Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/kmiJQ11-qPXytmG2JzNOMP80cvY.roa
File:                     kmiJQ11-qPXytmG2JzNOMP80cvY.roa (raw, json)
Hash identifier:          53yCwE+iS4hyFNUrWvc9GgQBhMcuPwwhITJYPeZzWOU=
Subject key identifier:   92:68:89:43:5D:7E:A8:F5:F2:B6:61:B6:27:33:4E:30:FF:34:72:F6
Certificate issuer:       /CN=f04eb204f358004788224e2fb18e4d5e74bebf8d
Certificate serial:       01922310AE6D428846695BBBB4590D12BE0D
Authority key identifier: F0:4E:B2:04:F3:58:00:47:88:22:4E:2F:B1:8E:4D:5E:74:BE:BF:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/kmiJQ11-qPXytmG2JzNOMP80cvY.roa
Signing time:             Tue 24 Sep 2024 08:05:48 +0000
ROA not before:           Tue 24 Sep 2024 08:05:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58061
IP address blocks:        185.110.62.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:23:10:ae:6d:42:88:46:69:5b:bb:b4:59:0d:12:be:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04eb204f358004788224e2fb18e4d5e74bebf8d
        Validity
            Not Before: Sep 24 08:05:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=926889435d7ea8f5f2b661b627334e30ff3472f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:c4:b1:c9:c5:de:5b:29:f7:58:15:38:62:70:
                    ac:d9:c2:5a:d1:a7:a3:d0:73:98:07:cf:cf:89:ff:
                    00:ff:39:6b:11:eb:bd:c7:f8:97:74:0b:91:df:f6:
                    7b:ae:7f:a3:c8:b2:b1:fe:ea:e0:08:f5:93:09:bf:
                    67:13:bd:f1:eb:9c:bb:e1:e7:16:06:00:fe:af:80:
                    f0:1d:b8:31:1f:0e:c7:16:52:0e:1e:bb:9f:f9:c2:
                    7b:dc:c8:16:5a:53:a8:d9:d2:ae:7f:8d:29:7c:0a:
                    fd:6c:55:e4:17:40:0e:08:48:17:0a:65:81:1f:53:
                    18:39:8e:88:e2:2f:6e:0f:3f:5f:bc:b9:d6:4d:a5:
                    ea:d9:dd:af:f1:53:50:74:d5:df:9b:fe:a1:e6:45:
                    25:6a:80:98:a1:94:39:fa:57:e1:15:0c:3b:0c:e6:
                    bc:29:e8:68:19:99:14:f4:56:75:3a:b8:21:aa:e2:
                    3c:ea:10:ba:1d:4c:de:b5:70:2a:47:47:43:19:7e:
                    fe:cb:3f:ba:bf:15:89:6b:d2:2d:c4:4b:62:23:c4:
                    0a:8b:ea:a7:37:97:7e:db:d9:12:b7:bd:2b:99:60:
                    12:ea:82:c9:f0:92:70:ad:26:20:97:0f:4f:ad:50:
                    bb:8f:f6:be:f9:80:e1:55:96:91:38:4b:94:db:58:
                    89:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:68:89:43:5D:7E:A8:F5:F2:B6:61:B6:27:33:4E:30:FF:34:72:F6
            X509v3 Authority Key Identifier:
                keyid:F0:4E:B2:04:F3:58:00:47:88:22:4E:2F:B1:8E:4D:5E:74:BE:BF:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/kmiJQ11-qPXytmG2JzNOMP80cvY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.110.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:77:fd:f9:a3:62:14:c8:43:4d:65:d5:a7:6a:18:78:15:d7:
