Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/a7c7c1-fc42-43a3-9ad8-70dad51e73fb/1/knigLA0AA3DIoNrWkhDy4H2dFjk.roa
File:                     knigLA0AA3DIoNrWkhDy4H2dFjk.roa (raw, json)
Hash identifier:          9ETwP0gr+ZkTA6anZl/ns+1ZMUY35Y26BKtenTPu74g=
Subject key identifier:   92:78:A0:2C:0D:00:03:70:C8:A0:DA:D6:92:10:F2:E0:7D:9D:16:39
Certificate issuer:       /CN=86d542323c0e3051c9c7bb8ed1d1e8acfd3db834
Certificate serial:       018CC2DAF166E07A46F1826EBADE32E98D6F
Authority key identifier: 86:D5:42:32:3C:0E:30:51:C9:C7:BB:8E:D1:D1:E8:AC:FD:3D:B8:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htVCMjwOMFHJx7uO0dHorP09uDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/a7c7c1-fc42-43a3-9ad8-70dad51e73fb/1/knigLA0AA3DIoNrWkhDy4H2dFjk.roa
Signing time:             Mon 01 Jan 2024 02:29:37 +0000
ROA not before:           Mon 01 Jan 2024 02:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16175
IP address blocks:        2a00:e08::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/a7c7c1-fc42-43a3-9ad8-70dad51e73fb/1/htVCMjwOMFHJx7uO0dHorP09uDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/a7c7c1-fc42-43a3-9ad8-70dad51e73fb/1/htVCMjwOMFHJx7uO0dHorP09uDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htVCMjwOMFHJx7uO0dHorP09uDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:f1:66:e0:7a:46:f1:82:6e:ba:de:32:e9:8d:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d542323c0e3051c9c7bb8ed1d1e8acfd3db834
        Validity
            Not Before: Jan  1 02:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9278a02c0d000370c8a0dad69210f2e07d9d1639
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:ec:eb:09:3c:0e:ac:8c:c8:b9:d8:95:b5:e6:
                    68:ad:9b:ad:18:1c:51:d0:c1:be:de:0d:64:08:24:
                    6e:89:56:7a:8a:6a:bc:c3:56:1a:4e:c4:c2:89:c6:
                    16:31:b8:d2:37:04:83:86:c4:0c:46:8e:01:2f:d5:
                    0f:c4:52:9d:fa:f0:49:86:90:ec:b0:47:8f:c8:bc:
                    a4:c3:c7:53:87:3c:8a:52:49:5a:f0:7f:1e:12:67:
                    f0:28:ab:d4:77:59:c4:b8:00:26:65:b2:48:be:0d:
                    0c:fa:8b:fe:5d:e9:b9:08:b6:61:dc:cd:11:53:8c:
                    8c:20:5b:36:28:24:49:af:ec:cd:40:e1:71:ac:90:
                    13:8d:c6:2c:fd:7f:cc:9b:42:49:ee:79:7a:8a:67:
                    1c:bb:89:9e:88:fd:f2:a6:7c:8e:4f:97:f8:af:92:
                    84:ec:22:83:dc:03:1a:36:8e:d3:a4:51:55:9c:c0:
                    e9:13:cf:25:08:06:2f:3a:9e:fe:3c:05:dc:b3:d3:
                    d4:ab:06:86:23:0b:6b:1d:fc:ba:89:82:67:92:5f:
                    eb:88:60:c8:72:65:37:11:94:80:c0:b7:0a:19:b9:
                    3f:7d:09:db:2d:e6:a4:ef:8a:7d:11:f8:b7:38:b2:
                    87:bf:99:16:25:57:1e:14:1c:b3:01:75:0b:11:65:
                    2f:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:78:A0:2C:0D:00:03:70:C8:A0:DA:D6:92:10:F2:E0:7D:9D:16:39
            X509v3 Authority Key Identifier:
                keyid:86:D5:42:32:3C:0E:30:51:C9:C7:BB:8E:D1:D1:E8:AC:FD:3D:B8:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htVCMjwOMFHJx7uO0dHorP09uDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/a7c7c1-fc42-43a3-9ad8-70dad51e73fb/1/knigLA0AA3DIoNrWkhDy4H2dFjk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/a7c7c1-fc42-43a3-9ad8-70dad51e73fb/1/htVCMjwOMFHJx7uO0dHorP09uDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:e08::/32

    Signature Algorithm: sha256WithRSAEncryption
         89:70:23:46:4c:57:3f:54:a6:2a:e3:d7:a1:7c:4a:f8:d4:9c:
         3d:c2:11:40:78:d2:f1:e6:f3:a8:f1:de:9b:56:60:28:e1:fb:
         3c:20:15:c8:9a:4d:3c:4b:d7:74:36:10:15:e3:35:73:a6:e2:
         90:a3:a3:d8:a2:b1:f6:15:95:04:89:ac:3c:74:62:3e:72:ed:
         c0:e7:eb:a5:3b:6b:c9:5a:ce:ab:31:1a:b7:77:33:64:40:ee:
         43:2b:f3:d4:1f:15:b2:75:b6:45:f7:fe:ec:b1:ee:c1:d7:e9:
         0b:4f:cb:c9:f2:f7:41:c6:b1:98:97:4d:fb:ca:16:a0:29:39:
         5e:58:ce:68:22:bd:1b:e5:f6:2c:55:ab:51:e3:11:e1:fb:04:
         62:34:43:67:4b:7b:6c:98:c3:00:f5:d3:b0:2f:1e:85:6f:f1:
         f9:de:6c:a7:4d:bf:df:c8:6a:6f:39:d0:f6:46:f3:3e:79:cc:
         f5:e8:e4:9b:67:2b:36:27:85:49:32:f5:34:b2:fd:bd:50:4c:
         82:87:22:63:71:29:87:01:16:fc:17:fb:7e:99:66:be:ef:94:
         31:36:fa:1f:72:5a:a1:f9:d9:c5:c7:18:ea:f8:cd:fc:98:64:
         c9:e7:88:56:a5:d8:1e:b1:9f:86:c9:35:8a:78:33:12:b0:b6:
         6b:1c:cf:60
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzC2vFm4HpG8YJuut4y6Y1vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDU0MjMyM2MwZTMwNTFjOWM3YmI4ZWQxZDFlOGFjZmQz
ZGI4MzQwHhcNMjQwMTAxMDIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Mjc4YTAyYzBkMDAwMzcwYzhhMGRhZDY5MjEwZjJlMDdkOWQxNjM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoezrCTwOrIzIudiVteZorZutGBxR
0MG+3g1kCCRuiVZ6imq8w1YaTsTCicYWMbjSNwSDhsQMRo4BL9UPxFKd+vBJhpDs
sEePyLykw8dThzyKUkla8H8eEmfwKKvUd1nEuAAmZbJIvg0M+ov+Xem5CLZh3M0R
U4yMIFs2KCRJr+zNQOFxrJATjcYs/X/Mm0JJ7nl6imccu4meiP3ypnyOT5f4r5KE
7CKD3AMaNo7TpFFVnMDpE88lCAYvOp7+PAXcs9PUqwaGIwtrHfy6iYJnkl/riGDI
cmU3EZSAwLcKGbk/fQnbLeak74p9Efi3OLKHv5kWJVceFByzAXULEWUvIQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJJ4oCwNAANwyKDa1pIQ8uB9nRY5MB8GA1UdIwQY
MBaAFIbVQjI8DjBRyce7jtHR6Kz9Pbg0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRWQ01qd09NRkhKeDd1TzBkSG9yUDA5dURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9hN2M3YzEtZmM0Mi00M2EzLTlhZDgt
NzBkYWQ1MWU3M2ZiLzEva25pZ0xBMEFBM0RJb05yV2toRHk0SDJkRmprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9hN2M3YzEtZmM0Mi00M2EzLTlhZDgtNzBkYWQ1MWU3M2Zi
LzEvaHRWQ01qd09NRkhKeDd1TzBkSG9yUDA5dURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgAOCDAN
BgkqhkiG9w0BAQsFAAOCAQEAiXAjRkxXP1SmKuPXoXxK+NScPcIRQHjS8ebzqPHe
m1ZgKOH7PCAVyJpNPEvXdDYQFeM1c6bikKOj2KKx9hWVBImsPHRiPnLtwOfrpTtr
yVrOqzEat3czZEDuQyvz1B8VsnW2Rff+7LHuwdfpC0/LyfL3QcaxmJdN+8oWoCk5
XljOaCK9G+X2LFWrUeMR4fsEYjRDZ0t7bJjDAPXTsC8ehW/x+d5sp02/38hqbznQ
9kbzPnnM9ejkm2crNieFSTL1NLL9vVBMgociY3EphwEW/Bf7fplmvu+UMTb6H3Ja
ofnZxccY6vjN/JhkyeeIVqXYHrGfhsk1ingzErC2axzPYA==
-----END CERTIFICATE-----