Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/da2447-b252-4b6a-a82f-dcbe53da7860/1/KpoJychajtxAMst2lNotjhOxrMI.roa
File:                     KpoJychajtxAMst2lNotjhOxrMI.roa (raw, json)
Hash identifier:          X/JCLmAOExberdE56mUL9dRTSb/Mkf0OWMnUpBxfmmM=
Subject key identifier:   2A:9A:09:C9:C8:5A:8E:DC:40:32:CB:76:94:DA:2D:8E:13:B1:AC:C2
Certificate issuer:       /CN=9bc6fd3f32ca4594c96075659a7089b27ae3fef3
Certificate serial:       01942521C7F25C3F63AE5DFBC75B838098A3
Authority key identifier: 9B:C6:FD:3F:32:CA:45:94:C9:60:75:65:9A:70:89:B2:7A:E3:FE:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m8b9PzLKRZTJYHVlmnCJsnrj_vM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/da2447-b252-4b6a-a82f-dcbe53da7860/1/KpoJychajtxAMst2lNotjhOxrMI.roa
Signing time:             Thu 02 Jan 2025 03:49:18 +0000
ROA not before:           Thu 02 Jan 2025 03:49:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8220
IP address blocks:        193.98.156.0/24 maxlen: 24
                          193.102.132.0/24 maxlen: 24
                          194.115.212.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/da2447-b252-4b6a-a82f-dcbe53da7860/1/m8b9PzLKRZTJYHVlmnCJsnrj_vM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/da2447-b252-4b6a-a82f-dcbe53da7860/1/m8b9PzLKRZTJYHVlmnCJsnrj_vM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m8b9PzLKRZTJYHVlmnCJsnrj_vM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 06:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:c7:f2:5c:3f:63:ae:5d:fb:c7:5b:83:80:98:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bc6fd3f32ca4594c96075659a7089b27ae3fef3
        Validity
            Not Before: Jan  2 03:49:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2a9a09c9c85a8edc4032cb7694da2d8e13b1acc2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:a9:02:97:8d:03:b3:57:92:72:98:21:27:84:
                    61:81:76:3b:03:16:8f:96:7d:09:27:83:47:72:e3:
                    6d:45:36:9b:be:42:ab:90:4b:86:b2:12:6e:ca:7a:
                    94:44:f4:3a:96:13:27:12:0b:ad:43:25:53:2d:0a:
                    eb:83:8c:25:75:12:a0:2b:4c:69:22:45:ed:1f:ad:
                    1f:43:99:13:0d:9d:3e:75:75:20:fb:3d:63:d2:62:
                    58:d8:d8:7e:0c:a7:55:1f:ae:e4:57:d2:7b:5b:76:
                    f5:2a:91:71:53:e5:48:44:2f:2f:3c:fd:17:eb:91:
                    6e:15:ce:4a:42:e3:d3:ab:e3:41:fe:db:cc:42:27:
                    fe:37:33:59:a4:87:9b:6f:db:0d:5e:85:63:5f:a7:
                    d1:5b:05:a7:52:b2:c5:be:93:1b:b1:a3:a0:fd:12:
                    04:12:e6:6e:75:08:dd:37:39:64:36:81:1b:49:b0:
                    62:b8:59:2c:f7:8c:d9:ab:b2:4b:35:b8:d9:0c:4c:
                    05:72:53:d6:e4:e6:3f:92:bd:87:98:a3:70:61:f6:
                    46:31:92:f2:d9:3e:a2:55:39:9a:d8:91:c3:c9:29:
                    13:0e:0b:ae:27:2f:7d:f2:f1:2c:61:7f:9c:cb:87:
                    a5:67:1e:a0:b6:d2:02:18:02:5c:e8:68:3d:e1:9c:
                    01:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:9A:09:C9:C8:5A:8E:DC:40:32:CB:76:94:DA:2D:8E:13:B1:AC:C2
            X509v3 Authority Key Identifier:
