Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/cf64f6-0789-43e3-bd6b-7bff296c6b02/1/KLwfRGbQZxq-WoxKGjF_vRazhzI.roa
File:                     KLwfRGbQZxq-WoxKGjF_vRazhzI.roa (raw, json)
Hash identifier:          A5fpzi4vC+Z/GViPuCTz3/4C2pZw+yTbcXjzjDJig58=
Subject key identifier:   28:BC:1F:44:66:D0:67:1A:BE:5A:8C:4A:1A:31:7F:BD:16:B3:87:32
Certificate issuer:       /CN=6d069e19e12c104004e8b4b75f8a7789b7e11396
Certificate serial:       018CC94ADC68F8A731384A030D56E8C658EA
Authority key identifier: 6D:06:9E:19:E1:2C:10:40:04:E8:B4:B7:5F:8A:77:89:B7:E1:13:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bQaeGeEsEEAE6LS3X4p3ibfhE5Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/cf64f6-0789-43e3-bd6b-7bff296c6b02/1/KLwfRGbQZxq-WoxKGjF_vRazhzI.roa
Signing time:             Tue 02 Jan 2024 08:29:35 +0000
ROA not before:           Tue 02 Jan 2024 08:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16243
IP address blocks:        144.43.240.0/21 maxlen: 24
                          144.43.252.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/cf64f6-0789-43e3-bd6b-7bff296c6b02/1/bQaeGeEsEEAE6LS3X4p3ibfhE5Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/cf64f6-0789-43e3-bd6b-7bff296c6b02/1/bQaeGeEsEEAE6LS3X4p3ibfhE5Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bQaeGeEsEEAE6LS3X4p3ibfhE5Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:dc:68:f8:a7:31:38:4a:03:0d:56:e8:c6:58:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d069e19e12c104004e8b4b75f8a7789b7e11396
        Validity
            Not Before: Jan  2 08:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=28bc1f4466d0671abe5a8c4a1a317fbd16b38732
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:81:65:27:a8:53:2e:09:56:42:b2:8b:01:c9:
                    9d:78:b8:08:4a:60:0c:8e:c8:53:7a:a5:24:f3:77:
                    8d:00:26:8b:cf:56:01:2d:7d:8a:5a:68:33:7b:76:
                    02:bf:86:aa:08:11:9e:2f:ae:bc:06:04:0d:46:03:
                    8a:69:ce:64:b4:7c:3d:8b:ee:25:4e:4e:6e:19:f8:
                    c4:69:b0:4a:0c:54:9c:27:0b:c6:17:c2:30:7c:0f:
                    00:9e:54:b9:2b:59:07:7e:7e:0c:19:6a:8a:85:17:
                    51:8d:e3:3e:da:68:88:73:57:56:31:9f:0a:71:a5:
                    11:64:c7:ad:d2:de:b3:78:7b:18:ac:1b:04:f4:e9:
                    4e:24:ac:a0:0f:a1:dc:2c:b2:e9:af:fc:7f:3d:41:
                    87:cf:6b:e2:1a:ec:2c:e8:a1:12:14:30:ec:6e:e3:
                    a0:f3:a2:3b:91:4e:93:55:ea:f2:da:d1:e8:15:b8:
                    02:cf:a9:b9:67:66:4f:bd:04:ba:c6:e3:0e:49:a1:
                    88:6a:4a:e1:41:0c:49:ee:87:67:23:21:e3:c0:e6:
                    d7:a7:e2:2e:2e:06:68:45:07:ed:66:45:63:ea:4b:
                    c2:88:f7:a8:15:86:14:29:c8:64:69:2e:ea:c2:67:
                    a4:47:54:46:8a:25:22:f9:02:8a:19:e5:e5:1c:75:
                    2f:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:BC:1F:44:66:D0:67:1A:BE:5A:8C:4A:1A:31:7F:BD:16:B3:87:32
            X509v3 Authority Key Identifier:
