Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/37ac59-8529-4ac9-ba4e-3bf7d77749ab/1/KWOjeTqrWS2bhx1qeVkVPGbzw7c.roa
File:                     KWOjeTqrWS2bhx1qeVkVPGbzw7c.roa (raw, json)
Hash identifier:          XUqhrwHbJF26mG4HYcUUQFE+zak+QHQ/0xU36G+fK8E=
Subject key identifier:   29:63:A3:79:3A:AB:59:2D:9B:87:1D:6A:79:59:15:3C:66:F3:C3:B7
Certificate issuer:       /CN=9194b857c037a7d7cb0575e35823e5e28032bda3
Certificate serial:       01942747D901A9B2CAC2A7D9D3F2C2CA7EF8
Authority key identifier: 91:94:B8:57:C0:37:A7:D7:CB:05:75:E3:58:23:E5:E2:80:32:BD:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kZS4V8A3p9fLBXXjWCPl4oAyvaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/37ac59-8529-4ac9-ba4e-3bf7d77749ab/1/KWOjeTqrWS2bhx1qeVkVPGbzw7c.roa
Signing time:             Thu 02 Jan 2025 13:50:07 +0000
ROA not before:           Thu 02 Jan 2025 13:50:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200977
IP address blocks:        185.90.240.0/24 maxlen: 24
                          185.90.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/37ac59-8529-4ac9-ba4e-3bf7d77749ab/1/kZS4V8A3p9fLBXXjWCPl4oAyvaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/37ac59-8529-4ac9-ba4e-3bf7d77749ab/1/kZS4V8A3p9fLBXXjWCPl4oAyvaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kZS4V8A3p9fLBXXjWCPl4oAyvaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:d9:01:a9:b2:ca:c2:a7:d9:d3:f2:c2:ca:7e:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9194b857c037a7d7cb0575e35823e5e28032bda3
        Validity
            Not Before: Jan  2 13:50:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2963a3793aab592d9b871d6a7959153c66f3c3b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:0a:fb:db:f1:11:27:8b:99:7a:96:12:5f:2c:
                    af:2e:76:be:24:a6:e6:74:c5:8b:cb:e7:40:40:63:
                    7d:94:1e:8c:ef:30:12:ce:c4:e7:f3:57:a5:74:b3:
                    4e:51:9d:7a:39:c1:66:aa:67:a6:a6:3e:f0:31:f9:
                    db:c4:7c:4c:28:eb:ec:dd:cd:9d:d4:b2:c8:39:1a:
                    e9:9c:e0:13:d8:b9:6b:23:79:2c:73:99:4c:ce:bd:
                    50:31:81:2c:fa:a8:1e:a9:d4:48:a1:26:e9:c4:d5:
                    1f:05:7f:ab:ae:d8:db:95:0c:51:c5:5d:c9:e7:1b:
                    dd:83:01:6c:dd:79:4c:ed:d6:82:43:15:1f:8a:86:
                    ea:a9:53:3a:2e:d0:e3:41:b6:f8:e1:01:7d:d5:88:
                    ae:26:c3:c8:26:cb:f8:ab:b3:0b:12:42:4f:8a:8c:
                    2b:1d:9d:53:04:00:1c:8c:25:d2:d5:ab:07:41:d4:
                    6e:b7:a3:27:95:2f:95:98:1c:25:ae:07:74:60:15:
                    30:b9:db:0c:55:10:92:29:ff:56:fc:53:ce:76:bf:
                    0c:60:04:52:64:3f:e6:2b:e9:21:1a:9b:a0:2b:ae:
                    83:3c:27:a2:ff:6c:84:e5:b4:1b:b9:b7:08:ed:7a:
                    a6:c7:44:d7:ae:71:a7:0c:5b:e1:e2:d2:a6:83:0f:
                    c0:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:63:A3:79:3A:AB:59:2D:9B:87:1D:6A:79:59:15:3C:66:F3:C3:B7
            X509v3 Authority Key Identifier:
                keyid:91:94:B8:57:C0:37:A7:D7:CB:05:75:E3:58:23:E5:E2:80:32:BD:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kZS4V8A3p9fLBXXjWCPl4oAyvaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/37ac59-8529-4ac9-ba4e-3bf7d77749ab/1/KWOjeTqrWS2bhx1qeVkVPGbzw7c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/37ac59-8529-4ac9-ba4e-3bf7d77749ab/1/kZS4V8A3p9fLBXXjWCPl4oAyvaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.90.240.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1e:dc:39:81:47:32:54:84:7e:ba:5b:45:16:4b:0e:dd:8a:a6:
         79:f5:4e:54:60:d3:da:c4:75:37:50:f6:fb:b4:89:cf:7b:f8:
         c7:92:a1:2e:11:12:3d:5a:0f:9e:fa:9e:08:e0:f3:d2:57:06:
         72:34:06:b5:c4:4c:e9:79:46:22:01:94:22:48:4f:55:2d:15:
         ed:cd:f8:65:fc:54:ba:d5:8b:6d:8a:92:22:39:df:42:fc:c0:
         e8:6a:e9:7d:5c:05:c1:dd:30:76:00:4b:5a:85:81:fd:0b:97:
         54:7e:87:eb:93:a9:14:0d:31:5b:70:73:48:05:9e:08:7d:c8:
         cd:3f:5b:5a:e1:99:1e:83:61:34:7f:77:65:94:19:31:03:96:
         5d:d6:fd:8f:d1:17:8f:63:f1:e4:dd:c2:5c:7d:fe:93:e1:60:
         df:a2:af:b2:7b:57:02:f9:cc:44:2d:54:59:dd:83:fc:83:93:
         6c:6d:59:d5:a1:d7:0e:c4:78:b7:40:0a:2a:b3:e2:b0:9d:fe:
         3f:1e:a1:31:52:50:26:96:09:91:24:6c:bc:e3:bf:c3:6d:e0:
         ce:53:48:72:19:80:23:91:3c:a4:7f:12:61:a9:11:11:64:df:
         ac:4f:87:7b:a1:1d:a0:93:97:13:08:0f:eb:f9:50:c8:a0:54:
         79:f7:01:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR9kBqbLKwqfZ0/LCyn74MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxOTRiODU3YzAzN2E3ZDdjYjA1NzVlMzU4MjNlNWUyODAz
MmJkYTMwHhcNMjUwMTAyMTM1MDA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTYzYTM3OTNhYWI1OTJkOWI4NzFkNmE3OTU5MTUzYzY2ZjNjM2I3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmQr72/ERJ4uZepYSXyyvLna+JKbm
dMWLy+dAQGN9lB6M7zASzsTn81eldLNOUZ16OcFmqmempj7wMfnbxHxMKOvs3c2d
1LLIORrpnOAT2LlrI3ksc5lMzr1QMYEs+qgeqdRIoSbpxNUfBX+rrtjblQxRxV3J
5xvdgwFs3XlM7daCQxUfiobqqVM6LtDjQbb44QF91YiuJsPIJsv4q7MLEkJPiowr
HZ1TBAAcjCXS1asHQdRut6MnlS+VmBwlrgd0YBUwudsMVRCSKf9W/FPOdr8MYARS
ZD/mK+khGpugK66DPCei/2yE5bQbubcI7Xqmx0TXrnGnDFvh4tKmgw/AKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCljo3k6q1ktm4cdanlZFTxm88O3MB8GA1UdIwQY
MBaAFJGUuFfAN6fXywV141gj5eKAMr2jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1pTNFY4QTNwOWZMQlhYaldDUGw0b0F5dmFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC8zN2FjNTktODUyOS00YWM5LWJhNGUt
M2JmN2Q3Nzc0OWFiLzEvS1dPamVUcXJXUzJiaHgxcWVWa1ZQR2J6dzdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC8zN2FjNTktODUyOS00YWM5LWJhNGUtM2JmN2Q3Nzc0OWFi
LzEva1pTNFY4QTNwOWZMQlhYaldDUGw0b0F5dmFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuVrwMA0G
CSqGSIb3DQEBCwUAA4IBAQAe3DmBRzJUhH66W0UWSw7diqZ59U5UYNPaxHU3UPb7
tInPe/jHkqEuERI9Wg+e+p4I4PPSVwZyNAa1xEzpeUYiAZQiSE9VLRXtzfhl/FS6
1YttipIiOd9C/MDoaul9XAXB3TB2AEtahYH9C5dUfofrk6kUDTFbcHNIBZ4IfcjN
P1ta4Zkeg2E0f3dllBkxA5Zd1v2P0RePY/Hk3cJcff6T4WDfoq+ye1cC+cxELVRZ
3YP8g5NsbVnVodcOxHi3QAoqs+Kwnf4/HqExUlAmlgmRJGy847/DbeDOU0hyGYAj
kTykfxJhqRERZN+sT4d7oR2gk5cTCA/r+VDIoFR59wFq
-----END CERTIFICATE-----