Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/76dba0-d86b-4d84-b15a-4d6d1256bf9b/1/kl1n2sovkkDb-pBgXB_qf8TTd0s.roa
File:                     kl1n2sovkkDb-pBgXB_qf8TTd0s.roa (raw, json)
Hash identifier:          W+5sg5lSPngB+bUGCvcukK5bvem7Ip2LML2QRIBvqbo=
Subject key identifier:   92:5D:67:DA:CA:2F:92:40:DB:FA:90:60:5C:1F:EA:7F:C4:D3:77:4B
Certificate issuer:       /CN=be5271f0e1587c14434f2480f91410185507cfa1
Certificate serial:       018CC3B6720CD16F5BFD02C869FB3C5029C5
Authority key identifier: BE:52:71:F0:E1:58:7C:14:43:4F:24:80:F9:14:10:18:55:07:CF:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vlJx8OFYfBRDTySA-RQQGFUHz6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/76dba0-d86b-4d84-b15a-4d6d1256bf9b/1/kl1n2sovkkDb-pBgXB_qf8TTd0s.roa
Signing time:             Mon 01 Jan 2024 06:29:23 +0000
ROA not before:           Mon 01 Jan 2024 06:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202604
IP address blocks:        185.159.96.0/22 maxlen: 23
                          2a07:b380::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/76dba0-d86b-4d84-b15a-4d6d1256bf9b/1/vlJx8OFYfBRDTySA-RQQGFUHz6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/76dba0-d86b-4d84-b15a-4d6d1256bf9b/1/vlJx8OFYfBRDTySA-RQQGFUHz6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vlJx8OFYfBRDTySA-RQQGFUHz6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:72:0c:d1:6f:5b:fd:02:c8:69:fb:3c:50:29:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5271f0e1587c14434f2480f91410185507cfa1
        Validity
            Not Before: Jan  1 06:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=925d67daca2f9240dbfa90605c1fea7fc4d3774b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:58:4d:d0:1f:91:f7:94:3c:e5:55:1b:fb:6c:
                    b2:dd:55:88:ac:67:26:70:76:f6:2f:af:6e:ac:f9:
                    41:1a:17:4d:5a:a4:54:29:2d:ec:3d:e5:df:9f:e3:
                    de:46:91:4c:75:e5:81:bf:39:27:58:34:78:f1:01:
                    80:c8:a0:64:f6:d4:e3:47:63:1d:30:25:4d:3b:f2:
                    ea:3f:83:66:08:a8:9c:78:08:07:b6:9d:1f:6e:e9:
                    11:e2:c6:75:f0:cc:75:6d:48:c0:92:ed:24:94:25:
                    58:77:49:9a:ac:05:81:57:8b:5e:34:39:05:18:b3:
                    47:73:9a:a8:fc:e7:5c:d4:f5:00:e5:99:87:0b:05:
                    82:ef:0c:3e:bb:25:d8:db:43:54:c1:3a:20:52:3c:
                    b5:e5:1a:6e:14:d6:72:e7:a5:d3:e5:68:65:60:2f:
                    c1:b5:2e:85:cb:fa:0a:09:ca:86:6e:43:26:e6:e3:
                    ff:53:98:02:af:35:bb:de:52:ec:e5:00:f9:21:46:
                    aa:af:50:73:c7:93:2c:bb:50:12:cf:65:6a:81:b5:
                    9a:a3:27:5d:bf:4d:a1:9c:96:70:30:fd:3f:a2:4c:
                    22:10:f4:51:3c:55:9b:d0:42:2e:e1:53:7e:50:07:
                    31:30:f9:fb:00:b1:04:ed:ca:28:d8:96:e8:37:93:
                    83:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:5D:67:DA:CA:2F:92:40:DB:FA:90:60:5C:1F:EA:7F:C4:D3:77:4B
            X509v3 Authority Key Identifier:
