Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/6369e6-2304-4922-afdf-e93e2eba69b9/1/KHPRuQDdd-kWMT7LTpUd4Jl5CLc.roa
File:                     KHPRuQDdd-kWMT7LTpUd4Jl5CLc.roa (raw, json)
Hash identifier:          HHEh/ZmjNau8OqCWaktRrOiEVjCo5faN7oV96b1l4Q8=
Subject key identifier:   28:73:D1:B9:00:DD:77:E9:16:31:3E:CB:4E:95:1D:E0:99:79:08:B7
Certificate issuer:       /CN=bb190d102ac9603b405b36374d429868604937af
Certificate serial:       01942143DE773034E8A9B90780D892142521
Authority key identifier: BB:19:0D:10:2A:C9:60:3B:40:5B:36:37:4D:42:98:68:60:49:37:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uxkNECrJYDtAWzY3TUKYaGBJN68.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/6369e6-2304-4922-afdf-e93e2eba69b9/1/KHPRuQDdd-kWMT7LTpUd4Jl5CLc.roa
Signing time:             Wed 01 Jan 2025 09:48:03 +0000
ROA not before:           Wed 01 Jan 2025 09:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203823
IP address blocks:        185.122.196.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/6369e6-2304-4922-afdf-e93e2eba69b9/1/uxkNECrJYDtAWzY3TUKYaGBJN68.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/6369e6-2304-4922-afdf-e93e2eba69b9/1/uxkNECrJYDtAWzY3TUKYaGBJN68.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uxkNECrJYDtAWzY3TUKYaGBJN68.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 12:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:de:77:30:34:e8:a9:b9:07:80:d8:92:14:25:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb190d102ac9603b405b36374d429868604937af
        Validity
            Not Before: Jan  1 09:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2873d1b900dd77e916313ecb4e951de0997908b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:97:47:f2:3f:2c:9b:0e:71:c9:f0:35:48:4a:
                    31:a0:b7:8f:e0:56:b0:61:98:22:ae:66:9d:d9:31:
                    09:c2:90:e0:6c:a0:c7:2a:ac:94:16:25:5e:0f:eb:
                    d6:f1:94:24:ac:d6:51:93:70:ba:94:73:12:ee:52:
                    b7:d4:e0:55:0b:d1:38:56:d0:07:c5:fa:18:e4:3e:
                    d2:f2:21:b3:89:d6:60:97:13:32:4e:a7:a8:53:14:
                    b0:26:1b:ed:77:89:4e:38:a1:d0:f0:fe:6e:69:a1:
                    d0:4b:26:51:5c:81:33:6d:08:3f:a3:70:d8:cb:ab:
                    9f:98:a1:ee:2c:14:79:d2:06:8b:93:48:c2:a4:c4:
                    9d:13:0b:63:ba:47:5c:1d:34:e8:8a:74:69:8c:8f:
                    a5:4c:1b:c9:c9:96:df:68:82:e9:5b:50:d5:df:9e:
                    2a:61:94:19:cd:c1:6e:ec:cb:5f:d0:e2:e6:25:37:
                    7b:e7:ea:62:23:62:2d:0a:4a:d7:d0:aa:97:1f:14:
                    8c:a1:5b:19:83:6d:66:ed:ad:b2:70:07:25:9b:cf:
                    41:ee:09:01:a0:80:9b:27:51:bc:31:1f:e5:92:96:
                    f8:27:76:72:36:e5:73:1c:12:5b:56:a6:49:f1:8b:
                    49:65:f7:6d:9b:ae:24:97:54:ac:c2:61:3a:71:2a:
                    5a:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:73:D1:B9:00:DD:77:E9:16:31:3E:CB:4E:95:1D:E0:99:79:08:B7
            X509v3 Authority Key Identifier:
                keyid:BB:19:0D:10:2A:C9:60:3B:40:5B:36:37:4D:42:98:68:60:49:37:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uxkNECrJYDtAWzY3TUKYaGBJN68.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/6369e6-2304-4922-afdf-e93e2eba69b9/1/KHPRuQDdd-kWMT7LTpUd4Jl5CLc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/6369e6-2304-4922-afdf-e93e2eba69b9/1/uxkNECrJYDtAWzY3TUKYaGBJN68.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.122.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6a:ff:01:82:58:db:1e:9b:d6:64:76:20:11:69:7b:8b:2f:28:
         a2:63:17:e3:24:5a:fe:bd:d5:5f:ed:ec:fd:09:9a:63:c2:f9:
         7e:20:39:06:a5:21:50:dd:b7:19:00:63:5f:9e:fe:75:86:e2:
         d6:60:01:e2:c0:99:8b:eb:63:e9:7f:b6:54:14:d6:37:8a:0c:
         dc:95:77:1e:56:e5:74:07:96:2f:4c:2e:6c:06:7d:1e:65:d3:
         e2:f7:c0:1a:49:99:d9:6f:37:00:23:97:73:38:e9:3f:b1:42:
         35:0f:92:4a:94:7c:46:10:0b:ae:0d:18:f2:49:5b:4d:39:85:
         04:98:8d:51:e5:18:62:e7:36:26:e5:4d:17:6d:31:72:b2:9a:
         45:12:88:d2:24:71:d1:f4:bb:de:1b:10:fe:74:b0:f3:1a:b2:
         a9:98:a9:86:ff:c2:85:7f:06:69:93:6b:f2:97:e6:73:9e:5d:
         79:42:98:21:01:33:a3:6a:b1:49:75:15:30:1b:b4:80:02:b0:
         fc:4a:51:95:19:5e:93:01:49:56:07:e1:6b:28:fe:6a:5f:68:
         cb:e3:45:13:31:73:28:5a:35:f2:57:97:43:c2:a0:a4:47:48:
         fd:8f:fb:58:89:d4:32:d8:a6:cc:9f:69:90:fd:ef:86:7a:ec:
         c1:d0:f1:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ953MDToqbkHgNiSFCUhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiMTkwZDEwMmFjOTYwM2I0MDViMzYzNzRkNDI5ODY4NjA0
OTM3YWYwHhcNMjUwMTAxMDk0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODczZDFiOTAwZGQ3N2U5MTYzMTNlY2I0ZTk1MWRlMDk5NzkwOGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn5dH8j8smw5xyfA1SEoxoLeP4Faw
YZgirmad2TEJwpDgbKDHKqyUFiVeD+vW8ZQkrNZRk3C6lHMS7lK31OBVC9E4VtAH
xfoY5D7S8iGzidZglxMyTqeoUxSwJhvtd4lOOKHQ8P5uaaHQSyZRXIEzbQg/o3DY
y6ufmKHuLBR50gaLk0jCpMSdEwtjukdcHTToinRpjI+lTBvJyZbfaILpW1DV354q
YZQZzcFu7Mtf0OLmJTd75+piI2ItCkrX0KqXHxSMoVsZg21m7a2ycAclm89B7gkB
oICbJ1G8MR/lkpb4J3ZyNuVzHBJbVqZJ8YtJZfdtm64kl1SswmE6cSpa2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFChz0bkA3XfpFjE+y06VHeCZeQi3MB8GA1UdIwQY
MBaAFLsZDRAqyWA7QFs2N01CmGhgSTevMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXhrTkVDckpZRHRBV3pZM1RVS1lhR0JKTjY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS82MzY5ZTYtMjMwNC00OTIyLWFmZGYt
ZTkzZTJlYmE2OWI5LzEvS0hQUnVRRGRkLWtXTVQ3TFRwVWQ0Smw1Q0xjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS82MzY5ZTYtMjMwNC00OTIyLWFmZGYtZTkzZTJlYmE2OWI5
LzEvdXhrTkVDckpZRHRBV3pZM1RVS1lhR0JKTjY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXrEMA0G
CSqGSIb3DQEBCwUAA4IBAQBq/wGCWNsem9ZkdiARaXuLLyiiYxfjJFr+vdVf7ez9
CZpjwvl+IDkGpSFQ3bcZAGNfnv51huLWYAHiwJmL62Ppf7ZUFNY3igzclXceVuV0
B5YvTC5sBn0eZdPi98AaSZnZbzcAI5dzOOk/sUI1D5JKlHxGEAuuDRjySVtNOYUE
mI1R5Rhi5zYm5U0XbTFysppFEojSJHHR9LveGxD+dLDzGrKpmKmG/8KFfwZpk2vy
l+Zznl15QpghATOjarFJdRUwG7SAArD8SlGVGV6TAUlWB+FrKP5qX2jL40UTMXMo
WjXyV5dDwqCkR0j9j/tYidQy2KbMn2mQ/e+GeuzB0PGm
-----END CERTIFICATE-----