Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/1df764-2b83-4343-9102-47a9f96ca586/1/_bkzRpraK_RP9CsJsOnMkjLhT2E.roa
File:                     _bkzRpraK_RP9CsJsOnMkjLhT2E.roa (raw, json)
Hash identifier:          vT5r1fru8gwucD8gYbTT7IDZHHi/2hWohrRqyJAhyeA=
Subject key identifier:   FD:B9:33:46:9A:DA:2B:F4:4F:F4:2B:09:B0:E9:CC:92:32:E1:4F:61
Certificate issuer:       /CN=5d656b2013e851516b942fa90706c72090dcddef
Certificate serial:       018CC348F66530E9BAA57C302D74B9426863
Authority key identifier: 5D:65:6B:20:13:E8:51:51:6B:94:2F:A9:07:06:C7:20:90:DC:DD:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XWVrIBPoUVFrlC-pBwbHIJDc3e8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/1df764-2b83-4343-9102-47a9f96ca586/1/_bkzRpraK_RP9CsJsOnMkjLhT2E.roa
Signing time:             Mon 01 Jan 2024 04:29:47 +0000
ROA not before:           Mon 01 Jan 2024 04:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206347
IP address blocks:        194.49.12.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/1df764-2b83-4343-9102-47a9f96ca586/1/XWVrIBPoUVFrlC-pBwbHIJDc3e8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/1df764-2b83-4343-9102-47a9f96ca586/1/XWVrIBPoUVFrlC-pBwbHIJDc3e8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XWVrIBPoUVFrlC-pBwbHIJDc3e8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:f6:65:30:e9:ba:a5:7c:30:2d:74:b9:42:68:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d656b2013e851516b942fa90706c72090dcddef
        Validity
            Not Before: Jan  1 04:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fdb933469ada2bf44ff42b09b0e9cc9232e14f61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:1f:db:d3:76:4a:85:23:ce:df:f1:c8:78:50:
                    ed:cc:67:44:31:fe:26:a2:c8:bf:f2:5b:ef:12:aa:
                    b8:38:5a:c0:fc:f5:69:45:a8:b3:b0:32:b8:84:3d:
                    7b:94:c1:12:d8:87:13:9c:c8:21:8b:7c:61:9f:34:
                    b8:11:0d:eb:2e:55:6c:ab:76:d1:7a:54:66:78:b7:
                    39:75:1b:1d:eb:b3:3b:23:d2:4e:2e:15:bb:88:0d:
                    b3:67:e6:9b:fa:ab:02:3f:1c:d4:dc:da:6a:01:3d:
                    fb:5d:96:3d:37:f8:e0:96:2d:a2:c2:da:67:30:ea:
                    40:63:1f:8d:7d:fc:ca:6d:68:44:d8:0a:b9:b0:38:
                    de:79:8e:c8:78:e5:13:25:5d:c8:90:e3:72:12:8c:
                    bd:19:ec:cb:34:54:ef:25:f8:ac:b6:09:de:0e:89:
                    99:fc:b3:18:34:bb:b3:85:a4:ec:8b:7a:f1:1c:c2:
                    aa:d4:42:68:29:3d:8b:05:59:91:75:0b:78:4a:7a:
                    27:f5:a6:ae:93:23:31:45:ed:15:51:3a:d3:e4:4f:
                    05:fa:ee:c0:38:74:6f:d9:73:a6:30:09:2a:1d:08:
                    68:ad:71:76:c0:4d:f6:4e:38:26:08:cb:3a:f1:fb:
                    37:b1:62:67:2f:6d:40:86:a7:e0:a4:c3:ee:14:0f:
                    50:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:B9:33:46:9A:DA:2B:F4:4F:F4:2B:09:B0:E9:CC:92:32:E1:4F:61
            X509v3 Authority Key Identifier:
                keyid:5D:65:6B:20:13:E8:51:51:6B:94:2F:A9:07:06:C7:20:90:DC:DD:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XWVrIBPoUVFrlC-pBwbHIJDc3e8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/1df764-2b83-4343-9102-47a9f96ca586/1/_bkzRpraK_RP9CsJsOnMkjLhT2E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/1df764-2b83-4343-9102-47a9f96ca586/1/XWVrIBPoUVFrlC-pBwbHIJDc3e8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.49.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7d:47:fe:20:37:b9:f7:74:9a:d7:49:c1:96:bc:a1:e0:22:e2:
         56:c7:86:e5:71:19:b8:6e:cc:14:5c:f1:b1:7a:6b:b4:e3:83:
         39:f0:4f:d6:89:6d:71:ee:9f:26:23:07:eb:16:bc:a6:24:bd:
         f1:c4:3c:5d:24:fa:ed:d3:3c:95:19:07:00:dd:f9:8c:73:a3:
         72:87:45:b3:f4:98:72:24:9a:16:0f:f9:1b:e4:fe:d5:3c:72:
         22:79:03:9d:b2:85:76:f8:fe:b8:d8:3c:45:e7:d8:d1:f7:ad:
         c3:64:49:96:c6:9e:e7:a5:14:d6:bd:cb:b0:b3:bc:24:09:5e:
         6d:6c:db:e7:10:0a:fa:3c:b5:48:a7:2e:30:b3:be:ce:90:d3:
         4f:4a:64:9a:3c:98:a8:90:0a:0b:24:26:19:10:5c:c2:8a:02:
         a4:91:ae:dd:82:ce:57:bd:17:e2:c9:05:b9:87:7e:0b:e8:f1:
         3d:a4:c6:ed:9b:53:c8:ad:63:3f:26:7e:9c:16:a3:e2:ef:48:
         0b:b1:53:4f:c8:40:d7:02:92:ce:39:bb:61:77:e4:2a:6d:d7:
         0b:53:14:8b:25:d2:ca:84:ce:20:19:2f:29:b6:5e:16:db:ed:
         fc:e1:f3:d0:9d:7f:6e:58:2e:43:05:f9:b2:b6:65:f0:18:4b:
         9c:05:4b:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSPZlMOm6pXwwLXS5QmhjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkNjU2YjIwMTNlODUxNTE2Yjk0MmZhOTA3MDZjNzIwOTBk
Y2RkZWYwHhcNMjQwMTAxMDQyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGI5MzM0NjlhZGEyYmY0NGZmNDJiMDliMGU5Y2M5MjMyZTE0ZjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7B/b03ZKhSPO3/HIeFDtzGdEMf4m
osi/8lvvEqq4OFrA/PVpRaizsDK4hD17lMES2IcTnMghi3xhnzS4EQ3rLlVsq3bR
elRmeLc5dRsd67M7I9JOLhW7iA2zZ+ab+qsCPxzU3NpqAT37XZY9N/jgli2iwtpn
MOpAYx+NffzKbWhE2Aq5sDjeeY7IeOUTJV3IkONyEoy9GezLNFTvJfistgneDomZ
/LMYNLuzhaTsi3rxHMKq1EJoKT2LBVmRdQt4Snon9aaukyMxRe0VUTrT5E8F+u7A
OHRv2XOmMAkqHQhorXF2wE32TjgmCMs68fs3sWJnL21AhqfgpMPuFA9QRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP25M0aa2iv0T/QrCbDpzJIy4U9hMB8GA1UdIwQY
MBaAFF1layAT6FFRa5QvqQcGxyCQ3N3vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFdWcklCUG9VVkZybEMtcEJ3YkhJSkRjM2U4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC8xZGY3NjQtMmI4My00MzQzLTkxMDIt
NDdhOWY5NmNhNTg2LzEvX2JrelJwcmFLX1JQOUNzSnNPbk1rakxoVDJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC8xZGY3NjQtMmI4My00MzQzLTkxMDItNDdhOWY5NmNhNTg2
LzEvWFdWcklCUG9VVkZybEMtcEJ3YkhJSkRjM2U4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwjEMMA0G
CSqGSIb3DQEBCwUAA4IBAQB9R/4gN7n3dJrXScGWvKHgIuJWx4blcRm4bswUXPGx
emu044M58E/WiW1x7p8mIwfrFrymJL3xxDxdJPrt0zyVGQcA3fmMc6Nyh0Wz9Jhy
JJoWD/kb5P7VPHIieQOdsoV2+P642DxF59jR963DZEmWxp7npRTWvcuws7wkCV5t
bNvnEAr6PLVIpy4ws77OkNNPSmSaPJiokAoLJCYZEFzCigKkka7dgs5XvRfiyQW5
h34L6PE9pMbtm1PIrWM/Jn6cFqPi70gLsVNPyEDXApLOObthd+QqbdcLUxSLJdLK
hM4gGS8ptl4W2+384fPQnX9uWC5DBfmytmXwGEucBUvu
-----END CERTIFICATE-----