Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/kuwbf96A9rw2pbo7uPM40Rl8CC0.roa
File:                     kuwbf96A9rw2pbo7uPM40Rl8CC0.roa (raw, json)
Hash identifier:          a2L9elBFo9A8yoERXaG6fpRoICxNShtECkHlwZ/4P+I=
Subject key identifier:   92:EC:1B:7F:DE:80:F6:BC:36:A5:BA:3B:B8:F3:38:D1:19:7C:08:2D
Certificate issuer:       /CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
Certificate serial:       018F7C066827EBDE0E3DA4031C8A2A6A9D2C
Authority key identifier: CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/kuwbf96A9rw2pbo7uPM40Rl8CC0.roa
Signing time:             Wed 15 May 2024 11:32:25 +0000
ROA not before:           Wed 15 May 2024 11:32:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215226
IP address blocks:        91.242.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:7c:06:68:27:eb:de:0e:3d:a4:03:1c:8a:2a:6a:9d:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
        Validity
            Not Before: May 15 11:32:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=92ec1b7fde80f6bc36a5ba3bb8f338d1197c082d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:0a:a1:03:aa:d9:0e:98:9a:75:66:59:ff:db:
                    5d:29:25:17:06:d4:8f:79:aa:e6:cf:20:dd:9f:96:
                    83:81:09:5d:45:2b:22:a1:e5:c8:ad:38:0f:ea:42:
                    d5:c6:6d:b8:92:8c:c4:8f:1b:fe:9e:f6:35:68:f0:
                    b4:50:aa:d3:1e:27:64:5c:82:c9:61:de:86:10:c0:
                    b1:45:6b:db:40:a8:cf:00:99:3d:97:43:2c:a8:c1:
                    de:44:64:0d:5b:c1:9e:34:78:74:f8:23:e9:f9:48:
                    60:0c:3e:91:4f:9b:7e:d3:62:4e:2c:22:b2:32:41:
                    2f:3c:10:55:bf:ab:b6:ec:a2:c6:c9:a9:1c:02:ce:
                    42:53:83:46:54:80:2c:35:7b:ef:5d:27:b6:3b:34:
                    3c:df:83:ed:1a:5f:34:18:a6:3e:8d:c3:54:59:87:
                    d3:45:1a:6e:a0:52:16:f2:fb:ab:4a:5f:09:54:ea:
                    27:e6:3f:d0:62:32:65:9d:23:03:6b:e9:10:7a:4c:
                    70:ce:9c:a0:49:4e:cb:2d:fd:5e:fc:3c:23:6c:65:
                    35:a7:5f:e5:fa:76:86:e9:22:75:40:00:38:b6:49:
                    9d:f2:eb:91:3f:4e:c1:e5:33:7f:fc:fd:1d:ec:61:
                    9b:6d:4a:b9:51:7e:9e:a7:f1:18:95:d2:95:79:8c:
                    3e:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:EC:1B:7F:DE:80:F6:BC:36:A5:BA:3B:B8:F3:38:D1:19:7C:08:2D
            X509v3 Authority Key Identifier:
                keyid:CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/kuwbf96A9rw2pbo7uPM40Rl8CC0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.242.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:3f:8b:ed:38:1d:01:cb:8d:5d:0e:1f:17:fe:e6:cf:01:48:
         5a:c9:dd:bd:d8:a1:e2:04:93:b8:6e:17:1c:c1:d8:43:12:a6:
         96:47:27:00:2c:70:76:8f:bd:99:19:7d:1b:aa:9e:d1:7e:1a:
         95:85:d5:9c:a2:59:bf:e2:47:44:f7:15:59:01:54:cb:80:09:
         30:b4:8e:ee:44:ae:8a:c4:93:0f:20:96:26:4c:df:b8:8d:5c:
         ed:9d:d9:f7:38:2c:49:2f:3a:73:6f:05:44:b2:3b:55:c1:c6:
         bd:d3:b1:9d:4a:be:cd:5d:15:dc:4f:51:8e:2a:8b:d0:9c:a2:
         56:5f:8b:68:c2:30:fe:8d:52:a9:fc:eb:21:47:56:63:f7:9f:
         31:fb:11:91:b8:da:49:77:0a:69:16:42:cb:7f:14:37:7d:4c:
         49:f2:58:12:f8:56:1d:72:38:16:cd:54:78:3e:07:4c:59:3b:
         95:1c:60:de:75:5b:28:ec:17:54:e4:16:4c:fb:ae:57:6f:17:
         f8:d1:02:3d:ff:7b:de:b1:6a:d0:cd:63:69:cd:61:1f:26:25:
         27:b7:1b:86:b5:db:ea:46:e1:1d:40:6d:33:ff:6b:7e:de:d1:
         3b:c2:38:9e:0d:6a:8d:d8:8e:cd:63:b1:ab:5e:7e:d4:46:42:
         ac:b6:a8:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY98Bmgn694OPaQDHIoqap0sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmMWRmNjY2N2RhMzhlNTdhMjViMTk0NWZhNDBlNTkzZTVh
ZGZhMDAwHhcNMjQwNTE1MTEzMjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmVjMWI3ZmRlODBmNmJjMzZhNWJhM2JiOGYzMzhkMTE5N2MwODJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3AqhA6rZDpiadWZZ/9tdKSUXBtSP
earmzyDdn5aDgQldRSsioeXIrTgP6kLVxm24kozEjxv+nvY1aPC0UKrTHidkXILJ
Yd6GEMCxRWvbQKjPAJk9l0MsqMHeRGQNW8GeNHh0+CPp+UhgDD6RT5t+02JOLCKy
MkEvPBBVv6u27KLGyakcAs5CU4NGVIAsNXvvXSe2OzQ834PtGl80GKY+jcNUWYfT
RRpuoFIW8vurSl8JVOon5j/QYjJlnSMDa+kQekxwzpygSU7LLf1e/DwjbGU1p1/l
+naG6SJ1QAA4tkmd8uuRP07B5TN//P0d7GGbbUq5UX6ep/EYldKVeYw+8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJLsG3/egPa8NqW6O7jzONEZfAgtMB8GA1UdIwQY
MBaAFM8d9mZ9o45XolsZRfpA5ZPlrfoAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEt
OGRmMzYzMzdlNmJjLzEva3V3YmY5NkE5cncycGJvN3VQTTQwUmw4Q0MwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEtOGRmMzYzMzdlNmJj
LzEvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/L/MA0G
CSqGSIb3DQEBCwUAA4IBAQB8P4vtOB0By41dDh8X/ubPAUhayd292KHiBJO4bhcc
wdhDEqaWRycALHB2j72ZGX0bqp7RfhqVhdWcolm/4kdE9xVZAVTLgAkwtI7uRK6K
xJMPIJYmTN+4jVztndn3OCxJLzpzbwVEsjtVwca907GdSr7NXRXcT1GOKovQnKJW
X4towjD+jVKp/OshR1Zj958x+xGRuNpJdwppFkLLfxQ3fUxJ8lgS+FYdcjgWzVR4
PgdMWTuVHGDedVso7BdU5BZM+65Xbxf40QI9/3vesWrQzWNpzWEfJiUntxuGtdvq
RuEdQG0z/2t+3tE7wjieDWqN2I7NY7GrXn7URkKstqjJ
-----END CERTIFICATE-----