Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/8f59ec-f92c-423d-8fb7-6e9addc8162b/1/KPykYm3fR5N6v34AbplTjLxFZtQ.roa
File:                     KPykYm3fR5N6v34AbplTjLxFZtQ.roa (raw, json)
Hash identifier:          HqN3giLSZ5kTjzyBMO9k3EFLPMTxyCFllwwkAdqUUdI=
Subject key identifier:   28:FC:A4:62:6D:DF:47:93:7A:BF:7E:00:6E:99:53:8C:BC:45:66:D4
Certificate issuer:       /CN=4eeb6b2c3e09ca1c45fd7547e458946cc8a468b4
Certificate serial:       018CC8DE258AF8A04CA9697B75A8546DC39C
Authority key identifier: 4E:EB:6B:2C:3E:09:CA:1C:45:FD:75:47:E4:58:94:6C:C8:A4:68:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TutrLD4JyhxF_XVH5FiUbMikaLQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/8f59ec-f92c-423d-8fb7-6e9addc8162b/1/KPykYm3fR5N6v34AbplTjLxFZtQ.roa
Signing time:             Tue 02 Jan 2024 06:30:50 +0000
ROA not before:           Tue 02 Jan 2024 06:30:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6453
IP address blocks:        185.109.120.0/22 maxlen: 24
                          193.188.64.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/8f59ec-f92c-423d-8fb7-6e9addc8162b/1/TutrLD4JyhxF_XVH5FiUbMikaLQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/8f59ec-f92c-423d-8fb7-6e9addc8162b/1/TutrLD4JyhxF_XVH5FiUbMikaLQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TutrLD4JyhxF_XVH5FiUbMikaLQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:25:8a:f8:a0:4c:a9:69:7b:75:a8:54:6d:c3:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4eeb6b2c3e09ca1c45fd7547e458946cc8a468b4
        Validity
            Not Before: Jan  2 06:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=28fca4626ddf47937abf7e006e99538cbc4566d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:c2:20:8d:33:4d:ea:0b:6f:f8:6d:ab:32:a9:
                    10:20:69:3f:0e:ad:36:50:99:a1:d3:1d:a2:49:b0:
                    f2:d9:88:cf:91:1c:44:45:d0:ba:09:07:11:1d:74:
                    d5:14:9a:13:6b:fa:86:13:a1:b7:2f:ea:af:f8:2a:
                    0f:1b:0c:ef:00:d8:1d:6e:3c:4e:90:ed:e2:ca:a6:
                    7c:dd:ae:b3:e5:61:c6:45:e0:10:73:9a:06:bf:a1:
                    04:87:ae:97:f9:b5:94:05:ab:31:23:76:79:ee:a4:
                    91:c6:54:e0:5e:93:01:50:bd:cd:6c:84:38:fb:b4:
                    ea:ca:4e:9f:f7:48:77:07:04:90:9b:18:5f:8a:9d:
                    1f:83:1f:fa:87:b6:90:92:cd:91:84:a8:63:b2:d6:
                    1c:3b:42:1a:d7:e5:30:0f:6d:5e:ec:8b:70:2c:56:
                    83:b5:2d:c3:c4:76:de:1c:bf:d0:75:c1:58:ae:8f:
                    a3:a6:2d:ce:70:9a:0e:70:b9:3d:f0:e8:15:6b:c1:
                    36:05:cd:95:64:df:73:3e:1f:bb:4b:b8:0e:ad:28:
                    f7:d4:68:9a:3a:7e:42:f1:21:cc:57:bb:1a:55:d7:
                    06:76:fa:75:f4:6d:21:0f:43:38:cc:3c:33:ac:2a:
                    57:bc:57:dd:c4:70:f5:bc:33:c2:d8:9e:b3:07:5b:
                    02:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:FC:A4:62:6D:DF:47:93:7A:BF:7E:00:6E:99:53:8C:BC:45:66:D4
            X509v3 Authority Key Identifier:
