Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/a3a5a4-d07d-4abd-b129-227f7497dc1e/1/kFIrClBnwFGn2CYdl0L1H5dAqFg.roa
File:                     kFIrClBnwFGn2CYdl0L1H5dAqFg.roa (raw, json)
Hash identifier:          xZp5+2wkovZs9ljhFmneuMeZlR01G8tzG2kCqHCarpA=
Subject key identifier:   90:52:2B:0A:50:67:C0:51:A7:D8:26:1D:97:42:F5:1F:97:40:A8:58
Certificate issuer:       /CN=8f31cc3605b3efc09b2688508063b6fd485561dd
Certificate serial:       018CC9BC8BBAFA67D109A0B9F9465A76663E
Authority key identifier: 8F:31:CC:36:05:B3:EF:C0:9B:26:88:50:80:63:B6:FD:48:55:61:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jzHMNgWz78CbJohQgGO2_UhVYd0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/a3a5a4-d07d-4abd-b129-227f7497dc1e/1/kFIrClBnwFGn2CYdl0L1H5dAqFg.roa
Signing time:             Tue 02 Jan 2024 10:33:46 +0000
ROA not before:           Tue 02 Jan 2024 10:33:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     702
IP address blocks:        192.109.254.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/a3a5a4-d07d-4abd-b129-227f7497dc1e/1/jzHMNgWz78CbJohQgGO2_UhVYd0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/a3a5a4-d07d-4abd-b129-227f7497dc1e/1/jzHMNgWz78CbJohQgGO2_UhVYd0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jzHMNgWz78CbJohQgGO2_UhVYd0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:8b:ba:fa:67:d1:09:a0:b9:f9:46:5a:76:66:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f31cc3605b3efc09b2688508063b6fd485561dd
        Validity
            Not Before: Jan  2 10:33:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=90522b0a5067c051a7d8261d9742f51f9740a858
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:54:8a:cd:7e:d0:25:cd:f9:3a:6b:ea:7f:31:
                    bf:1a:da:9d:1e:12:68:27:1a:71:b1:cd:d9:c9:48:
                    fa:68:77:2a:7f:81:02:81:d8:7d:54:92:20:c8:ba:
                    d7:8c:3a:4e:a1:62:d8:d0:0d:c8:f2:bb:11:28:bd:
                    d5:3f:3b:9c:bb:73:8c:7c:c5:0b:f0:88:8c:fe:c9:
                    0a:23:46:5d:4c:4e:b5:e9:a3:9b:70:7d:16:b6:e5:
                    a3:cb:e6:22:35:f0:a3:ca:f1:e1:cb:42:55:93:d0:
                    1a:fa:82:20:7f:10:cf:d4:b5:2c:5e:c9:e8:ea:c7:
                    0a:00:62:8f:ad:25:80:a0:25:cb:f2:25:75:56:10:
                    a5:bf:8d:7a:d3:71:c6:a7:38:a9:51:e0:c7:10:a3:
                    7c:c2:58:c9:7e:db:20:89:80:55:46:bc:e0:b3:ee:
                    c7:5d:ef:e3:f5:a1:d2:96:6a:bc:f8:ad:13:93:8c:
                    d2:a5:ff:79:27:0f:ee:f6:0f:66:4b:cb:7a:3d:cb:
                    e0:63:d7:93:24:ed:97:1f:fd:8f:43:78:3d:d7:b7:
                    b1:01:01:57:dc:e5:69:6a:79:0e:f0:8b:d2:20:36:
                    81:42:07:cf:f1:c4:24:1e:73:73:93:e9:67:3b:ff:
                    c1:7a:07:38:8e:2e:7d:2d:08:03:86:a3:d5:f6:bf:
                    b8:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:52:2B:0A:50:67:C0:51:A7:D8:26:1D:97:42:F5:1F:97:40:A8:58
            X509v3 Authority Key Identifier:
