Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/ca686d-f35f-43f3-b889-9ffb0e41c4ef/1/KSJEDKrf-Z0fTUd_4TdafrtV4ls.roa
File:                     KSJEDKrf-Z0fTUd_4TdafrtV4ls.roa (raw, json)
Hash identifier:          WqllEbKcC8BLeN2qGqX6H+0m3QrEujRn9usXt+0M4mI=
Subject key identifier:   29:22:44:0C:AA:DF:F9:9D:1F:4D:47:7F:E1:37:5A:7E:BB:55:E2:5B
Certificate issuer:       /CN=f02e28e8ac7ab18c73079de84c8097d782aab69a
Certificate serial:       018CC727275261FA25E0F1937741AD52113D
Authority key identifier: F0:2E:28:E8:AC:7A:B1:8C:73:07:9D:E8:4C:80:97:D7:82:AA:B6:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8C4o6Kx6sYxzB53oTICX14Kqtpo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/ca686d-f35f-43f3-b889-9ffb0e41c4ef/1/KSJEDKrf-Z0fTUd_4TdafrtV4ls.roa
Signing time:             Mon 01 Jan 2024 22:31:20 +0000
ROA not before:           Mon 01 Jan 2024 22:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8896
IP address blocks:        91.188.232.0/22 maxlen: 22
                          2a09:a300::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/ca686d-f35f-43f3-b889-9ffb0e41c4ef/1/8C4o6Kx6sYxzB53oTICX14Kqtpo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/ca686d-f35f-43f3-b889-9ffb0e41c4ef/1/8C4o6Kx6sYxzB53oTICX14Kqtpo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8C4o6Kx6sYxzB53oTICX14Kqtpo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Dec 2024 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:27:52:61:fa:25:e0:f1:93:77:41:ad:52:11:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f02e28e8ac7ab18c73079de84c8097d782aab69a
        Validity
            Not Before: Jan  1 22:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2922440caadff99d1f4d477fe1375a7ebb55e25b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:a5:6c:56:52:26:30:e5:87:84:c6:32:94:98:
                    08:ae:17:18:56:bf:6d:cf:77:41:da:fd:1c:bd:1d:
                    74:7b:6d:b2:a3:ca:94:98:c0:cb:5c:1b:12:a4:18:
                    ff:f8:53:e7:06:20:dc:9b:79:e7:69:4d:63:6a:d3:
                    26:f4:4f:30:70:48:1e:1e:e2:b9:0d:0e:6e:47:38:
                    5e:8f:43:89:a6:1b:84:9e:1d:a2:c5:70:7b:16:cc:
                    79:d8:b3:23:72:e9:3e:59:00:d4:62:8a:61:88:59:
                    02:08:e5:56:f4:d2:97:96:11:c5:38:04:0e:a8:d4:
                    09:39:ae:6c:21:f9:47:7d:ae:22:40:6f:b6:c6:17:
                    17:43:d0:8e:4e:cd:bb:0d:34:ce:3f:27:3b:6e:1e:
                    fb:83:b0:d9:e8:88:82:f4:62:03:ca:83:f8:dc:f1:
                    6a:01:21:22:9e:f5:06:09:36:44:f7:ff:62:32:7a:
                    af:dd:a2:de:24:a7:31:2d:f9:14:a6:28:91:02:1c:
                    17:51:48:23:8d:e0:69:d7:fd:77:a9:ef:f8:ee:72:
                    48:fb:25:15:d3:c9:dd:e6:c3:56:0b:1d:f4:f4:c8:
                    49:1d:7e:f9:0a:e4:81:73:4d:cf:8d:3b:85:7b:66:
                    3b:cb:db:10:7b:8d:ea:13:cc:5d:d8:37:29:d6:29:
                    f2:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:22:44:0C:AA:DF:F9:9D:1F:4D:47:7F:E1:37:5A:7E:BB:55:E2:5B
            X509v3 Authority Key Identifier:
                keyid:F0:2E:28:E8:AC:7A:B1:8C:73:07:9D:E8:4C:80:97:D7:82:AA:B6:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8C4o6Kx6sYxzB53oTICX14Kqtpo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/ca686d-f35f-43f3-b889-9ffb0e41c4ef/1/KSJEDKrf-Z0fTUd_4TdafrtV4ls.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/ca686d-f35f-43f3-b889-9ffb0e41c4ef/1/8C4o6Kx6sYxzB53oTICX14Kqtpo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.188.232.0/22
                IPv6:
                  2a09:a300::/32

    Signature Algorithm: sha256WithRSAEncryption
         34:51:86:9f:af:23:5c:9e:5f:34:02:10:98:b4:9e:b2:ff:6a:
         88:ac:0a:f0:83:0f:85:89:e8:e2:cf:1a:cd:21:0e:10:d4:85:
         2a:f1:01:71:02:60:29:61:7f:c3:0c:27:56:be:de:7c:d9:e5:
         f7:93:76:13:05:b1:03:fa:f1:fa:4c:b7:7f:46:5b:ea:1e:2b:
         ff:c5:3f:93:af:39:04:2e:6e:a4:2f:59:ae:bf:c6:4e:df:7b:
         28:51:c4:ea:de:9f:f2:b3:07:eb:aa:f0:8a:3a:8f:6d:e6:5f:
         9a:66:ce:fd:5c:0b:7b:79:cc:6c:7e:d1:a2:79:ef:c8:49:69:
         29:b0:3f:52:24:9d:12:cc:6e:fc:12:9d:cb:c0:88:5b:67:36:
         b2:ea:8c:88:be:07:a7:dd:f5:52:ec:f1:fc:24:cf:49:93:5e:
         40:4d:84:c8:c8:c5:89:d7:fb:60:b1:96:c3:28:3f:0e:e9:86:
         1a:96:dc:6b:a8:58:72:f5:ce:b9:27:7b:57:37:42:99:48:18:
         e7:0d:39:9f:ec:7f:e1:ff:72:6a:e0:90:f4:c9:43:01:a2:79:
         b9:ee:53:a1:61:1a:1d:a9:80:6e:d2:74:e9:7d:76:b5:6b:52:
         d9:88:f5:03:3e:ba:5b:76:3b:d1:c1:d7:3b:61:a3:94:66:46:
         b6:2c:cc:de
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHJydSYfol4PGTd0GtUhE9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMmUyOGU4YWM3YWIxOGM3MzA3OWRlODRjODA5N2Q3ODJh
YWI2OWEwHhcNMjQwMTAxMjIzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTIyNDQwY2FhZGZmOTlkMWY0ZDQ3N2ZlMTM3NWE3ZWJiNTVlMjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhKVsVlImMOWHhMYylJgIrhcYVr9t
z3dB2v0cvR10e22yo8qUmMDLXBsSpBj/+FPnBiDcm3nnaU1jatMm9E8wcEgeHuK5
DQ5uRzhej0OJphuEnh2ixXB7Fsx52LMjcuk+WQDUYophiFkCCOVW9NKXlhHFOAQO
qNQJOa5sIflHfa4iQG+2xhcXQ9COTs27DTTOPyc7bh77g7DZ6IiC9GIDyoP43PFq
ASEinvUGCTZE9/9iMnqv3aLeJKcxLfkUpiiRAhwXUUgjjeBp1/13qe/47nJI+yUV
08nd5sNWCx309MhJHX75CuSBc03PjTuFe2Y7y9sQe43qE8xd2Dcp1inyLwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCkiRAyq3/mdH01Hf+E3Wn67VeJbMB8GA1UdIwQY
MBaAFPAuKOiserGMcwed6EyAl9eCqraaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEM0bzZLeDZzWXh6QjUzb1RJQ1gxNEtxdHBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi9jYTY4NmQtZjM1Zi00M2YzLWI4ODkt
OWZmYjBlNDFjNGVmLzEvS1NKRURLcmYtWjBmVFVkXzRUZGFmcnRWNGxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi9jYTY4NmQtZjM1Zi00M2YzLWI4ODktOWZmYjBlNDFjNGVm
LzEvOEM0bzZLeDZzWXh6QjUzb1RJQ1gxNEtxdHBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCW7zoMA0E
AgACMAcDBQAqCaMAMA0GCSqGSIb3DQEBCwUAA4IBAQA0UYafryNcnl80AhCYtJ6y
/2qIrArwgw+FiejizxrNIQ4Q1IUq8QFxAmApYX/DDCdWvt582eX3k3YTBbED+vH6
TLd/RlvqHiv/xT+TrzkELm6kL1muv8ZO33soUcTq3p/yswfrqvCKOo9t5l+aZs79
XAt7ecxsftGiee/ISWkpsD9SJJ0SzG78Ep3LwIhbZzay6oyIvgen3fVS7PH8JM9J
k15ATYTIyMWJ1/tgsZbDKD8O6YYaltxrqFhy9c65J3tXN0KZSBjnDTmf7H/h/3Jq
4JD0yUMBonm57lOhYRodqYBu0nTpfXa1a1LZiPUDPrpbdjvRwdc7YaOUZka2LMze
-----END CERTIFICATE-----