Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/KhNiOPNuy3H9w9y4XQMlWYwBD6A.roa
File:                     KhNiOPNuy3H9w9y4XQMlWYwBD6A.roa (raw, json)
Hash identifier:          Sqheap4M0xCPgDrxXhmlkPC8i74yuXEIxKy/e/B0CI0=
Subject key identifier:   2A:13:62:38:F3:6E:CB:71:FD:C3:DC:B8:5D:03:25:59:8C:01:0F:A0
Certificate issuer:       /CN=1acb6376a1648d49d55e4d7b01371367b0dc2af9
Certificate serial:       018CC26D7F883789772E68AE6D165D32B391
Authority key identifier: 1A:CB:63:76:A1:64:8D:49:D5:5E:4D:7B:01:37:13:67:B0:DC:2A:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GstjdqFkjUnVXk17ATcTZ7DcKvk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/KhNiOPNuy3H9w9y4XQMlWYwBD6A.roa
Signing time:             Mon 01 Jan 2024 00:30:05 +0000
ROA not before:           Mon 01 Jan 2024 00:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398343
IP address blocks:        91.149.221.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/GstjdqFkjUnVXk17ATcTZ7DcKvk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/GstjdqFkjUnVXk17ATcTZ7DcKvk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GstjdqFkjUnVXk17ATcTZ7DcKvk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 01:57:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:7f:88:37:89:77:2e:68:ae:6d:16:5d:32:b3:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1acb6376a1648d49d55e4d7b01371367b0dc2af9
        Validity
            Not Before: Jan  1 00:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a136238f36ecb71fdc3dcb85d0325598c010fa0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:11:b6:96:6f:58:1d:41:8a:2a:b1:f7:0a:17:
                    90:4b:58:14:b2:8f:54:be:00:22:12:10:3b:82:74:
                    42:58:1e:1d:03:f6:3f:c5:6c:c1:7d:a2:16:22:04:
                    3f:1d:2c:1f:c1:1d:76:e8:36:a2:2b:ef:f3:33:3e:
                    14:d7:3c:21:c1:20:91:48:be:bf:c7:ac:20:8c:a2:
                    5b:98:cb:98:78:9b:da:8b:21:c2:7a:b3:d3:8c:03:
                    f1:80:da:b4:59:c2:31:8e:1b:54:5b:f3:2d:5f:5d:
                    33:3c:b5:70:3e:88:a5:d1:74:67:4b:7f:e2:ad:84:
                    25:8f:4a:b7:a0:6d:8c:a5:82:03:14:9f:fc:22:0e:
                    0f:01:3e:85:51:c6:dc:18:e9:56:9f:b8:5e:8f:1d:
                    7f:f4:d9:3f:eb:f8:ee:cd:15:6d:78:60:f8:f5:7f:
                    f0:8a:14:c0:80:78:da:de:52:2e:98:a9:1c:6b:1e:
                    a9:fc:1a:b9:7b:4a:6c:07:35:3b:de:34:1a:e9:17:
                    9e:d3:13:dc:a4:b4:7f:3a:68:55:b0:f6:e0:7a:b8:
                    3d:40:6c:95:53:22:61:4e:01:0f:3c:80:4b:f8:a5:
                    67:f3:6e:58:a4:ea:ac:d0:0d:c7:e0:87:fa:c7:2f:
                    2b:87:e0:fd:a5:7f:fd:dd:b7:14:b0:e4:db:c4:b6:
                    4b:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:13:62:38:F3:6E:CB:71:FD:C3:DC:B8:5D:03:25:59:8C:01:0F:A0
            X509v3 Authority Key Identifier:
