Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/07badd-ff3f-4886-abf1-552e51542d4d/1/KG9u-CV8kUoTu5pJeRfWlD-eZQc.roa
File:                     KG9u-CV8kUoTu5pJeRfWlD-eZQc.roa (raw, json)
Hash identifier:          sQn3Djr+wlEqtwKDtU9eyEmPaOtji8KV72eHw35F59Y=
Subject key identifier:   28:6F:6E:F8:25:7C:91:4A:13:BB:9A:49:79:17:D6:94:3F:9E:65:07
Certificate issuer:       /CN=af21dd2f772a5bb47925c28bb5d16cd930f206b1
Certificate serial:       018CCA2AA5FA0F4194A4DAE34113E75E39D3
Authority key identifier: AF:21:DD:2F:77:2A:5B:B4:79:25:C2:8B:B5:D1:6C:D9:30:F2:06:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ryHdL3cqW7R5JcKLtdFs2TDyBrE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/07badd-ff3f-4886-abf1-552e51542d4d/1/KG9u-CV8kUoTu5pJeRfWlD-eZQc.roa
Signing time:             Tue 02 Jan 2024 12:34:01 +0000
ROA not before:           Tue 02 Jan 2024 12:34:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28935
IP address blocks:        195.47.206.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/07badd-ff3f-4886-abf1-552e51542d4d/1/ryHdL3cqW7R5JcKLtdFs2TDyBrE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/07badd-ff3f-4886-abf1-552e51542d4d/1/ryHdL3cqW7R5JcKLtdFs2TDyBrE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ryHdL3cqW7R5JcKLtdFs2TDyBrE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:a5:fa:0f:41:94:a4:da:e3:41:13:e7:5e:39:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af21dd2f772a5bb47925c28bb5d16cd930f206b1
        Validity
            Not Before: Jan  2 12:34:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=286f6ef8257c914a13bb9a497917d6943f9e6507
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:1d:d8:65:1b:ac:5f:db:3a:c3:9d:34:f6:a7:
                    15:dc:17:36:0e:ac:62:07:c2:9f:bb:6f:a5:3e:c0:
                    24:81:c9:f9:64:12:ac:b3:0b:2a:34:51:b3:b7:ea:
                    5d:38:38:39:be:1e:28:fe:fb:21:c1:12:4a:c7:d0:
                    ff:4b:68:a8:b5:49:05:a7:cf:0b:f7:d5:1c:58:d2:
                    84:c5:bf:0e:8d:26:84:95:44:e4:58:d9:db:a7:c8:
                    56:db:f5:85:1e:ff:46:fb:fe:90:80:d4:28:ec:af:
                    b5:71:7f:e8:b8:99:37:c9:c3:17:1e:ac:b4:d3:6c:
                    ca:ae:16:3f:79:9b:94:d3:a1:94:ad:a7:40:07:45:
                    c0:12:56:88:c2:bf:b9:e2:8a:0b:8e:a9:3d:2c:5a:
                    f6:ba:cf:7f:ca:8c:67:19:7b:b4:3a:c1:66:ff:df:
                    86:3d:05:1a:99:38:51:28:3e:57:77:b5:7e:a6:a0:
                    d5:e4:32:d1:c6:05:08:9e:67:a6:a4:cc:e3:15:2d:
                    b4:06:26:7e:69:b1:ce:4d:21:5c:ec:41:af:c4:20:
                    bb:24:5c:28:0a:89:a2:69:1b:e1:a4:46:30:ab:4a:
                    45:bc:c5:be:1b:7f:8c:6a:70:0f:0d:4a:c1:7d:05:
                    31:4f:30:ca:b0:38:99:90:90:ab:e9:fa:87:02:52:
                    e6:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:6F:6E:F8:25:7C:91:4A:13:BB:9A:49:79:17:D6:94:3F:9E:65:07
            X509v3 Authority Key Identifier:
