Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/KbSUZ-kbSCY64_WWjrzAxiBUNds.roa
File:                     KbSUZ-kbSCY64_WWjrzAxiBUNds.roa (raw, json)
Hash identifier:          /V0+BOhgwQK+l6NBBvExZAzeqeh4VbQLmSP6UHPNNWY=
Subject key identifier:   29:B4:94:67:E9:1B:48:26:3A:E3:F5:96:8E:BC:C0:C6:20:54:35:DB
Certificate issuer:       /CN=22f344a63dcb70e89057deb8e2761dc45165881a
Certificate serial:       018CC793646F27B077CF986C72DEC71C4BD0
Authority key identifier: 22:F3:44:A6:3D:CB:70:E8:90:57:DE:B8:E2:76:1D:C4:51:65:88:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/KbSUZ-kbSCY64_WWjrzAxiBUNds.roa
Signing time:             Tue 02 Jan 2024 00:29:34 +0000
ROA not before:           Tue 02 Jan 2024 00:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49505
IP address blocks:        109.238.204.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:64:6f:27:b0:77:cf:98:6c:72:de:c7:1c:4b:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22f344a63dcb70e89057deb8e2761dc45165881a
        Validity
            Not Before: Jan  2 00:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=29b49467e91b48263ae3f5968ebcc0c6205435db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:6f:65:8f:ca:94:04:f1:8a:83:3b:24:d3:f2:
                    f9:84:0e:fd:e9:78:c7:c2:5c:8b:32:81:68:d0:9e:
                    c8:6d:36:c6:e5:8b:12:26:f1:be:de:32:e4:75:1b:
                    d2:4f:38:89:f6:70:47:57:15:c7:41:92:56:6d:4f:
                    9f:9a:6f:52:a4:32:f3:eb:27:68:a5:e4:96:a4:10:
                    24:17:a7:a8:9a:4d:0f:a5:54:da:9b:f7:1d:8b:a5:
                    61:8a:96:67:74:55:33:0e:d9:e7:80:3d:61:5f:86:
                    87:c6:9d:c5:8e:02:65:eb:59:44:d1:2b:33:6e:66:
                    55:cc:4f:8f:bb:f6:d4:51:1d:01:25:34:52:ca:f7:
                    d0:bc:5d:b6:2d:31:76:8e:3b:d1:c0:40:e6:d2:a0:
                    8b:a6:e1:59:41:a1:d1:71:bc:fd:3b:a0:7e:6d:84:
                    cb:c3:31:b7:af:0f:d0:a2:4f:99:79:9f:df:e9:83:
                    43:3a:21:15:2c:95:21:b1:b2:02:92:45:4d:2f:76:
                    7c:15:5c:76:8a:27:bc:84:ad:a3:b7:5e:6b:f1:b5:
                    de:88:8e:80:e5:eb:ec:48:b6:d5:2a:8d:ff:a6:b5:
                    01:b4:ff:8c:63:ad:c9:f4:33:63:99:d3:86:4d:49:
                    73:a8:5b:39:5b:89:14:61:7b:a5:a4:72:48:0c:37:
                    8b:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:B4:94:67:E9:1B:48:26:3A:E3:F5:96:8E:BC:C0:C6:20:54:35:DB
            X509v3 Authority Key Identifier:
                keyid:22:F3:44:A6:3D:CB:70:E8:90:57:DE:B8:E2:76:1D:C4:51:65:88:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/KbSUZ-kbSCY64_WWjrzAxiBUNds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.238.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:cd:22:40:26:10:7a:36:aa:69:75:87:1a:c5:c7:11:80:5a:
         3b:e3:59:9d:1e:81:eb:d7:96:73:83:88:d1:90:db:06:60:fe:
         12:d0:52:4e:6f:a0:8d:51:e3:f9:3e:60:53:95:5d:58:6d:ba:
         49:be:e3:77:e9:8b:2e:9b:47:1a:fe:bb:34:aa:52:b1:a1:74:
         df:63:9e:18:20:eb:93:9b:09:f6:d5:4b:c4:aa:7f:59:6b:e7:
         7e:50:21:b7:28:2a:78:1f:0a:f7:e4:61:09:85:b7:48:f1:25:
         46:8a:21:12:4d:8f:a4:10:79:4c:c5:72:d7:dc:e2:cf:85:c1:
         84:90:98:d9:ad:c9:b0:a3:45:23:c0:cd:eb:08:c0:70:d5:81:
         d5:3d:fa:bf:cd:a5:10:41:90:79:66:05:b8:a1:2e:4c:75:73:
         a3:10:fb:fa:ea:18:a7:76:65:f1:52:3f:e2:ef:4c:f5:74:9c:
         b0:d3:9a:42:d4:bc:21:86:cb:53:38:3a:46:2b:c9:5a:44:27:
         fd:68:59:ae:7c:f8:5f:4f:c3:ac:63:b8:9d:4b:3f:e2:de:1b:
         90:fa:b6:e0:18:9b:75:d6:37:03:d8:b7:6a:a9:09:d2:33:0e:
         08:3b:e9:56:3c:a3:89:24:0c:a1:a9:78:18:b9:c3:6d:6b:f3:
         a1:b9:a4:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHk2RvJ7B3z5hsct7HHEvQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyZjM0NGE2M2RjYjcwZTg5MDU3ZGViOGUyNzYxZGM0NTE2
NTg4MWEwHhcNMjQwMTAyMDAyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWI0OTQ2N2U5MWI0ODI2M2FlM2Y1OTY4ZWJjYzBjNjIwNTQzNWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAim9lj8qUBPGKgzsk0/L5hA796XjH
wlyLMoFo0J7IbTbG5YsSJvG+3jLkdRvSTziJ9nBHVxXHQZJWbU+fmm9SpDLz6ydo
peSWpBAkF6eomk0PpVTam/cdi6VhipZndFUzDtnngD1hX4aHxp3FjgJl61lE0Ssz
bmZVzE+Pu/bUUR0BJTRSyvfQvF22LTF2jjvRwEDm0qCLpuFZQaHRcbz9O6B+bYTL
wzG3rw/Qok+ZeZ/f6YNDOiEVLJUhsbICkkVNL3Z8FVx2iie8hK2jt15r8bXeiI6A
5evsSLbVKo3/prUBtP+MY63J9DNjmdOGTUlzqFs5W4kUYXulpHJIDDeLfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCm0lGfpG0gmOuP1lo68wMYgVDXbMB8GA1UdIwQY
MBaAFCLzRKY9y3DokFfeuOJ2HcRRZYgaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXZORXBqM0xjT2lRVjk2NDRuWWR4RkZsaUJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi81MzYwZTctZjAyYS00NzM3LTk5Yzct
ZmViYjY0YjVlMTY0LzEvS2JTVVota2JTQ1k2NF9XV2pyekF4aUJVTmRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi81MzYwZTctZjAyYS00NzM3LTk5YzctZmViYjY0YjVlMTY0
LzEvSXZORXBqM0xjT2lRVjk2NDRuWWR4RkZsaUJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbe7MMA0G
CSqGSIb3DQEBCwUAA4IBAQAazSJAJhB6NqppdYcaxccRgFo741mdHoHr15Zzg4jR
kNsGYP4S0FJOb6CNUeP5PmBTlV1YbbpJvuN36Ysum0ca/rs0qlKxoXTfY54YIOuT
mwn21UvEqn9Za+d+UCG3KCp4Hwr35GEJhbdI8SVGiiESTY+kEHlMxXLX3OLPhcGE
kJjZrcmwo0UjwM3rCMBw1YHVPfq/zaUQQZB5ZgW4oS5MdXOjEPv66hindmXxUj/i
70z1dJyw05pC1LwhhstTODpGK8laRCf9aFmufPhfT8OsY7idSz/i3huQ+rbgGJt1
1jcD2LdqqQnSMw4IO+lWPKOJJAyhqXgYucNta/OhuaQo
-----END CERTIFICATE-----