Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/9e1e78-df24-4fc6-b077-39fe723ef730/1/romkalnTCT9ikbQ_7MiYfQ9uSA0.roa
File:                     romkalnTCT9ikbQ_7MiYfQ9uSA0.roa (raw, json)
Hash identifier:          J4tLiAo0ak4CIsOieIOWkdqJvoBNnSE0n6/HbH5tNMY=
Subject key identifier:   AE:89:A4:6A:59:D3:09:3F:62:91:B4:3F:EC:C8:98:7D:0F:6E:48:0D
Certificate issuer:       /CN=d23f78373cb96654d0306064692efc4ae7715f17
Certificate serial:       018CC56EBFC2D0E514BA8804DA93C1493599
Authority key identifier: D2:3F:78:37:3C:B9:66:54:D0:30:60:64:69:2E:FC:4A:E7:71:5F:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0j94Nzy5ZlTQMGBkaS78SudxXxc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/9e1e78-df24-4fc6-b077-39fe723ef730/1/romkalnTCT9ikbQ_7MiYfQ9uSA0.roa
Signing time:             Mon 01 Jan 2024 14:30:18 +0000
ROA not before:           Mon 01 Jan 2024 14:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6730
IP address blocks:        194.42.160.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/9e1e78-df24-4fc6-b077-39fe723ef730/1/0j94Nzy5ZlTQMGBkaS78SudxXxc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/9e1e78-df24-4fc6-b077-39fe723ef730/1/0j94Nzy5ZlTQMGBkaS78SudxXxc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0j94Nzy5ZlTQMGBkaS78SudxXxc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:bf:c2:d0:e5:14:ba:88:04:da:93:c1:49:35:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d23f78373cb96654d0306064692efc4ae7715f17
        Validity
            Not Before: Jan  1 14:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae89a46a59d3093f6291b43fecc8987d0f6e480d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:97:60:bf:70:57:7c:d9:00:2a:c1:43:30:09:
                    a9:b3:d0:1b:f7:f1:68:c2:9b:97:44:0a:61:4e:ff:
                    4b:53:3a:db:17:08:7b:3e:0f:60:e9:e0:94:f2:83:
                    35:46:55:9e:f3:a0:eb:84:9e:29:0e:8d:d4:b8:e2:
                    bf:e0:c1:15:70:d8:47:eb:0b:52:af:e5:ac:e3:d2:
                    89:11:28:9e:5c:b0:70:6b:77:c7:fe:db:18:8a:47:
                    bc:1a:e1:23:10:45:93:ff:59:55:0a:7f:32:2e:ad:
                    f0:79:42:e2:4d:3a:e9:d1:26:f5:60:1e:ec:39:93:
                    0a:bb:d4:42:8d:cd:27:45:35:62:6c:1a:ea:41:15:
                    2e:d0:24:f1:0c:9a:17:d6:24:4a:5f:75:72:0b:32:
                    79:bb:7e:42:39:8d:52:a4:1b:62:08:57:65:f4:9c:
                    1c:c4:a8:58:6d:35:e2:53:3f:93:fc:dc:ee:94:4a:
                    60:1c:f6:ec:97:20:a0:48:97:8c:eb:71:34:1a:90:
                    50:18:ee:6d:21:8f:6e:a5:7e:56:95:16:fa:e4:cf:
                    07:06:d7:13:4b:bf:f8:8f:cf:9e:8b:9c:5d:fa:29:
                    63:e2:78:a9:8a:f7:4e:12:ac:78:cd:86:d3:ef:c0:
                    37:aa:0e:08:c1:cd:d1:21:31:3f:80:95:ad:84:32:
                    15:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:89:A4:6A:59:D3:09:3F:62:91:B4:3F:EC:C8:98:7D:0F:6E:48:0D
            X509v3 Authority Key Identifier:
                keyid:D2:3F:78:37:3C:B9:66:54:D0:30:60:64:69:2E:FC:4A:E7:71:5F:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0j94Nzy5ZlTQMGBkaS78SudxXxc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/9e1e78-df24-4fc6-b077-39fe723ef730/1/romkalnTCT9ikbQ_7MiYfQ9uSA0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/9e1e78-df24-4fc6-b077-39fe723ef730/1/0j94Nzy5ZlTQMGBkaS78SudxXxc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.42.160.0/23

    Signature Algorithm: sha256WithRSAEncryption
         64:54:fa:7f:66:a2:bb:a8:d9:86:ed:3d:a9:a0:f2:b1:76:44:
         62:f4:af:fe:67:ab:22:69:f6:5f:8f:04:64:bf:ce:48:c0:10:
         98:5b:fa:44:b9:de:66:13:38:33:b6:7d:2d:6a:0c:54:68:e8:
         c8:21:d3:ce:62:36:f2:90:2f:f9:85:59:46:aa:64:e0:29:7e:
         05:79:01:ee:46:f8:d4:05:5f:66:61:9b:07:ad:a9:90:fe:8a:
         21:b7:45:9a:d8:d2:30:69:d8:59:fa:88:ed:5a:1d:c7:72:8c:
         8b:f1:78:68:e8:bd:f1:a8:b2:08:88:a1:be:6d:63:a4:f5:f3:
         ad:d8:ad:9c:e0:e4:1a:0a:ff:5d:e8:9a:d3:d3:b1:85:06:8d:
         b6:7c:cf:5e:c0:ea:1f:12:ed:35:65:82:5b:91:eb:39:e4:c8:
         62:c3:4c:02:20:44:3e:3c:8f:16:2a:f7:fd:ee:00:b6:a1:c7:
         dd:ea:73:cd:e1:d3:81:88:62:90:ad:51:64:94:1a:fe:28:0b:
         1a:1a:a7:c0:e2:25:ca:f7:95:15:7c:f5:4a:0b:e5:3d:74:d9:
         42:11:70:ce:80:f5:d1:ad:97:b3:dc:37:a7:6d:ee:a3:a1:c3:
         50:e8:03:b5:1f:7d:4e:24:5b:a4:5d:a2:c9:48:e6:a9:92:53:
         ef:98:d6:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbr/C0OUUuogE2pPBSTWZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyM2Y3ODM3M2NiOTY2NTRkMDMwNjA2NDY5MmVmYzRhZTc3
MTVmMTcwHhcNMjQwMTAxMTQzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTg5YTQ2YTU5ZDMwOTNmNjI5MWI0M2ZlY2M4OTg3ZDBmNmU0ODBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkZdgv3BXfNkAKsFDMAmps9Ab9/Fo
wpuXRAphTv9LUzrbFwh7Pg9g6eCU8oM1RlWe86DrhJ4pDo3UuOK/4MEVcNhH6wtS
r+Ws49KJESieXLBwa3fH/tsYike8GuEjEEWT/1lVCn8yLq3weULiTTrp0Sb1YB7s
OZMKu9RCjc0nRTVibBrqQRUu0CTxDJoX1iRKX3VyCzJ5u35COY1SpBtiCFdl9Jwc
xKhYbTXiUz+T/NzulEpgHPbslyCgSJeM63E0GpBQGO5tIY9upX5WlRb65M8HBtcT
S7/4j8+ei5xd+ilj4nipivdOEqx4zYbT78A3qg4Iwc3RITE/gJWthDIVkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK6JpGpZ0wk/YpG0P+zImH0PbkgNMB8GA1UdIwQY
MBaAFNI/eDc8uWZU0DBgZGku/ErncV8XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGo5NE56eTVabFRRTUdCa2FTNzhTdWR4WHhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy85ZTFlNzgtZGYyNC00ZmM2LWIwNzct
MzlmZTcyM2VmNzMwLzEvcm9ta2FsblRDVDlpa2JRXzdNaVlmUTl1U0EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy85ZTFlNzgtZGYyNC00ZmM2LWIwNzctMzlmZTcyM2VmNzMw
LzEvMGo5NE56eTVabFRRTUdCa2FTNzhTdWR4WHhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwiqgMA0G
CSqGSIb3DQEBCwUAA4IBAQBkVPp/ZqK7qNmG7T2poPKxdkRi9K/+Z6siafZfjwRk
v85IwBCYW/pEud5mEzgztn0tagxUaOjIIdPOYjbykC/5hVlGqmTgKX4FeQHuRvjU
BV9mYZsHramQ/ooht0Wa2NIwadhZ+ojtWh3HcoyL8Xho6L3xqLIIiKG+bWOk9fOt
2K2c4OQaCv9d6JrT07GFBo22fM9ewOofEu01ZYJbkes55Mhiw0wCIEQ+PI8WKvf9
7gC2ocfd6nPN4dOBiGKQrVFklBr+KAsaGqfA4iXK95UVfPVKC+U9dNlCEXDOgPXR
rZez3Denbe6jocNQ6AO1H31OJFukXaLJSOapklPvmNbt
-----END CERTIFICATE-----