                keyid:1A:CB:63:76:A1:64:8D:49:D5:5E:4D:7B:01:37:13:67:B0:DC:2A:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GstjdqFkjUnVXk17ATcTZ7DcKvk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/KhNiOPNuy3H9w9y4XQMlWYwBD6A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/GstjdqFkjUnVXk17ATcTZ7DcKvk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.149.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:18:e2:ba:5a:e4:df:7b:8d:ed:62:21:14:c0:d4:f9:e3:88:
         2b:04:86:78:f6:2c:b0:e7:3f:c8:9b:69:c9:a5:cc:31:a5:ee:
         03:39:73:54:fd:d4:74:02:21:ad:f2:13:dc:7b:30:f0:e3:49:
         94:99:8f:aa:82:c7:88:a0:56:59:06:72:73:18:c6:88:e3:3f:
         45:dc:bf:f3:48:6e:c4:fb:28:cb:ee:22:89:ff:f7:b6:51:61:
         21:02:9a:ce:e1:21:9f:84:18:1b:8a:2a:af:a5:67:00:6c:16:
         b8:7b:52:6c:b8:ea:59:b4:39:2f:de:7e:b6:d0:3a:63:a8:01:
         4f:0f:68:91:80:cf:76:21:59:49:4d:b4:d8:41:fe:b4:17:ff:
         f2:0d:1a:d7:49:82:0d:96:93:9a:6f:17:57:ef:94:0f:6e:e0:
         4a:81:a3:74:88:e3:38:36:e1:25:31:e4:2a:a0:1c:a3:d1:ff:
         27:a0:ad:0d:1b:94:4e:a2:b9:a5:f7:27:b5:0c:64:e6:5c:a2:
         5a:fc:68:c8:9b:63:9c:43:c6:66:bc:7f:a2:ff:5b:d5:30:7b:
         76:2c:1e:4a:76:a2:10:50:3b:6b:a4:0e:66:8c:45:f0:99:f4:
         ca:b9:fa:b1:ea:33:76:ad:61:01:d2:ae:5b:f5:f9:50:63:40:
         b9:bc:58:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbX+IN4l3LmiubRZdMrORMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2I2Mzc2YTE2NDhkNDlkNTVlNGQ3YjAxMzcxMzY3YjBk
YzJhZjkwHhcNMjQwMTAxMDAzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTEzNjIzOGYzNmVjYjcxZmRjM2RjYjg1ZDAzMjU1OThjMDEwZmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjhG2lm9YHUGKKrH3CheQS1gUso9U
vgAiEhA7gnRCWB4dA/Y/xWzBfaIWIgQ/HSwfwR126DaiK+/zMz4U1zwhwSCRSL6/
x6wgjKJbmMuYeJvaiyHCerPTjAPxgNq0WcIxjhtUW/MtX10zPLVwPoil0XRnS3/i
rYQlj0q3oG2MpYIDFJ/8Ig4PAT6FUcbcGOlWn7hejx1/9Nk/6/juzRVteGD49X/w
ihTAgHja3lIumKkcax6p/Bq5e0psBzU73jQa6Ree0xPcpLR/OmhVsPbgerg9QGyV
UyJhTgEPPIBL+KVn825YpOqs0A3H4If6xy8rh+D9pX/93bcUsOTbxLZLJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCoTYjjzbstx/cPcuF0DJVmMAQ+gMB8GA1UdIwQY
MBaAFBrLY3ahZI1J1V5NewE3E2ew3Cr5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3N0amRxRmtqVW5WWGsxN0FUY1RaN0RjS3ZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS83MjQ3YjAtNDk4OS00M2VhLTkzNTAt
N2E5MzY3NTFkYjFiLzEvS2hOaU9QTnV5M0g5dzl5NFhRTWxXWXdCRDZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS83MjQ3YjAtNDk4OS00M2VhLTkzNTAtN2E5MzY3NTFkYjFi
LzEvR3N0amRxRmtqVW5WWGsxN0FUY1RaN0RjS3ZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW5XdMA0G
CSqGSIb3DQEBCwUAA4IBAQC9GOK6WuTfe43tYiEUwNT544grBIZ49iyw5z/Im2nJ
pcwxpe4DOXNU/dR0AiGt8hPcezDw40mUmY+qgseIoFZZBnJzGMaI4z9F3L/zSG7E
+yjL7iKJ//e2UWEhAprO4SGfhBgbiiqvpWcAbBa4e1JsuOpZtDkv3n620DpjqAFP
D2iRgM92IVlJTbTYQf60F//yDRrXSYINlpOabxdX75QPbuBKgaN0iOM4NuElMeQq
oByj0f8noK0NG5ROorml9ye1DGTmXKJa/GjIm2OcQ8ZmvH+i/1vVMHt2LB5KdqIQ
UDtrpA5mjEXwmfTKufqx6jN2rWEB0q5b9flQY0C5vFiw
-----END CERTIFICATE-----