Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/368df0-5c41-49d3-a9a9-c45903c3b329/1/KtX_PJZvnWu8lpgsktFT_j4KjSg.roa
File:                     KtX_PJZvnWu8lpgsktFT_j4KjSg.roa (raw, json)
Hash identifier:          3iPu8ye6n675RMfmsouKgCH3bpeNtVShxkhUcc80BdE=
Subject key identifier:   2A:D5:FF:3C:96:6F:9D:6B:BC:96:98:2C:92:D1:53:FE:3E:0A:8D:28
Certificate issuer:       /CN=e9d2721f2e2bd011b8a6860ad2572c405c0b540f
Certificate serial:       018CC56E5AE6632844487EF2836DA9F92BF0
Authority key identifier: E9:D2:72:1F:2E:2B:D0:11:B8:A6:86:0A:D2:57:2C:40:5C:0B:54:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6dJyHy4r0BG4poYK0lcsQFwLVA8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/368df0-5c41-49d3-a9a9-c45903c3b329/1/KtX_PJZvnWu8lpgsktFT_j4KjSg.roa
Signing time:             Mon 01 Jan 2024 14:29:52 +0000
ROA not before:           Mon 01 Jan 2024 14:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15830
IP address blocks:        185.43.192.0/24 maxlen: 24
                          185.43.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/368df0-5c41-49d3-a9a9-c45903c3b329/1/6dJyHy4r0BG4poYK0lcsQFwLVA8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/368df0-5c41-49d3-a9a9-c45903c3b329/1/6dJyHy4r0BG4poYK0lcsQFwLVA8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6dJyHy4r0BG4poYK0lcsQFwLVA8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:5a:e6:63:28:44:48:7e:f2:83:6d:a9:f9:2b:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9d2721f2e2bd011b8a6860ad2572c405c0b540f
        Validity
            Not Before: Jan  1 14:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ad5ff3c966f9d6bbc96982c92d153fe3e0a8d28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:72:31:a9:24:ac:17:76:64:a3:b4:b6:54:8f:
                    3b:e6:58:7a:22:b3:9b:ab:60:b6:49:a4:3f:af:8d:
                    7c:e0:07:2f:48:9a:e4:51:68:f9:4d:4d:94:f8:ba:
                    6d:3a:24:bd:d8:e5:a8:f5:20:11:7b:b1:b1:dd:b7:
                    26:d5:be:e9:d0:14:fa:13:dd:01:9e:13:fd:16:d4:
                    6a:8f:23:d5:38:76:28:98:8d:d2:b2:32:c8:a1:0b:
                    dc:f4:2f:f2:49:ec:c7:0b:7c:56:40:4e:e1:cb:1e:
                    d2:93:b0:25:7e:55:f1:56:b0:a2:07:88:66:f1:ae:
                    01:87:e2:99:33:e1:b6:44:e9:25:48:31:32:82:98:
                    9c:f7:00:b0:74:19:79:c5:2b:c2:fa:74:3d:2b:2c:
                    9a:c8:52:d4:1c:20:29:4e:fe:61:d1:f9:9e:17:9d:
                    a1:87:c5:3f:f0:b4:ff:2d:91:e2:bc:56:6f:bc:97:
                    4f:01:d3:32:65:59:ea:3f:1e:2a:31:d1:38:64:7f:
                    26:af:15:5c:c6:ea:4c:73:82:24:7b:68:25:12:0a:
                    85:3d:db:ff:db:c9:3b:1c:8b:2d:d9:42:c3:f4:56:
                    1d:f5:9b:a0:6e:57:d8:b2:e6:6a:3c:b9:ce:6c:f2:
                    d2:52:cc:05:f6:ec:e3:ef:62:b0:0c:a0:3b:c2:68:
                    3a:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:D5:FF:3C:96:6F:9D:6B:BC:96:98:2C:92:D1:53:FE:3E:0A:8D:28
            X509v3 Authority Key Identifier:
                keyid:E9:D2:72:1F:2E:2B:D0:11:B8:A6:86:0A:D2:57:2C:40:5C:0B:54:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6dJyHy4r0BG4poYK0lcsQFwLVA8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/368df0-5c41-49d3-a9a9-c45903c3b329/1/KtX_PJZvnWu8lpgsktFT_j4KjSg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/368df0-5c41-49d3-a9a9-c45903c3b329/1/6dJyHy4r0BG4poYK0lcsQFwLVA8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.43.192.0/23

    Signature Algorithm: sha256WithRSAEncryption
         98:22:bf:e2:4f:13:8a:f3:70:3b:e0:4d:a7:c1:2a:9e:a5:fb:
         e9:03:26:93:0f:c2:ed:cc:32:e3:f6:77:98:81:11:76:07:3e:
         d8:a1:c3:35:55:a4:1a:7d:4f:f3:2e:9c:9a:43:89:74:90:89:
         18:33:59:2c:c6:8e:a4:ac:1e:ab:d9:e6:fa:15:d0:b7:7d:72:
         15:74:54:63:dd:3d:39:e2:92:d2:04:57:d9:43:ec:83:51:9f:
         30:ab:e1:6e:70:1f:b6:99:fa:65:ca:a2:be:03:b4:04:97:b5:
         cc:ae:72:42:1e:83:e8:64:ae:b7:04:27:71:aa:e5:41:31:61:
         07:74:ac:ef:ed:10:e2:7e:2e:15:64:d3:9b:7a:af:76:78:15:
         ee:2d:12:5d:a3:69:33:c6:12:12:18:79:70:06:7c:d9:06:cc:
         a8:aa:32:6e:eb:20:30:fb:6b:24:9d:d8:5e:0c:c7:7b:45:74:
         1e:56:35:88:cd:8b:2e:4d:65:19:a8:17:b1:d8:25:b9:95:be:
         8e:70:af:97:22:df:fb:8d:fe:31:20:9d:7a:80:13:fd:e3:6a:
         83:a7:a0:90:35:d7:e2:8b:2b:9f:bf:3e:a6:9f:38:bd:94:52:
         76:c0:32:f8:72:5c:09:3b:ab:a2:f7:ac:e8:0f:0a:de:41:b8:
         bd:85:83:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFblrmYyhESH7yg22p+SvwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5ZDI3MjFmMmUyYmQwMTFiOGE2ODYwYWQyNTcyYzQwNWMw
YjU0MGYwHhcNMjQwMTAxMTQyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWQ1ZmYzYzk2NmY5ZDZiYmM5Njk4MmM5MmQxNTNmZTNlMGE4ZDI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwXIxqSSsF3Zko7S2VI875lh6IrOb
q2C2SaQ/r4184AcvSJrkUWj5TU2U+LptOiS92OWo9SARe7Gx3bcm1b7p0BT6E90B
nhP9FtRqjyPVOHYomI3SsjLIoQvc9C/ySezHC3xWQE7hyx7Sk7AlflXxVrCiB4hm
8a4Bh+KZM+G2ROklSDEygpic9wCwdBl5xSvC+nQ9KyyayFLUHCApTv5h0fmeF52h
h8U/8LT/LZHivFZvvJdPAdMyZVnqPx4qMdE4ZH8mrxVcxupMc4Ike2glEgqFPdv/
28k7HIst2ULD9FYd9ZugblfYsuZqPLnObPLSUswF9uzj72KwDKA7wmg60wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCrV/zyWb51rvJaYLJLRU/4+Co0oMB8GA1UdIwQY
MBaAFOnSch8uK9ARuKaGCtJXLEBcC1QPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmRKeUh5NHIwQkc0cG9ZSzBsY3NRRndMVkE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC8zNjhkZjAtNWM0MS00OWQzLWE5YTkt
YzQ1OTAzYzNiMzI5LzEvS3RYX1BKWnZuV3U4bHBnc2t0RlRfajRLalNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC8zNjhkZjAtNWM0MS00OWQzLWE5YTktYzQ1OTAzYzNiMzI5
LzEvNmRKeUh5NHIwQkc0cG9ZSzBsY3NRRndMVkE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuSvAMA0G
CSqGSIb3DQEBCwUAA4IBAQCYIr/iTxOK83A74E2nwSqepfvpAyaTD8LtzDLj9neY
gRF2Bz7YocM1VaQafU/zLpyaQ4l0kIkYM1ksxo6krB6r2eb6FdC3fXIVdFRj3T05
4pLSBFfZQ+yDUZ8wq+FucB+2mfplyqK+A7QEl7XMrnJCHoPoZK63BCdxquVBMWEH
dKzv7RDifi4VZNObeq92eBXuLRJdo2kzxhISGHlwBnzZBsyoqjJu6yAw+2skndhe
DMd7RXQeVjWIzYsuTWUZqBex2CW5lb6OcK+XIt/7jf4xIJ16gBP942qDp6CQNdfi
iyufvz6mnzi9lFJ2wDL4clwJO6ui96zoDwreQbi9hYO1
-----END CERTIFICATE-----