Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/e3c854-2262-4895-b92a-f2c65a7013ef/1/KYV1JfOwegSjf6zKBq8tHTaXmT0.roa
File:                     KYV1JfOwegSjf6zKBq8tHTaXmT0.roa (raw, json)
Hash identifier:          wD6Y6M95Qq3PTzEeuNVyakktvzn4uQHlbdIgr0S7IxQ=
Subject key identifier:   29:85:75:25:F3:B0:7A:04:A3:7F:AC:CA:06:AF:2D:1D:36:97:99:3D
Certificate issuer:       /CN=111f4b0a73ac1b633d24ed5a094fde3a2ef51b94
Certificate serial:       018CC3B6A38CE478333046E0F4BF60A1BCA6
Authority key identifier: 11:1F:4B:0A:73:AC:1B:63:3D:24:ED:5A:09:4F:DE:3A:2E:F5:1B:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ER9LCnOsG2M9JO1aCU_eOi71G5Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/e3c854-2262-4895-b92a-f2c65a7013ef/1/KYV1JfOwegSjf6zKBq8tHTaXmT0.roa
Signing time:             Mon 01 Jan 2024 06:29:35 +0000
ROA not before:           Mon 01 Jan 2024 06:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44780
IP address blocks:        185.148.168.0/22 maxlen: 24
                          2a07:60c0::/29 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/e3c854-2262-4895-b92a-f2c65a7013ef/1/ER9LCnOsG2M9JO1aCU_eOi71G5Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/e3c854-2262-4895-b92a-f2c65a7013ef/1/ER9LCnOsG2M9JO1aCU_eOi71G5Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ER9LCnOsG2M9JO1aCU_eOi71G5Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 14:51:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:a3:8c:e4:78:33:30:46:e0:f4:bf:60:a1:bc:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=111f4b0a73ac1b633d24ed5a094fde3a2ef51b94
        Validity
            Not Before: Jan  1 06:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=29857525f3b07a04a37facca06af2d1d3697993d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:d1:2a:aa:ca:6d:bd:3d:1c:31:ca:e1:21:85:
                    b6:27:7a:08:73:f8:43:1d:0f:a3:dd:04:b0:c5:a6:
                    78:bc:e2:5f:33:9e:12:8b:c3:1d:86:db:c5:cd:0b:
                    22:2b:92:9c:03:bd:ab:1e:c5:c0:d8:54:53:52:a8:
                    a9:8d:d5:31:32:1d:9d:cc:e9:9c:59:47:1a:f6:71:
                    c7:03:bc:95:f0:1d:72:6d:1d:aa:b7:79:17:53:fc:
                    da:a7:99:03:54:45:ac:99:84:8e:4a:b6:7f:ef:bc:
                    a6:3e:70:35:51:5a:73:c2:aa:b2:0f:bd:e6:7b:1a:
                    d7:70:9e:ad:24:c1:da:f0:57:b2:00:fe:5f:7d:29:
                    9c:1e:97:1c:50:76:cb:fe:12:2e:e9:a0:ea:2b:49:
                    b8:b4:ea:de:cc:06:b8:90:05:ff:1c:75:b0:ed:b8:
                    2a:96:80:db:29:92:18:0d:1a:b0:76:7c:ad:99:2a:
                    f9:d2:c4:8e:43:a3:50:08:ba:ef:a0:c5:2e:11:12:
                    dc:8b:e3:81:c6:2f:34:45:a4:b1:a0:4f:f5:f5:d0:
                    04:1c:fe:8f:93:be:72:cf:46:07:6b:53:5f:5e:90:
                    86:4d:37:03:82:f7:2d:c6:6a:e2:70:9e:7f:09:ee:
                    c1:50:a4:75:90:bc:34:7c:e8:cc:e3:3a:84:82:8b:
                    2a:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:85:75:25:F3:B0:7A:04:A3:7F:AC:CA:06:AF:2D:1D:36:97:99:3D
            X509v3 Authority Key Identifier:
                keyid:11:1F:4B:0A:73:AC:1B:63:3D:24:ED:5A:09:4F:DE:3A:2E:F5:1B:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ER9LCnOsG2M9JO1aCU_eOi71G5Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/e3c854-2262-4895-b92a-f2c65a7013ef/1/KYV1JfOwegSjf6zKBq8tHTaXmT0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/e3c854-2262-4895-b92a-f2c65a7013ef/1/ER9LCnOsG2M9JO1aCU_eOi71G5Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.148.168.0/22
                IPv6:
                  2a07:60c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         70:6f:88:8c:e2:11:f6:5f:43:7e:05:6a:c2:95:1a:dc:a1:e0:
         de:36:c5:35:39:5f:4f:fc:c4:24:5a:1d:23:1e:04:bf:9f:3a:
         c4:ee:a7:7f:17:0a:1d:ca:09:fc:ae:31:47:81:8c:c5:dc:c8:
         0c:bc:c8:03:28:ef:19:00:1e:a9:27:79:2b:cf:85:4d:37:38:
         5e:41:3a:e2:79:51:62:cc:6f:4d:d7:3d:ad:63:94:b3:f6:68:
         bc:d2:36:c6:30:ff:09:8a:f5:26:72:1d:a2:ab:98:58:1c:30:
         72:6e:7f:ec:c6:18:bc:6d:d9:28:eb:7f:78:7a:01:f7:a5:9a:
         bd:35:bb:72:89:f7:f1:c6:70:28:ca:85:79:1b:6e:af:21:c4:
         5b:b7:68:a9:e7:65:ca:9b:25:a6:40:87:5b:3b:53:53:73:18:
         b3:dd:ac:a8:94:8e:10:18:97:46:0f:c7:a4:96:33:a7:58:b0:
         88:88:ee:64:7e:00:ed:2e:77:18:0f:86:c9:68:d6:b1:93:71:
         d7:b3:51:d4:3d:da:c5:1f:df:de:78:5e:88:79:66:48:e8:c9:
         82:15:80:7e:d8:03:5b:df:11:c7:0a:93:70:88:45:da:51:7f:
         51:79:4f:fc:42:b7:50:1f:b3:7f:5a:27:94:45:64:b3:25:1f:
         e7:b7:91:70
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDtqOM5HgzMEbg9L9gobymMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMWY0YjBhNzNhYzFiNjMzZDI0ZWQ1YTA5NGZkZTNhMmVm
NTFiOTQwHhcNMjQwMTAxMDYyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTg1NzUyNWYzYjA3YTA0YTM3ZmFjY2EwNmFmMmQxZDM2OTc5OTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl9EqqsptvT0cMcrhIYW2J3oIc/hD
HQ+j3QSwxaZ4vOJfM54Si8MdhtvFzQsiK5KcA72rHsXA2FRTUqipjdUxMh2dzOmc
WUca9nHHA7yV8B1ybR2qt3kXU/zap5kDVEWsmYSOSrZ/77ymPnA1UVpzwqqyD73m
exrXcJ6tJMHa8FeyAP5ffSmcHpccUHbL/hIu6aDqK0m4tOrezAa4kAX/HHWw7bgq
loDbKZIYDRqwdnytmSr50sSOQ6NQCLrvoMUuERLci+OBxi80RaSxoE/19dAEHP6P
k75yz0YHa1NfXpCGTTcDgvctxmricJ5/Ce7BUKR1kLw0fOjM4zqEgosqrQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCmFdSXzsHoEo3+sygavLR02l5k9MB8GA1UdIwQY
MBaAFBEfSwpzrBtjPSTtWglP3jou9RuUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVI5TENuT3NHMk05Sk8xYUNVX2VPaTcxRzVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy9lM2M4NTQtMjI2Mi00ODk1LWI5MmEt
ZjJjNjVhNzAxM2VmLzEvS1lWMUpmT3dlZ1NqZjZ6S0JxOHRIVGFYbVQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy9lM2M4NTQtMjI2Mi00ODk1LWI5MmEtZjJjNjVhNzAxM2Vm
LzEvRVI5TENuT3NHMk05Sk8xYUNVX2VPaTcxRzVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZSoMA0E
AgACMAcDBQMqB2DAMA0GCSqGSIb3DQEBCwUAA4IBAQBwb4iM4hH2X0N+BWrClRrc
oeDeNsU1OV9P/MQkWh0jHgS/nzrE7qd/Fwodygn8rjFHgYzF3MgMvMgDKO8ZAB6p
J3krz4VNNzheQTrieVFizG9N1z2tY5Sz9mi80jbGMP8JivUmch2iq5hYHDBybn/s
xhi8bdko6394egH3pZq9NbtyiffxxnAoyoV5G26vIcRbt2ip52XKmyWmQIdbO1NT
cxiz3ayolI4QGJdGD8ekljOnWLCIiO5kfgDtLncYD4bJaNaxk3HXs1HUPdrFH9/e
eF6IeWZI6MmCFYB+2ANb3xHHCpNwiEXaUX9ReU/8QrdQH7N/WieURWSzJR/nt5Fw
-----END CERTIFICATE-----