                keyid:AF:21:DD:2F:77:2A:5B:B4:79:25:C2:8B:B5:D1:6C:D9:30:F2:06:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ryHdL3cqW7R5JcKLtdFs2TDyBrE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/07badd-ff3f-4886-abf1-552e51542d4d/1/KG9u-CV8kUoTu5pJeRfWlD-eZQc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/07badd-ff3f-4886-abf1-552e51542d4d/1/ryHdL3cqW7R5JcKLtdFs2TDyBrE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.47.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:10:4f:93:6f:bb:91:41:fa:cd:b1:d0:1f:18:0f:d4:41:be:
         75:35:bf:b4:c8:d2:d8:84:0d:75:22:ef:d8:ff:14:a9:91:08:
         7d:d6:ed:53:2e:3e:53:b6:4b:c1:b2:ed:e3:74:1d:89:90:ad:
         70:77:b8:a1:45:2b:62:92:b0:46:64:62:86:01:1a:b7:69:9b:
         ef:d2:d8:81:fe:f7:df:65:81:5e:7a:87:0f:55:17:d1:d7:55:
         f6:07:6d:32:02:1f:85:98:dc:92:62:eb:d4:4a:b0:88:1a:c5:
         4e:3e:1d:4d:19:5b:d3:06:36:e2:0f:cf:06:1e:64:8b:fe:2c:
         96:c8:70:43:2d:73:1f:92:6e:e3:68:fe:92:97:e2:e7:0c:98:
         c4:0a:6c:b0:15:0e:b9:07:4e:21:47:14:2b:61:3a:89:47:12:
         01:f9:9a:db:32:ed:7b:d2:1d:b8:14:3e:56:2b:8b:f6:11:5a:
         c1:0d:a6:b6:42:62:b7:1b:95:9a:4f:d9:93:37:ab:2c:f1:48:
         a6:60:dd:6f:d2:92:f9:77:3c:16:76:b9:88:22:f8:d4:bb:95:
         9e:3b:c5:8a:47:81:e2:c6:6e:53:bb:74:71:ee:ba:cc:aa:a7:
         1f:fc:62:c0:34:76:56:5b:42:c6:cb:c8:d2:e5:4e:ba:fd:57:
         dd:68:e2:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKqX6D0GUpNrjQRPnXjnTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmMjFkZDJmNzcyYTViYjQ3OTI1YzI4YmI1ZDE2Y2Q5MzBm
MjA2YjEwHhcNMjQwMTAyMTIzNDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODZmNmVmODI1N2M5MTRhMTNiYjlhNDk3OTE3ZDY5NDNmOWU2NTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsR3YZRusX9s6w5009qcV3Bc2Dqxi
B8Kfu2+lPsAkgcn5ZBKsswsqNFGzt+pdODg5vh4o/vshwRJKx9D/S2iotUkFp88L
99UcWNKExb8OjSaElUTkWNnbp8hW2/WFHv9G+/6QgNQo7K+1cX/ouJk3ycMXHqy0
02zKrhY/eZuU06GUradAB0XAElaIwr+54ooLjqk9LFr2us9/yoxnGXu0OsFm/9+G
PQUamThRKD5Xd7V+pqDV5DLRxgUInmempMzjFS20BiZ+abHOTSFc7EGvxCC7JFwo
ComiaRvhpEYwq0pFvMW+G3+ManAPDUrBfQUxTzDKsDiZkJCr6fqHAlLmWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFChvbvglfJFKE7uaSXkX1pQ/nmUHMB8GA1UdIwQY
MBaAFK8h3S93Klu0eSXCi7XRbNkw8gaxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnlIZEwzY3FXN1I1SmNLTHRkRnMyVER5QnJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi8wN2JhZGQtZmYzZi00ODg2LWFiZjEt
NTUyZTUxNTQyZDRkLzEvS0c5dS1DVjhrVW9UdTVwSmVSZldsRC1lWlFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi8wN2JhZGQtZmYzZi00ODg2LWFiZjEtNTUyZTUxNTQyZDRk
LzEvcnlIZEwzY3FXN1I1SmNLTHRkRnMyVER5QnJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwy/OMA0G
CSqGSIb3DQEBCwUAA4IBAQA2EE+Tb7uRQfrNsdAfGA/UQb51Nb+0yNLYhA11Iu/Y
/xSpkQh91u1TLj5TtkvBsu3jdB2JkK1wd7ihRStikrBGZGKGARq3aZvv0tiB/vff
ZYFeeocPVRfR11X2B20yAh+FmNySYuvUSrCIGsVOPh1NGVvTBjbiD88GHmSL/iyW
yHBDLXMfkm7jaP6Sl+LnDJjECmywFQ65B04hRxQrYTqJRxIB+ZrbMu170h24FD5W
K4v2EVrBDaa2QmK3G5WaT9mTN6ss8UimYN1v0pL5dzwWdrmIIvjUu5WeO8WKR4Hi
xm5Tu3Rx7rrMqqcf/GLANHZWW0LGy8jS5U66/VfdaOIf
-----END CERTIFICATE-----