Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/KaI8oin1EUcu-B_eIIu8vmnbOJ4.roa
File:                     KaI8oin1EUcu-B_eIIu8vmnbOJ4.roa (raw, json)
Hash identifier:          WFBqg1tuDlnGchcozUAD54dXDeDcuvMJKR7/9fvmGn0=
Subject key identifier:   29:A2:3C:A2:29:F5:11:47:2E:F8:1F:DE:20:8B:BC:BE:69:DB:38:9E
Certificate issuer:       /CN=5dde4b3b82f209b701ae340cf53b974078f16a9f
Certificate serial:       0190795B81ACC9DE97877ACB7E31FC56C12B
Authority key identifier: 5D:DE:4B:3B:82:F2:09:B7:01:AE:34:0C:F5:3B:97:40:78:F1:6A:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xd5LO4LyCbcBrjQM9TuXQHjxap8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/KaI8oin1EUcu-B_eIIu8vmnbOJ4.roa
Signing time:             Wed 03 Jul 2024 16:09:18 +0000
ROA not before:           Wed 03 Jul 2024 16:09:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12400
IP address blocks:        185.200.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/Xd5LO4LyCbcBrjQM9TuXQHjxap8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/Xd5LO4LyCbcBrjQM9TuXQHjxap8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xd5LO4LyCbcBrjQM9TuXQHjxap8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 10:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:79:5b:81:ac:c9:de:97:87:7a:cb:7e:31:fc:56:c1:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dde4b3b82f209b701ae340cf53b974078f16a9f
        Validity
            Not Before: Jul  3 16:09:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=29a23ca229f511472ef81fde208bbcbe69db389e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:66:a1:0c:91:6d:74:6a:68:8b:d5:37:0c:7d:
                    2a:4b:16:eb:78:3c:61:c9:21:0f:71:8b:30:5f:b8:
                    59:5e:71:8a:e9:43:39:10:87:a6:60:ff:96:b6:1e:
                    31:ce:eb:23:f5:d5:11:88:fa:73:80:42:6f:21:80:
                    5f:9a:fe:41:c5:fd:a3:0c:88:0a:9f:9c:1a:75:40:
                    3c:c7:e7:84:ec:31:38:67:00:42:cc:e9:dd:07:99:
                    04:62:84:4a:97:99:f6:fe:da:c5:9f:1f:93:0f:11:
                    df:ce:7c:a3:fb:74:a0:2f:0b:6c:08:1b:c0:65:38:
                    23:ca:4a:ed:d6:3c:74:00:fd:9f:4a:17:f6:a2:41:
                    1e:8e:5f:8c:3c:18:09:e9:01:a4:55:69:43:e0:9c:
                    b3:d7:02:71:4d:0a:4f:03:25:a2:ad:76:44:1b:38:
                    7f:77:d2:b8:af:b5:41:57:10:7e:a2:ff:6d:ed:35:
                    4d:c1:f1:4a:25:6b:b2:45:20:29:6b:f3:db:7d:09:
                    6f:bb:f4:c3:49:7f:de:40:57:82:33:f2:d3:23:a2:
                    76:d3:3e:67:1b:18:bb:94:82:0e:b4:ba:f9:b1:28:
                    6b:c1:5f:45:ff:f4:0d:0d:8b:cc:8d:27:3b:96:cc:
                    9d:ee:57:25:98:d0:c0:5a:14:e7:1e:8a:e6:ee:b3:
                    ff:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:A2:3C:A2:29:F5:11:47:2E:F8:1F:DE:20:8B:BC:BE:69:DB:38:9E
            X509v3 Authority Key Identifier:
                keyid:5D:DE:4B:3B:82:F2:09:B7:01:AE:34:0C:F5:3B:97:40:78:F1:6A:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xd5LO4LyCbcBrjQM9TuXQHjxap8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/KaI8oin1EUcu-B_eIIu8vmnbOJ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/Xd5LO4LyCbcBrjQM9TuXQHjxap8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.200.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:73:f1:9f:fe:98:61:c0:e5:42:36:de:84:b5:9d:6c:f9:8a:
         57:96:2d:b7:66:a3:db:3d:aa:99:b2:9f:03:af:25:81:46:3f:
         d3:d3:8f:16:20:ff:eb:79:29:8d:47:bc:bb:b1:9c:00:50:6e:
         f2:be:21:47:6b:8f:e4:6f:fe:97:03:5c:a0:df:33:8f:ba:1c:
         d9:7f:e2:45:e9:54:4f:84:59:60:41:0a:f2:0e:1b:84:33:8c:
         94:04:77:4e:78:a2:2d:1e:59:e7:b5:cb:0e:4d:47:ec:56:a3:
         7d:cb:dc:27:de:13:27:78:cc:b8:db:84:2b:4a:2b:83:dd:a6:
         02:b5:07:3a:6f:9e:29:73:92:93:b3:85:d7:f3:9f:5d:f0:ed:
         eb:bc:af:3d:64:5a:eb:09:b7:62:de:7b:0a:b7:54:aa:4e:3f:
         a2:34:90:91:95:b4:55:72:ab:93:b7:d3:0f:6f:a5:a3:1d:2d:
         50:cb:4d:31:6a:4d:d5:94:90:ca:c0:cf:a0:2a:4d:3b:b4:4a:
         14:84:ac:2c:37:c7:18:08:c1:76:70:41:ea:be:fb:8b:25:25:
         45:15:e8:a2:8a:12:c3:d6:de:df:58:47:2c:6f:12:c7:5d:ce:
         48:a1:7b:21:21:11:bf:c0:eb:f2:04:5b:6a:d3:94:73:79:80:
         4a:dc:11:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZB5W4Gsyd6Xh3rLfjH8VsErMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZGU0YjNiODJmMjA5YjcwMWFlMzQwY2Y1M2I5NzQwNzhm
MTZhOWYwHhcNMjQwNzAzMTYwOTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWEyM2NhMjI5ZjUxMTQ3MmVmODFmZGUyMDhiYmNiZTY5ZGIzODllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnGahDJFtdGpoi9U3DH0qSxbreDxh
ySEPcYswX7hZXnGK6UM5EIemYP+Wth4xzusj9dURiPpzgEJvIYBfmv5Bxf2jDIgK
n5wadUA8x+eE7DE4ZwBCzOndB5kEYoRKl5n2/trFnx+TDxHfznyj+3SgLwtsCBvA
ZTgjykrt1jx0AP2fShf2okEejl+MPBgJ6QGkVWlD4Jyz1wJxTQpPAyWirXZEGzh/
d9K4r7VBVxB+ov9t7TVNwfFKJWuyRSApa/PbfQlvu/TDSX/eQFeCM/LTI6J20z5n
Gxi7lIIOtLr5sShrwV9F//QNDYvMjSc7lsyd7lclmNDAWhTnHorm7rP/bwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCmiPKIp9RFHLvgf3iCLvL5p2zieMB8GA1UdIwQY
MBaAFF3eSzuC8gm3Aa40DPU7l0B48WqfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGQ1TE80THlDYmNCcmpRTTlUdVhRSGp4YXA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi8wMmJkZjAtYmYyOS00ZGFlLWIxOWIt
ODZhNTUxOGUyZDUyLzEvS2FJOG9pbjFFVWN1LUJfZUlJdTh2bW5iT0o0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi8wMmJkZjAtYmYyOS00ZGFlLWIxOWItODZhNTUxOGUyZDUy
LzEvWGQ1TE80THlDYmNCcmpRTTlUdVhRSGp4YXA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucj3MA0G
CSqGSIb3DQEBCwUAA4IBAQBAc/Gf/phhwOVCNt6EtZ1s+YpXli23ZqPbPaqZsp8D
ryWBRj/T048WIP/reSmNR7y7sZwAUG7yviFHa4/kb/6XA1yg3zOPuhzZf+JF6VRP
hFlgQQryDhuEM4yUBHdOeKItHlnntcsOTUfsVqN9y9wn3hMneMy424QrSiuD3aYC
tQc6b54pc5KTs4XX859d8O3rvK89ZFrrCbdi3nsKt1SqTj+iNJCRlbRVcquTt9MP
b6WjHS1Qy00xak3VlJDKwM+gKk07tEoUhKwsN8cYCMF2cEHqvvuLJSVFFeiiihLD
1t7fWEcsbxLHXc5IoXshIRG/wOvyBFtq05RzeYBK3BGP
-----END CERTIFICATE-----