Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/9d0e14-113b-4cba-8308-acc56977b6f4/1/KjCiqtzedJGYcAYLBS43-n8JnM0.roa
File:                     KjCiqtzedJGYcAYLBS43-n8JnM0.roa (raw, json)
Hash identifier:          du5mKosDuKPRbRJqNknivfswQ08uxfOK1YhX4eB7pgE=
Subject key identifier:   2A:30:A2:AA:DC:DE:74:91:98:70:06:0B:05:2E:37:FA:7F:09:9C:CD
Certificate issuer:       /CN=0f9c77a1dcdb8eed62cd3ca80a5144dc4e243f4e
Certificate serial:       018CC8DCFFFE51E17F4F9073F2100EDEA1FE
Authority key identifier: 0F:9C:77:A1:DC:DB:8E:ED:62:CD:3C:A8:0A:51:44:DC:4E:24:3F:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D5x3odzbju1izTyoClFE3E4kP04.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/9d0e14-113b-4cba-8308-acc56977b6f4/1/KjCiqtzedJGYcAYLBS43-n8JnM0.roa
Signing time:             Tue 02 Jan 2024 06:29:35 +0000
ROA not before:           Tue 02 Jan 2024 06:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15924
IP address blocks:        195.177.230.0/24 maxlen: 24
                          195.177.231.0/24 maxlen: 24
                          195.178.104.0/24 maxlen: 24
                          195.178.105.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/9d0e14-113b-4cba-8308-acc56977b6f4/1/D5x3odzbju1izTyoClFE3E4kP04.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/9d0e14-113b-4cba-8308-acc56977b6f4/1/D5x3odzbju1izTyoClFE3E4kP04.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D5x3odzbju1izTyoClFE3E4kP04.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 01:02:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:ff:fe:51:e1:7f:4f:90:73:f2:10:0e:de:a1:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f9c77a1dcdb8eed62cd3ca80a5144dc4e243f4e
        Validity
            Not Before: Jan  2 06:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a30a2aadcde74919870060b052e37fa7f099ccd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:00:1c:b0:d2:de:1b:9f:a6:8a:c5:0a:5c:87:
                    1c:f0:2b:dd:c0:39:1a:26:98:63:2b:d8:8c:84:c9:
                    b4:2d:71:0e:43:f2:c6:f6:ce:b4:d9:d5:bb:88:d9:
                    f9:18:25:a8:bd:95:ed:2e:1a:d4:30:ea:c4:92:c0:
                    68:9e:30:2a:17:b3:09:09:8a:75:c2:40:84:3c:89:
                    2c:cd:33:53:a8:49:03:3c:1b:30:bd:c2:2c:88:65:
                    18:c7:0c:1c:d8:5f:aa:98:33:34:79:71:27:51:12:
                    8e:c6:67:02:5a:90:38:24:37:24:86:62:94:73:a7:
                    25:b8:6f:c7:38:98:40:98:e3:30:03:cf:7f:4d:7b:
                    ed:87:21:e4:3d:13:c6:57:1a:dd:6c:44:10:f2:d8:
                    30:61:b8:4f:00:cc:80:42:22:32:29:da:8c:95:34:
                    e4:ea:cc:98:db:8a:c8:7f:b1:4a:ca:a3:68:7f:cd:
                    c6:9a:1f:37:57:ca:3e:9e:7e:97:72:5c:23:94:c8:
                    c1:2e:2d:e6:78:e3:af:81:20:a7:de:b9:c9:f6:9c:
                    2b:05:b2:9f:f5:2d:1f:85:b0:5d:1d:92:4e:48:af:
                    a9:43:43:7c:08:b6:bc:8b:9e:49:f7:fd:45:f8:a7:
                    89:e7:fc:f0:0b:98:66:1e:b7:54:d7:d9:2d:4d:08:
                    fa:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:30:A2:AA:DC:DE:74:91:98:70:06:0B:05:2E:37:FA:7F:09:9C:CD
            X509v3 Authority Key Identifier:
                keyid:0F:9C:77:A1:DC:DB:8E:ED:62:CD:3C:A8:0A:51:44:DC:4E:24:3F:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D5x3odzbju1izTyoClFE3E4kP04.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/9d0e14-113b-4cba-8308-acc56977b6f4/1/KjCiqtzedJGYcAYLBS43-n8JnM0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/9d0e14-113b-4cba-8308-acc56977b6f4/1/D5x3odzbju1izTyoClFE3E4kP04.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.177.230.0/23
                  195.178.104.0/23

    Signature Algorithm: sha256WithRSAEncryption
         65:7e:c0:99:72:01:85:ea:2e:73:11:15:bd:60:49:e3:07:94:
         8d:7b:1e:d8:82:9f:8e:c7:7f:c1:91:8b:ac:83:1a:24:a0:5a:
         4c:e9:86:dd:a7:01:47:8e:f9:df:b4:90:a7:5a:d6:14:c1:d2:
         00:24:40:1a:a0:21:c5:53:1d:c8:a8:66:50:f8:26:4b:5d:77:
         28:cb:74:74:e2:2a:74:f8:5e:9d:ef:b3:0c:bd:5b:c7:ad:1d:
         c2:dc:53:d4:dc:84:2a:96:aa:eb:bb:da:96:e1:b2:79:a6:5c:
         bc:9d:ea:ef:0c:5b:f7:fd:42:2e:fd:98:cb:0b:e2:b5:51:5f:
         73:6f:8f:4f:b3:70:62:0b:77:1b:9b:9c:63:a0:9a:e5:6a:08:
         b2:c2:8d:e8:f2:d7:55:8e:af:8e:bd:8f:db:22:07:51:2b:20:
         62:00:cd:54:aa:0f:fc:59:2e:79:95:e6:64:84:19:d1:2e:23:
         b9:37:01:30:52:fa:7f:d0:11:38:4a:3c:16:d4:ee:0c:0f:4a:
         7d:6a:56:cc:c0:6b:4c:b6:c4:7d:58:b9:3f:ee:a3:59:90:2d:
         e4:f6:c5:5f:cb:e5:27:a4:ea:70:a2:7f:c9:9b:e4:69:1c:8f:
         46:1c:85:0f:13:f5:f0:77:a8:6e:74:23:c9:45:1f:97:a5:14:
         11:71:2c:84
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3P/+UeF/T5Bz8hAO3qH+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmOWM3N2ExZGNkYjhlZWQ2MmNkM2NhODBhNTE0NGRjNGUy
NDNmNGUwHhcNMjQwMTAyMDYyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTMwYTJhYWRjZGU3NDkxOTg3MDA2MGIwNTJlMzdmYTdmMDk5Y2NkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlgAcsNLeG5+misUKXIcc8CvdwDka
JphjK9iMhMm0LXEOQ/LG9s602dW7iNn5GCWovZXtLhrUMOrEksBonjAqF7MJCYp1
wkCEPIkszTNTqEkDPBswvcIsiGUYxwwc2F+qmDM0eXEnURKOxmcCWpA4JDckhmKU
c6cluG/HOJhAmOMwA89/TXvthyHkPRPGVxrdbEQQ8tgwYbhPAMyAQiIyKdqMlTTk
6syY24rIf7FKyqNof83Gmh83V8o+nn6XclwjlMjBLi3meOOvgSCn3rnJ9pwrBbKf
9S0fhbBdHZJOSK+pQ0N8CLa8i55J9/1F+KeJ5/zwC5hmHrdU19ktTQj6AwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCowoqrc3nSRmHAGCwUuN/p/CZzNMB8GA1UdIwQY
MBaAFA+cd6Hc247tYs08qApRRNxOJD9OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRDV4M29kemJqdTFpelR5b0NsRkUzRTRrUDA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS85ZDBlMTQtMTEzYi00Y2JhLTgzMDgt
YWNjNTY5NzdiNmY0LzEvS2pDaXF0emVkSkdZY0FZTEJTNDMtbjhKbk0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS85ZDBlMTQtMTEzYi00Y2JhLTgzMDgtYWNjNTY5NzdiNmY0
LzEvRDV4M29kemJqdTFpelR5b0NsRkUzRTRrUDA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBw7HmAwQB
w7JoMA0GCSqGSIb3DQEBCwUAA4IBAQBlfsCZcgGF6i5zERW9YEnjB5SNex7Ygp+O
x3/BkYusgxokoFpM6YbdpwFHjvnftJCnWtYUwdIAJEAaoCHFUx3IqGZQ+CZLXXco
y3R04ip0+F6d77MMvVvHrR3C3FPU3IQqlqrru9qW4bJ5ply8nervDFv3/UIu/ZjL
C+K1UV9zb49Ps3BiC3cbm5xjoJrlagiywo3o8tdVjq+OvY/bIgdRKyBiAM1Uqg/8
WS55leZkhBnRLiO5NwEwUvp/0BE4SjwW1O4MD0p9albMwGtMtsR9WLk/7qNZkC3k
9sVfy+UnpOpwon/Jm+RpHI9GHIUPE/Xwd6hudCPJRR+XpRQRcSyE
-----END CERTIFICATE-----