Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/7b2cd6-b1f3-43fc-9f09-cd974042649f/1/Kk-0xeIKv9cyCQUVRiqgLWveCLg.roa
File:                     Kk-0xeIKv9cyCQUVRiqgLWveCLg.roa (raw, json)
Hash identifier:          GFIsyXbMM6cyuuGiXq/C/WXlpq4SZv+u/8ugC3BkunA=
Subject key identifier:   2A:4F:B4:C5:E2:0A:BF:D7:32:09:05:15:46:2A:A0:2D:6B:DE:08:B8
Certificate issuer:       /CN=808e238e30dcb759759fb8a394d9e211a28b9d87
Certificate serial:       018CCA2A65863FAD34F39F6FE13AB7C831DA
Authority key identifier: 80:8E:23:8E:30:DC:B7:59:75:9F:B8:A3:94:D9:E2:11:A2:8B:9D:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gI4jjjDct1l1n7ijlNniEaKLnYc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/7b2cd6-b1f3-43fc-9f09-cd974042649f/1/Kk-0xeIKv9cyCQUVRiqgLWveCLg.roa
Signing time:             Tue 02 Jan 2024 12:33:45 +0000
ROA not before:           Tue 02 Jan 2024 12:33:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51522
IP address blocks:        91.247.112.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/7b2cd6-b1f3-43fc-9f09-cd974042649f/1/gI4jjjDct1l1n7ijlNniEaKLnYc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/7b2cd6-b1f3-43fc-9f09-cd974042649f/1/gI4jjjDct1l1n7ijlNniEaKLnYc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gI4jjjDct1l1n7ijlNniEaKLnYc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:65:86:3f:ad:34:f3:9f:6f:e1:3a:b7:c8:31:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=808e238e30dcb759759fb8a394d9e211a28b9d87
        Validity
            Not Before: Jan  2 12:33:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a4fb4c5e20abfd732090515462aa02d6bde08b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:67:c5:09:2b:fe:fa:2e:ee:80:3b:5a:79:8a:
                    18:4a:72:6a:ab:df:72:37:57:7d:f2:50:ff:f6:79:
                    02:34:c2:eb:84:2e:81:e3:e2:25:c9:55:4f:39:b0:
                    70:9a:3d:0e:2b:3d:02:4f:d0:6c:ee:1d:19:b1:e0:
                    b9:3e:e0:eb:1c:81:ca:e8:f4:e2:5f:60:b7:8d:77:
                    79:4f:21:12:c1:1c:a2:d2:61:d5:72:1e:1f:78:2b:
                    0b:7e:4a:85:ef:5c:52:a7:1b:b8:41:ee:63:ae:71:
                    8e:0f:b0:c9:7d:86:8b:9f:81:18:b8:3d:5c:e6:9a:
                    f9:3a:60:ba:98:64:7e:c8:2a:f7:75:bb:9f:a5:28:
                    0f:e4:d3:17:fb:a0:2d:0a:1e:54:3a:36:52:3a:4f:
                    42:2d:e7:c2:c4:b0:06:b1:4f:00:b9:e5:a8:16:9c:
                    74:09:a4:e6:49:67:b0:66:bb:c9:06:81:a2:bd:ed:
                    79:14:dd:a2:31:a3:7a:72:e5:ad:c3:b9:3d:51:8d:
                    5f:46:d6:df:2a:6e:56:d6:52:5c:23:78:6b:fe:65:
                    34:eb:ea:77:b3:a6:f9:c7:b0:80:e8:f1:c8:9b:b7:
                    b7:11:cf:93:a3:bc:40:92:c2:da:33:84:1d:1a:cc:
                    fe:0c:51:1d:b1:68:b0:e3:14:16:3f:06:3d:96:3c:
                    56:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:4F:B4:C5:E2:0A:BF:D7:32:09:05:15:46:2A:A0:2D:6B:DE:08:B8
            X509v3 Authority Key Identifier:
                keyid:80:8E:23:8E:30:DC:B7:59:75:9F:B8:A3:94:D9:E2:11:A2:8B:9D:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gI4jjjDct1l1n7ijlNniEaKLnYc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/7b2cd6-b1f3-43fc-9f09-cd974042649f/1/Kk-0xeIKv9cyCQUVRiqgLWveCLg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/7b2cd6-b1f3-43fc-9f09-cd974042649f/1/gI4jjjDct1l1n7ijlNniEaKLnYc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.247.112.0/21

    Signature Algorithm: sha256WithRSAEncryption
         83:ad:c0:60:35:9d:be:a5:de:d5:86:77:e6:2e:1c:97:df:76:
         1b:cf:04:e3:e6:e0:3b:1e:22:de:17:38:17:07:a2:2c:8f:e4:
         3d:6e:ce:a7:5c:82:d4:c3:b3:5b:f3:f2:33:38:de:8b:fd:25:
         12:20:8c:64:23:52:a2:5b:99:2b:61:34:73:6b:70:91:b1:3e:
         0f:dc:67:04:af:f9:3f:74:91:26:48:6d:f3:f5:bf:05:29:74:
         af:bb:4d:33:8a:83:80:1f:da:72:ef:95:68:67:1f:fd:10:22:
         e8:2c:d7:8d:27:e2:90:83:c0:6c:2f:0f:26:d9:02:c5:a4:51:
         d8:a7:4b:1f:9f:97:d5:18:bc:37:8c:63:12:50:73:e7:5d:1d:
         5d:59:49:49:b3:a1:3a:95:c7:e6:25:58:ea:e5:a7:18:bb:a9:
         98:f4:4b:02:1f:52:5f:ad:eb:f1:3e:13:06:3d:44:bb:00:31:
         8c:ac:c0:16:6c:ba:09:32:a7:87:19:ff:e9:97:29:5b:60:42:
         fc:10:03:b8:ad:1d:20:4a:f2:5f:51:8c:17:f1:d9:c8:28:a7:
         61:7b:a5:e6:e7:38:ee:15:1f:f6:7b:f9:ba:89:f2:21:cb:d2:
         02:48:ff:39:a0:90:2a:b4:eb:c2:c2:4a:20:aa:49:a3:f7:37:
         18:5b:77:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKmWGP600859v4Tq3yDHaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwOGUyMzhlMzBkY2I3NTk3NTlmYjhhMzk0ZDllMjExYTI4
YjlkODcwHhcNMjQwMTAyMTIzMzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTRmYjRjNWUyMGFiZmQ3MzIwOTA1MTU0NjJhYTAyZDZiZGUwOGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi2fFCSv++i7ugDtaeYoYSnJqq99y
N1d98lD/9nkCNMLrhC6B4+IlyVVPObBwmj0OKz0CT9Bs7h0ZseC5PuDrHIHK6PTi
X2C3jXd5TyESwRyi0mHVch4feCsLfkqF71xSpxu4Qe5jrnGOD7DJfYaLn4EYuD1c
5pr5OmC6mGR+yCr3dbufpSgP5NMX+6AtCh5UOjZSOk9CLefCxLAGsU8AueWoFpx0
CaTmSWewZrvJBoGive15FN2iMaN6cuWtw7k9UY1fRtbfKm5W1lJcI3hr/mU06+p3
s6b5x7CA6PHIm7e3Ec+To7xAksLaM4QdGsz+DFEdsWiw4xQWPwY9ljxWzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCpPtMXiCr/XMgkFFUYqoC1r3gi4MB8GA1UdIwQY
MBaAFICOI44w3LdZdZ+4o5TZ4hGii52HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0k0ampqRGN0MWwxbjdpamxObmlFYUtMblljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi83YjJjZDYtYjFmMy00M2ZjLTlmMDkt
Y2Q5NzQwNDI2NDlmLzEvS2stMHhlSUt2OWN5Q1FVVlJpcWdMV3ZlQ0xnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi83YjJjZDYtYjFmMy00M2ZjLTlmMDktY2Q5NzQwNDI2NDlm
LzEvZ0k0ampqRGN0MWwxbjdpamxObmlFYUtMblljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDW/dwMA0G
CSqGSIb3DQEBCwUAA4IBAQCDrcBgNZ2+pd7VhnfmLhyX33YbzwTj5uA7HiLeFzgX
B6Isj+Q9bs6nXILUw7Nb8/IzON6L/SUSIIxkI1KiW5krYTRza3CRsT4P3GcEr/k/
dJEmSG3z9b8FKXSvu00zioOAH9py75VoZx/9ECLoLNeNJ+KQg8BsLw8m2QLFpFHY
p0sfn5fVGLw3jGMSUHPnXR1dWUlJs6E6lcfmJVjq5acYu6mY9EsCH1JfrevxPhMG
PUS7ADGMrMAWbLoJMqeHGf/plylbYEL8EAO4rR0gSvJfUYwX8dnIKKdhe6Xm5zju
FR/2e/m6ifIhy9ICSP85oJAqtOvCwkogqkmj9zcYW3dc
-----END CERTIFICATE-----