Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/1f0831-fc6b-4865-a8a8-edf42d5c481f/1/KJAPM5sJxQ9SKVqTcaab3f6G9mY.roa
File:                     KJAPM5sJxQ9SKVqTcaab3f6G9mY.roa (raw, json)
Hash identifier:          Yku+i5SqQzdGYUdxCZ0HgyL69TvDYaM+aXCASfdu/po=
Subject key identifier:   28:90:0F:33:9B:09:C5:0F:52:29:5A:93:71:A6:9B:DD:FE:86:F6:66
Certificate issuer:       /CN=557d2144dd1b714e9e3ca0901fe67504bf457eeb
Certificate serial:       019112648C074A633C59EC6D04E2BC40B78C
Authority key identifier: 55:7D:21:44:DD:1B:71:4E:9E:3C:A0:90:1F:E6:75:04:BF:45:7E:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VX0hRN0bcU6ePKCQH-Z1BL9Ffus.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/1f0831-fc6b-4865-a8a8-edf42d5c481f/1/KJAPM5sJxQ9SKVqTcaab3f6G9mY.roa
Signing time:             Fri 02 Aug 2024 09:21:04 +0000
ROA not before:           Fri 02 Aug 2024 09:21:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213398
IP address blocks:        89.40.30.0/24 maxlen: 24
                          91.234.235.0/24 maxlen: 24
                          194.164.224.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/1f0831-fc6b-4865-a8a8-edf42d5c481f/1/VX0hRN0bcU6ePKCQH-Z1BL9Ffus.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/1f0831-fc6b-4865-a8a8-edf42d5c481f/1/VX0hRN0bcU6ePKCQH-Z1BL9Ffus.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VX0hRN0bcU6ePKCQH-Z1BL9Ffus.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:12:64:8c:07:4a:63:3c:59:ec:6d:04:e2:bc:40:b7:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=557d2144dd1b714e9e3ca0901fe67504bf457eeb
        Validity
            Not Before: Aug  2 09:21:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=28900f339b09c50f52295a9371a69bddfe86f666
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:43:02:36:2d:63:98:0c:7e:46:31:14:b1:41:
                    8d:12:f8:d9:e9:25:57:8e:bc:8c:37:91:b8:95:93:
                    2c:f9:10:0f:4c:c9:cf:a2:45:fa:65:7b:4d:f5:e0:
                    1c:36:74:66:d4:9e:ee:90:ec:dc:df:a6:0e:a5:8d:
                    b1:18:7a:86:4d:3b:01:7b:b5:58:ef:bb:d6:43:b6:
                    42:22:3d:6d:2b:18:97:43:72:44:40:ba:c5:79:06:
                    00:fb:3c:ee:c0:c1:15:4a:10:4d:d8:28:10:72:81:
                    ea:cd:6c:51:66:b9:bb:50:97:1e:21:e3:31:1b:4a:
                    ee:d6:96:a3:0e:e5:c3:b5:6b:a8:54:28:14:0f:cd:
                    81:6c:96:01:2a:a1:d4:71:1d:fa:7a:8f:cb:b6:5b:
                    6f:cf:a7:6f:17:c3:9e:ba:cf:85:5d:98:27:c2:70:
                    d6:42:b7:4c:86:79:06:8a:b1:7d:c7:4f:7d:bf:54:
                    06:b6:88:f4:e9:af:04:0c:36:15:35:47:cf:33:f4:
                    6c:ef:74:11:c2:3a:75:56:d3:c5:c9:2f:dc:d9:9d:
                    8c:af:5a:2e:f6:a8:7b:a9:de:6b:5d:5c:1a:2e:95:
                    79:37:a5:7d:73:bd:f8:bb:15:9b:ee:33:f8:a0:c8:
                    8f:1e:fa:78:a9:fa:03:53:03:2c:32:df:2a:ed:36:
                    f9:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:90:0F:33:9B:09:C5:0F:52:29:5A:93:71:A6:9B:DD:FE:86:F6:66
            X509v3 Authority Key Identifier:
                keyid:55:7D:21:44:DD:1B:71:4E:9E:3C:A0:90:1F:E6:75:04:BF:45:7E:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VX0hRN0bcU6ePKCQH-Z1BL9Ffus.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/1f0831-fc6b-4865-a8a8-edf42d5c481f/1/KJAPM5sJxQ9SKVqTcaab3f6G9mY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/1f0831-fc6b-4865-a8a8-edf42d5c481f/1/VX0hRN0bcU6ePKCQH-Z1BL9Ffus.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.40.30.0/24
                  91.234.235.0/24
                  194.164.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:a4:39:f5:2a:1e:36:27:2d:91:91:21:0c:81:1d:27:91:b9:
         e5:c7:e2:a8:f8:9e:de:54:ce:77:d8:61:d0:c7:b4:fe:a0:17:
         c5:73:bc:6d:93:9a:58:f9:e0:f9:42:f6:91:56:a4:8e:2f:cb:
         a8:98:29:17:f9:67:a3:5e:9b:32:3f:44:a4:9c:6a:d4:9c:10:
         ad:ac:74:fb:b4:f1:73:39:5b:c4:f3:a4:ff:5f:f8:56:24:a9:
         fc:20:1b:9e:47:28:ab:0f:0f:2d:bc:1e:99:e1:d5:5e:1a:db:
         65:bc:d5:f6:68:0d:ce:14:40:82:4a:41:f4:9c:01:43:1c:7b:
         1e:50:bb:ec:d8:d0:ab:95:b2:40:da:ec:74:02:e2:f1:22:a3:
         92:b4:9b:96:0c:fc:4d:42:e6:40:e9:88:48:df:4e:c4:dd:c9:
         a2:68:32:96:f0:d7:23:b6:72:56:3a:6c:b7:31:4a:f3:c7:f7:
         c3:1d:72:03:a8:87:18:5d:67:dc:d1:06:08:5c:4f:56:af:ff:
         0e:7a:b0:6c:02:02:91:38:0d:5b:ef:ef:13:f6:a9:6e:7c:4e:
         95:7b:d5:ea:39:17:3b:d4:f0:53:60:0e:54:a8:f9:c5:4f:44:
         4c:cf:e7:f0:8d:a2:79:3a:f7:1d:30:cf:63:9d:89:ac:3e:2e:
         9f:cd:48:fc
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZESZIwHSmM8WextBOK8QLeMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1N2QyMTQ0ZGQxYjcxNGU5ZTNjYTA5MDFmZTY3NTA0YmY0
NTdlZWIwHhcNMjQwODAyMDkyMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODkwMGYzMzliMDljNTBmNTIyOTVhOTM3MWE2OWJkZGZlODZmNjY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0MCNi1jmAx+RjEUsUGNEvjZ6SVX
jryMN5G4lZMs+RAPTMnPokX6ZXtN9eAcNnRm1J7ukOzc36YOpY2xGHqGTTsBe7VY
77vWQ7ZCIj1tKxiXQ3JEQLrFeQYA+zzuwMEVShBN2CgQcoHqzWxRZrm7UJceIeMx
G0ru1pajDuXDtWuoVCgUD82BbJYBKqHUcR36eo/Ltltvz6dvF8Oeus+FXZgnwnDW
QrdMhnkGirF9x099v1QGtoj06a8EDDYVNUfPM/Rs73QRwjp1VtPFyS/c2Z2Mr1ou
9qh7qd5rXVwaLpV5N6V9c734uxWb7jP4oMiPHvp4qfoDUwMsMt8q7Tb5WQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCiQDzObCcUPUilak3Gmm93+hvZmMB8GA1UdIwQY
MBaAFFV9IUTdG3FOnjygkB/mdQS/RX7rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlgwaFJOMGJjVTZlUEtDUUgtWjFCTDlGZnVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi8xZjA4MzEtZmM2Yi00ODY1LWE4YTgt
ZWRmNDJkNWM0ODFmLzEvS0pBUE01c0p4UTlTS1ZxVGNhYWIzZjZHOW1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi8xZjA4MzEtZmM2Yi00ODY1LWE4YTgtZWRmNDJkNWM0ODFm
LzEvVlgwaFJOMGJjVTZlUEtDUUgtWjFCTDlGZnVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWSgeAwQA
W+rrAwQAwqTgMA0GCSqGSIb3DQEBCwUAA4IBAQCppDn1Kh42Jy2RkSEMgR0nkbnl
x+Ko+J7eVM532GHQx7T+oBfFc7xtk5pY+eD5QvaRVqSOL8uomCkX+WejXpsyP0Sk
nGrUnBCtrHT7tPFzOVvE86T/X/hWJKn8IBueRyirDw8tvB6Z4dVeGttlvNX2aA3O
FECCSkH0nAFDHHseULvs2NCrlbJA2ux0AuLxIqOStJuWDPxNQuZA6YhI307E3cmi
aDKW8NcjtnJWOmy3MUrzx/fDHXIDqIcYXWfc0QYIXE9Wr/8OerBsAgKROA1b7+8T
9qlufE6Ve9XqORc71PBTYA5UqPnFT0RMz+fwjaJ5OvcdMM9jnYmsPi6fzUj8
-----END CERTIFICATE-----