Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/KkjB4wcKJB7shf5F946wjz3xuPQ.roa
File:                     KkjB4wcKJB7shf5F946wjz3xuPQ.roa (raw, json)
Hash identifier:          dnqQ1UrsOMo0PGDTCugpKyjR+EzbWYoVtUq9TSUed4Q=
Subject key identifier:   2A:48:C1:E3:07:0A:24:1E:EC:85:FE:45:F7:8E:B0:8F:3D:F1:B8:F4
Certificate issuer:       /CN=fd37cc8f16b3c6cbd3346aa3ed61771f3e83ac97
Certificate serial:       018CC726615492E3C0F679ED055B1EA995A6
Authority key identifier: FD:37:CC:8F:16:B3:C6:CB:D3:34:6A:A3:ED:61:77:1F:3E:83:AC:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_TfMjxazxsvTNGqj7WF3Hz6DrJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/KkjB4wcKJB7shf5F946wjz3xuPQ.roa
Signing time:             Mon 01 Jan 2024 22:30:30 +0000
ROA not before:           Mon 01 Jan 2024 22:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203363
IP address blocks:        193.176.28.0/24 maxlen: 24
                          178.239.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/_TfMjxazxsvTNGqj7WF3Hz6DrJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/_TfMjxazxsvTNGqj7WF3Hz6DrJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_TfMjxazxsvTNGqj7WF3Hz6DrJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:61:54:92:e3:c0:f6:79:ed:05:5b:1e:a9:95:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd37cc8f16b3c6cbd3346aa3ed61771f3e83ac97
        Validity
            Not Before: Jan  1 22:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a48c1e3070a241eec85fe45f78eb08f3df1b8f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:ad:b1:88:5a:f9:ad:0a:ee:36:9d:f5:d8:15:
                    9e:43:2c:14:0e:d5:7a:52:81:66:27:af:61:0e:2e:
                    8d:fd:60:bc:dc:4d:36:fd:63:ce:fe:9d:c2:d6:e6:
                    6a:92:da:a8:25:c4:37:f6:8b:89:9e:fc:5a:bb:f6:
                    dd:27:3d:73:55:8b:f5:a1:56:50:e3:5f:c8:a2:06:
                    aa:83:96:16:92:69:15:b8:30:ce:c8:5a:33:43:fd:
                    54:1c:ea:d2:08:30:b9:1d:c1:4c:14:bc:06:0b:26:
                    90:5c:df:f8:af:54:bc:a4:e2:7c:0b:0e:aa:40:6a:
                    4f:3a:df:29:01:6a:74:50:a0:13:9f:2a:46:ae:a5:
                    01:59:2b:f5:57:ed:ce:20:1a:0b:97:55:79:81:f5:
                    1d:ef:af:bc:f0:13:40:5d:3e:27:54:5b:08:87:31:
                    53:72:d4:ad:95:02:7e:00:8b:eb:85:a8:ae:92:b5:
                    25:fd:3e:26:27:15:d7:f2:99:30:4b:31:30:cc:ff:
                    b2:4c:60:1a:f4:14:b6:4d:0c:dd:f6:cf:01:88:7c:
                    de:3e:36:82:93:77:6f:c9:6c:b4:7b:e5:d0:95:84:
                    29:92:1a:b4:08:14:56:a4:44:b9:da:bc:92:c8:5f:
                    b5:d6:66:c0:32:81:8e:05:d5:f3:bb:3b:8c:b4:9a:
                    23:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:48:C1:E3:07:0A:24:1E:EC:85:FE:45:F7:8E:B0:8F:3D:F1:B8:F4
            X509v3 Authority Key Identifier:
                keyid:FD:37:CC:8F:16:B3:C6:CB:D3:34:6A:A3:ED:61:77:1F:3E:83:AC:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_TfMjxazxsvTNGqj7WF3Hz6DrJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/KkjB4wcKJB7shf5F946wjz3xuPQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/_TfMjxazxsvTNGqj7WF3Hz6DrJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.239.174.0/24
                  193.176.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:aa:96:21:97:6f:8c:f6:d5:f1:df:98:ee:bd:e2:02:bd:c4:
         a1:81:61:16:8f:9b:7b:a6:4a:f9:39:1b:42:fa:b4:3c:f5:a9:
         95:be:d3:4b:52:5f:c2:d1:7f:2e:e8:ea:39:14:8a:eb:16:79:
         c6:de:89:88:7a:f2:37:62:3a:64:29:10:38:ba:b7:bc:d7:3f:
         81:10:96:05:89:00:21:45:cf:4d:e4:7a:fe:c5:a2:cb:fa:c7:
         e9:35:bd:df:0e:4c:67:22:a9:e7:fb:d7:26:82:11:1a:ec:05:
         66:ef:ac:86:da:d3:9c:9f:00:ff:a2:e4:9d:55:eb:e7:5e:c1:
         ac:31:28:79:8e:06:b1:ea:34:41:eb:4b:92:d7:ef:c7:11:e9:
         d1:4a:e1:3f:40:b7:d3:b4:25:96:7e:30:af:75:99:fc:58:82:
         2c:b1:67:d8:e4:79:bc:06:0c:fc:4a:96:39:fc:1c:8f:8e:e0:
         e2:e9:ec:18:01:e5:83:51:23:65:31:91:38:b5:18:f3:f1:1e:
         dc:20:a3:22:70:90:78:b0:ba:ea:eb:45:9f:d8:6f:32:93:3d:
         9d:4d:21:33:3e:f9:21:e4:99:30:84:3d:05:3c:41:af:4a:98:
         c7:26:00:25:93:2c:4b:50:eb:08:6f:84:74:ba:0f:3d:29:3f:
         ae:ec:7a:57
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHJmFUkuPA9nntBVseqZWmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkMzdjYzhmMTZiM2M2Y2JkMzM0NmFhM2VkNjE3NzFmM2U4
M2FjOTcwHhcNMjQwMTAxMjIzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTQ4YzFlMzA3MGEyNDFlZWM4NWZlNDVmNzhlYjA4ZjNkZjFiOGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAga2xiFr5rQruNp312BWeQywUDtV6
UoFmJ69hDi6N/WC83E02/WPO/p3C1uZqktqoJcQ39ouJnvxau/bdJz1zVYv1oVZQ
41/Iogaqg5YWkmkVuDDOyFozQ/1UHOrSCDC5HcFMFLwGCyaQXN/4r1S8pOJ8Cw6q
QGpPOt8pAWp0UKATnypGrqUBWSv1V+3OIBoLl1V5gfUd76+88BNAXT4nVFsIhzFT
ctStlQJ+AIvrhaiukrUl/T4mJxXX8pkwSzEwzP+yTGAa9BS2TQzd9s8BiHzePjaC
k3dvyWy0e+XQlYQpkhq0CBRWpES52rySyF+11mbAMoGOBdXzuzuMtJojRwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCpIweMHCiQe7IX+RfeOsI898bj0MB8GA1UdIwQY
MBaAFP03zI8Ws8bL0zRqo+1hdx8+g6yXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1RmTWp4YXp4c3ZUTkdxajdXRjNIejZEckpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8wNWUxN2YtZDMxZi00MzFmLWE4YmMt
N2UwNWFiNDFiNmU0LzEvS2tqQjR3Y0tKQjdzaGY1Rjk0NndqejN4dVBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8wNWUxN2YtZDMxZi00MzFmLWE4YmMtN2UwNWFiNDFiNmU0
LzEvX1RmTWp4YXp4c3ZUTkdxajdXRjNIejZEckpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsu+uAwQA
wbAcMA0GCSqGSIb3DQEBCwUAA4IBAQCUqpYhl2+M9tXx35juveICvcShgWEWj5t7
pkr5ORtC+rQ89amVvtNLUl/C0X8u6Oo5FIrrFnnG3omIevI3YjpkKRA4ure81z+B
EJYFiQAhRc9N5Hr+xaLL+sfpNb3fDkxnIqnn+9cmghEa7AVm76yG2tOcnwD/ouSd
VevnXsGsMSh5jgax6jRB60uS1+/HEenRSuE/QLfTtCWWfjCvdZn8WIIssWfY5Hm8
Bgz8SpY5/ByPjuDi6ewYAeWDUSNlMZE4tRjz8R7cIKMicJB4sLrq60Wf2G8ykz2d
TSEzPvkh5JkwhD0FPEGvSpjHJgAlkyxLUOsIb4R0ug89KT+u7HpX
-----END CERTIFICATE-----