Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/3f04c9-e6e1-4506-b8fa-40d1911fa7f3/1/Kbuh4st5qjjYGTTHYCUlTVQP7eE.roa
File:                     Kbuh4st5qjjYGTTHYCUlTVQP7eE.roa (raw, json)
Hash identifier:          GEdIY1fm6FwouXlMtfOccW+drS5xbX5zLMefGDZ9hJc=
Subject key identifier:   29:BB:A1:E2:CB:79:AA:38:D8:19:34:C7:60:25:25:4D:54:0F:ED:E1
Certificate issuer:       /CN=d0a38542cfdb1ee6e075eae6b101e7bb5b14c436
Certificate serial:       018CC64AA60E4EFC1D0519CD0DB72B05FC85
Authority key identifier: D0:A3:85:42:CF:DB:1E:E6:E0:75:EA:E6:B1:01:E7:BB:5B:14:C4:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0KOFQs_bHubgdermsQHnu1sUxDY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/3f04c9-e6e1-4506-b8fa-40d1911fa7f3/1/Kbuh4st5qjjYGTTHYCUlTVQP7eE.roa
Signing time:             Mon 01 Jan 2024 18:30:30 +0000
ROA not before:           Mon 01 Jan 2024 18:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137457
IP address blocks:        145.34.152.0/24 maxlen: 24
                          145.34.152.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/3f04c9-e6e1-4506-b8fa-40d1911fa7f3/1/0KOFQs_bHubgdermsQHnu1sUxDY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/3f04c9-e6e1-4506-b8fa-40d1911fa7f3/1/0KOFQs_bHubgdermsQHnu1sUxDY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0KOFQs_bHubgdermsQHnu1sUxDY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 22:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:a6:0e:4e:fc:1d:05:19:cd:0d:b7:2b:05:fc:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0a38542cfdb1ee6e075eae6b101e7bb5b14c436
        Validity
            Not Before: Jan  1 18:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=29bba1e2cb79aa38d81934c76025254d540fede1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:7f:31:d5:bb:a4:f7:f2:e2:57:f0:11:38:aa:
                    b7:8d:77:57:b2:74:54:16:34:56:45:fe:87:57:5d:
                    5b:f8:9d:5c:ec:41:d9:ee:46:8f:91:9f:f8:35:ec:
                    8f:7f:94:df:6d:96:ac:12:44:f0:bd:e9:08:59:97:
                    cc:ee:2c:d2:c8:01:85:f0:5f:ce:f3:58:f7:b1:89:
                    d3:b5:ce:c3:fc:db:24:77:5e:e8:96:2f:03:1b:0c:
                    74:81:6e:3b:dc:22:63:10:9e:5e:77:8e:82:40:e8:
                    1a:27:0b:62:81:ad:cb:50:66:25:ef:be:9e:06:57:
                    df:28:a6:23:b1:3d:e7:6a:2e:94:47:a4:04:d5:62:
                    eb:b8:a3:01:b3:89:85:6c:0f:3e:db:52:f5:8c:d0:
                    b4:16:68:18:3f:77:82:53:b9:ce:a9:f1:55:37:65:
                    10:55:32:62:4a:7c:15:da:c8:dc:f8:dd:c9:6e:37:
                    ed:9b:ff:be:33:97:d0:0c:34:2c:88:ba:e6:c2:6a:
                    f8:3f:30:83:b0:3d:c3:c3:76:ed:9d:80:66:fc:04:
                    38:0a:dc:4b:ea:72:66:cc:7e:7e:9e:09:4a:9c:48:
                    b1:c3:86:87:ae:99:1d:55:8a:16:5c:5e:0e:fe:66:
                    84:eb:e0:16:80:3d:aa:2b:79:88:00:cf:b2:4d:c1:
                    38:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:BB:A1:E2:CB:79:AA:38:D8:19:34:C7:60:25:25:4D:54:0F:ED:E1
            X509v3 Authority Key Identifier:
                keyid:D0:A3:85:42:CF:DB:1E:E6:E0:75:EA:E6:B1:01:E7:BB:5B:14:C4:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0KOFQs_bHubgdermsQHnu1sUxDY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/3f04c9-e6e1-4506-b8fa-40d1911fa7f3/1/Kbuh4st5qjjYGTTHYCUlTVQP7eE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/3f04c9-e6e1-4506-b8fa-40d1911fa7f3/1/0KOFQs_bHubgdermsQHnu1sUxDY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.34.152.0/21

    Signature Algorithm: sha256WithRSAEncryption
         00:4f:32:96:c2:85:a7:b1:37:97:52:0e:ef:84:82:5c:8e:3c:
         ae:41:0d:27:e3:e0:14:15:ff:fd:b7:2d:ff:c0:c7:82:b6:f8:
         e5:e1:d7:c6:8f:a4:39:1e:c1:9a:a1:6d:48:46:68:3c:ae:df:
         a3:1d:8d:00:c0:3c:9b:2f:bc:22:e7:aa:4e:d2:98:b6:3b:e0:
         48:07:3b:3c:3b:17:48:da:fe:4f:11:3e:69:3b:18:2c:5c:bc:
         2e:d9:97:7d:37:7c:66:ef:a0:7b:43:1a:5c:86:33:e1:08:b8:
         a9:5d:ff:60:f8:1e:ea:40:70:99:40:93:62:8f:c8:a8:44:5a:
         b8:67:dc:c4:9b:35:55:76:b7:f0:77:4b:9c:87:c8:31:23:aa:
         18:f3:70:bf:7e:8d:a2:87:3c:2d:97:78:19:23:23:85:0c:9f:
         d3:3d:6d:f7:c5:ca:4c:eb:b0:44:03:0b:33:e0:98:93:c9:c7:
         6b:e3:6a:f2:73:f5:79:b6:35:2e:0e:0f:52:78:d7:13:0b:a7:
         eb:3a:16:ca:5e:9d:f1:90:1f:36:64:e6:cc:72:97:47:60:32:
         0b:e9:10:1c:94:8d:f2:64:c4:cc:e9:76:49:d9:4d:51:81:0a:
         2b:2d:7a:a0:60:26:14:4a:e6:a2:1c:ba:32:ec:e2:aa:64:3a:
         dd:e8:71:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSqYOTvwdBRnNDbcrBfyFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwYTM4NTQyY2ZkYjFlZTZlMDc1ZWFlNmIxMDFlN2JiNWIx
NGM0MzYwHhcNMjQwMTAxMTgzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWJiYTFlMmNiNzlhYTM4ZDgxOTM0Yzc2MDI1MjU0ZDU0MGZlZGUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgn8x1buk9/LiV/AROKq3jXdXsnRU
FjRWRf6HV11b+J1c7EHZ7kaPkZ/4NeyPf5TfbZasEkTwvekIWZfM7izSyAGF8F/O
81j3sYnTtc7D/Nskd17oli8DGwx0gW473CJjEJ5ed46CQOgaJwtiga3LUGYl776e
BlffKKYjsT3nai6UR6QE1WLruKMBs4mFbA8+21L1jNC0FmgYP3eCU7nOqfFVN2UQ
VTJiSnwV2sjc+N3Jbjftm/++M5fQDDQsiLrmwmr4PzCDsD3Dw3btnYBm/AQ4CtxL
6nJmzH5+nglKnEixw4aHrpkdVYoWXF4O/maE6+AWgD2qK3mIAM+yTcE4XQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCm7oeLLeao42Bk0x2AlJU1UD+3hMB8GA1UdIwQY
MBaAFNCjhULP2x7m4HXq5rEB57tbFMQ2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEtPRlFzX2JIdWJnZGVybXNRSG51MXNVeERZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC8zZjA0YzktZTZlMS00NTA2LWI4ZmEt
NDBkMTkxMWZhN2YzLzEvS2J1aDRzdDVxampZR1RUSFlDVWxUVlFQN2VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC8zZjA0YzktZTZlMS00NTA2LWI4ZmEtNDBkMTkxMWZhN2Yz
LzEvMEtPRlFzX2JIdWJnZGVybXNRSG51MXNVeERZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDkSKYMA0G
CSqGSIb3DQEBCwUAA4IBAQAATzKWwoWnsTeXUg7vhIJcjjyuQQ0n4+AUFf/9ty3/
wMeCtvjl4dfGj6Q5HsGaoW1IRmg8rt+jHY0AwDybL7wi56pO0pi2O+BIBzs8OxdI
2v5PET5pOxgsXLwu2Zd9N3xm76B7QxpchjPhCLipXf9g+B7qQHCZQJNij8ioRFq4
Z9zEmzVVdrfwd0uch8gxI6oY83C/fo2ihzwtl3gZIyOFDJ/TPW33xcpM67BEAwsz
4JiTycdr42ryc/V5tjUuDg9SeNcTC6frOhbKXp3xkB82ZObMcpdHYDIL6RAclI3y
ZMTM6XZJ2U1RgQorLXqgYCYUSuaiHLoy7OKqZDrd6HHc
-----END CERTIFICATE-----