Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/kESFO576_wtbxeGQ77BDQr-1LTs.roa
File:                     kESFO576_wtbxeGQ77BDQr-1LTs.roa (raw, json)
Hash identifier:          oCNYzonbtQImSzUVCny9pjNB9xtkASjaTMhqIxoZZuM=
Subject key identifier:   90:44:85:3B:9E:FA:FF:0B:5B:C5:E1:90:EF:B0:43:42:BF:B5:2D:3B
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       018CC56DE1264BF7414B804EAB69CC5682B4
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/kESFO576_wtbxeGQ77BDQr-1LTs.roa
Signing time:             Mon 01 Jan 2024 14:29:21 +0000
ROA not before:           Mon 01 Jan 2024 14:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24913
IP address blocks:        213.172.3.0/24 maxlen: 24
                          217.195.86.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:e1:26:4b:f7:41:4b:80:4e:ab:69:cc:56:82:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Jan  1 14:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9044853b9efaff0b5bc5e190efb04342bfb52d3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:33:f8:18:29:7c:b9:a3:40:28:7e:76:40:db:
                    47:5a:9a:cc:71:72:0c:f8:a0:39:45:45:70:57:cf:
                    4e:7b:2b:2c:68:ab:4a:b3:c9:cc:a4:ac:42:64:d1:
                    40:ae:5a:f8:a4:62:46:d7:9c:48:a2:12:92:e8:73:
                    3a:c6:be:3e:2f:33:ae:84:f2:fb:38:34:be:8e:f4:
                    a3:13:10:cc:bf:9f:af:23:54:58:b8:93:98:72:aa:
                    21:7d:a6:05:b7:4c:1b:40:66:dd:88:3d:b0:0f:ca:
                    c3:f1:45:fa:2b:05:e8:a4:ce:67:e2:d6:da:a9:21:
                    cd:89:de:93:40:cd:19:38:9f:ce:38:eb:70:19:50:
                    09:60:ab:11:5e:9b:ec:5d:50:c6:81:d7:89:e1:7b:
                    f5:ac:34:a8:8a:cb:f0:de:a8:da:de:d9:32:c0:ac:
                    2a:cc:79:0a:c9:ee:74:97:c5:76:83:27:4f:b4:dd:
                    d8:60:55:e7:db:ec:68:2b:11:b6:d7:7b:e9:11:34:
                    96:67:b5:1d:ff:d3:d5:3f:06:6d:29:63:e2:19:90:
                    e6:d5:62:85:90:1e:53:b7:fc:f8:2c:7c:b2:74:18:
                    d2:2f:48:02:c9:a4:b6:04:1d:29:2b:c0:90:fd:96:
                    da:93:c7:fd:cd:8c:f3:1f:e7:e7:95:09:69:d9:91:
                    5b:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:44:85:3B:9E:FA:FF:0B:5B:C5:E1:90:EF:B0:43:42:BF:B5:2D:3B
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/kESFO576_wtbxeGQ77BDQr-1LTs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.172.3.0/24
                  217.195.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:7a:a3:a1:6b:fb:be:90:67:fa:b8:64:1e:e5:05:13:a8:00:
         98:fb:0e:81:ac:f1:cf:09:74:68:4a:c6:35:5c:88:4d:47:ec:
         0b:49:31:5c:59:53:dc:22:df:17:c9:4d:32:a1:ae:2a:53:ea:
         55:49:1b:22:c6:31:b6:7a:92:7d:c6:80:aa:e4:a4:61:15:58:
         20:56:a6:fa:c0:af:a5:44:ba:85:59:91:cd:e2:55:8e:10:e0:
         de:75:9c:3a:7f:b0:b7:72:2b:60:f8:97:13:92:97:28:57:8d:
         b8:57:21:55:27:db:a0:c9:5a:0f:21:d8:4b:85:1d:b0:e8:78:
         91:df:0d:cb:4a:3a:5e:8d:cf:e4:8d:a7:01:67:c2:fa:91:a6:
         04:7d:c1:16:1d:2f:43:04:3a:0b:26:20:4e:00:f9:23:b3:3a:
         ba:8d:d5:85:8f:06:43:91:76:a5:6b:f2:0e:43:c0:e8:3b:ae:
         5a:63:c7:e4:b0:f2:4f:16:c2:17:53:7a:c7:37:16:9d:7e:74:
         99:f1:56:c8:61:e5:a9:ec:d6:60:36:5c:00:1c:db:13:11:36:
         78:71:59:69:ed:db:f6:a7:c5:12:91:5a:f3:2d:b6:ca:e1:1b:
         56:6f:e5:97:11:10:2e:d5:08:89:aa:81:c1:20:e5:94:12:74:
         21:11:a5:4b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbeEmS/dBS4BOq2nMVoK0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjQwMTAxMTQyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDQ0ODUzYjllZmFmZjBiNWJjNWUxOTBlZmIwNDM0MmJmYjUyZDNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwjP4GCl8uaNAKH52QNtHWprMcXIM
+KA5RUVwV89OeyssaKtKs8nMpKxCZNFArlr4pGJG15xIohKS6HM6xr4+LzOuhPL7
ODS+jvSjExDMv5+vI1RYuJOYcqohfaYFt0wbQGbdiD2wD8rD8UX6KwXopM5n4tba
qSHNid6TQM0ZOJ/OOOtwGVAJYKsRXpvsXVDGgdeJ4Xv1rDSoisvw3qja3tkywKwq
zHkKye50l8V2gydPtN3YYFXn2+xoKxG213vpETSWZ7Ud/9PVPwZtKWPiGZDm1WKF
kB5Tt/z4LHyydBjSL0gCyaS2BB0pK8CQ/Zbak8f9zYzzH+fnlQlp2ZFbwQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJBEhTue+v8LW8XhkO+wQ0K/tS07MB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEva0VTRk81NzZfd3RieGVHUTc3QkRRci0xTFRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1awDAwQA
2cNWMA0GCSqGSIb3DQEBCwUAA4IBAQCieqOha/u+kGf6uGQe5QUTqACY+w6BrPHP
CXRoSsY1XIhNR+wLSTFcWVPcIt8XyU0yoa4qU+pVSRsixjG2epJ9xoCq5KRhFVgg
Vqb6wK+lRLqFWZHN4lWOEODedZw6f7C3citg+JcTkpcoV424VyFVJ9ugyVoPIdhL
hR2w6HiR3w3LSjpejc/kjacBZ8L6kaYEfcEWHS9DBDoLJiBOAPkjszq6jdWFjwZD
kXala/IOQ8DoO65aY8fksPJPFsIXU3rHNxadfnSZ8VbIYeWp7NZgNlwAHNsTETZ4
cVlp7dv2p8USkVrzLbbK4RtWb+WXERAu1QiJqoHBIOWUEnQhEaVL
-----END CERTIFICATE-----