Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/08cd46-1019-4f7d-867b-297e03066f7d/1/k1cll-yq2gEo0t4RGnQBEvY8FIc.roa
File:                     k1cll-yq2gEo0t4RGnQBEvY8FIc.roa (raw, json)
Hash identifier:          +d8en3qE4c4+avpxYdvJLf/LRfGDwah9jahKsUytwOE=
Subject key identifier:   93:57:25:97:EC:AA:DA:01:28:D2:DE:11:1A:74:01:12:F6:3C:14:87
Certificate issuer:       /CN=b02b1f76e8c2ba4928ac280b27aa84d5967a3504
Certificate serial:       018CC5DC34FB4F0934289F6F7226EE3BE5A6
Authority key identifier: B0:2B:1F:76:E8:C2:BA:49:28:AC:28:0B:27:AA:84:D5:96:7A:35:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sCsfdujCukkorCgLJ6qE1ZZ6NQQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/08cd46-1019-4f7d-867b-297e03066f7d/1/k1cll-yq2gEo0t4RGnQBEvY8FIc.roa
Signing time:             Mon 01 Jan 2024 16:29:52 +0000
ROA not before:           Mon 01 Jan 2024 16:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196822
IP address blocks:        188.116.64.0/18 maxlen: 18
                          2a09:4dc0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/08cd46-1019-4f7d-867b-297e03066f7d/1/sCsfdujCukkorCgLJ6qE1ZZ6NQQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/08cd46-1019-4f7d-867b-297e03066f7d/1/sCsfdujCukkorCgLJ6qE1ZZ6NQQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sCsfdujCukkorCgLJ6qE1ZZ6NQQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 07:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:34:fb:4f:09:34:28:9f:6f:72:26:ee:3b:e5:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b02b1f76e8c2ba4928ac280b27aa84d5967a3504
        Validity
            Not Before: Jan  1 16:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=93572597ecaada0128d2de111a740112f63c1487
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:a0:9c:06:96:78:29:f9:be:91:bf:d0:f1:51:
                    85:85:0c:6b:88:4c:87:a2:fa:1e:c3:09:e9:2d:67:
                    91:1b:f0:17:e3:c1:75:a4:ba:57:39:1b:c4:80:6d:
                    94:72:0a:5c:c4:64:2b:ab:d6:5a:a4:d1:e9:15:40:
                    16:76:c8:b8:1a:77:d3:05:d6:5e:4b:6c:76:6d:cc:
                    8c:1d:6a:3a:2d:f1:71:cb:a2:48:24:eb:ed:77:ee:
                    c6:f3:b6:35:ba:e9:9d:ef:4d:3b:e9:1a:a5:dc:44:
                    3a:37:75:28:c8:e5:d9:7b:ca:ec:6f:6c:f2:df:00:
                    85:9f:fc:47:f0:d4:00:c5:03:46:fd:39:96:6a:e5:
                    42:6b:68:3e:f5:bb:9e:67:7c:44:de:55:8b:7d:73:
                    59:8d:06:ae:bb:29:e4:79:61:7b:7f:33:48:5b:99:
                    52:79:52:b0:04:6b:d5:8f:f1:6c:0b:87:08:dd:b4:
                    d4:7a:ab:15:f5:91:20:90:16:5e:7c:87:c3:f9:2e:
                    b3:8e:16:9a:61:31:50:6f:42:3f:8d:48:ad:15:9e:
                    9a:bd:ee:e4:db:48:24:74:f7:28:03:c1:14:5d:02:
                    e5:d1:b4:99:d3:98:5a:62:2e:bd:bc:b1:21:d0:13:
                    00:7d:27:d3:97:73:de:87:68:f9:14:f9:75:2a:62:
                    f4:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:57:25:97:EC:AA:DA:01:28:D2:DE:11:1A:74:01:12:F6:3C:14:87
            X509v3 Authority Key Identifier:
                keyid:B0:2B:1F:76:E8:C2:BA:49:28:AC:28:0B:27:AA:84:D5:96:7A:35:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sCsfdujCukkorCgLJ6qE1ZZ6NQQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/08cd46-1019-4f7d-867b-297e03066f7d/1/k1cll-yq2gEo0t4RGnQBEvY8FIc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/08cd46-1019-4f7d-867b-297e03066f7d/1/sCsfdujCukkorCgLJ6qE1ZZ6NQQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.116.64.0/18
                IPv6:
                  2a09:4dc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         69:64:c2:f8:1d:75:72:63:a9:be:cb:a5:b8:67:52:fd:9b:38:
         cd:f9:22:f5:d8:99:dd:5d:fb:3c:26:b3:f0:cf:40:20:eb:c5:
         c3:81:5f:13:1e:a3:2f:d9:7e:9e:55:1a:77:92:2f:fb:a6:72:
         0b:cb:6d:28:4c:42:97:5e:ff:3b:74:93:a0:67:78:84:ab:89:
         3f:24:a5:4b:2b:48:b7:16:67:a6:32:ce:d3:8a:83:55:00:54:
         47:86:e1:53:ee:96:59:8a:b0:6c:43:af:91:d8:5f:69:b3:7c:
         84:48:57:18:7e:56:5a:2a:50:49:ca:e0:35:71:a4:f4:49:08:
         4d:2c:b3:aa:35:8b:81:7c:e9:a3:e7:66:38:80:09:d8:a2:d9:
         29:98:1d:0b:03:4e:fa:fb:ce:a1:d1:ec:6e:6e:c8:ae:8d:e5:
         fc:8d:fc:38:67:9e:f7:fd:b0:fd:3e:e3:52:cb:f7:ca:54:38:
         ed:dc:61:f7:3d:79:d0:02:fb:6d:e6:c6:1f:f3:d4:9a:b0:e6:
         e1:58:e6:74:c1:42:e0:fb:ba:3f:29:fe:e7:4d:68:27:f1:9d:
         2d:6b:00:05:51:c7:32:19:b6:11:86:43:31:94:9e:56:5a:9b:
         ec:3e:39:0d:b8:28:e2:de:4a:a3:81:78:af:47:a7:58:4c:f4:
         ef:b1:6b:a3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3DT7Twk0KJ9vcibuO+WmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwMmIxZjc2ZThjMmJhNDkyOGFjMjgwYjI3YWE4NGQ1OTY3
YTM1MDQwHhcNMjQwMTAxMTYyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzU3MjU5N2VjYWFkYTAxMjhkMmRlMTExYTc0MDExMmY2M2MxNDg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj6CcBpZ4Kfm+kb/Q8VGFhQxriEyH
ovoewwnpLWeRG/AX48F1pLpXORvEgG2UcgpcxGQrq9ZapNHpFUAWdsi4GnfTBdZe
S2x2bcyMHWo6LfFxy6JIJOvtd+7G87Y1uumd70076Rql3EQ6N3UoyOXZe8rsb2zy
3wCFn/xH8NQAxQNG/TmWauVCa2g+9bueZ3xE3lWLfXNZjQauuynkeWF7fzNIW5lS
eVKwBGvVj/FsC4cI3bTUeqsV9ZEgkBZefIfD+S6zjhaaYTFQb0I/jUitFZ6ave7k
20gkdPcoA8EUXQLl0bSZ05haYi69vLEh0BMAfSfTl3Peh2j5FPl1KmL00QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJNXJZfsqtoBKNLeERp0ARL2PBSHMB8GA1UdIwQY
MBaAFLArH3bowrpJKKwoCyeqhNWWejUEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0NzZmR1akN1a2tvckNnTEo2cUUxWlo2TlFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS8wOGNkNDYtMTAxOS00ZjdkLTg2N2It
Mjk3ZTAzMDY2ZjdkLzEvazFjbGwteXEyZ0VvMHQ0UkduUUJFdlk4RkljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS8wOGNkNDYtMTAxOS00ZjdkLTg2N2ItMjk3ZTAzMDY2Zjdk
LzEvc0NzZmR1akN1a2tvckNnTEo2cUUxWlo2TlFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQGvHRAMA0E
AgACMAcDBQAqCU3AMA0GCSqGSIb3DQEBCwUAA4IBAQBpZML4HXVyY6m+y6W4Z1L9
mzjN+SL12JndXfs8JrPwz0Ag68XDgV8THqMv2X6eVRp3ki/7pnILy20oTEKXXv87
dJOgZ3iEq4k/JKVLK0i3FmemMs7TioNVAFRHhuFT7pZZirBsQ6+R2F9ps3yESFcY
flZaKlBJyuA1caT0SQhNLLOqNYuBfOmj52Y4gAnYotkpmB0LA076+86h0exubsiu
jeX8jfw4Z573/bD9PuNSy/fKVDjt3GH3PXnQAvtt5sYf89SasObhWOZ0wULg+7o/
Kf7nTWgn8Z0tawAFUccyGbYRhkMxlJ5WWpvsPjkNuCji3kqjgXivR6dYTPTvsWuj
-----END CERTIFICATE-----