Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/304e3d-1f0e-44eb-b2c1-e792f89cbce2/1/klQkB-etfmA4H2K0X66TOtS3dRg.roa
File:                     klQkB-etfmA4H2K0X66TOtS3dRg.roa (raw, json)
Hash identifier:          NATF1tABpwvVsT9kjMbeNZACmoZfk7Zk9Bcg+evo/tE=
Subject key identifier:   92:54:24:07:E7:AD:7E:60:38:1F:62:B4:5F:AE:93:3A:D4:B7:75:18
Certificate issuer:       /CN=fad0fb39d6b11fd15fcbb4163403155d1d455c05
Certificate serial:       018CC26D1F9FA1929560FFF562EBD7D146D5
Authority key identifier: FA:D0:FB:39:D6:B1:1F:D1:5F:CB:B4:16:34:03:15:5D:1D:45:5C:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-tD7OdaxH9Ffy7QWNAMVXR1FXAU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/304e3d-1f0e-44eb-b2c1-e792f89cbce2/1/klQkB-etfmA4H2K0X66TOtS3dRg.roa
Signing time:             Mon 01 Jan 2024 00:29:40 +0000
ROA not before:           Mon 01 Jan 2024 00:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205685
IP address blocks:        185.209.68.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/304e3d-1f0e-44eb-b2c1-e792f89cbce2/1/1-tD7OdaxH9Ffy7QWNAMVXR1FXAU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/304e3d-1f0e-44eb-b2c1-e792f89cbce2/1/1-tD7OdaxH9Ffy7QWNAMVXR1FXAU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-tD7OdaxH9Ffy7QWNAMVXR1FXAU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:1f:9f:a1:92:95:60:ff:f5:62:eb:d7:d1:46:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fad0fb39d6b11fd15fcbb4163403155d1d455c05
        Validity
            Not Before: Jan  1 00:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=92542407e7ad7e60381f62b45fae933ad4b77518
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:76:8f:a6:b2:13:d7:bb:a2:ef:62:33:df:f8:
                    54:24:e7:28:05:c2:d2:c4:00:d1:b6:20:29:07:f6:
                    ec:88:93:aa:41:f9:65:6a:3f:6a:3c:bd:ee:f0:1d:
                    a1:43:98:c2:cf:34:4c:f6:0c:d1:1b:ad:51:c0:1e:
                    80:1b:21:d5:7c:1d:65:e6:f4:87:68:38:f3:6b:bc:
                    8c:2d:d7:fe:26:22:00:9f:4a:1b:f3:57:42:30:46:
                    49:ba:0e:71:4b:83:bd:27:fc:f9:5b:0c:78:36:38:
                    e1:8d:ce:cb:a4:02:4c:0d:d2:52:7e:26:52:d2:5d:
                    c4:a9:d1:2d:de:2a:af:a1:b9:c0:aa:c0:54:96:7a:
                    06:d6:1b:81:51:73:65:0c:57:06:0d:c3:b4:3c:26:
                    4a:71:e7:35:f8:4a:68:cd:d4:57:34:f3:da:26:e5:
                    7d:ed:63:90:f3:23:46:36:28:e6:b7:90:0a:74:cb:
                    ce:6d:05:45:cf:40:15:d3:e4:f5:cd:41:d3:7d:d4:
                    c8:cc:f9:18:c9:94:bc:43:ce:e5:ea:ae:6c:01:8e:
                    5d:86:e7:20:36:41:10:33:41:ec:17:39:7b:88:85:
                    25:88:bc:a7:2c:23:91:1b:c2:33:de:61:29:f2:6a:
                    c2:93:ee:28:9f:6f:cb:e9:47:89:ad:ee:44:f5:cb:
                    d6:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:54:24:07:E7:AD:7E:60:38:1F:62:B4:5F:AE:93:3A:D4:B7:75:18
            X509v3 Authority Key Identifier:
                keyid:FA:D0:FB:39:D6:B1:1F:D1:5F:CB:B4:16:34:03:15:5D:1D:45:5C:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-tD7OdaxH9Ffy7QWNAMVXR1FXAU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/304e3d-1f0e-44eb-b2c1-e792f89cbce2/1/klQkB-etfmA4H2K0X66TOtS3dRg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/304e3d-1f0e-44eb-b2c1-e792f89cbce2/1/1-tD7OdaxH9Ffy7QWNAMVXR1FXAU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.209.68.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ac:3a:32:51:98:75:28:a3:47:b7:87:14:83:41:d4:d3:1c:bd:
         51:11:e2:97:0b:68:cc:91:6d:5a:14:d9:51:55:14:23:77:92:
         e9:5b:ff:9c:92:f9:60:ac:66:7e:fe:a4:30:ff:4b:5b:e7:58:
         75:db:3e:35:fb:86:fa:07:93:56:b0:df:28:57:0b:6f:89:70:
         97:a1:68:2c:0e:d4:03:eb:e2:21:00:ce:2f:9a:e5:52:55:d9:
         29:ea:f8:6a:a7:e3:8d:f3:eb:36:5d:b3:4a:73:ec:04:66:9c:
         ea:93:af:5b:55:00:a3:0e:95:28:2e:45:99:2c:87:10:96:30:
         b6:2a:45:fa:28:48:a2:1d:a0:00:94:bd:13:15:02:a1:f3:1f:
         9e:87:ef:ef:86:84:1c:b0:33:33:b1:1a:61:4c:34:55:36:d6:
         39:64:83:6d:78:a8:e0:f6:74:b6:1d:8d:71:02:ba:21:56:fe:
         48:32:77:80:74:00:4e:70:e9:b6:e5:e4:73:fc:0c:bc:80:fe:
         98:19:32:a4:08:d8:49:88:71:3b:05:15:b2:30:bf:59:c7:3f:
         61:f0:15:e2:66:fb:f0:5b:d8:61:1b:1e:5f:8c:2f:4e:da:9e:
         6a:b8:ec:0c:fd:2b:65:bb:da:72:35:28:53:d6:9a:d3:99:5d:
         be:e0:f1:43
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzCbR+foZKVYP/1YuvX0UbVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhZDBmYjM5ZDZiMTFmZDE1ZmNiYjQxNjM0MDMxNTVkMWQ0
NTVjMDUwHhcNMjQwMTAxMDAyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjU0MjQwN2U3YWQ3ZTYwMzgxZjYyYjQ1ZmFlOTMzYWQ0Yjc3NTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt3aPprIT17ui72Iz3/hUJOcoBcLS
xADRtiApB/bsiJOqQfllaj9qPL3u8B2hQ5jCzzRM9gzRG61RwB6AGyHVfB1l5vSH
aDjza7yMLdf+JiIAn0ob81dCMEZJug5xS4O9J/z5Wwx4Njjhjc7LpAJMDdJSfiZS
0l3EqdEt3iqvobnAqsBUlnoG1huBUXNlDFcGDcO0PCZKcec1+EpozdRXNPPaJuV9
7WOQ8yNGNijmt5AKdMvObQVFz0AV0+T1zUHTfdTIzPkYyZS8Q87l6q5sAY5dhucg
NkEQM0HsFzl7iIUliLynLCORG8Iz3mEp8mrCk+4on2/L6UeJre5E9cvWrwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFJJUJAfnrX5gOB9itF+ukzrUt3UYMB8GA1UdIwQY
MBaAFPrQ+znWsR/RX8u0FjQDFV0dRVwFMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS10RDdPZGF4SDlGZnk3UVdOQU1WWFIxRlhBVS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWQvMzA0ZTNkLTFmMGUtNDRlYi1iMmMx
LWU3OTJmODljYmNlMi8xL2tsUWtCLWV0Zm1BNEgySzBYNjZUT3RTM2RSZy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZWQvMzA0ZTNkLTFmMGUtNDRlYi1iMmMxLWU3OTJmODljYmNl
Mi8xLzEtdEQ3T2RheEg5RmZ5N1FXTkFNVlhSMUZYQVUuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAG50UQw
DQYJKoZIhvcNAQELBQADggEBAKw6MlGYdSijR7eHFINB1NMcvVER4pcLaMyRbVoU
2VFVFCN3kulb/5yS+WCsZn7+pDD/S1vnWHXbPjX7hvoHk1aw3yhXC2+JcJehaCwO
1APr4iEAzi+a5VJV2Snq+Gqn443z6zZds0pz7ARmnOqTr1tVAKMOlSguRZkshxCW
MLYqRfooSKIdoACUvRMVAqHzH56H7++GhBywMzOxGmFMNFU21jlkg214qOD2dLYd
jXECuiFW/kgyd4B0AE5w6bbl5HP8DLyA/pgZMqQI2EmIcTsFFbIwv1nHP2HwFeJm
+/Bb2GEbHl+ML07anmq47Az9K2W72nI1KFPWmtOZXb7g8UM=
-----END CERTIFICATE-----