Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/KNLI75VMFaLaFvWUruisTgHlQhA.roa
File:                     KNLI75VMFaLaFvWUruisTgHlQhA.roa (raw, json)
Hash identifier:          KxSiPY4HiKEJMGD+Ag96dP2Ox7ykuDnxFeNLosWokR4=
Subject key identifier:   28:D2:C8:EF:95:4C:15:A2:DA:16:F5:94:AE:E8:AC:4E:01:E5:42:10
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018CCA2B5A3B6A24EFB1F17359B522E7923E
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/KNLI75VMFaLaFvWUruisTgHlQhA.roa
Signing time:             Tue 02 Jan 2024 12:34:47 +0000
ROA not before:           Tue 02 Jan 2024 12:34:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60672
IP address blocks:        185.223.164.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:5a:3b:6a:24:ef:b1:f1:73:59:b5:22:e7:92:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  2 12:34:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=28d2c8ef954c15a2da16f594aee8ac4e01e54210
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:1c:9b:e1:31:39:cb:a4:6c:3b:1f:26:0d:bc:
                    2b:cb:ee:65:ea:11:ca:1e:36:f0:f0:c0:22:4e:6c:
                    4b:a0:27:b3:08:a9:a0:a5:00:23:ce:8a:c9:45:a5:
                    71:77:b9:43:e3:ce:53:a3:11:42:b7:fc:b9:14:7c:
                    37:5d:5e:e9:4d:4c:0f:8c:20:a9:6c:0c:96:fb:ed:
                    09:ba:ec:d2:4f:a5:ea:2f:17:07:e8:04:92:fb:bb:
                    18:32:f2:14:9e:79:85:7a:db:bb:92:f5:c7:ba:f1:
                    4d:13:ca:05:04:42:93:47:9a:13:29:b5:de:08:04:
                    ce:09:a3:4d:84:cb:46:46:0a:8d:26:fb:eb:70:f4:
                    52:f7:05:05:90:89:b0:95:0d:4c:4f:da:c0:34:fd:
                    1f:ea:ff:85:21:04:00:7a:6d:ae:52:81:5f:4e:7e:
                    db:05:97:93:c9:0c:a4:74:d7:20:63:02:09:1a:4f:
                    03:87:af:f8:5d:f7:b6:9b:ba:59:15:cd:b1:38:eb:
                    e2:b7:f4:1c:04:6f:c2:d4:e4:c4:33:fd:ed:d2:6b:
                    36:67:e5:90:c0:f6:6b:98:3b:16:54:a7:87:f8:44:
                    39:22:3a:c5:b4:47:52:df:43:a2:d0:89:06:bc:08:
                    a6:dc:3d:10:73:ef:fa:a0:7b:47:6a:7f:20:37:49:
                    a4:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:D2:C8:EF:95:4C:15:A2:DA:16:F5:94:AE:E8:AC:4E:01:E5:42:10
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/KNLI75VMFaLaFvWUruisTgHlQhA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.223.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:99:37:ff:c6:dd:ea:6e:ac:fc:8d:58:bb:c1:e7:a1:16:1d:
         a6:ee:fe:aa:c9:72:a7:18:c5:a7:64:a7:76:4d:6e:a6:20:71:
         c5:42:3b:d8:df:40:6d:d0:19:aa:64:48:31:12:4a:70:68:68:
         f2:41:0f:0e:1f:b8:51:b2:c6:56:36:b1:ac:d3:55:6c:a0:da:
         8b:7c:41:a7:bb:7e:64:25:0a:91:14:f5:96:88:73:31:f6:c4:
         53:2d:2f:93:c4:b2:e4:6e:e9:10:0a:4c:c1:60:b2:8b:49:10:
         56:b3:29:63:15:09:b0:6a:fd:15:51:79:dc:20:44:16:dc:43:
         a9:c4:c6:01:05:ad:50:1b:76:89:78:3a:39:1a:70:cb:de:3d:
         54:19:48:d7:cc:7e:47:65:e2:f7:c0:67:1e:58:b4:39:52:56:
         fb:f8:db:a9:3f:e4:c4:89:81:6b:43:79:b8:8f:b5:84:7e:54:
         86:ac:fc:6f:4b:be:1e:99:9a:d8:38:64:3c:ea:bf:f2:64:63:
         52:bb:ec:d5:92:16:d8:a4:a9:db:06:10:c7:0c:3c:3d:87:28:
         7d:1c:9a:55:84:a9:12:50:90:d0:43:20:d7:ea:85:a0:d7:fb:
         d0:6d:10:42:bf:6b:ff:53:f6:70:ea:a7:d9:c5:98:b7:9e:5b:
         2a:9a:72:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK1o7aiTvsfFzWbUi55I+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwMTAyMTIzNDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGQyYzhlZjk1NGMxNWEyZGExNmY1OTRhZWU4YWM0ZTAxZTU0MjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3hyb4TE5y6RsOx8mDbwry+5l6hHK
Hjbw8MAiTmxLoCezCKmgpQAjzorJRaVxd7lD485ToxFCt/y5FHw3XV7pTUwPjCCp
bAyW++0JuuzST6XqLxcH6ASS+7sYMvIUnnmFetu7kvXHuvFNE8oFBEKTR5oTKbXe
CATOCaNNhMtGRgqNJvvrcPRS9wUFkImwlQ1MT9rANP0f6v+FIQQAem2uUoFfTn7b
BZeTyQykdNcgYwIJGk8Dh6/4Xfe2m7pZFc2xOOvit/QcBG/C1OTEM/3t0ms2Z+WQ
wPZrmDsWVKeH+EQ5IjrFtEdS30Oi0IkGvAim3D0Qc+/6oHtHan8gN0mkdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCjSyO+VTBWi2hb1lK7orE4B5UIQMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvS05MSTc1Vk1GYUxhRnZXVXJ1aXNUZ0hsUWhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud+kMA0G
CSqGSIb3DQEBCwUAA4IBAQAbmTf/xt3qbqz8jVi7weehFh2m7v6qyXKnGMWnZKd2
TW6mIHHFQjvY30Bt0BmqZEgxEkpwaGjyQQ8OH7hRssZWNrGs01VsoNqLfEGnu35k
JQqRFPWWiHMx9sRTLS+TxLLkbukQCkzBYLKLSRBWsyljFQmwav0VUXncIEQW3EOp
xMYBBa1QG3aJeDo5GnDL3j1UGUjXzH5HZeL3wGceWLQ5Ulb7+NupP+TEiYFrQ3m4
j7WEflSGrPxvS74emZrYOGQ86r/yZGNSu+zVkhbYpKnbBhDHDDw9hyh9HJpVhKkS
UJDQQyDX6oWg1/vQbRBCv2v/U/Zw6qfZxZi3nlsqmnLN
-----END CERTIFICATE-----