8e:2d:72:
                    51:d5:dd:8f:28:5b:c7:2a:ba:71:b7:25:0b:11:b1:
                    68:7f:61:8a:82:6e:21:a8:e7:28:89:bc:b3:82:9c:
                    36:cf:5d:3f:bb:1f:c6:d5:db:d7:39:fe:83:2f:f2:
                    01:6b:45:20:a4:08:00:22:6e:8d:82:87:2e:2d:05:
                    ca:0b:d1:b4:af:93:d9:49:df:74:96:3e:ad:a5:23:
                    c8:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:6A:D2:D1:52:04:F5:F1:64:D3:4D:72:C9:A6:97:DF:3B:B9:70:F9
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/KmrS0VIE9fFk001yyaaX3zu5cPk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:43:77:18:40:7d:9c:cf:d3:71:6f:5b:0b:63:c7:fd:41:dc:
         6e:87:f3:55:60:31:96:87:bd:53:da:66:a9:69:f8:85:88:85:
         90:f7:c9:f4:4e:ea:68:44:ec:c7:ba:3e:df:0f:a0:67:b4:6c:
         47:65:75:dd:50:b0:6c:b8:3e:52:05:05:cf:e2:68:d6:12:b3:
         9d:04:e5:d6:6e:77:77:7e:fe:aa:a8:60:6c:f8:cb:35:8c:76:
         2d:5d:a5:28:ef:6f:f0:9f:91:1f:8a:5c:d1:c3:2a:fd:10:37:
         33:ef:71:b4:85:75:68:57:47:a8:62:86:b7:a1:74:8f:08:7e:
         cf:cd:11:0b:83:84:62:bb:4c:69:b9:9d:fa:e6:77:3c:2e:95:
         00:b2:ae:17:f2:24:d2:34:9e:3f:b3:c4:5d:e9:f1:fc:e8:8a:
         34:8b:53:1f:cb:11:7e:fa:52:be:f0:32:04:46:b4:de:e5:bf:
         1e:e4:e2:b1:b2:23:19:ba:1a:a1:3e:51:84:98:40:0c:32:99:
         0a:71:ff:67:da:86:01:34:12:2e:7f:e8:4b:c6:16:35:29:ff:
         c0:e6:74:37:68:74:c5:90:ae:c7:5b:30:ac:3c:73:27:60:fc:
         82:5e:ca:83:25:2b:e6:42:aa:a4:bf:d1:84:8e:b2:f5:2d:b8:
         69:48:83:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIZpEjExjqDAKbrmQc1p88+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwOTIyMTIxMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTZhZDJkMTUyMDRmNWYxNjRkMzRkNzJjOWE2OTdkZjNiYjk3MGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApepKK0JIpT4+DnclKfId4SKbjdp5
eF+VEj1mM5tZaJXWt5edI+A0xPvLeeChuLNCeK+AqevZLeT7hdpLipef1Tz6voxm
l1e1lhXT1Po4bJeYHNsBsGjGRhmYcqswC5PLDKe3dMI85vkOEVmYB9XGBRV2f+lC
DY+5N5DnGuAqyt+sqtPhBKrdl6e0al0a2hbR4/cAjaP48A7rDzqZ5EX8xNp/1g5E
ByoUyuKB8gigFNqOLXJR1d2PKFvHKrpxtyULEbFof2GKgm4hqOcoibyzgpw2z10/
ux/G1dvXOf6DL/IBa0UgpAgAIm6NgocuLQXKC9G0r5PZSd90lj6tpSPIcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCpq0tFSBPXxZNNNcsmml987uXD5MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvS21yUzBWSUU5ZkZrMDAxeXlhYVgzenU1Y1BrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbbAUMA0G
CSqGSIb3DQEBCwUAA4IBAQCBQ3cYQH2cz9Nxb1sLY8f9Qdxuh/NVYDGWh71T2map
afiFiIWQ98n0TupoROzHuj7fD6BntGxHZXXdULBsuD5SBQXP4mjWErOdBOXWbnd3
fv6qqGBs+Ms1jHYtXaUo72/wn5EfilzRwyr9EDcz73G0hXVoV0eoYoa3oXSPCH7P
zRELg4Riu0xpuZ365nc8LpUAsq4X8iTSNJ4/s8Rd6fH86Io0i1MfyxF++lK+8DIE
RrTe5b8e5OKxsiMZuhqhPlGEmEAMMpkKcf9n2oYBNBIuf+hLxhY1Kf/A5nQ3aHTF
kK7HWzCsPHMnYPyCXsqDJSvmQqqkv9GEjrL1LbhpSIOd
-----END CERTIFICATE-----