                keyid:6D:06:9E:19:E1:2C:10:40:04:E8:B4:B7:5F:8A:77:89:B7:E1:13:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bQaeGeEsEEAE6LS3X4p3ibfhE5Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/cf64f6-0789-43e3-bd6b-7bff296c6b02/1/KLwfRGbQZxq-WoxKGjF_vRazhzI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/cf64f6-0789-43e3-bd6b-7bff296c6b02/1/bQaeGeEsEEAE6LS3X4p3ibfhE5Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.43.240.0/21
                  144.43.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         80:2e:d8:bf:8b:b3:17:4c:cb:02:e9:92:ff:fc:2c:cb:c1:eb:
         fa:76:3d:cc:26:08:e1:1a:27:ed:07:59:a6:e3:f5:c2:cc:e1:
         e0:6d:97:e0:25:6e:6b:c7:13:b9:f3:c3:af:cd:d9:94:be:c0:
         80:fb:be:1e:c5:1f:01:80:7e:4b:4f:8d:17:5a:29:3b:63:30:
         90:82:5f:ad:9f:d4:8c:7e:36:e8:9b:24:6c:9d:91:bd:d0:7d:
         82:41:20:c4:6f:89:64:3d:f9:d3:91:ae:ba:28:39:bb:18:b7:
         91:5f:4a:b7:33:8c:bf:aa:f7:f1:d3:c3:e3:0f:66:46:2d:92:
         9f:ce:07:88:c0:ec:57:a4:13:65:54:73:d9:4b:d1:ea:52:48:
         d4:56:f3:86:dc:1c:79:80:87:e1:e8:1e:d5:b3:9b:9b:eb:c6:
         cd:44:83:32:56:e6:45:7d:d2:05:34:4a:c3:f8:0e:cf:d0:fe:
         f6:d0:f1:8e:f3:85:9b:9c:6e:f2:40:34:53:16:a2:30:90:db:
         9b:f2:08:87:cd:90:eb:69:be:bc:a3:f3:f6:52:4f:19:4c:ae:
         c0:c6:e1:d3:93:fd:d2:91:42:23:8e:c2:74:e4:ad:62:3d:18:
         e3:f0:2d:85:c0:be:ba:48:67:33:e8:7f:c9:59:a7:9b:c1:fa:
         c2:16:69:43
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJStxo+KcxOEoDDVboxljqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMDY5ZTE5ZTEyYzEwNDAwNGU4YjRiNzVmOGE3Nzg5Yjdl
MTEzOTYwHhcNMjQwMTAyMDgyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGJjMWY0NDY2ZDA2NzFhYmU1YThjNGExYTMxN2ZiZDE2YjM4NzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8IFlJ6hTLglWQrKLAcmdeLgISmAM
jshTeqUk83eNACaLz1YBLX2KWmgze3YCv4aqCBGeL668BgQNRgOKac5ktHw9i+4l
Tk5uGfjEabBKDFScJwvGF8IwfA8AnlS5K1kHfn4MGWqKhRdRjeM+2miIc1dWMZ8K
caURZMet0t6zeHsYrBsE9OlOJKygD6HcLLLpr/x/PUGHz2viGuws6KESFDDsbuOg
86I7kU6TVery2tHoFbgCz6m5Z2ZPvQS6xuMOSaGIakrhQQxJ7odnIyHjwObXp+Iu
LgZoRQftZkVj6kvCiPeoFYYUKchkaS7qwmekR1RGiiUi+QKKGeXlHHUvGwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCi8H0Rm0GcavlqMShoxf70Ws4cyMB8GA1UdIwQY
MBaAFG0GnhnhLBBABOi0t1+Kd4m34ROWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlFhZUdlRXNFRUFFNkxTM1g0cDNpYmZoRTVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9jZjY0ZjYtMDc4OS00M2UzLWJkNmIt
N2JmZjI5NmM2YjAyLzEvS0x3ZlJHYlFaeHEtV294S0dqRl92UmF6aHpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9jZjY0ZjYtMDc4OS00M2UzLWJkNmItN2JmZjI5NmM2YjAy
LzEvYlFhZUdlRXNFRUFFNkxTM1g0cDNpYmZoRTVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDkCvwAwQC
kCv8MA0GCSqGSIb3DQEBCwUAA4IBAQCALti/i7MXTMsC6ZL//CzLwev6dj3MJgjh
GiftB1mm4/XCzOHgbZfgJW5rxxO588OvzdmUvsCA+74exR8BgH5LT40XWik7YzCQ
gl+tn9SMfjbomyRsnZG90H2CQSDEb4lkPfnTka66KDm7GLeRX0q3M4y/qvfx08Pj
D2ZGLZKfzgeIwOxXpBNlVHPZS9HqUkjUVvOG3Bx5gIfh6B7Vs5ub68bNRIMyVuZF
fdIFNErD+A7P0P720PGO84WbnG7yQDRTFqIwkNub8giHzZDrab68o/P2Uk8ZTK7A
xuHTk/3SkUIjjsJ05K1iPRjj8C2FwL66SGcz6H/JWaebwfrCFmlD
-----END CERTIFICATE-----