Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/KYpGajrRVCdW36GSyHi9VrIZ1QQ.roa
File:                     KYpGajrRVCdW36GSyHi9VrIZ1QQ.roa (raw, json)
Hash identifier:          whtVQnlRAB9AwI0p7On11i2kDuJI/oOVZ/3UMz9WgtA=
Subject key identifier:   29:8A:46:6A:3A:D1:54:27:56:DF:A1:92:C8:78:BD:56:B2:19:D5:04
Certificate issuer:       /CN=54296d23def4c8521c647dc68acb3c123f611d89
Certificate serial:       019053EFADBAC5E4C6A43DBC97FFB4FF6ED3
Authority key identifier: 54:29:6D:23:DE:F4:C8:52:1C:64:7D:C6:8A:CB:3C:12:3F:61:1D:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VCltI970yFIcZH3Giss8Ej9hHYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/KYpGajrRVCdW36GSyHi9VrIZ1QQ.roa
Signing time:             Wed 26 Jun 2024 09:45:34 +0000
ROA not before:           Wed 26 Jun 2024 09:45:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44081
IP address blocks:        92.87.128.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/VCltI970yFIcZH3Giss8Ej9hHYk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/VCltI970yFIcZH3Giss8Ej9hHYk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VCltI970yFIcZH3Giss8Ej9hHYk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jul 2024 04:02:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:53:ef:ad:ba:c5:e4:c6:a4:3d:bc:97:ff:b4:ff:6e:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54296d23def4c8521c647dc68acb3c123f611d89
        Validity
            Not Before: Jun 26 09:45:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=298a466a3ad1542756dfa192c878bd56b219d504
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:0b:7c:e5:41:74:08:33:61:83:85:a3:8f:e9:
                    52:34:e4:24:66:06:32:b3:02:1d:12:eb:7f:08:20:
                    ec:e0:00:e7:75:c9:1a:18:c5:1b:8a:08:b8:91:52:
                    cf:77:36:3c:96:cd:8c:18:fb:b3:3f:eb:1a:83:fb:
                    17:96:ed:39:9a:a8:67:74:6d:fb:82:e4:3c:da:c1:
                    68:da:eb:4a:0c:43:7d:b8:e6:5d:42:cd:33:9e:93:
                    42:cc:34:15:f6:5f:d4:5f:5a:e8:1e:e3:78:f5:f1:
                    70:45:27:52:6e:85:c8:32:49:34:6a:4c:25:8f:b6:
                    3e:f6:89:ac:58:1d:1e:5d:c9:b5:9c:6a:a3:1f:62:
                    3b:70:59:4e:de:4c:5c:ce:89:1c:77:3e:11:4b:ce:
                    e6:6e:a2:a3:5f:8e:6e:2e:8e:f1:91:ca:3f:09:6d:
                    52:82:4f:fb:cb:37:56:62:3b:03:73:8f:1c:b4:03:
                    1d:c9:46:05:fa:cc:b5:db:52:0d:8f:2c:18:d6:90:
                    7d:fa:61:cd:94:b1:66:c3:35:d9:c2:cc:91:af:6c:
                    8b:c6:56:56:26:ed:eb:5d:3e:ce:97:51:86:3f:60:
                    00:d6:f2:8c:c4:10:86:67:61:f9:1a:ac:a1:71:6f:
                    66:d6:bb:55:d3:2d:03:c0:6e:49:0c:01:f8:37:99:
                    9c:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:8A:46:6A:3A:D1:54:27:56:DF:A1:92:C8:78:BD:56:B2:19:D5:04
            X509v3 Authority Key Identifier:
