Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/KW8HM7Vt-viFSQssh-MaAGQ56LI.roa
File:                     KW8HM7Vt-viFSQssh-MaAGQ56LI.roa (raw, json)
Hash identifier:          LVB3HoG1zrGwq6DA6Whlqb+iZJnipajeWgJUkFDtgQ8=
Subject key identifier:   29:6F:07:33:B5:6D:FA:F8:85:49:0B:2C:87:E3:1A:00:64:39:E8:B2
Certificate issuer:       /CN=b3a5d99863db2e49b44f6c324eb04388fc7515d2
Certificate serial:       0194282556B965AE94D343CBDBAA6A9DCF3A
Authority key identifier: B3:A5:D9:98:63:DB:2E:49:B4:4F:6C:32:4E:B0:43:88:FC:75:15:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s6XZmGPbLkm0T2wyTrBDiPx1FdI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/KW8HM7Vt-viFSQssh-MaAGQ56LI.roa
Signing time:             Thu 02 Jan 2025 17:52:03 +0000
ROA not before:           Thu 02 Jan 2025 17:52:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     4445
IP address blocks:        46.190.128.0/17 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/s6XZmGPbLkm0T2wyTrBDiPx1FdI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/s6XZmGPbLkm0T2wyTrBDiPx1FdI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s6XZmGPbLkm0T2wyTrBDiPx1FdI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 22:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:56:b9:65:ae:94:d3:43:cb:db:aa:6a:9d:cf:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3a5d99863db2e49b44f6c324eb04388fc7515d2
        Validity
            Not Before: Jan  2 17:52:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=296f0733b56dfaf885490b2c87e31a006439e8b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:48:87:24:f0:63:82:57:aa:46:62:93:9d:09:
                    90:dc:16:a2:8b:79:6e:53:ea:5d:91:ba:09:ee:76:
                    88:d7:07:a5:18:31:d0:71:8b:4f:79:98:e9:91:b1:
                    3e:4b:9d:9f:47:69:cd:76:9d:60:ba:6c:de:9c:21:
                    1a:c5:23:bd:f9:f5:fc:48:73:28:bd:4f:9f:92:1b:
                    7e:71:01:ed:ec:a0:0c:4e:73:21:77:d3:02:3f:31:
                    6e:ab:bb:d4:6e:9d:eb:de:d8:dc:0c:ae:bc:1a:1b:
                    34:0c:2f:14:b9:6e:3d:87:4a:3c:28:9a:8a:72:8d:
                    72:aa:c2:b7:c1:9f:44:7b:2b:b4:1c:7f:ab:e1:a8:
                    cc:db:a2:7e:e7:be:d6:a7:ae:be:58:07:1e:cc:14:
                    ea:d5:da:9c:f2:3c:ae:87:be:b8:7a:5f:70:9a:1e:
                    c9:65:bd:10:ac:dd:c1:58:1e:64:f8:7b:c0:ed:c5:
                    9d:12:09:2e:af:e9:2a:71:de:ad:30:f0:4f:9d:e5:
                    8e:28:3f:44:aa:92:22:32:fd:b8:3f:23:00:75:cc:
                    60:b1:59:f5:5e:ad:cc:27:47:af:2c:e7:37:dd:ac:
                    5e:67:95:a4:d6:d5:45:52:87:eb:4a:a0:c7:19:e3:
                    78:68:7c:c2:75:69:de:98:07:a8:db:77:fc:f7:fd:
                    44:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:6F:07:33:B5:6D:FA:F8:85:49:0B:2C:87:E3:1A:00:64:39:E8:B2
            X509v3 Authority Key Identifier:
                keyid:B3:A5:D9:98:63:DB:2E:49:B4:4F:6C:32:4E:B0:43:88:FC:75:15:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s6XZmGPbLkm0T2wyTrBDiPx1FdI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/KW8HM7Vt-viFSQssh-MaAGQ56LI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/s6XZmGPbLkm0T2wyTrBDiPx1FdI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.190.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         9d:d2:37:06:d1:e3:ea:ed:a2:83:a4:2e:d8:96:4f:f9:aa:70:
         8b:90:fc:4a:c7:98:71:29:a8:71:04:b2:a8:19:91:5e:91:aa:
         50:96:98:81:61:3e:00:c6:65:d3:7e:aa:ed:97:1d:11:e7:c0:
         97:3d:93:0b:61:58:c7:11:19:c3:7c:33:45:ea:e7:49:57:10:
         a8:53:47:ae:8a:42:c0:4d:96:3d:e7:d8:01:4d:71:62:62:12:
         51:4c:7c:2d:07:db:c7:7f:72:a8:9f:79:c0:36:71:1b:54:7f:
         db:5e:9e:01:6e:2d:82:29:ef:6c:94:94:8e:d3:5a:f4:78:d5:
         2e:c3:60:b9:be:3f:09:8c:46:91:f4:07:a5:a8:df:35:18:6d:
         8b:17:8c:99:19:8b:18:a9:53:72:78:cc:ad:4e:61:0b:32:e0:
         06:77:97:9a:6a:24:ce:56:af:17:44:f8:9b:9f:34:80:9d:80:
         80:16:30:b0:41:31:3a:ce:ae:6c:0c:7f:a2:3c:00:60:70:0d:
         2d:d1:c4:10:d7:4b:43:55:ee:f0:2a:61:42:70:4e:5a:02:30:
         35:c7:b7:d2:10:0f:7e:72:24:ef:34:3e:26:d0:3d:af:5f:ff:
         94:d5:98:ff:e2:3f:4c:b9:fc:be:5f:71:8e:17:65:fd:0c:6c:
         a8:b2:16:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJVa5Za6U00PL26pqnc86MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzYTVkOTk4NjNkYjJlNDliNDRmNmMzMjRlYjA0Mzg4ZmM3
NTE1ZDIwHhcNMjUwMTAyMTc1MjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTZmMDczM2I1NmRmYWY4ODU0OTBiMmM4N2UzMWEwMDY0MzllOGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqUiHJPBjgleqRmKTnQmQ3Baii3lu
U+pdkboJ7naI1welGDHQcYtPeZjpkbE+S52fR2nNdp1gumzenCEaxSO9+fX8SHMo
vU+fkht+cQHt7KAMTnMhd9MCPzFuq7vUbp3r3tjcDK68Ghs0DC8UuW49h0o8KJqK
co1yqsK3wZ9Eeyu0HH+r4ajM26J+577Wp66+WAcezBTq1dqc8jyuh764el9wmh7J
Zb0QrN3BWB5k+HvA7cWdEgkur+kqcd6tMPBPneWOKD9EqpIiMv24PyMAdcxgsVn1
Xq3MJ0evLOc33axeZ5Wk1tVFUofrSqDHGeN4aHzCdWnemAeo23f89/1ETwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFClvBzO1bfr4hUkLLIfjGgBkOeiyMB8GA1UdIwQY
MBaAFLOl2Zhj2y5JtE9sMk6wQ4j8dRXSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczZYWm1HUGJMa20wVDJ3eVRyQkRpUHgxRmRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC8yOWU5YmMtYjE5MC00MDllLTg2YjAt
ZWVjNWQ1MGVmYTk0LzEvS1c4SE03VnQtdmlGU1Fzc2gtTWFBR1E1NkxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC8yOWU5YmMtYjE5MC00MDllLTg2YjAtZWVjNWQ1MGVmYTk0
LzEvczZYWm1HUGJMa20wVDJ3eVRyQkRpUHgxRmRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQHLr6AMA0G
CSqGSIb3DQEBCwUAA4IBAQCd0jcG0ePq7aKDpC7Ylk/5qnCLkPxKx5hxKahxBLKo
GZFekapQlpiBYT4AxmXTfqrtlx0R58CXPZMLYVjHERnDfDNF6udJVxCoU0euikLA
TZY959gBTXFiYhJRTHwtB9vHf3Kon3nANnEbVH/bXp4Bbi2CKe9slJSO01r0eNUu
w2C5vj8JjEaR9AelqN81GG2LF4yZGYsYqVNyeMytTmELMuAGd5eaaiTOVq8XRPib
nzSAnYCAFjCwQTE6zq5sDH+iPABgcA0t0cQQ10tDVe7wKmFCcE5aAjA1x7fSEA9+
ciTvND4m0D2vX/+U1Zj/4j9Mufy+X3GOF2X9DGyoshZM
-----END CERTIFICATE-----