         c8:51:fe:bc:a0:c6:22:99:71:ad:9a:b7:fc:ea:22:61:59:cf:
         b3:ca:a1:c8:5f:80:22:6c:7f:f2:ac:93:91:72:a7:69:2c:38:
         a6:b9:8c:1b:77:c7:ae:96:cd:b1:db:90:34:2c:61:f9:05:11:
         92:28:d6:96:51:95:38:0a:3a:48:11:27:4c:2f:7c:f0:4c:92:
         c6:b8:37:08:a5:8e:e8:29:99:e8:b4:3e:74:6f:f0:3b:44:e2:
         ba:7c:0f:3b:1e:18:04:e0:7e:7e:61:94:c5:ae:1d:27:34:1b:
         d6:b8:7a:41:30:18:8f:98:83:23:7f:38:2d:e4:1f:42:63:33:
         9e:ed:ca:d0:32:b5:56:30:74:14:cd:f3:44:33:4b:a3:a6:a8:
         21:99:d2:fc:f3:b2:07:8f:e8:26:82:3b:cc:9d:45:2a:31:f4:
         b7:75:e0:b1:ed:fa:d3:22:3e:01:eb:8b:68:fd:43:a4:7b:d2:
         43:56:68:65:3e:43:66:ce:32:a8:6b:23:ae:29:f6:3a:30:0f:
         cb:e8:1b:b0:d5:9b:61:57:49:e9:1a:b7:7b:ca:63:4a:0c:cc:
         1b:8c:b1:17:25:0f:16:eb:85:d6:66:c2:df:6e:2d:3c:7c:13:
         34:8d:69:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIjEK5tQohGaVu7tFkNEr4NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGViMjA0ZjM1ODAwNDc4ODIyNGUyZmIxOGU0ZDVlNzRi
ZWJmOGQwHhcNMjQwOTI0MDgwNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjY4ODk0MzVkN2VhOGY1ZjJiNjYxYjYyNzMzNGUzMGZmMzQ3MmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn8SxycXeWyn3WBU4YnCs2cJa0aej
0HOYB8/Pif8A/zlrEeu9x/iXdAuR3/Z7rn+jyLKx/urgCPWTCb9nE73x65y74ecW
BgD+r4DwHbgxHw7HFlIOHruf+cJ73MgWWlOo2dKuf40pfAr9bFXkF0AOCEgXCmWB
H1MYOY6I4i9uDz9fvLnWTaXq2d2v8VNQdNXfm/6h5kUlaoCYoZQ5+lfhFQw7DOa8
KehoGZkU9FZ1OrghquI86hC6HUzetXAqR0dDGX7+yz+6vxWJa9ItxEtiI8QKi+qn
N5d+29kSt70rmWAS6oLJ8JJwrSYglw9PrVC7j/a++YDhVZaROEuU21iJnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJJoiUNdfqj18rZhticzTjD/NHL2MB8GA1UdIwQY
MBaAFPBOsgTzWABHiCJOL7GOTV50vr+NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEU2eUJQTllBRWVJSWs0dnNZNU5YblMtdjQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS85YWI0MmEtZGY5Mi00ZTQyLTllMzMt
NWM1ODkyYWZhNDg3LzEva21pSlExMS1xUFh5dG1HMkp6Tk9NUDgwY3ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS85YWI0MmEtZGY5Mi00ZTQyLTllMzMtNWM1ODkyYWZhNDg3
LzEvOEU2eUJQTllBRWVJSWs0dnNZNU5YblMtdjQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuW4+MA0G
CSqGSIb3DQEBCwUAA4IBAQAYd/35o2IUyENNZdWnahh4FdfIUf68oMYimXGtmrf8
6iJhWc+zyqHIX4AibH/yrJORcqdpLDimuYwbd8euls2x25A0LGH5BRGSKNaWUZU4
CjpIESdML3zwTJLGuDcIpY7oKZnotD50b/A7ROK6fA87HhgE4H5+YZTFrh0nNBvW
uHpBMBiPmIMjfzgt5B9CYzOe7crQMrVWMHQUzfNEM0ujpqghmdL887IHj+gmgjvM
nUUqMfS3deCx7frTIj4B64to/UOke9JDVmhlPkNmzjKoayOuKfY6MA/L6Buw1Zth
V0npGrd7ymNKDMwbjLEXJQ8W64XWZsLfbi08fBM0jWlW
-----END CERTIFICATE-----