Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/f3891f-4dc7-4f4c-b519-6107eb7c48d2/1/KWIxqPkuvRu-x-V0dydEMVWLBEI.roa
File:                     KWIxqPkuvRu-x-V0dydEMVWLBEI.roa (raw, json)
Hash identifier:          NXVjgWM080+iYlEFvLLdnZObAni5TOr8MPll5oohe1o=
Subject key identifier:   29:62:31:A8:F9:2E:BD:1B:BE:C7:E5:74:77:27:44:31:55:8B:04:42
Certificate issuer:       /CN=bc36b4cae090d0f49c5483f7b2f93fb92fd0ff87
Certificate serial:       018CC492FDE816EC60F9B3BEB8C445E3E7C9
Authority key identifier: BC:36:B4:CA:E0:90:D0:F4:9C:54:83:F7:B2:F9:3F:B9:2F:D0:FF:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vDa0yuCQ0PScVIP3svk_uS_Q_4c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/f3891f-4dc7-4f4c-b519-6107eb7c48d2/1/KWIxqPkuvRu-x-V0dydEMVWLBEI.roa
Signing time:             Mon 01 Jan 2024 10:30:16 +0000
ROA not before:           Mon 01 Jan 2024 10:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60631
IP address blocks:        185.204.197.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/f3891f-4dc7-4f4c-b519-6107eb7c48d2/1/vDa0yuCQ0PScVIP3svk_uS_Q_4c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/f3891f-4dc7-4f4c-b519-6107eb7c48d2/1/vDa0yuCQ0PScVIP3svk_uS_Q_4c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vDa0yuCQ0PScVIP3svk_uS_Q_4c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:fd:e8:16:ec:60:f9:b3:be:b8:c4:45:e3:e7:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc36b4cae090d0f49c5483f7b2f93fb92fd0ff87
        Validity
            Not Before: Jan  1 10:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=296231a8f92ebd1bbec7e57477274431558b0442
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:9a:6e:cf:10:20:53:b1:cb:dd:55:2a:e1:63:
                    62:b2:56:46:74:42:97:4a:9c:0a:11:bb:b8:b8:63:
                    e4:d7:6b:7b:4c:b4:55:ad:dc:43:f3:b9:73:6c:4f:
                    4e:35:e0:7a:cf:6f:91:73:8e:7a:2d:ad:e3:20:14:
                    ed:91:77:74:a3:41:4d:bf:9d:e4:80:b4:b9:ec:42:
                    9d:56:86:07:3e:4f:e2:8b:5c:39:e7:7f:fe:1c:64:
                    3e:7e:13:ee:c6:08:76:09:c6:d3:49:5f:53:04:fb:
                    66:7d:ab:95:ed:4e:53:9a:ad:08:ac:05:65:5e:86:
                    23:9b:01:ff:e5:0e:20:be:8e:bf:15:6a:1b:fd:92:
                    3e:ab:92:ed:a0:c4:1c:07:05:37:ab:bf:ef:b5:8c:
                    16:39:bf:d5:fc:7a:e1:4b:88:52:bb:74:14:2c:31:
                    9a:2b:27:08:44:1b:f5:d5:b6:cd:28:b4:36:b9:57:
                    08:f6:fe:14:0d:52:1a:bf:49:06:be:ae:10:63:b6:
                    62:80:a7:19:cc:9f:37:8e:4f:5b:4f:5f:30:91:ce:
                    7f:4f:89:2f:2a:6d:0e:af:76:0f:32:9f:b2:4a:10:
                    b9:78:8d:bb:04:62:d8:74:19:fc:60:95:61:06:5e:
                    17:49:78:bd:0b:05:b0:a3:5c:29:d3:53:37:2a:3d:
                    24:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:62:31:A8:F9:2E:BD:1B:BE:C7:E5:74:77:27:44:31:55:8B:04:42
            X509v3 Authority Key Identifier:
                keyid:BC:36:B4:CA:E0:90:D0:F4:9C:54:83:F7:B2:F9:3F:B9:2F:D0:FF:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vDa0yuCQ0PScVIP3svk_uS_Q_4c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/f3891f-4dc7-4f4c-b519-6107eb7c48d2/1/KWIxqPkuvRu-x-V0dydEMVWLBEI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/f3891f-4dc7-4f4c-b519-6107eb7c48d2/1/vDa0yuCQ0PScVIP3svk_uS_Q_4c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.204.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:57:a1:64:c3:47:a9:4e:d8:f1:8f:a6:a0:86:bc:b4:8f:dc:
         69:19:0a:9d:cb:ce:14:a0:3f:4f:ca:64:96:5d:d2:12:74:72:
         dc:be:17:c5:68:eb:93:f4:da:d7:ab:5a:e2:41:4b:c4:da:22:
         69:f5:b7:6a:b5:f6:79:b4:14:ae:58:4e:a0:0e:4a:69:ca:c6:
         02:51:e4:8e:27:7a:fb:81:ed:7e:0d:7e:34:09:88:dc:a9:ff:
         4e:d0:8b:e6:cd:e0:f0:2c:07:61:73:7a:e3:13:ae:60:06:9c:
         7a:f0:c8:bb:d8:af:fb:5c:56:ff:b7:5a:74:62:b0:26:11:ae:
         41:f0:0a:c9:dd:86:3f:73:cd:2c:fe:61:f6:7d:a1:48:fb:a7:
         1b:63:e5:a0:a2:52:2f:19:30:c6:15:e8:5e:eb:39:90:1d:43:
         f3:d8:5d:cb:26:03:d1:39:94:40:25:ba:55:d1:22:32:03:67:
         dd:80:40:2e:81:85:c1:55:9d:0c:72:ec:19:01:17:7b:22:83:
         44:76:26:37:60:9f:22:36:ad:7f:5d:80:87:3b:43:e7:f7:9d:
         cf:c5:b4:bc:6e:52:82:bd:cf:d2:43:11:3b:c6:5d:4d:f5:ab:
         27:9e:de:3c:06:e1:35:37:ac:7c:9b:92:4e:71:46:c2:5c:48:
         ea:32:7a:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkv3oFuxg+bO+uMRF4+fJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjMzZiNGNhZTA5MGQwZjQ5YzU0ODNmN2IyZjkzZmI5MmZk
MGZmODcwHhcNMjQwMTAxMTAzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTYyMzFhOGY5MmViZDFiYmVjN2U1NzQ3NzI3NDQzMTU1OGIwNDQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj5puzxAgU7HL3VUq4WNislZGdEKX
SpwKEbu4uGPk12t7TLRVrdxD87lzbE9ONeB6z2+Rc456La3jIBTtkXd0o0FNv53k
gLS57EKdVoYHPk/ii1w553/+HGQ+fhPuxgh2CcbTSV9TBPtmfauV7U5Tmq0IrAVl
XoYjmwH/5Q4gvo6/FWob/ZI+q5LtoMQcBwU3q7/vtYwWOb/V/HrhS4hSu3QULDGa
KycIRBv11bbNKLQ2uVcI9v4UDVIav0kGvq4QY7ZigKcZzJ83jk9bT18wkc5/T4kv
Km0Or3YPMp+yShC5eI27BGLYdBn8YJVhBl4XSXi9CwWwo1wp01M3Kj0kuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCliMaj5Lr0bvsfldHcnRDFViwRCMB8GA1UdIwQY
MBaAFLw2tMrgkND0nFSD97L5P7kv0P+HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkRhMHl1Q1EwUFNjVklQM3N2a191U19RXzRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9mMzg5MWYtNGRjNy00ZjRjLWI1MTkt
NjEwN2ViN2M0OGQyLzEvS1dJeHFQa3V2UnUteC1WMGR5ZEVNVldMQkVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9mMzg5MWYtNGRjNy00ZjRjLWI1MTktNjEwN2ViN2M0OGQy
LzEvdkRhMHl1Q1EwUFNjVklQM3N2a191U19RXzRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuczFMA0G
CSqGSIb3DQEBCwUAA4IBAQC1V6Fkw0epTtjxj6aghry0j9xpGQqdy84UoD9PymSW
XdISdHLcvhfFaOuT9NrXq1riQUvE2iJp9bdqtfZ5tBSuWE6gDkppysYCUeSOJ3r7
ge1+DX40CYjcqf9O0IvmzeDwLAdhc3rjE65gBpx68Mi72K/7XFb/t1p0YrAmEa5B
8ArJ3YY/c80s/mH2faFI+6cbY+WgolIvGTDGFehe6zmQHUPz2F3LJgPROZRAJbpV
0SIyA2fdgEAugYXBVZ0McuwZARd7IoNEdiY3YJ8iNq1/XYCHO0Pn953PxbS8blKC
vc/SQxE7xl1N9asnnt48BuE1N6x8m5JOcUbCXEjqMnrM
-----END CERTIFICATE-----