Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/50294d-8cc5-49d3-9312-727b1b583eb6/1/K4szTGDgWu8YAkp3B3AunTFhsNY.roa
File:                     K4szTGDgWu8YAkp3B3AunTFhsNY.roa (raw, json)
Hash identifier:          ZlMWPu4zKIGTz35MfDokFAisIKFFE+qRN3bSmh9wdso=
Subject key identifier:   2B:8B:33:4C:60:E0:5A:EF:18:02:4A:77:07:70:2E:9D:31:61:B0:D6
Certificate issuer:       /CN=47741e7c758d480413b5f1b0060611297e44036f
Certificate serial:       0194228D822F10D70C7371628D8D7629A4A6
Authority key identifier: 47:74:1E:7C:75:8D:48:04:13:B5:F1:B0:06:06:11:29:7E:44:03:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R3QefHWNSAQTtfGwBgYRKX5EA28.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/50294d-8cc5-49d3-9312-727b1b583eb6/1/K4szTGDgWu8YAkp3B3AunTFhsNY.roa
Signing time:             Wed 01 Jan 2025 15:48:06 +0000
ROA not before:           Wed 01 Jan 2025 15:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9017
IP address blocks:        176.117.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/50294d-8cc5-49d3-9312-727b1b583eb6/1/R3QefHWNSAQTtfGwBgYRKX5EA28.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/50294d-8cc5-49d3-9312-727b1b583eb6/1/R3QefHWNSAQTtfGwBgYRKX5EA28.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R3QefHWNSAQTtfGwBgYRKX5EA28.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:82:2f:10:d7:0c:73:71:62:8d:8d:76:29:a4:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=47741e7c758d480413b5f1b0060611297e44036f
        Validity
            Not Before: Jan  1 15:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2b8b334c60e05aef18024a7707702e9d3161b0d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:a6:e2:27:46:2d:ce:7a:11:d9:c0:13:22:ae:
                    d9:b6:da:ad:7f:f5:76:c0:44:aa:e6:e0:a6:ce:e7:
                    52:a8:1d:50:e5:95:a3:d9:4a:56:28:e4:6d:bb:ba:
                    9d:b4:9f:c9:17:57:aa:22:91:42:34:87:c4:4f:e8:
                    02:95:de:d1:b6:d8:40:65:07:16:72:8c:28:fa:b2:
                    70:3c:9e:ac:4d:c4:de:dd:74:b5:dd:f6:99:7e:6b:
                    d5:1d:18:1e:0b:61:49:f5:b2:69:d6:c9:be:c8:16:
                    7d:0d:86:c9:7d:67:91:17:67:60:64:92:10:92:70:
                    16:26:3d:92:7a:e9:1c:80:a6:37:dc:95:a3:97:22:
                    5e:86:23:4c:b6:7e:69:ab:48:3c:ca:92:7a:9e:aa:
                    06:74:1d:40:c5:df:bb:a7:a2:d4:1b:7c:da:9d:4a:
                    44:23:eb:c5:2e:3f:60:1a:f8:c8:17:23:e9:a6:e4:
                    65:e5:2e:a7:24:0e:fc:16:e0:c3:52:a9:a4:68:58:
                    bb:37:7f:16:15:f5:54:3a:9c:e6:cc:d6:67:73:85:
                    3f:28:6b:1d:83:ad:c7:73:cc:8a:a2:33:3a:ac:af:
                    5e:f2:d8:8f:52:b2:86:dc:8e:a9:0a:6b:ba:8a:ce:
                    c5:86:c2:8f:c6:d0:48:a7:ba:8b:7f:15:9b:0e:8a:
                    a2:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:8B:33:4C:60:E0:5A:EF:18:02:4A:77:07:70:2E:9D:31:61:B0:D6
            X509v3 Authority Key Identifier:
                keyid:47:74:1E:7C:75:8D:48:04:13:B5:F1:B0:06:06:11:29:7E:44:03:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R3QefHWNSAQTtfGwBgYRKX5EA28.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/50294d-8cc5-49d3-9312-727b1b583eb6/1/K4szTGDgWu8YAkp3B3AunTFhsNY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/50294d-8cc5-49d3-9312-727b1b583eb6/1/R3QefHWNSAQTtfGwBgYRKX5EA28.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.117.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ba:3d:ea:65:d7:6a:28:a7:5f:e1:d6:46:c9:c3:00:9b:04:7b:
         b6:97:6f:4d:44:55:48:74:02:d4:f3:06:c5:dd:e3:27:60:35:
         08:9d:58:8c:08:78:43:64:49:22:a3:6e:45:6a:14:69:c1:d1:
         3b:bb:b4:45:9c:c3:b9:f2:58:ad:63:81:bf:1a:d4:6f:28:26:
         cb:97:31:5b:38:b4:93:26:45:b3:fe:56:7b:37:ff:5c:fd:b3:
         1e:97:d1:f1:95:7b:f0:51:41:4d:91:9e:b5:00:85:86:f3:72:
         30:a2:dd:9b:6e:94:89:81:b1:00:b1:f4:51:36:cf:6b:44:39:
         f2:d2:85:83:b3:fd:ed:f1:cb:a4:e5:c4:8d:37:47:f1:82:8f:
         9a:94:3a:cd:c7:1b:95:3f:31:de:08:e7:81:ba:8b:f1:b4:8c:
         85:c2:4e:07:c2:3f:90:ce:5f:89:53:2f:bd:07:90:8b:6f:8f:
         f2:6c:4c:41:3a:c1:fa:69:e3:d3:d2:95:09:ab:f6:d8:db:14:
         03:8c:23:81:a0:84:0d:7e:e8:9c:92:ab:09:3e:d7:fe:e1:83:
         2f:97:be:96:9a:81:34:b9:02:4a:6a:92:54:b2:79:8e:47:dc:
         7c:07:a4:19:96:30:7d:76:43:94:1a:7a:1d:17:58:c9:6b:7a:
         a3:f0:54:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijYIvENcMc3FijY12KaSmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3NzQxZTdjNzU4ZDQ4MDQxM2I1ZjFiMDA2MDYxMTI5N2U0
NDAzNmYwHhcNMjUwMTAxMTU0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjhiMzM0YzYwZTA1YWVmMTgwMjRhNzcwNzcwMmU5ZDMxNjFiMGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6KbiJ0YtznoR2cATIq7Zttqtf/V2
wESq5uCmzudSqB1Q5ZWj2UpWKORtu7qdtJ/JF1eqIpFCNIfET+gCld7RtthAZQcW
cowo+rJwPJ6sTcTe3XS13faZfmvVHRgeC2FJ9bJp1sm+yBZ9DYbJfWeRF2dgZJIQ
knAWJj2SeukcgKY33JWjlyJehiNMtn5pq0g8ypJ6nqoGdB1Axd+7p6LUG3zanUpE
I+vFLj9gGvjIFyPppuRl5S6nJA78FuDDUqmkaFi7N38WFfVUOpzmzNZnc4U/KGsd
g63Hc8yKojM6rK9e8tiPUrKG3I6pCmu6is7FhsKPxtBIp7qLfxWbDoqiFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCuLM0xg4FrvGAJKdwdwLp0xYbDWMB8GA1UdIwQY
MBaAFEd0Hnx1jUgEE7XxsAYGESl+RANvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjNRZWZIV05TQVFUdGZHd0JnWVJLWDVFQTI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy81MDI5NGQtOGNjNS00OWQzLTkzMTIt
NzI3YjFiNTgzZWI2LzEvSzRzelRHRGdXdThZQWtwM0IzQXVuVEZoc05ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy81MDI5NGQtOGNjNS00OWQzLTkzMTItNzI3YjFiNTgzZWI2
LzEvUjNRZWZIV05TQVFUdGZHd0JnWVJLWDVFQTI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHU/MA0G
CSqGSIb3DQEBCwUAA4IBAQC6Pepl12oop1/h1kbJwwCbBHu2l29NRFVIdALU8wbF
3eMnYDUInViMCHhDZEkio25FahRpwdE7u7RFnMO58litY4G/GtRvKCbLlzFbOLST
JkWz/lZ7N/9c/bMel9HxlXvwUUFNkZ61AIWG83Iwot2bbpSJgbEAsfRRNs9rRDny
0oWDs/3t8cuk5cSNN0fxgo+alDrNxxuVPzHeCOeBuovxtIyFwk4Hwj+Qzl+JUy+9
B5CLb4/ybExBOsH6aePT0pUJq/bY2xQDjCOBoIQNfuickqsJPtf+4YMvl76WmoE0
uQJKapJUsnmOR9x8B6QZljB9dkOUGnodF1jJa3qj8FSc
-----END CERTIFICATE-----