Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/9caa50-a510-417a-b589-8ce4179232c8/1/kvcnF-4Bhbb9we3THMf-iSm1nR8.roa
File:                     kvcnF-4Bhbb9we3THMf-iSm1nR8.roa (raw, json)
Hash identifier:          jW0Qq8vCf2rHDPQC/u7BXHKVvdbZFcUXK+M9Yk5q1JY=
Subject key identifier:   92:F7:27:17:EE:01:85:B6:FD:C1:ED:D3:1C:C7:FE:89:29:B5:9D:1F
Certificate issuer:       /CN=95d9fc815e90ca87927907c5eab3fe79ca215eaa
Certificate serial:       01928EC77FE8547DB73F25FF77098C8BF457
Authority key identifier: 95:D9:FC:81:5E:90:CA:87:92:79:07:C5:EA:B3:FE:79:CA:21:5E:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ldn8gV6QyoeSeQfF6rP-ecohXqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/9caa50-a510-417a-b589-8ce4179232c8/1/kvcnF-4Bhbb9we3THMf-iSm1nR8.roa
Signing time:             Tue 15 Oct 2024 06:04:52 +0000
ROA not before:           Tue 15 Oct 2024 06:04:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8412
IP address blocks:        192.94.226.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/9caa50-a510-417a-b589-8ce4179232c8/1/ldn8gV6QyoeSeQfF6rP-ecohXqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/9caa50-a510-417a-b589-8ce4179232c8/1/ldn8gV6QyoeSeQfF6rP-ecohXqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ldn8gV6QyoeSeQfF6rP-ecohXqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:8e:c7:7f:e8:54:7d:b7:3f:25:ff:77:09:8c:8b:f4:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95d9fc815e90ca87927907c5eab3fe79ca215eaa
        Validity
            Not Before: Oct 15 06:04:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=92f72717ee0185b6fdc1edd31cc7fe8929b59d1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:1e:d5:81:e4:d0:56:9f:55:32:b7:8e:c3:be:
                    24:f4:35:18:10:87:5b:c2:c2:19:d7:a8:5f:18:6f:
                    5b:75:74:b5:82:4d:6f:b1:8f:27:cc:18:80:74:a6:
                    05:dd:37:ea:d8:36:03:27:94:9b:48:25:c3:84:29:
                    1f:4e:85:a8:89:73:a6:c8:c0:b9:8d:d7:f7:ae:0f:
                    05:12:58:55:d4:aa:57:e7:dd:80:50:0b:21:fb:ca:
                    6f:62:b4:a6:54:3f:3d:6e:3c:fd:f9:f2:bf:6d:1a:
                    f5:04:1f:d1:0e:f4:fa:d1:96:85:02:e6:5b:e6:fb:
                    2d:8e:12:d8:8d:5a:26:e9:0c:13:17:a7:5a:4a:63:
                    b5:e7:6d:2c:ac:b6:ad:57:81:c8:8e:a1:91:f0:4a:
                    70:b9:d0:5c:e3:e9:88:95:f6:f9:93:e8:6c:f5:78:
                    28:76:5f:1f:96:12:43:99:dc:bd:7e:9d:53:0c:35:
                    a8:12:ab:2e:62:4a:c8:02:dd:4f:e7:d6:55:15:89:
                    af:9b:45:db:7d:af:d8:a1:44:3d:48:c1:8f:74:a7:
                    f4:f2:00:7e:b3:82:fa:14:71:af:2a:21:23:9a:fb:
                    51:d7:19:ea:fc:36:8e:67:07:6b:65:86:d1:8b:a3:
                    47:65:af:7f:e5:49:03:42:75:46:d8:4b:58:d7:05:
                    fd:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:F7:27:17:EE:01:85:B6:FD:C1:ED:D3:1C:C7:FE:89:29:B5:9D:1F
            X509v3 Authority Key Identifier:
                keyid:95:D9:FC:81:5E:90:CA:87:92:79:07:C5:EA:B3:FE:79:CA:21:5E:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ldn8gV6QyoeSeQfF6rP-ecohXqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/9caa50-a510-417a-b589-8ce4179232c8/1/kvcnF-4Bhbb9we3THMf-iSm1nR8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/9caa50-a510-417a-b589-8ce4179232c8/1/ldn8gV6QyoeSeQfF6rP-ecohXqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.94.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:b7:86:60:86:1b:4c:6e:6b:22:a1:b2:65:e0:46:78:77:72:
         e5:a8:58:11:bb:48:98:8b:65:b0:6b:68:f1:fd:91:53:87:bd:
         dd:6f:17:d4:d4:ef:b3:8e:f6:18:2d:56:33:a8:12:66:bf:13:
         f5:41:5f:fe:e0:90:c1:5a:7d:81:f5:c7:4a:33:94:78:c5:76:
         ce:8c:b2:0b:53:bf:c9:37:b4:40:ca:9b:8c:44:9e:1b:8f:de:
         d9:fe:77:2f:36:04:3d:2c:c3:8a:e5:da:bb:f5:42:3a:7c:80:
         be:50:49:94:0f:39:2d:ae:00:16:ed:ff:52:ca:f1:21:6e:74:
         8f:f2:1c:3d:05:ac:ad:22:88:84:82:26:ed:d5:8f:5b:d1:e9:
         a9:42:cf:44:3b:d7:94:ab:46:22:ca:6e:61:2a:ae:71:6a:3f:
         18:7a:ad:84:67:ff:63:95:f2:1f:e5:cb:55:c7:bc:99:5a:cd:
         64:b9:67:5b:ec:77:4c:4b:96:32:6c:f8:f1:17:8b:de:de:fe:
         71:2e:cc:21:ab:3f:6c:7d:f4:10:7e:bb:e2:1f:bf:02:9f:21:
         e4:43:1c:24:bc:e5:45:7b:58:f5:f9:ec:13:38:ff:f5:86:2b:
         07:f1:84:0a:e9:81:60:df:b5:04:3d:c7:82:87:ab:69:a3:e1:
         d4:fc:37:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKOx3/oVH23PyX/dwmMi/RXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1ZDlmYzgxNWU5MGNhODc5Mjc5MDdjNWVhYjNmZTc5Y2Ey
MTVlYWEwHhcNMjQxMDE1MDYwNDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmY3MjcxN2VlMDE4NWI2ZmRjMWVkZDMxY2M3ZmU4OTI5YjU5ZDFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyR7VgeTQVp9VMreOw74k9DUYEIdb
wsIZ16hfGG9bdXS1gk1vsY8nzBiAdKYF3Tfq2DYDJ5SbSCXDhCkfToWoiXOmyMC5
jdf3rg8FElhV1KpX592AUAsh+8pvYrSmVD89bjz9+fK/bRr1BB/RDvT60ZaFAuZb
5vstjhLYjVom6QwTF6daSmO1520srLatV4HIjqGR8EpwudBc4+mIlfb5k+hs9Xgo
dl8flhJDmdy9fp1TDDWoEqsuYkrIAt1P59ZVFYmvm0Xbfa/YoUQ9SMGPdKf08gB+
s4L6FHGvKiEjmvtR1xnq/DaOZwdrZYbRi6NHZa9/5UkDQnVG2EtY1wX9mwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJL3JxfuAYW2/cHt0xzH/okptZ0fMB8GA1UdIwQY
MBaAFJXZ/IFekMqHknkHxeqz/nnKIV6qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGRuOGdWNlF5b2VTZVFmRjZyUC1lY29oWHFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS85Y2FhNTAtYTUxMC00MTdhLWI1ODkt
OGNlNDE3OTIzMmM4LzEva3ZjbkYtNEJoYmI5d2UzVEhNZi1pU20xblI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS85Y2FhNTAtYTUxMC00MTdhLWI1ODktOGNlNDE3OTIzMmM4
LzEvbGRuOGdWNlF5b2VTZVFmRjZyUC1lY29oWHFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwF7iMA0G
CSqGSIb3DQEBCwUAA4IBAQBgt4ZghhtMbmsiobJl4EZ4d3LlqFgRu0iYi2Wwa2jx
/ZFTh73dbxfU1O+zjvYYLVYzqBJmvxP1QV/+4JDBWn2B9cdKM5R4xXbOjLILU7/J
N7RAypuMRJ4bj97Z/ncvNgQ9LMOK5dq79UI6fIC+UEmUDzktrgAW7f9SyvEhbnSP
8hw9BaytIoiEgibt1Y9b0empQs9EO9eUq0Yiym5hKq5xaj8Yeq2EZ/9jlfIf5ctV
x7yZWs1kuWdb7HdMS5YybPjxF4ve3v5xLswhqz9sffQQfrviH78CnyHkQxwkvOVF
e1j1+ewTOP/1hisH8YQK6YFg37UEPceCh6tpo+HU/DeP
-----END CERTIFICATE-----