Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/8b43cb-f209-4f22-930d-758ca4d48bc2/1/kciSu88GvDJGnPARDEeP3b7U1II.roa
File:                     kciSu88GvDJGnPARDEeP3b7U1II.roa (raw, json)
Hash identifier:          8SoNY/l5Fl5qUGwnGVzJT0g2z1g+GN3pmMsr1T9h17A=
Subject key identifier:   91:C8:92:BB:CF:06:BC:32:46:9C:F0:11:0C:47:8F:DD:BE:D4:D4:82
Certificate issuer:       /CN=7111859377ead6f44f940eb8d31c3f3becc53b05
Certificate serial:       018CCA2A2207E8A198807A907282EC51B8C4
Authority key identifier: 71:11:85:93:77:EA:D6:F4:4F:94:0E:B8:D3:1C:3F:3B:EC:C5:3B:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cRGFk3fq1vRPlA640xw_O-zFOwU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/8b43cb-f209-4f22-930d-758ca4d48bc2/1/kciSu88GvDJGnPARDEeP3b7U1II.roa
Signing time:             Tue 02 Jan 2024 12:33:28 +0000
ROA not before:           Tue 02 Jan 2024 12:33:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211918
IP address blocks:        185.235.140.0/24 maxlen: 24
                          2a0d:6480::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/8b43cb-f209-4f22-930d-758ca4d48bc2/1/cRGFk3fq1vRPlA640xw_O-zFOwU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/8b43cb-f209-4f22-930d-758ca4d48bc2/1/cRGFk3fq1vRPlA640xw_O-zFOwU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cRGFk3fq1vRPlA640xw_O-zFOwU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:22:07:e8:a1:98:80:7a:90:72:82:ec:51:b8:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7111859377ead6f44f940eb8d31c3f3becc53b05
        Validity
            Not Before: Jan  2 12:33:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91c892bbcf06bc32469cf0110c478fddbed4d482
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:b5:a8:95:14:fd:ea:c4:08:2a:60:7f:ff:7d:
                    5a:ab:b7:c8:b7:17:60:aa:61:4b:08:d6:36:f3:ae:
                    d8:f4:31:d2:cd:bb:1d:c2:83:03:af:a4:c2:a1:4b:
                    d6:f2:41:10:56:f6:8a:33:a9:00:83:e4:db:ca:78:
                    00:ff:2e:7d:39:0b:b0:b8:b6:e7:1a:f5:b5:4c:f8:
                    72:8a:63:88:29:e9:04:55:df:9c:7a:31:07:68:5a:
                    e0:e3:13:ac:c3:9a:c5:c3:9b:a6:f2:9c:ba:11:57:
                    a6:37:a7:f9:ca:25:04:4c:5a:ff:c8:ef:8b:d5:1a:
                    9a:3b:8a:98:50:5c:0f:d1:18:da:a4:60:ae:7f:8a:
                    99:ca:f3:cb:9e:b3:b0:17:45:3a:cd:18:51:ad:f0:
                    d0:3e:9f:ab:8c:bb:41:a2:81:70:b2:74:ee:bd:be:
                    ea:7f:c7:85:b3:41:59:a1:86:c5:92:71:41:fd:af:
                    f3:6f:f0:0d:e5:ab:e9:6e:e8:56:70:af:e3:ff:6c:
                    c2:43:19:54:0f:bf:46:db:ad:2f:eb:3d:50:4b:07:
                    8f:0c:78:36:81:9d:eb:6e:20:87:04:5e:d7:df:da:
                    1c:3a:22:32:c2:99:36:cb:45:1e:57:c4:03:ae:02:
                    42:de:ac:7d:eb:2e:0f:94:d1:56:a5:6e:05:da:00:
                    b2:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:C8:92:BB:CF:06:BC:32:46:9C:F0:11:0C:47:8F:DD:BE:D4:D4:82
            X509v3 Authority Key Identifier:
                keyid:71:11:85:93:77:EA:D6:F4:4F:94:0E:B8:D3:1C:3F:3B:EC:C5:3B:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cRGFk3fq1vRPlA640xw_O-zFOwU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/8b43cb-f209-4f22-930d-758ca4d48bc2/1/kciSu88GvDJGnPARDEeP3b7U1II.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/8b43cb-f209-4f22-930d-758ca4d48bc2/1/cRGFk3fq1vRPlA640xw_O-zFOwU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.235.140.0/24
                IPv6:
                  2a0d:6480::/29

    Signature Algorithm: sha256WithRSAEncryption
         8d:5d:af:11:a2:41:47:d0:42:3c:c5:38:3a:cf:54:97:f6:2e:
         72:1c:e8:23:27:07:00:d3:e0:d5:96:34:b3:3e:ea:9c:39:f4:
         ba:dc:bf:11:ac:24:89:77:c4:2d:52:e7:44:43:08:da:8a:03:
         8c:f3:df:4a:99:33:e0:0c:f7:ad:ce:f2:1a:40:e7:2a:7b:19:
         45:cc:2b:1b:98:be:2b:f8:5d:31:61:f4:bc:6e:b9:ef:11:9f:
         ae:c8:7e:00:38:a6:e8:e6:ec:6a:f4:ea:6d:77:b7:db:74:66:
         20:e0:7a:10:c2:56:2c:bc:b3:56:6e:ac:b3:84:09:5c:02:6f:
         ad:ea:5e:75:21:1c:83:5d:18:30:34:0a:1b:16:a9:c1:f0:76:
         53:88:c9:01:d5:6c:10:4a:47:6d:6b:8a:d7:5a:02:e1:c6:32:
         9e:36:97:63:c5:ce:c5:4a:bf:84:8b:ca:48:a1:96:c7:35:44:
         41:d0:26:a2:c7:68:8b:e3:e1:cc:d0:2b:de:f3:e5:55:c0:74:
         5b:bc:56:54:7d:29:17:59:22:8c:9c:42:bc:1f:11:76:66:ba:
         88:d7:c7:07:e2:90:d1:39:92:ac:30:1b:30:40:98:87:43:5b:
         2a:d9:9a:1c:9f:42:80:d0:84:88:cf:0f:4a:91:1f:d5:c1:ff:
         c9:b1:7f:75
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKKiIH6KGYgHqQcoLsUbjEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxMTE4NTkzNzdlYWQ2ZjQ0Zjk0MGViOGQzMWMzZjNiZWNj
NTNiMDUwHhcNMjQwMTAyMTIzMzI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWM4OTJiYmNmMDZiYzMyNDY5Y2YwMTEwYzQ3OGZkZGJlZDRkNDgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAprWolRT96sQIKmB//31aq7fItxdg
qmFLCNY2867Y9DHSzbsdwoMDr6TCoUvW8kEQVvaKM6kAg+TbyngA/y59OQuwuLbn
GvW1TPhyimOIKekEVd+cejEHaFrg4xOsw5rFw5um8py6EVemN6f5yiUETFr/yO+L
1RqaO4qYUFwP0RjapGCuf4qZyvPLnrOwF0U6zRhRrfDQPp+rjLtBooFwsnTuvb7q
f8eFs0FZoYbFknFB/a/zb/AN5avpbuhWcK/j/2zCQxlUD79G260v6z1QSwePDHg2
gZ3rbiCHBF7X39ocOiIywpk2y0UeV8QDrgJC3qx96y4PlNFWpW4F2gCyGQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJHIkrvPBrwyRpzwEQxHj92+1NSCMB8GA1UdIwQY
MBaAFHERhZN36tb0T5QOuNMcPzvsxTsFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1JHRmszZnExdlJQbEE2NDB4d19PLXpGT3dVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi84YjQzY2ItZjIwOS00ZjIyLTkzMGQt
NzU4Y2E0ZDQ4YmMyLzEva2NpU3U4OEd2REpHblBBUkRFZVAzYjdVMUlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi84YjQzY2ItZjIwOS00ZjIyLTkzMGQtNzU4Y2E0ZDQ4YmMy
LzEvY1JHRmszZnExdlJQbEE2NDB4d19PLXpGT3dVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAueuMMA0E
AgACMAcDBQMqDWSAMA0GCSqGSIb3DQEBCwUAA4IBAQCNXa8RokFH0EI8xTg6z1SX
9i5yHOgjJwcA0+DVljSzPuqcOfS63L8RrCSJd8QtUudEQwjaigOM899KmTPgDPet
zvIaQOcqexlFzCsbmL4r+F0xYfS8brnvEZ+uyH4AOKbo5uxq9Optd7fbdGYg4HoQ
wlYsvLNWbqyzhAlcAm+t6l51IRyDXRgwNAobFqnB8HZTiMkB1WwQSkdta4rXWgLh
xjKeNpdjxc7FSr+Ei8pIoZbHNURB0Caix2iL4+HM0Cve8+VVwHRbvFZUfSkXWSKM
nEK8HxF2ZrqI18cH4pDROZKsMBswQJiHQ1sq2Zocn0KA0ISIzw9KkR/Vwf/JsX91
-----END CERTIFICATE-----