Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/c731c4-9183-4db3-b70a-33980c03f08e/1/KjF0gLcXikZfSXTVIqvlMuMzvbc.roa
File:                     KjF0gLcXikZfSXTVIqvlMuMzvbc.roa (raw, json)
Hash identifier:          3ETx5wTiZoU01rbo6pmAync3zelb75WFLAg8dqLAH1E=
Subject key identifier:   2A:31:74:80:B7:17:8A:46:5F:49:74:D5:22:AB:E5:32:E3:33:BD:B7
Certificate issuer:       /CN=43965dd1f6f24a46d7cc4bccfecd4151c6dd1bfb
Certificate serial:       018CC727449EF0B72CF364BDC3DAE28536E1
Authority key identifier: 43:96:5D:D1:F6:F2:4A:46:D7:CC:4B:CC:FE:CD:41:51:C6:DD:1B:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q5Zd0fbySkbXzEvM_s1BUcbdG_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/c731c4-9183-4db3-b70a-33980c03f08e/1/KjF0gLcXikZfSXTVIqvlMuMzvbc.roa
Signing time:             Mon 01 Jan 2024 22:31:28 +0000
ROA not before:           Mon 01 Jan 2024 22:31:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202029
IP address blocks:        185.212.194.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/c731c4-9183-4db3-b70a-33980c03f08e/1/Q5Zd0fbySkbXzEvM_s1BUcbdG_s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/c731c4-9183-4db3-b70a-33980c03f08e/1/Q5Zd0fbySkbXzEvM_s1BUcbdG_s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q5Zd0fbySkbXzEvM_s1BUcbdG_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:44:9e:f0:b7:2c:f3:64:bd:c3:da:e2:85:36:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43965dd1f6f24a46d7cc4bccfecd4151c6dd1bfb
        Validity
            Not Before: Jan  1 22:31:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a317480b7178a465f4974d522abe532e333bdb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:01:37:e2:b2:05:28:c6:a1:28:f1:46:c9:3a:
                    11:dd:d8:b4:64:d7:42:bd:93:68:56:a6:ce:ab:4e:
                    28:0c:b4:10:f6:fa:2e:7d:0e:eb:05:b2:48:81:12:
                    9a:c3:83:9a:5c:b1:33:61:b8:1c:05:26:ab:07:70:
                    0a:c9:35:bb:b6:92:8e:7a:e2:99:b0:de:51:ed:56:
                    93:a8:cf:52:78:1e:59:6f:33:50:a9:3e:4f:3d:89:
                    26:b1:90:99:51:13:2a:12:1e:52:3c:0e:56:90:b0:
                    34:c0:95:6d:39:b4:f7:95:a9:64:d5:44:bf:47:7f:
                    8b:c3:34:f6:90:c8:71:08:61:4b:20:67:1f:cf:fe:
                    bd:3c:a1:59:13:9d:37:0b:9c:ce:34:bd:9a:59:2f:
                    45:38:9d:35:22:72:dc:a5:98:79:2a:81:05:c5:d2:
                    01:4e:e2:cc:43:23:9a:aa:50:75:ce:03:5d:4d:51:
                    6b:c3:77:54:38:04:0d:89:73:87:41:40:63:57:53:
                    e3:af:47:c9:5f:bc:2c:9c:e0:67:90:04:2b:09:44:
                    af:f5:87:89:ed:7e:08:08:07:cc:2b:83:f8:f4:ea:
                    fb:96:8c:02:d8:8a:aa:92:1b:3f:3f:8a:d2:d4:12:
                    a9:f6:95:5f:78:65:c3:7e:11:b0:e0:79:98:83:be:
                    87:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:31:74:80:B7:17:8A:46:5F:49:74:D5:22:AB:E5:32:E3:33:BD:B7
            X509v3 Authority Key Identifier:
                keyid:43:96:5D:D1:F6:F2:4A:46:D7:CC:4B:CC:FE:CD:41:51:C6:DD:1B:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q5Zd0fbySkbXzEvM_s1BUcbdG_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/c731c4-9183-4db3-b70a-33980c03f08e/1/KjF0gLcXikZfSXTVIqvlMuMzvbc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/c731c4-9183-4db3-b70a-33980c03f08e/1/Q5Zd0fbySkbXzEvM_s1BUcbdG_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.212.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:f6:d1:88:79:6f:87:d6:c4:0b:fd:bb:01:1a:8b:06:db:b2:
         ae:24:1d:fd:ff:7e:ed:f5:ea:62:49:e9:50:04:eb:b8:89:38:
         eb:54:4d:f1:6c:79:b0:92:8a:fd:17:3b:68:b2:75:5e:d4:f3:
         d1:0e:a0:ab:ae:91:79:0c:76:c7:0c:60:2d:21:8f:ea:b0:12:
         ea:46:a9:f1:91:81:1c:e7:26:a4:16:39:67:09:bf:3d:f7:29:
         a8:a3:c2:34:f1:a6:dd:e5:f4:d4:1a:1c:db:bc:73:f5:82:5e:
         92:f5:8d:cd:21:36:1c:fa:ec:2d:46:d8:2d:cb:2c:e1:d3:73:
         1a:fc:ba:48:3f:6f:c8:11:e5:86:e8:e8:41:b6:e0:e4:72:33:
         05:b6:d7:a8:51:c3:eb:1d:19:1e:f0:3c:27:21:cf:39:ea:25:
         02:84:c3:a7:44:e0:79:f1:ec:aa:2a:e2:2d:c5:2c:3f:f2:bf:
         eb:99:94:2a:16:a0:38:ca:7d:2c:65:65:b8:80:1d:df:f7:a2:
         6d:95:ba:23:7d:20:7a:37:ad:bc:35:3f:fd:4b:c9:87:ad:d1:
         0f:b5:32:24:8b:3e:d0:26:4b:de:63:fd:b4:e4:b7:88:9e:30:
         39:7e:62:bc:f1:c5:13:94:c2:c9:08:8a:a0:87:6c:ea:4b:fa:
         07:16:1c:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ0Se8Lcs82S9w9rihTbhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzOTY1ZGQxZjZmMjRhNDZkN2NjNGJjY2ZlY2Q0MTUxYzZk
ZDFiZmIwHhcNMjQwMTAxMjIzMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTMxNzQ4MGI3MTc4YTQ2NWY0OTc0ZDUyMmFiZTUzMmUzMzNiZGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkwE34rIFKMahKPFGyToR3di0ZNdC
vZNoVqbOq04oDLQQ9voufQ7rBbJIgRKaw4OaXLEzYbgcBSarB3AKyTW7tpKOeuKZ
sN5R7VaTqM9SeB5ZbzNQqT5PPYkmsZCZURMqEh5SPA5WkLA0wJVtObT3lalk1US/
R3+LwzT2kMhxCGFLIGcfz/69PKFZE503C5zONL2aWS9FOJ01InLcpZh5KoEFxdIB
TuLMQyOaqlB1zgNdTVFrw3dUOAQNiXOHQUBjV1Pjr0fJX7wsnOBnkAQrCUSv9YeJ
7X4ICAfMK4P49Or7lowC2Iqqkhs/P4rS1BKp9pVfeGXDfhGw4HmYg76HBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCoxdIC3F4pGX0l01SKr5TLjM723MB8GA1UdIwQY
MBaAFEOWXdH28kpG18xLzP7NQVHG3Rv7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTVaZDBmYnlTa2JYekV2TV9zMUJVY2JkR19zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9jNzMxYzQtOTE4My00ZGIzLWI3MGEt
MzM5ODBjMDNmMDhlLzEvS2pGMGdMY1hpa1pmU1hUVklxdmxNdU16dmJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9jNzMxYzQtOTE4My00ZGIzLWI3MGEtMzM5ODBjMDNmMDhl
LzEvUTVaZDBmYnlTa2JYekV2TV9zMUJVY2JkR19zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudTCMA0G
CSqGSIb3DQEBCwUAA4IBAQCt9tGIeW+H1sQL/bsBGosG27KuJB39/37t9epiSelQ
BOu4iTjrVE3xbHmwkor9FztosnVe1PPRDqCrrpF5DHbHDGAtIY/qsBLqRqnxkYEc
5yakFjlnCb899ymoo8I08abd5fTUGhzbvHP1gl6S9Y3NITYc+uwtRtgtyyzh03Ma
/LpIP2/IEeWG6OhBtuDkcjMFtteoUcPrHRke8DwnIc856iUChMOnROB58eyqKuIt
xSw/8r/rmZQqFqA4yn0sZWW4gB3f96JtlbojfSB6N628NT/9S8mHrdEPtTIkiz7Q
JkveY/205LeInjA5fmK88cUTlMLJCIqgh2zqS/oHFhwq
-----END CERTIFICATE-----