Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/ktu-Bm469q6vrM6aHcw1nhH6xf0.roa
File:                     ktu-Bm469q6vrM6aHcw1nhH6xf0.roa (raw, json)
Hash identifier:          6NrLwt+yzovfp6CKLOWmr7Z4CT6nZ+WN9fVKN+h05Lo=
Subject key identifier:   92:DB:BE:06:6E:3A:F6:AE:AF:AC:CE:9A:1D:CC:35:9E:11:FA:C5:FD
Certificate issuer:       /CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
Certificate serial:       018D7FD2272DA9D9535DA47C599A2C3AB71C
Authority key identifier: DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/ktu-Bm469q6vrM6aHcw1nhH6xf0.roa
Signing time:             Tue 06 Feb 2024 19:08:15 +0000
ROA not before:           Tue 06 Feb 2024 19:08:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207301
IP address blocks:        91.197.70.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7f:d2:27:2d:a9:d9:53:5d:a4:7c:59:9a:2c:3a:b7:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
        Validity
            Not Before: Feb  6 19:08:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=92dbbe066e3af6aeafacce9a1dcc359e11fac5fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:3b:79:9d:20:03:97:5f:fc:b9:68:c6:fe:38:
                    e6:da:5f:75:da:f5:55:39:9a:92:75:16:7c:60:02:
                    d1:e1:8e:00:ac:84:51:0e:fe:4b:1b:27:de:c1:48:
                    f7:10:34:70:3b:93:a3:eb:1a:60:25:97:39:b6:f5:
                    7a:5c:60:af:b2:1e:30:67:ea:90:5a:ed:1e:38:b4:
                    01:6f:3a:16:58:d4:5b:c8:26:ee:1a:76:32:dc:4c:
                    c2:d3:c2:99:b6:3c:78:c8:45:6d:57:82:2b:33:23:
                    77:99:b1:ff:c8:72:d1:90:39:3c:b5:4d:c4:e6:ed:
                    9d:d9:95:c1:4d:18:6a:ad:a4:49:e4:7f:5f:eb:96:
                    70:d6:52:35:1b:34:db:a4:4c:f8:e9:37:e3:3e:31:
                    48:c4:8c:a5:3d:1c:a2:28:33:33:ce:ab:c9:ac:6f:
                    fa:14:ab:57:98:97:be:d5:b8:55:91:8f:0a:2a:62:
                    1d:1e:7e:7c:5f:6d:a5:8a:2c:10:7a:ad:e9:26:90:
                    86:1f:c8:83:a4:9d:26:5c:f4:4d:6e:fa:8d:5c:58:
                    cb:92:7a:2e:cb:22:3d:13:27:15:c1:56:42:85:fb:
                    21:11:ae:4d:b7:90:8b:f2:47:a5:50:24:84:5f:93:
                    3f:8e:36:69:b4:fd:44:69:de:cb:66:07:92:88:12:
                    3e:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:DB:BE:06:6E:3A:F6:AE:AF:AC:CE:9A:1D:CC:35:9E:11:FA:C5:FD
            X509v3 Authority Key Identifier:
                keyid:DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/ktu-Bm469q6vrM6aHcw1nhH6xf0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.197.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:07:c4:fb:73:25:e3:d4:e9:63:37:b0:01:0d:f0:b0:d3:02:
         2a:09:62:63:f8:10:45:e3:8e:80:25:4a:2e:d4:6b:da:e9:d6:
         ee:1b:99:ff:14:1e:38:23:28:1d:c2:cb:8f:3d:ac:d1:5b:90:
         04:24:0d:b2:7e:c8:98:31:bc:a8:37:36:a1:ab:d1:c2:47:27:
         6a:5b:5a:8f:9c:5f:46:b6:7b:1a:3c:76:8d:a6:a0:50:5e:8a:
         95:5f:7c:0b:31:88:95:3e:4b:cf:a6:16:78:86:c0:b7:fc:c2:
         6b:05:89:da:5f:ee:55:93:90:47:7c:70:9f:c8:5d:2d:c9:d1:
         15:b0:55:c7:df:fd:4a:74:eb:9c:e9:1a:fb:ec:87:1d:d1:ac:
         31:1a:32:d6:3d:9c:9f:3f:7c:ed:93:22:32:4b:22:8a:d5:b0:
         a1:e1:7a:bf:89:db:a0:a2:b7:0e:d8:a3:43:01:69:5d:a0:76:
         bb:0f:99:c4:63:42:a1:97:ee:0f:5b:a0:80:cd:48:31:20:c1:
         c9:e3:f3:13:95:3e:47:de:63:d8:ac:06:41:33:e0:c6:68:13:
         aa:fe:9a:5a:0c:17:c3:a4:71:dc:c6:d9:1d:a1:6a:5b:77:b5:
         89:6f:44:e4:d2:67:37:96:b3:3e:17:7c:18:6a:dd:75:84:56:
         22:ad:94:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1/0ictqdlTXaR8WZosOrccMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYjM5NmRmYTk1MWVjNDE1N2YyMTFlNWVkNzQwZWQ5N2Ux
YjBmM2YwHhcNMjQwMjA2MTkwODE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmRiYmUwNjZlM2FmNmFlYWZhY2NlOWExZGNjMzU5ZTExZmFjNWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlDt5nSADl1/8uWjG/jjm2l912vVV
OZqSdRZ8YALR4Y4ArIRRDv5LGyfewUj3EDRwO5Oj6xpgJZc5tvV6XGCvsh4wZ+qQ
Wu0eOLQBbzoWWNRbyCbuGnYy3EzC08KZtjx4yEVtV4IrMyN3mbH/yHLRkDk8tU3E
5u2d2ZXBTRhqraRJ5H9f65Zw1lI1GzTbpEz46TfjPjFIxIylPRyiKDMzzqvJrG/6
FKtXmJe+1bhVkY8KKmIdHn58X22liiwQeq3pJpCGH8iDpJ0mXPRNbvqNXFjLknou
yyI9EycVwVZChfshEa5Nt5CL8kelUCSEX5M/jjZptP1Ead7LZgeSiBI+lQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJLbvgZuOvaur6zOmh3MNZ4R+sX9MB8GA1UdIwQY
MBaAFNuzlt+pUexBV/IR5e10Dtl+Gw8/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMt
ZGY1NzJmZTk2NzJhLzEva3R1LUJtNDY5cTZ2ck02YUhjdzFuaEg2eGYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMtZGY1NzJmZTk2NzJh
LzEvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8VGMA0G
CSqGSIb3DQEBCwUAA4IBAQBgB8T7cyXj1OljN7ABDfCw0wIqCWJj+BBF446AJUou
1Gva6dbuG5n/FB44IygdwsuPPazRW5AEJA2yfsiYMbyoNzahq9HCRydqW1qPnF9G
tnsaPHaNpqBQXoqVX3wLMYiVPkvPphZ4hsC3/MJrBYnaX+5Vk5BHfHCfyF0tydEV
sFXH3/1KdOuc6Rr77Icd0awxGjLWPZyfP3ztkyIySyKK1bCh4Xq/idugorcO2KND
AWldoHa7D5nEY0Khl+4PW6CAzUgxIMHJ4/MTlT5H3mPYrAZBM+DGaBOq/ppaDBfD
pHHcxtkdoWpbd7WJb0Tk0mc3lrM+F3wYat11hFYirZQb
-----END CERTIFICATE-----