Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/kLapSaCszHTkHjj-5D35BnwdX3U.roa
File:                     kLapSaCszHTkHjj-5D35BnwdX3U.roa (raw, json)
Hash identifier:          aum+w/zWFNqnp2yXDmIDbNJpry2kTCqoMURv44gS960=
Subject key identifier:   90:B6:A9:49:A0:AC:CC:74:E4:1E:38:FE:E4:3D:F9:06:7C:1D:5F:75
Certificate issuer:       /CN=dcef58d4cfa35543f8488a2756e6924e647b4589
Certificate serial:       018CC94E6F553426EB9749C2B5FC22E0E221
Authority key identifier: DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/kLapSaCszHTkHjj-5D35BnwdX3U.roa
Signing time:             Tue 02 Jan 2024 08:33:29 +0000
ROA not before:           Tue 02 Jan 2024 08:33:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47390
IP address blocks:        185.220.187.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:6f:55:34:26:eb:97:49:c2:b5:fc:22:e0:e2:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcef58d4cfa35543f8488a2756e6924e647b4589
        Validity
            Not Before: Jan  2 08:33:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=90b6a949a0accc74e41e38fee43df9067c1d5f75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:fe:87:b6:ae:df:97:06:d8:04:11:96:ea:e5:
                    16:b9:88:28:9c:c8:3c:18:6a:00:21:2e:e6:be:87:
                    f2:f7:cb:b8:e4:c9:24:95:a2:b7:c8:28:6b:ce:ea:
                    a8:af:d9:f4:13:43:cb:54:fe:b2:e9:a9:4f:16:26:
                    c7:82:86:0a:b0:ad:d3:1b:39:01:2d:60:15:96:f4:
                    78:fa:9e:ac:b6:61:0f:b5:2a:07:46:d1:8d:bf:c6:
                    23:7c:b4:ad:be:00:30:a0:56:fa:00:95:d0:38:05:
                    c2:93:71:11:e1:05:8c:41:51:9f:29:b5:80:45:80:
                    11:fa:62:52:75:c2:bd:34:92:24:18:cf:ac:4a:db:
                    c6:19:39:d4:72:25:e3:7b:ac:45:a5:59:eb:db:31:
                    43:ff:94:53:7c:c4:aa:5a:d3:1b:b2:49:8e:c9:2e:
                    b6:23:fd:a9:d6:ef:a1:19:27:cb:4c:20:8a:8f:88:
                    77:05:43:9f:b7:59:72:a6:32:be:56:7e:39:fb:0b:
                    15:ca:f2:05:02:2b:67:45:7c:2d:00:66:90:fb:3a:
                    b3:4e:df:35:3f:ee:56:b5:a5:7c:6c:8f:f0:5e:32:
                    27:58:5c:c4:80:9a:95:5b:6e:f1:c7:85:f3:ce:2c:
                    1d:70:9b:26:0e:b6:1f:de:ce:23:d8:51:97:9e:76:
                    3a:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:B6:A9:49:A0:AC:CC:74:E4:1E:38:FE:E4:3D:F9:06:7C:1D:5F:75
            X509v3 Authority Key Identifier:
                keyid:DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/kLapSaCszHTkHjj-5D35BnwdX3U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.220.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:82:ce:45:75:d4:81:1e:4d:b8:df:4d:42:c8:3f:68:82:b2:
         48:48:ee:ee:c3:ce:12:fa:31:19:bf:02:c5:83:e7:62:7d:1a:
         14:2e:71:22:bc:42:e4:cd:81:84:6c:31:4b:c0:d9:53:ea:c9:
         c0:56:cb:99:18:5a:7a:65:e5:db:d7:35:e5:6d:87:c7:84:dd:
         eb:1c:2a:5d:b1:22:98:be:03:bb:74:8d:c5:63:45:56:c2:93:
         fc:97:e9:7c:94:7c:8a:f6:7c:97:c8:b8:7f:01:3a:5b:13:c0:
         e1:e3:b7:61:c2:64:ea:79:6e:f3:4d:c0:72:ce:1a:c3:45:c4:
         74:dc:23:2d:ce:37:8e:b0:5b:04:cf:09:fd:84:73:0a:1a:fb:
         1e:b4:25:c7:ca:4e:ae:cc:60:e4:bc:64:e7:59:50:4b:aa:b3:
         86:79:6b:4b:8b:a5:85:0b:c9:5d:9a:2d:26:71:6f:1b:99:b4:
         a2:5f:9b:16:3f:e5:62:45:d4:d4:f4:0b:57:60:f9:0e:49:c1:
         13:38:73:dc:62:d6:cf:0a:61:00:59:7d:1c:d3:5c:77:59:27:
         26:d6:9e:67:98:e8:6e:a0:c6:97:60:89:61:f1:b0:39:e6:8d:
         19:11:7f:d8:5f:10:6f:0d:67:4a:ef:2c:be:c6:df:01:da:a6:
         01:fc:48:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTm9VNCbrl0nCtfwi4OIhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZWY1OGQ0Y2ZhMzU1NDNmODQ4OGEyNzU2ZTY5MjRlNjQ3
YjQ1ODkwHhcNMjQwMTAyMDgzMzI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGI2YTk0OWEwYWNjYzc0ZTQxZTM4ZmVlNDNkZjkwNjdjMWQ1Zjc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiP6Htq7flwbYBBGW6uUWuYgonMg8
GGoAIS7mvofy98u45MkklaK3yChrzuqor9n0E0PLVP6y6alPFibHgoYKsK3TGzkB
LWAVlvR4+p6stmEPtSoHRtGNv8YjfLStvgAwoFb6AJXQOAXCk3ER4QWMQVGfKbWA
RYAR+mJSdcK9NJIkGM+sStvGGTnUciXje6xFpVnr2zFD/5RTfMSqWtMbskmOyS62
I/2p1u+hGSfLTCCKj4h3BUOft1lypjK+Vn45+wsVyvIFAitnRXwtAGaQ+zqzTt81
P+5WtaV8bI/wXjInWFzEgJqVW27xx4XzziwdcJsmDrYf3s4j2FGXnnY6vwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJC2qUmgrMx05B44/uQ9+QZ8HV91MB8GA1UdIwQY
MBaAFNzvWNTPo1VD+EiKJ1bmkk5ke0WJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMt
MmVjZTA0ZTE4NWMyLzEva0xhcFNhQ3N6SFRrSGpqLTVEMzVCbndkWDNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMtMmVjZTA0ZTE4NWMy
LzEvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudy7MA0G
CSqGSIb3DQEBCwUAA4IBAQARgs5FddSBHk24301CyD9ogrJISO7uw84S+jEZvwLF
g+difRoULnEivELkzYGEbDFLwNlT6snAVsuZGFp6ZeXb1zXlbYfHhN3rHCpdsSKY
vgO7dI3FY0VWwpP8l+l8lHyK9nyXyLh/ATpbE8Dh47dhwmTqeW7zTcByzhrDRcR0
3CMtzjeOsFsEzwn9hHMKGvsetCXHyk6uzGDkvGTnWVBLqrOGeWtLi6WFC8ldmi0m
cW8bmbSiX5sWP+ViRdTU9AtXYPkOScETOHPcYtbPCmEAWX0c01x3WScm1p5nmOhu
oMaXYIlh8bA55o0ZEX/YXxBvDWdK7yy+xt8B2qYB/EhZ
-----END CERTIFICATE-----