Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/eb0ea4-2458-4977-827d-fce2795fd80b/1/KWDvnpI_tcS7mN1MHdXjld16zko.roa
File:                     KWDvnpI_tcS7mN1MHdXjld16zko.roa (raw, json)
Hash identifier:          eG7EeYqDpK94gTCM5HklNkSyeRgl1ffb/mRVSL9dZs8=
Subject key identifier:   29:60:EF:9E:92:3F:B5:C4:BB:98:DD:4C:1D:D5:E3:95:DD:7A:CE:4A
Certificate issuer:       /CN=16b43fb87e804922d1c6d07e2597b61e04ee17f0
Certificate serial:       018CC8012E979FF4A85FA760051E8DFEC825
Authority key identifier: 16:B4:3F:B8:7E:80:49:22:D1:C6:D0:7E:25:97:B6:1E:04:EE:17:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FrQ_uH6ASSLRxtB-JZe2HgTuF_A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/eb0ea4-2458-4977-827d-fce2795fd80b/1/KWDvnpI_tcS7mN1MHdXjld16zko.roa
Signing time:             Tue 02 Jan 2024 02:29:29 +0000
ROA not before:           Tue 02 Jan 2024 02:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209622
IP address blocks:        185.201.151.0/24 maxlen: 24
                          88.218.118.0/24 maxlen: 24
                          5.154.240.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/eb0ea4-2458-4977-827d-fce2795fd80b/1/FrQ_uH6ASSLRxtB-JZe2HgTuF_A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/eb0ea4-2458-4977-827d-fce2795fd80b/1/FrQ_uH6ASSLRxtB-JZe2HgTuF_A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FrQ_uH6ASSLRxtB-JZe2HgTuF_A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:02:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:2e:97:9f:f4:a8:5f:a7:60:05:1e:8d:fe:c8:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16b43fb87e804922d1c6d07e2597b61e04ee17f0
        Validity
            Not Before: Jan  2 02:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2960ef9e923fb5c4bb98dd4c1dd5e395dd7ace4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:a8:e2:ea:c4:b6:c5:f2:52:40:72:49:21:a7:
                    91:d7:42:a7:73:a1:10:60:29:ec:06:41:da:66:6d:
                    f9:81:24:17:90:8a:26:dd:a0:71:e6:99:eb:6d:68:
                    f0:e4:f4:b5:4b:a3:2c:fc:a7:e7:de:ff:39:c7:d0:
                    04:4b:3a:52:b1:58:18:36:5d:d0:bf:76:d3:c0:69:
                    91:88:35:a7:9d:3b:80:4a:a4:2b:ca:bf:42:05:b6:
                    48:a0:36:6d:1b:e7:73:71:3d:c0:a0:59:72:02:0b:
                    d8:35:2d:2e:0d:45:08:45:d1:1d:af:48:a3:5a:56:
                    ee:df:0e:25:95:12:0d:91:a2:f2:13:11:b5:32:93:
                    3d:de:31:21:34:82:bf:4c:2c:9c:ab:34:ab:55:cc:
                    35:9d:65:58:ec:02:a7:e4:a8:99:94:df:ce:6f:47:
                    36:cd:21:a7:92:69:68:eb:35:64:f2:1c:75:7c:dc:
                    70:0f:6f:cc:af:bc:0a:7a:9f:2f:23:81:4b:48:f3:
                    dc:9c:92:2c:f8:a4:4d:de:2d:e5:80:0e:08:30:cf:
                    91:11:f7:c0:cb:f7:06:ea:4a:10:42:71:16:51:1b:
                    be:97:1a:ef:24:99:ba:b8:11:ba:e2:ab:ee:a8:47:
                    0f:91:bb:10:57:95:47:a9:fe:4e:9f:88:ac:a9:a5:
                    1d:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:60:EF:9E:92:3F:B5:C4:BB:98:DD:4C:1D:D5:E3:95:DD:7A:CE:4A
            X509v3 Authority Key Identifier:
                keyid:16:B4:3F:B8:7E:80:49:22:D1:C6:D0:7E:25:97:B6:1E:04:EE:17:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FrQ_uH6ASSLRxtB-JZe2HgTuF_A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/eb0ea4-2458-4977-827d-fce2795fd80b/1/KWDvnpI_tcS7mN1MHdXjld16zko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/eb0ea4-2458-4977-827d-fce2795fd80b/1/FrQ_uH6ASSLRxtB-JZe2HgTuF_A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.154.240.0/24
                  88.218.118.0/24
                  185.201.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:ce:f1:83:bd:be:8d:d8:0e:90:bb:46:4a:4a:5b:c3:13:eb:
         3c:bf:ae:b9:ae:c3:95:85:20:c2:b5:98:0e:0a:31:9f:20:33:
         5f:29:cb:36:9a:9f:28:30:35:91:6f:c7:80:0e:d6:70:dc:da:
         37:18:d4:d7:3b:52:cc:0e:68:f0:b2:9e:46:a8:8e:76:6d:43:
         e6:89:75:f9:fb:5e:67:93:cd:b0:e2:59:8a:25:84:de:83:14:
         7a:6c:f8:72:9f:d8:e2:dc:fb:b2:77:9d:2e:f7:bd:db:57:d7:
         9a:83:7e:62:b0:2b:b8:ab:5f:e2:55:c0:fb:9a:0d:1e:fb:cf:
         81:ea:85:a3:be:55:3a:63:19:d4:34:82:1a:d9:5b:08:2a:d7:
         15:bc:b1:7a:01:63:44:24:2b:d9:85:4b:72:c0:33:91:9c:0e:
         33:51:1f:2b:c1:ea:c3:9f:bb:5d:e3:bb:19:cc:13:07:eb:f9:
         ae:ee:ce:8b:2a:39:c9:77:12:07:37:9c:82:69:b1:0e:b3:2b:
         a5:5c:52:db:25:66:00:6f:22:ec:5c:d1:88:34:52:1e:c6:08:
         c0:e5:5f:90:97:f3:d7:45:19:1b:d8:77:cf:df:57:80:12:b3:
         70:bf:da:d9:66:fb:da:aa:41:9b:d8:2e:16:58:95:32:cc:79:
         fb:b6:b2:0e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzIAS6Xn/SoX6dgBR6N/sglMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2YjQzZmI4N2U4MDQ5MjJkMWM2ZDA3ZTI1OTdiNjFlMDRl
ZTE3ZjAwHhcNMjQwMTAyMDIyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTYwZWY5ZTkyM2ZiNWM0YmI5OGRkNGMxZGQ1ZTM5NWRkN2FjZTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiKji6sS2xfJSQHJJIaeR10Knc6EQ
YCnsBkHaZm35gSQXkIom3aBx5pnrbWjw5PS1S6Ms/Kfn3v85x9AESzpSsVgYNl3Q
v3bTwGmRiDWnnTuASqQryr9CBbZIoDZtG+dzcT3AoFlyAgvYNS0uDUUIRdEdr0ij
Wlbu3w4llRINkaLyExG1MpM93jEhNIK/TCycqzSrVcw1nWVY7AKn5KiZlN/Ob0c2
zSGnkmlo6zVk8hx1fNxwD2/Mr7wKep8vI4FLSPPcnJIs+KRN3i3lgA4IMM+REffA
y/cG6koQQnEWURu+lxrvJJm6uBG64qvuqEcPkbsQV5VHqf5On4isqaUdzQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFClg756SP7XEu5jdTB3V45Xdes5KMB8GA1UdIwQY
MBaAFBa0P7h+gEki0cbQfiWXth4E7hfwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnJRX3VINkFTU0xSeHRCLUpaZTJIZ1R1Rl9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9lYjBlYTQtMjQ1OC00OTc3LTgyN2Qt
ZmNlMjc5NWZkODBiLzEvS1dEdm5wSV90Y1M3bU4xTUhkWGpsZDE2emtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9lYjBlYTQtMjQ1OC00OTc3LTgyN2QtZmNlMjc5NWZkODBi
LzEvRnJRX3VINkFTU0xSeHRCLUpaZTJIZ1R1Rl9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABZrwAwQA
WNp2AwQAucmXMA0GCSqGSIb3DQEBCwUAA4IBAQAOzvGDvb6N2A6Qu0ZKSlvDE+s8
v665rsOVhSDCtZgOCjGfIDNfKcs2mp8oMDWRb8eADtZw3No3GNTXO1LMDmjwsp5G
qI52bUPmiXX5+15nk82w4lmKJYTegxR6bPhyn9ji3Puyd50u973bV9eag35isCu4
q1/iVcD7mg0e+8+B6oWjvlU6YxnUNIIa2VsIKtcVvLF6AWNEJCvZhUtywDORnA4z
UR8rwerDn7td47sZzBMH6/mu7s6LKjnJdxIHN5yCabEOsyulXFLbJWYAbyLsXNGI
NFIexgjA5V+Ql/PXRRkb2HfP31eAErNwv9rZZvvaqkGb2C4WWJUyzHn7trIO
-----END CERTIFICATE-----