Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/d77ac4-dc66-434f-8423-c9e20ccd476f/1/KgHm0OmehfjTpXBNlavb9bcDrrI.roa
File:                     KgHm0OmehfjTpXBNlavb9bcDrrI.roa (raw, json)
Hash identifier:          ea/GpJJfOa/Byy59757qCLElMplf1BtVk6xj4EPTJvo=
Subject key identifier:   2A:01:E6:D0:E9:9E:85:F8:D3:A5:70:4D:95:AB:DB:F5:B7:03:AE:B2
Certificate issuer:       /CN=b2b41d2f7d7d3857e075f2a4f2f9d3e044f2e536
Certificate serial:       018CCBE69FDEC791B10945CE922B3E5C0D38
Authority key identifier: B2:B4:1D:2F:7D:7D:38:57:E0:75:F2:A4:F2:F9:D3:E0:44:F2:E5:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/srQdL319OFfgdfKk8vnT4ETy5TY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/d77ac4-dc66-434f-8423-c9e20ccd476f/1/KgHm0OmehfjTpXBNlavb9bcDrrI.roa
Signing time:             Tue 02 Jan 2024 20:38:58 +0000
ROA not before:           Tue 02 Jan 2024 20:38:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15969
IP address blocks:        194.187.72.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/d77ac4-dc66-434f-8423-c9e20ccd476f/1/srQdL319OFfgdfKk8vnT4ETy5TY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/d77ac4-dc66-434f-8423-c9e20ccd476f/1/srQdL319OFfgdfKk8vnT4ETy5TY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/srQdL319OFfgdfKk8vnT4ETy5TY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:cb:e6:9f:de:c7:91:b1:09:45:ce:92:2b:3e:5c:0d:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2b41d2f7d7d3857e075f2a4f2f9d3e044f2e536
        Validity
            Not Before: Jan  2 20:38:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a01e6d0e99e85f8d3a5704d95abdbf5b703aeb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:27:48:1e:c1:4f:10:6c:55:1a:32:1d:de:e4:
                    2b:3b:ab:51:9b:90:ab:9e:60:03:3a:b8:d0:04:d2:
                    89:93:d5:9b:9c:2a:a0:fb:7e:f1:0a:b1:46:b1:5b:
                    02:1e:e8:cb:d3:e7:42:9d:df:9f:7a:c8:5b:d8:6d:
                    d2:de:6a:b3:1c:d4:34:40:95:c1:0b:8d:fe:4b:0a:
                    f2:34:81:e0:b5:97:7f:88:ee:46:38:51:51:cb:1f:
                    ea:1e:01:6a:c4:d7:8c:39:ec:ad:ab:69:b5:6b:02:
                    2c:f1:38:32:8f:8e:b2:e4:e0:82:4d:ba:20:f5:f6:
                    a0:ef:d7:e3:6d:11:96:17:75:f2:ca:e7:75:55:02:
                    e6:92:ce:e1:84:54:1a:e1:e3:a6:d3:43:3c:00:bc:
                    ca:4b:51:c7:23:09:fb:23:48:e6:76:59:e2:72:e5:
                    a1:81:d3:c1:40:91:29:f4:d0:b8:e3:b9:54:90:bd:
                    a6:cf:ff:6c:17:bd:97:ee:c7:f1:ac:7c:a8:08:2a:
                    6a:c0:f4:ca:62:89:8a:ec:91:6e:c2:15:49:0a:04:
                    da:88:60:69:ab:1a:5a:21:a5:9f:77:b6:fd:eb:74:
                    c8:8a:38:6d:0a:21:52:40:83:3c:ac:a0:b3:52:5f:
                    f5:ad:9a:25:a6:c1:e4:72:bf:93:45:0c:0f:db:a2:
                    ca:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:01:E6:D0:E9:9E:85:F8:D3:A5:70:4D:95:AB:DB:F5:B7:03:AE:B2
            X509v3 Authority Key Identifier:
                keyid:B2:B4:1D:2F:7D:7D:38:57:E0:75:F2:A4:F2:F9:D3:E0:44:F2:E5:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/srQdL319OFfgdfKk8vnT4ETy5TY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/d77ac4-dc66-434f-8423-c9e20ccd476f/1/KgHm0OmehfjTpXBNlavb9bcDrrI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/d77ac4-dc66-434f-8423-c9e20ccd476f/1/srQdL319OFfgdfKk8vnT4ETy5TY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.187.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3d:a4:17:7a:f6:60:6c:6c:d7:6f:bf:60:5e:14:c1:46:ad:8e:
         21:c8:0b:d2:6f:09:e6:74:1f:e9:48:69:5c:1d:c6:e9:a7:d2:
         f9:a8:32:5f:34:03:f5:21:2c:be:d8:95:0a:68:ef:62:af:b6:
         d1:22:78:b8:7f:42:0c:d7:8c:bc:75:2a:75:19:e9:0b:14:a1:
         f4:dc:90:7f:20:63:3f:41:07:c0:12:44:f7:12:67:99:35:84:
         7b:9d:2f:0e:65:8d:e3:d8:00:b3:8e:88:d2:fb:62:1e:e3:0a:
         63:06:3f:82:97:08:3a:ae:38:10:8c:26:94:a7:e8:ba:3f:f7:
         2a:cf:ab:fe:4f:46:a5:1e:ce:08:5b:39:d2:08:09:f2:e4:8f:
         fa:70:5b:51:e1:99:bb:be:ab:39:d2:77:31:52:85:a5:13:08:
         f4:0f:ff:17:34:a0:2b:ca:4a:51:26:02:59:ce:1f:98:eb:97:
         84:1e:7a:d6:78:47:d2:6e:35:54:83:c6:36:ce:53:f4:64:c9:
         54:f4:ee:a1:03:fb:cd:65:d2:f9:94:40:73:ad:6e:4f:4f:e5:
         fa:f1:6f:d8:30:3a:82:f7:3b:b3:ee:ba:68:24:2f:88:48:7f:
         34:2e:77:ff:f9:fc:1a:ff:38:ce:7a:6e:96:97:f5:49:91:49:
         65:ed:1f:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzL5p/ex5GxCUXOkis+XA04MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyYjQxZDJmN2Q3ZDM4NTdlMDc1ZjJhNGYyZjlkM2UwNDRm
MmU1MzYwHhcNMjQwMTAyMjAzODU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTAxZTZkMGU5OWU4NWY4ZDNhNTcwNGQ5NWFiZGJmNWI3MDNhZWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApidIHsFPEGxVGjId3uQrO6tRm5Cr
nmADOrjQBNKJk9WbnCqg+37xCrFGsVsCHujL0+dCnd+feshb2G3S3mqzHNQ0QJXB
C43+SwryNIHgtZd/iO5GOFFRyx/qHgFqxNeMOeytq2m1awIs8Tgyj46y5OCCTbog
9fag79fjbRGWF3Xyyud1VQLmks7hhFQa4eOm00M8ALzKS1HHIwn7I0jmdlnicuWh
gdPBQJEp9NC447lUkL2mz/9sF72X7sfxrHyoCCpqwPTKYomK7JFuwhVJCgTaiGBp
qxpaIaWfd7b963TIijhtCiFSQIM8rKCzUl/1rZolpsHkcr+TRQwP26LKSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCoB5tDpnoX406VwTZWr2/W3A66yMB8GA1UdIwQY
MBaAFLK0HS99fThX4HXypPL50+BE8uU2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3JRZEwzMTlPRmZnZGZLazh2blQ0RVR5NVRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy9kNzdhYzQtZGM2Ni00MzRmLTg0MjMt
YzllMjBjY2Q0NzZmLzEvS2dIbTBPbWVoZmpUcFhCTmxhdmI5YmNEcnJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy9kNzdhYzQtZGM2Ni00MzRmLTg0MjMtYzllMjBjY2Q0NzZm
LzEvc3JRZEwzMTlPRmZnZGZLazh2blQ0RVR5NVRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwrtIMA0G
CSqGSIb3DQEBCwUAA4IBAQA9pBd69mBsbNdvv2BeFMFGrY4hyAvSbwnmdB/pSGlc
Hcbpp9L5qDJfNAP1ISy+2JUKaO9ir7bRIni4f0IM14y8dSp1GekLFKH03JB/IGM/
QQfAEkT3EmeZNYR7nS8OZY3j2ACzjojS+2Ie4wpjBj+Clwg6rjgQjCaUp+i6P/cq
z6v+T0alHs4IWznSCAny5I/6cFtR4Zm7vqs50ncxUoWlEwj0D/8XNKArykpRJgJZ
zh+Y65eEHnrWeEfSbjVUg8Y2zlP0ZMlU9O6hA/vNZdL5lEBzrW5PT+X68W/YMDqC
9zuz7rpoJC+ISH80Lnf/+fwa/zjOem6Wl/VJkUll7R/t
-----END CERTIFICATE-----