Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/b59715-b05a-4b4a-a922-0144a3282a2e/1/KIWhK-QYRT76OizJKWYMIm6n1zA.roa
File:                     KIWhK-QYRT76OizJKWYMIm6n1zA.roa (raw, json)
Hash identifier:          TOUTfXE/GzCfBwicys24q0quwyX87AArnJqUTSBG8TU=
Subject key identifier:   28:85:A1:2B:E4:18:45:3E:FA:3A:2C:C9:29:66:0C:22:6E:A7:D7:30
Certificate issuer:       /CN=8050504f4b1776e80b8ad9f8b356e613b585b35a
Certificate serial:       018CC5000EE25170807272EFF5C6C15E914B
Authority key identifier: 80:50:50:4F:4B:17:76:E8:0B:8A:D9:F8:B3:56:E6:13:B5:85:B3:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gFBQT0sXdugLitn4s1bmE7WFs1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/b59715-b05a-4b4a-a922-0144a3282a2e/1/KIWhK-QYRT76OizJKWYMIm6n1zA.roa
Signing time:             Mon 01 Jan 2024 12:29:24 +0000
ROA not before:           Mon 01 Jan 2024 12:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61232
IP address blocks:        193.135.56.0/24 maxlen: 24
                          2001:678:e44::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/b59715-b05a-4b4a-a922-0144a3282a2e/1/gFBQT0sXdugLitn4s1bmE7WFs1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/b59715-b05a-4b4a-a922-0144a3282a2e/1/gFBQT0sXdugLitn4s1bmE7WFs1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gFBQT0sXdugLitn4s1bmE7WFs1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:0e:e2:51:70:80:72:72:ef:f5:c6:c1:5e:91:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8050504f4b1776e80b8ad9f8b356e613b585b35a
        Validity
            Not Before: Jan  1 12:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2885a12be418453efa3a2cc929660c226ea7d730
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:e6:58:5b:85:d9:6e:7f:b3:db:33:46:a6:c0:
                    64:bc:4f:ea:e8:70:60:58:12:3d:9f:a5:be:60:cb:
                    7e:9a:91:ef:6a:3a:11:7b:38:88:0d:2f:81:d9:16:
                    f6:91:c6:87:56:79:66:36:09:55:a6:bc:48:35:6d:
                    f6:8f:9d:a5:15:c3:71:38:39:8f:f5:19:91:1a:42:
                    aa:21:45:56:98:85:e3:8c:fc:6f:cf:99:3f:1d:48:
                    6a:77:2c:19:11:82:2e:c3:47:21:a1:00:5c:0a:c6:
                    09:42:2b:e3:ac:92:42:0e:9a:cb:63:85:c9:6c:fb:
                    24:57:ef:4c:6a:24:d1:97:7b:f2:07:41:3c:e7:17:
                    e0:1a:df:84:fc:3b:11:5a:42:ff:f8:72:4c:22:00:
                    5f:24:3c:be:9d:9c:a1:7a:07:64:30:a3:4b:86:33:
                    ab:ea:e3:b0:c7:6c:79:f7:d6:45:32:6d:a0:09:b7:
                    35:67:cd:a0:b6:d6:f0:a8:fc:63:bb:f7:7f:e8:dd:
                    36:b9:c3:6e:ed:60:d8:5a:8d:f5:25:44:11:1a:06:
                    1d:70:c0:09:76:97:18:fb:53:b1:df:74:56:35:c1:
                    3c:b9:5b:a9:65:cc:f0:49:d0:64:47:95:4c:84:96:
                    9b:3d:93:9d:cb:12:a9:35:96:8c:97:87:30:c4:31:
                    5e:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:85:A1:2B:E4:18:45:3E:FA:3A:2C:C9:29:66:0C:22:6E:A7:D7:30
            X509v3 Authority Key Identifier:
                keyid:80:50:50:4F:4B:17:76:E8:0B:8A:D9:F8:B3:56:E6:13:B5:85:B3:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gFBQT0sXdugLitn4s1bmE7WFs1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/b59715-b05a-4b4a-a922-0144a3282a2e/1/KIWhK-QYRT76OizJKWYMIm6n1zA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/b59715-b05a-4b4a-a922-0144a3282a2e/1/gFBQT0sXdugLitn4s1bmE7WFs1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.135.56.0/24
                IPv6:
                  2001:678:e44::/48

    Signature Algorithm: sha256WithRSAEncryption
         8b:93:27:2e:b0:2d:ec:05:bf:83:5f:0c:38:36:7c:4b:e4:6f:
         13:84:01:18:d6:8a:ed:61:a9:dc:90:4d:86:1e:18:7f:55:9b:
         a0:59:9f:3c:18:48:5b:13:7b:24:52:df:5d:9f:42:77:b0:4e:
         bc:aa:dd:7e:8a:22:24:99:4b:f4:25:51:e0:f0:24:70:2a:93:
         f6:68:ad:ca:5e:88:2b:63:fe:ff:9c:40:cd:f7:21:ca:ac:97:
         e3:71:cf:2d:b1:82:3a:61:cb:50:d8:ef:74:91:9a:dd:37:bb:
         b0:91:9b:88:df:1a:a9:f2:8f:f8:97:72:ea:7b:87:4c:b2:b8:
         26:56:4a:68:73:5a:5a:41:d0:34:8d:04:4a:d9:36:35:ee:36:
         f2:60:15:08:66:75:4a:1d:3f:f0:51:f2:1e:8d:f8:a5:69:e0:
         b8:2b:23:1c:52:97:5c:f1:bb:e2:06:d0:b7:21:37:0c:08:59:
         ca:1a:b8:3d:60:f2:2d:8a:47:50:fe:93:2f:80:4d:f4:6a:90:
         af:c9:50:6a:37:c6:a9:d5:ca:53:df:a8:70:d2:8e:25:6e:01:
         02:bd:1b:ec:e2:29:24:d2:f9:07:a9:3e:7c:1c:b1:d2:6f:a6:
         b5:d3:3e:6d:6e:1a:59:3e:a9:77:4d:8d:fa:fc:93:d9:82:26:
         11:7f:95:45
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzFAA7iUXCAcnLv9cbBXpFLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwNTA1MDRmNGIxNzc2ZTgwYjhhZDlmOGIzNTZlNjEzYjU4
NWIzNWEwHhcNMjQwMTAxMTIyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODg1YTEyYmU0MTg0NTNlZmEzYTJjYzkyOTY2MGMyMjZlYTdkNzMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi+ZYW4XZbn+z2zNGpsBkvE/q6HBg
WBI9n6W+YMt+mpHvajoReziIDS+B2Rb2kcaHVnlmNglVprxINW32j52lFcNxODmP
9RmRGkKqIUVWmIXjjPxvz5k/HUhqdywZEYIuw0choQBcCsYJQivjrJJCDprLY4XJ
bPskV+9MaiTRl3vyB0E85xfgGt+E/DsRWkL/+HJMIgBfJDy+nZyhegdkMKNLhjOr
6uOwx2x599ZFMm2gCbc1Z82gttbwqPxju/d/6N02ucNu7WDYWo31JUQRGgYdcMAJ
dpcY+1Ox33RWNcE8uVupZczwSdBkR5VMhJabPZOdyxKpNZaMl4cwxDFeAwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCiFoSvkGEU++josySlmDCJup9cwMB8GA1UdIwQY
MBaAFIBQUE9LF3boC4rZ+LNW5hO1hbNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0ZCUVQwc1hkdWdMaXRuNHMxYm1FN1dGczFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC9iNTk3MTUtYjA1YS00YjRhLWE5MjIt
MDE0NGEzMjgyYTJlLzEvS0lXaEstUVlSVDc2T2l6SktXWU1JbTZuMXpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC9iNTk3MTUtYjA1YS00YjRhLWE5MjItMDE0NGEzMjgyYTJl
LzEvZ0ZCUVQwc1hkdWdMaXRuNHMxYm1FN1dGczFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwYc4MA8E
AgACMAkDBwAgAQZ4DkQwDQYJKoZIhvcNAQELBQADggEBAIuTJy6wLewFv4NfDDg2
fEvkbxOEARjWiu1hqdyQTYYeGH9Vm6BZnzwYSFsTeyRS312fQnewTryq3X6KIiSZ
S/QlUeDwJHAqk/ZorcpeiCtj/v+cQM33Icqsl+Nxzy2xgjphy1DY73SRmt03u7CR
m4jfGqnyj/iXcup7h0yyuCZWSmhzWlpB0DSNBErZNjXuNvJgFQhmdUodP/BR8h6N
+KVp4LgrIxxSl1zxu+IG0LchNwwIWcoauD1g8i2KR1D+ky+ATfRqkK/JUGo3xqnV
ylPfqHDSjiVuAQK9G+ziKSTS+QepPnwcsdJvprXTPm1uGlk+qXdNjfr8k9mCJhF/
lUU=
-----END CERTIFICATE-----