                keyid:54:29:6D:23:DE:F4:C8:52:1C:64:7D:C6:8A:CB:3C:12:3F:61:1D:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VCltI970yFIcZH3Giss8Ej9hHYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/KYpGajrRVCdW36GSyHi9VrIZ1QQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/VCltI970yFIcZH3Giss8Ej9hHYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.87.128.0/23

    Signature Algorithm: sha256WithRSAEncryption
         36:e1:78:f4:ed:a4:57:b4:bd:40:f3:b9:29:81:9e:f3:c9:40:
         73:c7:49:f4:e5:aa:b3:6f:75:38:6d:f6:3f:ca:29:8c:33:a8:
         08:0b:2b:6e:c8:35:e2:30:57:b1:2c:06:1c:8b:0e:38:98:50:
         74:9d:bc:7e:5f:73:cb:a4:c3:b1:6f:65:72:9a:b5:80:aa:1b:
         8d:ce:26:d3:f7:0b:93:e4:05:3c:fd:e5:22:11:6c:54:66:bd:
         ec:3a:dd:0a:fc:14:bd:a0:0f:8c:ce:35:80:2a:6f:43:ba:46:
         56:38:60:69:09:a9:32:4c:92:bd:22:21:40:22:2b:02:cc:b8:
         85:3a:d2:61:06:c6:d4:be:6a:9e:ee:4c:6f:f6:50:06:a2:f4:
         a1:b5:de:5c:88:fb:7b:8a:17:62:70:a6:5a:96:6a:e8:0e:3f:
         c7:3a:b3:0e:f4:d6:6f:24:24:63:6d:56:e8:ac:3a:65:41:5b:
         c5:88:07:c2:81:6b:80:5d:06:8a:31:e4:8f:d3:32:e9:c9:fc:
         66:b5:af:72:83:cd:90:2b:65:82:3a:d9:e4:12:5f:92:e1:42:
         6a:8d:f3:06:39:23:0a:ae:bc:c1:ce:70:ce:81:1b:1d:f8:bb:
         95:4c:fe:8e:89:01:a2:de:b1:02:ac:72:bd:1b:33:d1:23:84:
         80:43:30:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBT7626xeTGpD28l/+0/27TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Mjk2ZDIzZGVmNGM4NTIxYzY0N2RjNjhhY2IzYzEyM2Y2
MTFkODkwHhcNMjQwNjI2MDk0NTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOThhNDY2YTNhZDE1NDI3NTZkZmExOTJjODc4YmQ1NmIyMTlkNTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3At85UF0CDNhg4Wjj+lSNOQkZgYy
swIdEut/CCDs4ADndckaGMUbigi4kVLPdzY8ls2MGPuzP+sag/sXlu05mqhndG37
guQ82sFo2utKDEN9uOZdQs0znpNCzDQV9l/UX1roHuN49fFwRSdSboXIMkk0akwl
j7Y+9omsWB0eXcm1nGqjH2I7cFlO3kxczokcdz4RS87mbqKjX45uLo7xkco/CW1S
gk/7yzdWYjsDc48ctAMdyUYF+sy121INjywY1pB9+mHNlLFmwzXZwsyRr2yLxlZW
Ju3rXT7Ol1GGP2AA1vKMxBCGZ2H5GqyhcW9m1rtV0y0DwG5JDAH4N5mchQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCmKRmo60VQnVt+hksh4vVayGdUEMB8GA1UdIwQY
MBaAFFQpbSPe9MhSHGR9xorLPBI/YR2JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkNsdEk5NzB5RkljWkgzR2lzczhFajloSFlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy81Y2I0NTQtN2JlZS00ZTVkLWIyOTUt
OTQyNDgyZjhkMmVhLzEvS1lwR2FqclJWQ2RXMzZHU3lIaTlWcklaMVFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy81Y2I0NTQtN2JlZS00ZTVkLWIyOTUtOTQyNDgyZjhkMmVh
LzEvVkNsdEk5NzB5RkljWkgzR2lzczhFajloSFlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXFeAMA0G
CSqGSIb3DQEBCwUAA4IBAQA24Xj07aRXtL1A87kpgZ7zyUBzx0n05aqzb3U4bfY/
yimMM6gICytuyDXiMFexLAYciw44mFB0nbx+X3PLpMOxb2VymrWAqhuNzibT9wuT
5AU8/eUiEWxUZr3sOt0K/BS9oA+MzjWAKm9DukZWOGBpCakyTJK9IiFAIisCzLiF
OtJhBsbUvmqe7kxv9lAGovShtd5ciPt7ihdicKZalmroDj/HOrMO9NZvJCRjbVbo
rDplQVvFiAfCgWuAXQaKMeSP0zLpyfxmta9yg82QK2WCOtnkEl+S4UJqjfMGOSMK
rrzBznDOgRsd+LuVTP6OiQGi3rECrHK9GzPRI4SAQzA8
-----END CERTIFICATE-----