                keyid:4E:EB:6B:2C:3E:09:CA:1C:45:FD:75:47:E4:58:94:6C:C8:A4:68:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TutrLD4JyhxF_XVH5FiUbMikaLQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/8f59ec-f92c-423d-8fb7-6e9addc8162b/1/KPykYm3fR5N6v34AbplTjLxFZtQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/8f59ec-f92c-423d-8fb7-6e9addc8162b/1/TutrLD4JyhxF_XVH5FiUbMikaLQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.109.120.0/22
                  193.188.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         4b:0e:d4:bf:c5:07:7f:5b:fc:a5:59:83:2b:5e:aa:23:03:63:
         70:cd:31:b4:00:ee:65:76:ef:08:2a:38:c4:e2:31:01:c6:c8:
         d4:ee:de:3b:e7:77:93:34:ed:f4:a0:67:76:db:eb:ff:bb:4b:
         1f:3a:e7:a2:c9:af:47:22:5e:e3:d3:33:24:0c:6c:cf:ac:15:
         1c:ee:34:1b:73:04:f9:19:40:b4:a0:0a:6a:38:3b:7d:3d:dd:
         48:3b:13:e3:51:f8:17:e5:db:e5:86:f9:68:4e:5a:e3:3e:ec:
         93:b5:d4:63:6d:a8:c8:0f:26:9c:27:26:71:4b:56:2f:31:2e:
         8b:41:4f:ea:3e:0f:a6:59:25:e0:cc:35:51:ed:cd:ec:ea:94:
         fd:bf:48:70:73:81:91:69:4c:57:6b:03:d0:a3:59:59:7a:33:
         75:8f:c3:51:f7:f8:b8:91:74:ca:26:44:71:a8:7b:c0:b4:47:
         46:ea:f7:15:34:bb:28:5e:a5:5f:43:8d:b8:46:b0:9c:e1:a3:
         7b:3a:56:fd:d5:f8:b5:97:c4:a2:d7:23:fd:51:ff:56:dc:02:
         72:bf:3b:9e:08:a8:d6:f3:60:b4:42:f5:3f:23:ec:e2:56:a2:
         5c:10:f6:2b:21:88:23:fe:63:25:0d:85:c7:d7:52:e7:8e:3c:
         48:c3:93:f2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3iWK+KBMqWl7dahUbcOcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlZWI2YjJjM2UwOWNhMWM0NWZkNzU0N2U0NTg5NDZjYzhh
NDY4YjQwHhcNMjQwMTAyMDYzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGZjYTQ2MjZkZGY0NzkzN2FiZjdlMDA2ZTk5NTM4Y2JjNDU2NmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgsIgjTNN6gtv+G2rMqkQIGk/Dq02
UJmh0x2iSbDy2YjPkRxERdC6CQcRHXTVFJoTa/qGE6G3L+qv+CoPGwzvANgdbjxO
kO3iyqZ83a6z5WHGReAQc5oGv6EEh66X+bWUBasxI3Z57qSRxlTgXpMBUL3NbIQ4
+7Tqyk6f90h3BwSQmxhfip0fgx/6h7aQks2RhKhjstYcO0Ia1+UwD21e7ItwLFaD
tS3DxHbeHL/QdcFYro+jpi3OcJoOcLk98OgVa8E2Bc2VZN9zPh+7S7gOrSj31Gia
On5C8SHMV7saVdcGdvp19G0hD0M4zDwzrCpXvFfdxHD1vDPC2J6zB1sCBwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCj8pGJt30eTer9+AG6ZU4y8RWbUMB8GA1UdIwQY
MBaAFE7rayw+CcocRf11R+RYlGzIpGi0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHV0ckxENEp5aHhGX1hWSDVGaVViTWlrYUxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi84ZjU5ZWMtZjkyYy00MjNkLThmYjct
NmU5YWRkYzgxNjJiLzEvS1B5a1ltM2ZSNU42djM0QWJwbFRqTHhGWnRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi84ZjU5ZWMtZjkyYy00MjNkLThmYjctNmU5YWRkYzgxNjJi
LzEvVHV0ckxENEp5aHhGX1hWSDVGaVViTWlrYUxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuW14AwQF
wbxAMA0GCSqGSIb3DQEBCwUAA4IBAQBLDtS/xQd/W/ylWYMrXqojA2NwzTG0AO5l
du8IKjjE4jEBxsjU7t4753eTNO30oGd22+v/u0sfOueiya9HIl7j0zMkDGzPrBUc
7jQbcwT5GUC0oApqODt9Pd1IOxPjUfgX5dvlhvloTlrjPuyTtdRjbajIDyacJyZx
S1YvMS6LQU/qPg+mWSXgzDVR7c3s6pT9v0hwc4GRaUxXawPQo1lZejN1j8NR9/i4
kXTKJkRxqHvAtEdG6vcVNLsoXqVfQ424RrCc4aN7Olb91fi1l8Si1yP9Uf9W3AJy
vzueCKjW82C0QvU/I+ziVqJcEPYrIYgj/mMlDYXH11LnjjxIw5Py
-----END CERTIFICATE-----