Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/6920d2-a7a6-41a5-96e0-314ef746d8a6/1/kTZKdp3t576jj7V1laKryCYz0Og.roa
File:                     kTZKdp3t576jj7V1laKryCYz0Og.roa (raw, json)
Hash identifier:          HbtSMYd2T/15rtkOhZspTZMKwAPA+sik9h0BqyVd10U=
Subject key identifier:   91:36:4A:76:9D:ED:E7:BE:A3:8F:B5:75:95:A2:AB:C8:26:33:D0:E8
Certificate issuer:       /CN=b443914a48e5dae5a756b1e3b8fbe437ee0d8b0c
Certificate serial:       019427B5D59DAF6D59A2D9FC85CA518FF644
Authority key identifier: B4:43:91:4A:48:E5:DA:E5:A7:56:B1:E3:B8:FB:E4:37:EE:0D:8B:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tEORSkjl2uWnVrHjuPvkN-4Niww.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/6920d2-a7a6-41a5-96e0-314ef746d8a6/1/kTZKdp3t576jj7V1laKryCYz0Og.roa
Signing time:             Thu 02 Jan 2025 15:50:15 +0000
ROA not before:           Thu 02 Jan 2025 15:50:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        193.109.126.0/24 maxlen: 24
                          195.22.138.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/6920d2-a7a6-41a5-96e0-314ef746d8a6/1/tEORSkjl2uWnVrHjuPvkN-4Niww.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/6920d2-a7a6-41a5-96e0-314ef746d8a6/1/tEORSkjl2uWnVrHjuPvkN-4Niww.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tEORSkjl2uWnVrHjuPvkN-4Niww.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:d5:9d:af:6d:59:a2:d9:fc:85:ca:51:8f:f6:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b443914a48e5dae5a756b1e3b8fbe437ee0d8b0c
        Validity
            Not Before: Jan  2 15:50:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=91364a769dede7bea38fb57595a2abc82633d0e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:cc:de:a8:02:39:ad:7d:4b:16:4b:8b:7c:83:
                    a2:17:50:c3:7e:99:68:e6:4a:0d:39:b9:4d:9d:94:
                    76:76:aa:5a:43:43:6e:a5:cc:1b:fc:f6:36:af:49:
                    17:6b:8b:9c:9e:45:f4:d5:3c:be:ec:89:9c:c5:b8:
                    b5:fc:c3:03:fd:36:e3:e8:fc:89:70:c2:52:d2:e3:
                    87:95:6d:cc:04:6a:d6:22:15:43:85:6b:43:7e:d0:
                    56:af:8a:b1:05:1a:d7:84:c5:b9:ac:04:b3:24:d8:
                    e7:65:07:aa:fe:1a:ca:01:96:51:b7:1d:9a:11:15:
                    37:83:8e:e1:9b:43:36:3b:ce:be:c3:d5:7a:04:f3:
                    b8:9f:bc:1c:ed:ad:b6:bd:93:0f:7b:93:cb:9a:db:
                    b0:81:dd:cb:47:46:ed:77:5d:22:64:25:55:cd:1d:
                    5f:cc:f2:96:e5:1d:cd:1a:77:37:61:62:a7:b9:f7:
                    1a:08:a0:c4:a8:ab:23:5b:dc:ec:6c:94:57:a2:1d:
                    1e:f4:39:30:1a:bb:fe:d0:f7:29:ca:82:eb:30:70:
                    ea:ad:3c:84:c0:64:87:13:71:57:7f:f3:39:e8:0e:
                    af:3b:59:95:1c:c4:f8:a8:71:cc:d2:c9:d3:19:95:
                    12:6b:4c:75:61:7b:ef:d7:98:83:87:f8:02:04:d2:
                    56:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:36:4A:76:9D:ED:E7:BE:A3:8F:B5:75:95:A2:AB:C8:26:33:D0:E8
            X509v3 Authority Key Identifier:
                keyid:B4:43:91:4A:48:E5:DA:E5:A7:56:B1:E3:B8:FB:E4:37:EE:0D:8B:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tEORSkjl2uWnVrHjuPvkN-4Niww.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/6920d2-a7a6-41a5-96e0-314ef746d8a6/1/kTZKdp3t576jj7V1laKryCYz0Og.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/6920d2-a7a6-41a5-96e0-314ef746d8a6/1/tEORSkjl2uWnVrHjuPvkN-4Niww.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.109.126.0/24
                  195.22.138.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4a:ca:e2:1a:c5:a9:0b:6b:bf:4f:b7:4d:54:fd:fa:6b:e5:e4:
         04:40:03:37:c4:3f:8f:d4:37:fa:38:a1:d7:7c:e4:cb:6a:93:
         48:a9:3e:04:5e:71:07:20:9b:94:e4:29:bf:58:42:45:2b:3b:
         d5:98:3d:39:5c:5d:60:94:f4:43:ca:a1:73:88:eb:4b:b9:09:
         72:07:e0:c8:05:72:cd:f2:0c:b1:c7:c7:e4:bb:ac:30:fc:aa:
         f2:df:e3:15:fa:90:8a:24:69:3d:b0:0d:2c:f4:29:3a:f2:01:
         84:e3:90:74:35:31:3f:17:10:73:a1:1f:3e:1a:2d:9b:b8:e6:
         5c:41:a6:fa:39:48:b6:c3:fe:f0:3b:f0:e6:07:9d:a0:42:0b:
         7a:10:c9:e2:e4:04:ff:b8:f8:9b:f9:cd:e3:cf:0f:bc:93:44:
         68:d6:0c:de:f3:49:e6:4b:c5:33:0a:89:9a:f3:aa:bc:2c:42:
         8d:88:6f:09:c4:ea:bf:4c:e9:5b:df:16:64:b6:66:3a:ea:37:
         5d:d3:54:40:77:db:a9:2d:bb:01:52:28:fe:90:5f:0b:e2:d8:
         1f:eb:68:b3:71:e1:8f:8a:56:10:97:85:88:33:95:d7:19:d9:
         71:39:86:b4:56:3e:1b:1c:9b:20:56:81:a1:dc:e6:9f:6b:2a:
         55:1c:f3:ea
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQntdWdr21Zotn8hcpRj/ZEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0NDM5MTRhNDhlNWRhZTVhNzU2YjFlM2I4ZmJlNDM3ZWUw
ZDhiMGMwHhcNMjUwMTAyMTU1MDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTM2NGE3NjlkZWRlN2JlYTM4ZmI1NzU5NWEyYWJjODI2MzNkMGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApMzeqAI5rX1LFkuLfIOiF1DDfplo
5koNOblNnZR2dqpaQ0Nupcwb/PY2r0kXa4ucnkX01Ty+7Imcxbi1/MMD/Tbj6PyJ
cMJS0uOHlW3MBGrWIhVDhWtDftBWr4qxBRrXhMW5rASzJNjnZQeq/hrKAZZRtx2a
ERU3g47hm0M2O86+w9V6BPO4n7wc7a22vZMPe5PLmtuwgd3LR0btd10iZCVVzR1f
zPKW5R3NGnc3YWKnufcaCKDEqKsjW9zsbJRXoh0e9DkwGrv+0PcpyoLrMHDqrTyE
wGSHE3FXf/M56A6vO1mVHMT4qHHM0snTGZUSa0x1YXvv15iDh/gCBNJWAQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJE2Snad7ee+o4+1dZWiq8gmM9DoMB8GA1UdIwQY
MBaAFLRDkUpI5drlp1ax47j75DfuDYsMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEVPUlNramwydVduVnJIanVQdmtOLTROaXd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC82OTIwZDItYTdhNi00MWE1LTk2ZTAt
MzE0ZWY3NDZkOGE2LzEva1RaS2RwM3Q1NzZqajdWMWxhS3J5Q1l6ME9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC82OTIwZDItYTdhNi00MWE1LTk2ZTAtMzE0ZWY3NDZkOGE2
LzEvdEVPUlNramwydVduVnJIanVQdmtOLTROaXd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwW1+AwQB
wxaKMA0GCSqGSIb3DQEBCwUAA4IBAQBKyuIaxakLa79Pt01U/fpr5eQEQAM3xD+P
1Df6OKHXfOTLapNIqT4EXnEHIJuU5Cm/WEJFKzvVmD05XF1glPRDyqFziOtLuQly
B+DIBXLN8gyxx8fku6ww/Kry3+MV+pCKJGk9sA0s9Ck68gGE45B0NTE/FxBzoR8+
Gi2buOZcQab6OUi2w/7wO/DmB52gQgt6EMni5AT/uPib+c3jzw+8k0Ro1gze80nm
S8UzComa86q8LEKNiG8JxOq/TOlb3xZktmY66jdd01RAd9upLbsBUij+kF8L4tgf
62izceGPilYQl4WIM5XXGdlxOYa0Vj4bHJsgVoGh3OafaypVHPPq
-----END CERTIFICATE-----