Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/48d609-088d-41e4-bec4-38ee8fd64e7d/1/KGBLnva5ARvlTLBSnmRFC4IAyUI.roa
File:                     KGBLnva5ARvlTLBSnmRFC4IAyUI.roa (raw, json)
Hash identifier:          Rwy27//niGDT/nhip0lFyFMBKJj6gkq1XpSIJf0SfFE=
Subject key identifier:   28:60:4B:9E:F6:B9:01:1B:E5:4C:B0:52:9E:64:45:0B:82:00:C9:42
Certificate issuer:       /CN=291f0b73e67d63c5a4c9046814166a9e21625f28
Certificate serial:       018CC2DB18980648AAB5AE0E85204E5C3EB7
Authority key identifier: 29:1F:0B:73:E6:7D:63:C5:A4:C9:04:68:14:16:6A:9E:21:62:5F:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KR8Lc-Z9Y8WkyQRoFBZqniFiXyg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/48d609-088d-41e4-bec4-38ee8fd64e7d/1/KGBLnva5ARvlTLBSnmRFC4IAyUI.roa
Signing time:             Mon 01 Jan 2024 02:29:47 +0000
ROA not before:           Mon 01 Jan 2024 02:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202590
IP address blocks:        2a04:5d00:70::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/48d609-088d-41e4-bec4-38ee8fd64e7d/1/KR8Lc-Z9Y8WkyQRoFBZqniFiXyg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/48d609-088d-41e4-bec4-38ee8fd64e7d/1/KR8Lc-Z9Y8WkyQRoFBZqniFiXyg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KR8Lc-Z9Y8WkyQRoFBZqniFiXyg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:18:98:06:48:aa:b5:ae:0e:85:20:4e:5c:3e:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=291f0b73e67d63c5a4c9046814166a9e21625f28
        Validity
            Not Before: Jan  1 02:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=28604b9ef6b9011be54cb0529e64450b8200c942
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:17:7d:42:64:fe:c0:79:e2:63:7e:f8:a2:fa:
                    3e:84:8b:25:f3:26:78:ee:3b:59:27:18:09:fe:a0:
                    57:64:ab:9a:40:7e:4d:95:64:89:b4:d6:ac:0a:1a:
                    7e:c7:0f:af:09:81:e5:11:81:ee:ba:f3:c3:84:6d:
                    ba:1b:5f:16:d2:8f:ef:0a:84:96:62:b3:ee:6a:ce:
                    3f:58:ae:37:ac:11:88:98:b3:95:02:ce:57:b7:5a:
                    21:a5:37:5a:da:4b:93:8b:dc:5f:ce:75:21:32:74:
                    8e:fd:f0:7c:f4:cd:ba:60:91:0e:d7:ca:2a:4a:56:
                    f2:ea:f2:5d:49:94:9c:2f:85:55:5b:6b:2c:66:f6:
                    cf:5c:72:74:28:9c:d5:1e:d6:85:9f:5f:86:f2:0e:
                    e9:b5:d9:df:ea:9d:65:c6:4f:6e:85:cb:d9:48:09:
                    19:64:96:b6:dd:64:e5:0d:bb:d9:87:dc:f2:ce:9f:
                    05:05:d9:ab:6a:a9:0b:62:3b:95:4f:2d:ad:b7:f0:
                    b6:85:0d:2f:e6:8d:d0:f0:8b:2c:a4:91:95:ef:fb:
                    6d:05:44:14:40:d1:e3:43:3a:89:70:80:96:c4:fd:
                    da:57:f8:88:79:68:81:66:bc:3f:58:36:e2:d4:61:
                    b5:7f:e3:9c:4b:47:cb:86:59:59:d9:a8:5c:39:04:
                    31:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:60:4B:9E:F6:B9:01:1B:E5:4C:B0:52:9E:64:45:0B:82:00:C9:42
            X509v3 Authority Key Identifier:
                keyid:29:1F:0B:73:E6:7D:63:C5:A4:C9:04:68:14:16:6A:9E:21:62:5F:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KR8Lc-Z9Y8WkyQRoFBZqniFiXyg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/48d609-088d-41e4-bec4-38ee8fd64e7d/1/KGBLnva5ARvlTLBSnmRFC4IAyUI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/48d609-088d-41e4-bec4-38ee8fd64e7d/1/KR8Lc-Z9Y8WkyQRoFBZqniFiXyg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:5d00:70::/48

    Signature Algorithm: sha256WithRSAEncryption
         1a:11:d4:80:c5:5c:6b:81:31:f2:2e:be:73:d9:ae:d4:76:65:
         a0:4c:7d:36:62:0c:19:3e:31:aa:fd:ce:13:53:50:16:6c:18:
         0f:05:b7:1a:40:b0:c2:79:f1:3a:64:ce:3b:5a:7f:b7:cc:6b:
         93:ef:1d:ee:4a:99:24:f4:77:02:c1:9e:81:e9:45:e5:e0:4b:
         3f:41:4f:6f:e5:fe:a7:c3:57:8e:d2:c2:a9:5c:36:2d:fd:e6:
         eb:0e:81:ed:45:d3:a5:c9:5c:ff:e6:76:eb:7b:fa:50:28:25:
         e6:b7:fc:54:c7:1c:b3:80:0a:c7:29:28:9a:03:18:78:89:50:
         df:ab:6b:f7:b7:66:a7:11:0d:d7:6d:8d:6c:e8:30:ae:35:01:
         20:35:d4:ab:bc:8b:6d:5c:79:a4:81:91:9e:d3:8a:d2:b8:ad:
         cd:c2:4d:9d:a6:cb:37:ab:aa:fe:31:9a:5c:8d:29:af:2d:ba:
         a1:cc:91:65:13:0e:a4:6c:eb:39:9f:69:17:f0:97:56:13:e4:
         1e:6b:9e:78:50:a5:76:2e:5e:94:ed:1f:54:3c:d0:27:61:49:
         8d:bd:f4:d2:c4:18:f7:50:8c:25:ae:98:8e:f5:ab:dd:b9:ec:
         13:78:4a:82:02:1e:18:f8:43:59:70:7c:f6:56:f3:c0:43:15:
         b0:50:2d:6a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2xiYBkiqta4OhSBOXD63MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MWYwYjczZTY3ZDYzYzVhNGM5MDQ2ODE0MTY2YTllMjE2
MjVmMjgwHhcNMjQwMTAxMDIyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODYwNGI5ZWY2YjkwMTFiZTU0Y2IwNTI5ZTY0NDUwYjgyMDBjOTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzxd9QmT+wHniY374ovo+hIsl8yZ4
7jtZJxgJ/qBXZKuaQH5NlWSJtNasChp+xw+vCYHlEYHuuvPDhG26G18W0o/vCoSW
YrPuas4/WK43rBGImLOVAs5Xt1ohpTda2kuTi9xfznUhMnSO/fB89M26YJEO18oq
Slby6vJdSZScL4VVW2ssZvbPXHJ0KJzVHtaFn1+G8g7ptdnf6p1lxk9uhcvZSAkZ
ZJa23WTlDbvZh9zyzp8FBdmraqkLYjuVTy2tt/C2hQ0v5o3Q8IsspJGV7/ttBUQU
QNHjQzqJcICWxP3aV/iIeWiBZrw/WDbi1GG1f+OcS0fLhllZ2ahcOQQxTQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFChgS572uQEb5UywUp5kRQuCAMlCMB8GA1UdIwQY
MBaAFCkfC3PmfWPFpMkEaBQWap4hYl8oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1I4TGMtWjlZOFdreVFSb0ZCWnFuaUZpWHlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS80OGQ2MDktMDg4ZC00MWU0LWJlYzQt
MzhlZThmZDY0ZTdkLzEvS0dCTG52YTVBUnZsVExCU25tUkZDNElBeVVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS80OGQ2MDktMDg4ZC00MWU0LWJlYzQtMzhlZThmZDY0ZTdk
LzEvS1I4TGMtWjlZOFdreVFSb0ZCWnFuaUZpWHlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgRdAABw
MA0GCSqGSIb3DQEBCwUAA4IBAQAaEdSAxVxrgTHyLr5z2a7UdmWgTH02YgwZPjGq
/c4TU1AWbBgPBbcaQLDCefE6ZM47Wn+3zGuT7x3uSpkk9HcCwZ6B6UXl4Es/QU9v
5f6nw1eO0sKpXDYt/ebrDoHtRdOlyVz/5nbre/pQKCXmt/xUxxyzgArHKSiaAxh4
iVDfq2v3t2anEQ3XbY1s6DCuNQEgNdSrvIttXHmkgZGe04rSuK3Nwk2dpss3q6r+
MZpcjSmvLbqhzJFlEw6kbOs5n2kX8JdWE+Qea554UKV2Ll6U7R9UPNAnYUmNvfTS
xBj3UIwlrpiO9avduewTeEqCAh4Y+ENZcHz2VvPAQxWwUC1q
-----END CERTIFICATE-----