                keyid:BE:52:71:F0:E1:58:7C:14:43:4F:24:80:F9:14:10:18:55:07:CF:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vlJx8OFYfBRDTySA-RQQGFUHz6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/76dba0-d86b-4d84-b15a-4d6d1256bf9b/1/kl1n2sovkkDb-pBgXB_qf8TTd0s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/76dba0-d86b-4d84-b15a-4d6d1256bf9b/1/vlJx8OFYfBRDTySA-RQQGFUHz6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.159.96.0/22
                IPv6:
                  2a07:b380::/29

    Signature Algorithm: sha256WithRSAEncryption
         93:81:e3:e9:8d:29:ea:1d:87:3e:7d:e2:b8:14:54:8a:91:20:
         6e:61:29:4b:7e:ec:62:5a:be:bb:0e:a4:2c:39:99:90:f1:6a:
         7d:12:34:cb:83:55:25:6f:a3:50:d0:40:e3:82:9f:88:bd:7b:
         8b:97:0c:13:de:64:f4:82:55:be:4c:6a:bb:84:54:21:7b:f3:
         7a:d1:ba:9f:3f:d9:5f:4f:13:8c:1c:d5:22:31:fa:ad:74:4d:
         bc:6a:48:28:e0:88:74:66:64:cd:83:7c:33:0e:2e:fb:94:b7:
         7a:fa:42:2a:bd:79:1b:0d:e4:60:94:97:83:f5:e8:22:71:eb:
         b5:c5:3a:6f:b7:39:55:44:3f:47:df:86:3f:59:d5:87:38:6f:
         07:2b:da:97:e9:14:20:bd:fa:89:e3:4a:92:cb:5d:a6:e4:6c:
         3d:71:47:87:cf:ac:08:0d:a7:6a:af:97:d1:d4:8d:1b:68:01:
         5e:42:30:f9:5a:22:2d:79:ef:cf:3e:d5:37:3d:87:46:1a:fb:
         53:04:95:f2:cb:74:9b:0a:11:3d:4c:47:68:46:29:6b:7a:d0:
         6d:56:49:d4:64:d5:f8:a1:36:06:f8:f4:41:b9:b1:f7:74:9e:
         b8:10:5f:5a:78:ae:2e:07:d9:d1:a9:cc:18:77:a7:1a:2f:29:
         49:13:7d:61
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDtnIM0W9b/QLIafs8UCnFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNTI3MWYwZTE1ODdjMTQ0MzRmMjQ4MGY5MTQxMDE4NTUw
N2NmYTEwHhcNMjQwMTAxMDYyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjVkNjdkYWNhMmY5MjQwZGJmYTkwNjA1YzFmZWE3ZmM0ZDM3NzRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuVhN0B+R95Q85VUb+2yy3VWIrGcm
cHb2L69urPlBGhdNWqRUKS3sPeXfn+PeRpFMdeWBvzknWDR48QGAyKBk9tTjR2Md
MCVNO/LqP4NmCKiceAgHtp0fbukR4sZ18Mx1bUjAku0klCVYd0marAWBV4teNDkF
GLNHc5qo/Odc1PUA5ZmHCwWC7ww+uyXY20NUwTogUjy15RpuFNZy56XT5WhlYC/B
tS6Fy/oKCcqGbkMm5uP/U5gCrzW73lLs5QD5IUaqr1Bzx5Msu1ASz2VqgbWaoydd
v02hnJZwMP0/okwiEPRRPFWb0EIu4VN+UAcxMPn7ALEE7coo2JboN5ODfwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJJdZ9rKL5JA2/qQYFwf6n/E03dLMB8GA1UdIwQY
MBaAFL5ScfDhWHwUQ08kgPkUEBhVB8+hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmxKeDhPRllmQlJEVHlTQS1SUVFHRlVIejZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny83NmRiYTAtZDg2Yi00ZDg0LWIxNWEt
NGQ2ZDEyNTZiZjliLzEva2wxbjJzb3Zra0RiLXBCZ1hCX3FmOFRUZDBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny83NmRiYTAtZDg2Yi00ZDg0LWIxNWEtNGQ2ZDEyNTZiZjli
LzEvdmxKeDhPRllmQlJEVHlTQS1SUVFHRlVIejZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZ9gMA0E
AgACMAcDBQMqB7OAMA0GCSqGSIb3DQEBCwUAA4IBAQCTgePpjSnqHYc+feK4FFSK
kSBuYSlLfuxiWr67DqQsOZmQ8Wp9EjTLg1Ulb6NQ0EDjgp+IvXuLlwwT3mT0glW+
TGq7hFQhe/N60bqfP9lfTxOMHNUiMfqtdE28akgo4Ih0ZmTNg3wzDi77lLd6+kIq
vXkbDeRglJeD9egiceu1xTpvtzlVRD9H34Y/WdWHOG8HK9qX6RQgvfqJ40qSy12m
5Gw9cUeHz6wIDadqr5fR1I0baAFeQjD5WiItee/PPtU3PYdGGvtTBJXyy3SbChE9
TEdoRilretBtVknUZNX4oTYG+PRBubH3dJ64EF9aeK4uB9nRqcwYd6caLylJE31h
-----END CERTIFICATE-----