                keyid:9B:C6:FD:3F:32:CA:45:94:C9:60:75:65:9A:70:89:B2:7A:E3:FE:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m8b9PzLKRZTJYHVlmnCJsnrj_vM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/da2447-b252-4b6a-a82f-dcbe53da7860/1/KpoJychajtxAMst2lNotjhOxrMI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/da2447-b252-4b6a-a82f-dcbe53da7860/1/m8b9PzLKRZTJYHVlmnCJsnrj_vM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.98.156.0/24
                  193.102.132.0/24
                  194.115.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         68:f5:0d:21:81:28:e7:02:20:3d:a5:cb:50:42:cf:51:09:ad:
         e5:c3:b8:81:48:4b:d7:e2:18:f9:9b:4e:1d:da:e5:5b:a1:dd:
         da:e3:68:e0:46:43:f0:b6:be:19:98:6a:af:4a:8e:6c:dd:7a:
         91:d7:6e:d9:aa:fb:93:43:35:7a:2a:a4:8e:ad:02:57:2a:f4:
         5b:18:6f:43:55:b4:20:1e:99:02:28:91:a4:a6:60:1a:b9:1c:
         ed:84:27:e1:2b:1b:46:c7:a2:74:93:25:46:15:0d:e4:56:dc:
         e7:b3:ae:97:54:bc:1e:7f:1d:fa:a0:2c:49:88:0e:89:05:7b:
         44:b9:8a:8e:f1:3b:56:e8:e6:98:99:6f:79:45:1a:6a:8a:c3:
         74:97:77:c9:52:6e:28:95:91:c2:0d:df:c8:ee:d9:7d:3f:ed:
         08:8c:4a:cb:d3:f9:f0:4d:50:0c:09:10:94:09:7f:f7:41:63:
         84:ba:6f:eb:62:51:cf:5d:e4:bf:27:54:29:e2:05:1c:23:76:
         14:9d:f5:d4:6f:2e:a3:2a:78:ad:f6:81:ea:df:07:42:f3:0f:
         b0:94:d9:bc:c9:d6:53:0c:7b:f9:e2:f0:35:05:08:72:eb:b4:
         8c:de:cd:bb:a2:c3:66:c7:59:fe:fa:23:09:c8:8b:7a:31:5c:
         f8:d2:a8:31
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQlIcfyXD9jrl37x1uDgJijMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliYzZmZDNmMzJjYTQ1OTRjOTYwNzU2NTlhNzA4OWIyN2Fl
M2ZlZjMwHhcNMjUwMTAyMDM0OTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTlhMDljOWM4NWE4ZWRjNDAzMmNiNzY5NGRhMmQ4ZTEzYjFhY2MyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxqkCl40Ds1eScpghJ4RhgXY7AxaP
ln0JJ4NHcuNtRTabvkKrkEuGshJuynqURPQ6lhMnEgutQyVTLQrrg4wldRKgK0xp
IkXtH60fQ5kTDZ0+dXUg+z1j0mJY2Nh+DKdVH67kV9J7W3b1KpFxU+VIRC8vPP0X
65FuFc5KQuPTq+NB/tvMQif+NzNZpIebb9sNXoVjX6fRWwWnUrLFvpMbsaOg/RIE
EuZudQjdNzlkNoEbSbBiuFks94zZq7JLNbjZDEwFclPW5OY/kr2HmKNwYfZGMZLy
2T6iVTma2JHDySkTDguuJy998vEsYX+cy4elZx6gttICGAJc6Gg94ZwBrwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCqaCcnIWo7cQDLLdpTaLY4TsazCMB8GA1UdIwQY
MBaAFJvG/T8yykWUyWB1ZZpwibJ64/7zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbThiOVB6TEtSWlRKWUhWbG1uQ0pzbnJqX3ZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi9kYTI0NDctYjI1Mi00YjZhLWE4MmYt
ZGNiZTUzZGE3ODYwLzEvS3BvSnljaGFqdHhBTXN0MmxOb3RqaE94ck1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi9kYTI0NDctYjI1Mi00YjZhLWE4MmYtZGNiZTUzZGE3ODYw
LzEvbThiOVB6TEtSWlRKWUhWbG1uQ0pzbnJqX3ZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwWKcAwQA
wWaEAwQCwnPUMA0GCSqGSIb3DQEBCwUAA4IBAQBo9Q0hgSjnAiA9pctQQs9RCa3l
w7iBSEvX4hj5m04d2uVbod3a42jgRkPwtr4ZmGqvSo5s3XqR127ZqvuTQzV6KqSO
rQJXKvRbGG9DVbQgHpkCKJGkpmAauRzthCfhKxtGx6J0kyVGFQ3kVtzns66XVLwe
fx36oCxJiA6JBXtEuYqO8TtW6OaYmW95RRpqisN0l3fJUm4olZHCDd/I7tl9P+0I
jErL0/nwTVAMCRCUCX/3QWOEum/rYlHPXeS/J1Qp4gUcI3YUnfXUby6jKnit9oHq
3wdC8w+wlNm8ydZTDHv54vA1BQhy67SM3s27osNmx1n++iMJyIt6MVz40qgx
-----END CERTIFICATE-----