Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/0396ad-dda7-4600-8f66-f56c779b142f/1/KLU1VH4Jh-n9IFmJ8n7LS39oL-k.roa
File:                     KLU1VH4Jh-n9IFmJ8n7LS39oL-k.roa (raw, json)
Hash identifier:          UQl4lmXYeUmYKdtW7BuYhLz+Aq8UnXtrwx+I6E6jrlk=
Subject key identifier:   28:B5:35:54:7E:09:87:E9:FD:20:59:89:F2:7E:CB:4B:7F:68:2F:E9
Certificate issuer:       /CN=a621186413bbdfde20e592fbe5553de7f94e5987
Certificate serial:       018F82AECBAAADD60A55F36213C525CCB83A
Authority key identifier: A6:21:18:64:13:BB:DF:DE:20:E5:92:FB:E5:55:3D:E7:F9:4E:59:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/piEYZBO7394g5ZL75VU95_lOWYc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/0396ad-dda7-4600-8f66-f56c779b142f/1/KLU1VH4Jh-n9IFmJ8n7LS39oL-k.roa
Signing time:             Thu 16 May 2024 18:34:04 +0000
ROA not before:           Thu 16 May 2024 18:34:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.131.228.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/0396ad-dda7-4600-8f66-f56c779b142f/1/piEYZBO7394g5ZL75VU95_lOWYc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/0396ad-dda7-4600-8f66-f56c779b142f/1/piEYZBO7394g5ZL75VU95_lOWYc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/piEYZBO7394g5ZL75VU95_lOWYc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:82:ae:cb:aa:ad:d6:0a:55:f3:62:13:c5:25:cc:b8:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a621186413bbdfde20e592fbe5553de7f94e5987
        Validity
            Not Before: May 16 18:34:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=28b535547e0987e9fd205989f27ecb4b7f682fe9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:ad:95:2f:77:d2:65:72:18:a4:c3:53:86:9f:
                    62:f7:7f:fe:76:e1:5d:5c:85:4c:82:49:84:92:68:
                    a3:9c:8e:2a:7d:fc:c0:d4:77:ad:5b:a5:7b:99:bd:
                    36:8b:64:b0:0e:06:a2:78:95:b9:78:39:78:a4:e0:
                    31:95:78:08:17:14:9c:d9:46:ee:fd:d7:4e:4d:82:
                    8a:b4:d2:5c:f1:f8:e2:75:a3:ca:b7:cf:a3:79:dd:
                    a9:4e:c0:1e:d7:fa:7d:28:3e:83:01:17:fb:fb:0b:
                    9a:c0:3e:f0:b4:6a:61:fa:6e:cd:2a:61:56:ea:3f:
                    72:00:7a:6f:0c:1c:cb:2f:d0:35:6b:8d:55:72:58:
                    58:74:3c:d1:b0:07:a8:2b:51:2b:c7:65:bb:b3:b6:
                    d4:e5:c7:74:6d:a9:5d:b2:81:c2:d7:46:58:bb:71:
                    4e:b5:cc:a8:77:cf:7c:7b:4b:0c:11:ed:f4:57:84:
                    76:4e:d0:6e:eb:1a:5a:28:87:87:2c:31:0e:e1:5f:
                    a7:7f:36:f7:58:41:8b:e7:d6:97:24:4c:2b:f2:00:
                    9e:f6:f0:a4:d8:a2:fa:62:12:b1:c3:1c:26:13:1f:
                    8b:7f:20:5a:80:f2:fc:be:5f:a3:ca:88:54:f6:36:
                    56:bb:d9:e8:be:e1:6a:15:1b:bf:bd:2f:aa:be:ea:
                    c2:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:B5:35:54:7E:09:87:E9:FD:20:59:89:F2:7E:CB:4B:7F:68:2F:E9
            X509v3 Authority Key Identifier:
                keyid:A6:21:18:64:13:BB:DF:DE:20:E5:92:FB:E5:55:3D:E7:F9:4E:59:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/piEYZBO7394g5ZL75VU95_lOWYc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/0396ad-dda7-4600-8f66-f56c779b142f/1/KLU1VH4Jh-n9IFmJ8n7LS39oL-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/0396ad-dda7-4600-8f66-f56c779b142f/1/piEYZBO7394g5ZL75VU95_lOWYc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.131.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:24:26:d5:b3:72:43:bc:9e:cc:31:1c:e2:a8:7f:a9:32:83:
         f9:0f:74:8e:c9:49:db:c3:de:8b:db:06:69:db:97:3f:cc:22:
         39:c0:5f:d7:0a:cc:c5:01:e0:32:0e:65:89:60:8e:93:f6:22:
         7e:5d:11:b9:8c:64:dd:26:36:b2:68:bb:ed:2d:bc:64:cb:57:
         41:28:a4:9b:91:ec:87:f7:68:83:e2:f2:e1:f4:ec:bb:00:e5:
         58:ef:09:8c:6c:34:58:5c:56:ab:9c:1b:16:c5:88:08:e0:c8:
         dd:63:4d:3b:29:35:5a:ae:45:38:f2:a9:ee:c1:e1:25:18:c2:
         67:b7:6f:90:d5:98:bc:3a:e8:5f:0d:37:1e:d6:d4:90:ac:65:
         2e:36:2a:88:6a:3a:2e:37:14:e9:c7:fb:b4:bf:57:b1:3c:8d:
         f2:e4:d9:20:59:4b:3a:dd:f5:8c:35:ea:6c:d8:ed:b6:90:94:
         ff:a9:5e:9c:4d:46:b5:27:7a:a8:47:f0:96:18:d2:1e:05:84:
         5c:34:e1:dd:38:74:c0:bf:96:b4:70:18:57:b8:86:e9:0c:6d:
         86:46:b9:7d:1a:2c:4c:2a:19:e9:79:e2:78:cd:15:fe:94:05:
         fe:9e:f5:f0:9c:0b:6e:22:7d:c5:67:c0:3d:ee:10:7d:77:52:
         ae:5e:01:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+CrsuqrdYKVfNiE8UlzLg6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MjExODY0MTNiYmRmZGUyMGU1OTJmYmU1NTUzZGU3Zjk0
ZTU5ODcwHhcNMjQwNTE2MTgzNDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGI1MzU1NDdlMDk4N2U5ZmQyMDU5ODlmMjdlY2I0YjdmNjgyZmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmq2VL3fSZXIYpMNThp9i93/+duFd
XIVMgkmEkmijnI4qffzA1HetW6V7mb02i2SwDgaieJW5eDl4pOAxlXgIFxSc2Ubu
/ddOTYKKtNJc8fjidaPKt8+jed2pTsAe1/p9KD6DARf7+wuawD7wtGph+m7NKmFW
6j9yAHpvDBzLL9A1a41VclhYdDzRsAeoK1Erx2W7s7bU5cd0baldsoHC10ZYu3FO
tcyod898e0sMEe30V4R2TtBu6xpaKIeHLDEO4V+nfzb3WEGL59aXJEwr8gCe9vCk
2KL6YhKxwxwmEx+LfyBagPL8vl+jyohU9jZWu9novuFqFRu/vS+qvurCdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCi1NVR+CYfp/SBZifJ+y0t/aC/pMB8GA1UdIwQY
MBaAFKYhGGQTu9/eIOWS++VVPef5TlmHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGlFWVpCTzczOTRnNVpMNzVWVTk1X2xPV1ljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8wMzk2YWQtZGRhNy00NjAwLThmNjYt
ZjU2Yzc3OWIxNDJmLzEvS0xVMVZINEpoLW45SUZtSjhuN0xTMzlvTC1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8wMzk2YWQtZGRhNy00NjAwLThmNjYtZjU2Yzc3OWIxNDJm
LzEvcGlFWVpCTzczOTRnNVpMNzVWVTk1X2xPV1ljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYPkMA0G
CSqGSIb3DQEBCwUAA4IBAQCgJCbVs3JDvJ7MMRziqH+pMoP5D3SOyUnbw96L2wZp
25c/zCI5wF/XCszFAeAyDmWJYI6T9iJ+XRG5jGTdJjayaLvtLbxky1dBKKSbkeyH
92iD4vLh9Oy7AOVY7wmMbDRYXFarnBsWxYgI4MjdY007KTVarkU48qnuweElGMJn
t2+Q1Zi8OuhfDTce1tSQrGUuNiqIajouNxTpx/u0v1exPI3y5NkgWUs63fWMNeps
2O22kJT/qV6cTUa1J3qoR/CWGNIeBYRcNOHdOHTAv5a0cBhXuIbpDG2GRrl9GixM
KhnpeeJ4zRX+lAX+nvXwnAtuIn3FZ8A97hB9d1KuXgGB
-----END CERTIFICATE-----