                keyid:8F:31:CC:36:05:B3:EF:C0:9B:26:88:50:80:63:B6:FD:48:55:61:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jzHMNgWz78CbJohQgGO2_UhVYd0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/a3a5a4-d07d-4abd-b129-227f7497dc1e/1/kFIrClBnwFGn2CYdl0L1H5dAqFg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/a3a5a4-d07d-4abd-b129-227f7497dc1e/1/jzHMNgWz78CbJohQgGO2_UhVYd0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         77:77:b9:4e:2d:09:dd:ef:0c:e4:b9:9d:3d:3a:96:30:6f:da:
         93:02:9a:83:cb:58:cb:70:ac:fb:96:f0:e4:cd:ed:c2:94:28:
         af:6c:f5:1b:50:e7:53:cf:e1:15:c0:0c:69:ae:a4:05:23:bb:
         44:38:a1:4f:ce:84:62:66:33:34:7a:8e:47:73:9d:8f:6f:bc:
         45:29:a0:50:51:d1:5f:2e:e5:b5:a3:ed:38:76:38:e6:4d:da:
         e2:87:02:4e:1d:16:1e:3b:28:44:ca:b8:19:21:8e:7c:4d:ff:
         88:8b:57:ca:59:d6:10:b9:f9:c4:6e:1f:e8:59:68:e2:6a:01:
         15:d9:ad:9a:66:44:f2:ab:5d:22:f2:42:e4:b3:7e:18:c2:24:
         b8:9a:97:5f:52:4d:3d:cf:3f:97:64:ec:cd:96:9f:01:3c:bc:
         86:1a:06:07:f0:a2:a7:e3:74:4c:54:f6:78:f3:57:16:d2:d7:
         9a:52:82:e5:54:9d:b1:36:ad:81:b7:11:6c:e9:a1:19:a5:de:
         f8:00:f9:df:22:cb:88:ec:58:95:4c:a9:af:9a:fd:d0:78:41:
         90:c7:0c:2c:f6:2c:cb:b0:89:41:95:ff:0e:c2:1d:b0:dc:52:
         39:cd:30:8a:a9:79:09:51:9a:c4:32:34:3b:f2:0e:d3:52:61:
         74:9c:91:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvIu6+mfRCaC5+UZadmY+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmMzFjYzM2MDViM2VmYzA5YjI2ODg1MDgwNjNiNmZkNDg1
NTYxZGQwHhcNMjQwMTAyMTAzMzQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDUyMmIwYTUwNjdjMDUxYTdkODI2MWQ5NzQyZjUxZjk3NDBhODU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFSKzX7QJc35OmvqfzG/GtqdHhJo
Jxpxsc3ZyUj6aHcqf4ECgdh9VJIgyLrXjDpOoWLY0A3I8rsRKL3VPzucu3OMfMUL
8IiM/skKI0ZdTE616aObcH0WtuWjy+YiNfCjyvHhy0JVk9Aa+oIgfxDP1LUsXsno
6scKAGKPrSWAoCXL8iV1VhClv41603HGpzipUeDHEKN8wljJftsgiYBVRrzgs+7H
Xe/j9aHSlmq8+K0Tk4zSpf95Jw/u9g9mS8t6PcvgY9eTJO2XH/2PQ3g917exAQFX
3OVpankO8IvSIDaBQgfP8cQkHnNzk+lnO//Begc4ji59LQgDhqPV9r+43QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJBSKwpQZ8BRp9gmHZdC9R+XQKhYMB8GA1UdIwQY
MBaAFI8xzDYFs+/AmyaIUIBjtv1IVWHdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanpITU5nV3o3OENiSm9oUWdHTzJfVWhWWWQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9hM2E1YTQtZDA3ZC00YWJkLWIxMjkt
MjI3Zjc0OTdkYzFlLzEva0ZJckNsQm53RkduMkNZZGwwTDFINWRBcUZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9hM2E1YTQtZDA3ZC00YWJkLWIxMjktMjI3Zjc0OTdkYzFl
LzEvanpITU5nV3o3OENiSm9oUWdHTzJfVWhWWWQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwG3+MA0G
CSqGSIb3DQEBCwUAA4IBAQB3d7lOLQnd7wzkuZ09OpYwb9qTApqDy1jLcKz7lvDk
ze3ClCivbPUbUOdTz+EVwAxprqQFI7tEOKFPzoRiZjM0eo5Hc52Pb7xFKaBQUdFf
LuW1o+04djjmTdrihwJOHRYeOyhEyrgZIY58Tf+Ii1fKWdYQufnEbh/oWWjiagEV
2a2aZkTyq10i8kLks34YwiS4mpdfUk09zz+XZOzNlp8BPLyGGgYH8KKn43RMVPZ4
81cW0teaUoLlVJ2xNq2BtxFs6aEZpd74APnfIsuI7FiVTKmvmv3QeEGQxwws9izL
sIlBlf8Owh2w3FI5zTCKqXkJUZrEMjQ78g7TUmF0nJFs
-----END CERTIFICATE-----