Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/KaCegasFgxT8bYX47Z3-ckVY4lI.roa
File:                     KaCegasFgxT8bYX47Z3-ckVY4lI.roa (raw, json)
Hash identifier:          xxhtHhB4NHtt9HiM6rxn3MaBwQpaB6IwAEf02HAzSqs=
Subject key identifier:   29:A0:9E:81:AB:05:83:14:FC:6D:85:F8:ED:9D:FE:72:45:58:E2:52
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       018F76E00C655B1595FC93CEF07DA99A12B5
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/KaCegasFgxT8bYX47Z3-ckVY4lI.roa
Signing time:             Tue 14 May 2024 11:32:25 +0000
ROA not before:           Tue 14 May 2024 11:32:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6453
IP address blocks:        212.5.156.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:02:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:76:e0:0c:65:5b:15:95:fc:93:ce:f0:7d:a9:9a:12:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: May 14 11:32:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=29a09e81ab058314fc6d85f8ed9dfe724558e252
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:42:a9:19:8d:72:83:c6:42:d7:5d:6e:d7:cb:
                    24:6a:b9:92:4e:23:82:e0:c6:95:0e:d5:4d:4e:3b:
                    98:2f:66:8b:9c:77:f3:36:22:4b:5a:b4:45:87:61:
                    81:b4:2f:8f:b6:59:3f:0e:1f:40:b2:41:f2:d8:48:
                    09:be:c2:02:e6:88:0a:30:b9:f3:e5:ce:6e:f5:17:
                    42:dc:a9:69:a3:54:d6:9e:c9:1c:66:5a:90:6c:b2:
                    35:51:ec:85:3c:14:61:9e:d9:1c:f0:c9:ea:04:e4:
                    df:9b:51:aa:19:15:3a:a6:02:ba:99:ba:c1:95:45:
                    7a:26:5e:0b:51:5a:df:de:eb:d3:f8:29:9c:af:e8:
                    c0:da:ca:64:c9:4b:e4:c5:60:24:57:5d:6c:87:c3:
                    cc:0f:b9:dd:9f:81:1c:41:ba:61:9c:cf:9e:12:11:
                    f5:36:f1:47:3f:97:e1:13:12:c0:c8:17:31:67:ce:
                    97:0b:a7:aa:d3:ac:43:32:d4:8a:b1:98:68:0b:27:
                    60:be:27:71:d3:16:d8:a2:64:cd:2d:0a:75:1f:fd:
                    fb:83:62:84:5d:d7:c7:85:0b:61:ca:6a:7e:ce:a1:
                    58:a1:f2:87:fd:fe:b2:80:c3:2c:c5:b8:a2:50:ce:
                    19:aa:46:48:73:00:c9:30:e9:41:b1:62:a7:cd:d0:
                    c4:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:A0:9E:81:AB:05:83:14:FC:6D:85:F8:ED:9D:FE:72:45:58:E2:52
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/KaCegasFgxT8bYX47Z3-ckVY4lI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.5.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:99:3a:00:8a:f5:cf:01:d1:23:44:1d:da:fe:a6:a0:7c:85:
         47:76:3e:ec:00:8c:8a:b0:32:96:7f:93:13:27:fc:2c:2d:54:
         c5:39:a2:6a:4b:bc:53:df:c5:ca:a9:31:c1:f6:ed:2d:70:fd:
         e4:20:af:a5:4f:b7:99:f4:51:01:23:c2:bd:a6:99:53:c8:76:
         18:f7:d2:ba:42:dc:70:23:05:16:49:98:3e:df:7e:cc:ac:5f:
         77:af:62:90:30:9c:f4:e1:a7:e3:1d:5b:45:be:53:6a:4b:fa:
         c5:e4:82:4c:28:0c:65:66:3d:06:aa:5a:88:07:c1:45:4f:7b:
         a9:7e:de:8f:fa:58:0a:09:b0:28:a1:52:21:2b:f5:35:3e:d2:
         0a:e3:9f:17:ea:97:c4:11:3b:68:97:76:76:17:c0:da:cf:bf:
         fb:cb:0e:fd:e1:f8:32:4a:7c:a9:7e:1e:25:42:96:05:98:00:
         59:6e:2d:d6:2a:d6:5a:9b:ff:3c:d1:63:34:c7:20:d5:c6:5c:
         80:df:8c:bf:0a:c1:68:f2:c4:da:c6:83:94:80:06:fb:13:64:
         a3:64:fb:68:10:e0:f3:79:07:24:6a:70:9d:ff:38:90:00:e7:
         dd:7e:3a:06:1d:0e:e9:5b:66:96:c3:b3:c5:00:19:0a:fe:e8:
         c8:da:98:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY924AxlWxWV/JPO8H2pmhK1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjQwNTE0MTEzMjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWEwOWU4MWFiMDU4MzE0ZmM2ZDg1ZjhlZDlkZmU3MjQ1NThlMjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0KpGY1yg8ZC111u18skarmSTiOC
4MaVDtVNTjuYL2aLnHfzNiJLWrRFh2GBtC+Ptlk/Dh9AskHy2EgJvsIC5ogKMLnz
5c5u9RdC3Klpo1TWnskcZlqQbLI1UeyFPBRhntkc8MnqBOTfm1GqGRU6pgK6mbrB
lUV6Jl4LUVrf3uvT+Cmcr+jA2spkyUvkxWAkV11sh8PMD7ndn4EcQbphnM+eEhH1
NvFHP5fhExLAyBcxZ86XC6eq06xDMtSKsZhoCydgvidx0xbYomTNLQp1H/37g2KE
XdfHhQthymp+zqFYofKH/f6ygMMsxbiiUM4ZqkZIcwDJMOlBsWKnzdDEQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCmgnoGrBYMU/G2F+O2d/nJFWOJSMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvS2FDZWdhc0ZneFQ4YllYNDdaMy1ja1ZZNGxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1AWcMA0G
CSqGSIb3DQEBCwUAA4IBAQCdmToAivXPAdEjRB3a/qagfIVHdj7sAIyKsDKWf5MT
J/wsLVTFOaJqS7xT38XKqTHB9u0tcP3kIK+lT7eZ9FEBI8K9pplTyHYY99K6Qtxw
IwUWSZg+337MrF93r2KQMJz04afjHVtFvlNqS/rF5IJMKAxlZj0GqlqIB8FFT3up
ft6P+lgKCbAooVIhK/U1PtIK458X6pfEETtol3Z2F8Daz7/7yw794fgySnypfh4l
QpYFmABZbi3WKtZam/880WM0xyDVxlyA34y/CsFo8sTaxoOUgAb7E2SjZPtoEODz
eQckanCd/ziQAOfdfjoGHQ7pW2aWw7PFABkK/ujI2ph6
-----END CERTIFICATE-----