Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/012130-8103-4c25-93ba-9928dd3f2f82/1/KUeSunFIk48S0xFjDtY2TFss-TE.roa
File:                     KUeSunFIk48S0xFjDtY2TFss-TE.roa (raw, json)
Hash identifier:          J/IARmd2LJ7EVJ23zEUrZq3QktpdZue4SY7AhlJReKQ=
Subject key identifier:   29:47:92:BA:71:48:93:8F:12:D3:11:63:0E:D6:36:4C:5B:2C:F9:31
Certificate issuer:       /CN=80d608a14118b1a8dcddebbb40f96ecd48f85c71
Certificate serial:       019423696AEC1902BA5B5DA4CACF847D2762
Authority key identifier: 80:D6:08:A1:41:18:B1:A8:DC:DD:EB:BB:40:F9:6E:CD:48:F8:5C:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gNYIoUEYsajc3eu7QPluzUj4XHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/012130-8103-4c25-93ba-9928dd3f2f82/1/KUeSunFIk48S0xFjDtY2TFss-TE.roa
Signing time:             Wed 01 Jan 2025 19:48:18 +0000
ROA not before:           Wed 01 Jan 2025 19:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     138971
IP address blocks:        185.228.92.0/22 maxlen: 22
                          185.228.92.0/24 maxlen: 24
                          185.228.93.0/24 maxlen: 24
                          185.228.94.0/24 maxlen: 24
                          185.228.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/012130-8103-4c25-93ba-9928dd3f2f82/1/gNYIoUEYsajc3eu7QPluzUj4XHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/012130-8103-4c25-93ba-9928dd3f2f82/1/gNYIoUEYsajc3eu7QPluzUj4XHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gNYIoUEYsajc3eu7QPluzUj4XHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:6a:ec:19:02:ba:5b:5d:a4:ca:cf:84:7d:27:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=80d608a14118b1a8dcddebbb40f96ecd48f85c71
        Validity
            Not Before: Jan  1 19:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=294792ba7148938f12d311630ed6364c5b2cf931
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:94:7c:61:fa:fd:f2:2b:b6:ab:81:d4:3a:79:
                    76:fb:e2:cd:ae:2a:39:d8:b1:6f:1a:55:54:f6:0d:
                    fa:a7:ab:40:ad:62:8d:86:08:73:35:05:2e:83:9d:
                    24:f9:d4:1d:96:68:18:4a:c8:25:de:0f:77:fa:b2:
                    ac:d1:f6:cf:01:d3:27:9f:30:f9:fd:79:d5:b8:e1:
                    3b:05:f3:c4:fa:16:1c:d5:a4:f9:84:97:7c:f5:04:
                    4e:84:87:87:7b:ea:67:74:7e:f7:4f:7b:89:ae:47:
                    59:98:fe:1e:b3:40:c6:bb:6a:e1:dd:ef:e3:e5:9a:
                    78:5d:13:c6:a4:75:ed:36:b1:1f:16:2d:b3:be:c8:
                    57:0d:fd:54:bf:17:d5:a3:e5:ab:4f:99:8c:1a:65:
                    71:d1:d0:75:88:91:de:86:8d:da:7f:c4:02:38:77:
                    76:e5:4e:ab:51:09:71:06:b0:ea:d3:c6:f0:59:be:
                    73:57:ff:22:f1:71:fe:be:4c:58:04:57:55:4e:d2:
                    d6:9e:4a:88:7e:fd:b2:ee:d2:6b:83:da:57:dd:9c:
                    9e:47:8b:ee:46:fe:39:f5:4e:61:5c:d8:3e:c7:a2:
                    17:fa:6c:5b:b2:d3:53:a8:82:fa:42:ef:b6:0a:bc:
                    8b:db:8c:e1:6d:30:11:da:80:90:99:1a:07:3f:0e:
                    ab:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:47:92:BA:71:48:93:8F:12:D3:11:63:0E:D6:36:4C:5B:2C:F9:31
            X509v3 Authority Key Identifier:
                keyid:80:D6:08:A1:41:18:B1:A8:DC:DD:EB:BB:40:F9:6E:CD:48:F8:5C:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gNYIoUEYsajc3eu7QPluzUj4XHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/012130-8103-4c25-93ba-9928dd3f2f82/1/KUeSunFIk48S0xFjDtY2TFss-TE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/012130-8103-4c25-93ba-9928dd3f2f82/1/gNYIoUEYsajc3eu7QPluzUj4XHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.228.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         42:20:13:26:39:ff:4c:8b:4c:01:c3:6e:09:33:56:7d:56:d1:
         c9:3a:08:48:4e:78:cd:c4:11:3c:5d:51:54:99:19:3f:ba:3e:
         fb:c7:3b:68:02:10:4e:2c:0b:c5:25:dc:c2:3b:23:1f:9f:27:
         f7:bd:c2:83:17:56:c3:0e:bc:58:9c:ca:04:39:c0:ec:ed:a1:
         7f:67:a6:2f:22:a4:cd:42:7a:45:5b:08:15:64:a0:7a:4b:7f:
         9c:d2:19:68:bb:00:5a:e4:ba:d6:33:0e:db:aa:20:cc:45:51:
         aa:e6:b4:a8:61:9f:86:2e:97:63:c6:e2:81:e7:9c:65:3e:e1:
         c7:9f:76:d1:d7:9c:a2:b6:e0:69:fe:db:5b:be:81:a4:ac:4e:
         33:06:d2:f0:cb:5e:b3:9c:51:d9:26:45:7a:6d:0e:ad:6a:cb:
         65:e6:47:c2:a0:eb:a8:13:75:90:2a:56:51:ef:d0:fb:af:e9:
         56:4f:9b:e2:47:64:11:3a:72:3a:b8:59:b5:2a:71:f9:9e:b0:
         c7:f9:ff:66:90:a3:01:04:e6:54:89:f3:45:59:ff:6d:0d:c5:
         62:6c:92:28:e4:63:c3:87:f5:5a:8d:df:ea:16:48:e3:1e:c8:
         50:98:8a:56:76:e9:67:f5:a1:69:24:c1:cb:7f:8a:1f:4d:c7:
         5e:26:05:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaWrsGQK6W12kys+EfSdiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwZDYwOGExNDExOGIxYThkY2RkZWJiYjQwZjk2ZWNkNDhm
ODVjNzEwHhcNMjUwMTAxMTk0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTQ3OTJiYTcxNDg5MzhmMTJkMzExNjMwZWQ2MzY0YzViMmNmOTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy5R8Yfr98iu2q4HUOnl2++LNrio5
2LFvGlVU9g36p6tArWKNhghzNQUug50k+dQdlmgYSsgl3g93+rKs0fbPAdMnnzD5
/XnVuOE7BfPE+hYc1aT5hJd89QROhIeHe+pndH73T3uJrkdZmP4es0DGu2rh3e/j
5Zp4XRPGpHXtNrEfFi2zvshXDf1UvxfVo+WrT5mMGmVx0dB1iJHeho3af8QCOHd2
5U6rUQlxBrDq08bwWb5zV/8i8XH+vkxYBFdVTtLWnkqIfv2y7tJrg9pX3ZyeR4vu
Rv459U5hXNg+x6IX+mxbstNTqIL6Qu+2CryL24zhbTAR2oCQmRoHPw6rKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFClHkrpxSJOPEtMRYw7WNkxbLPkxMB8GA1UdIwQY
MBaAFIDWCKFBGLGo3N3ru0D5bs1I+FxxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ05ZSW9VRVlzYWpjM2V1N1FQbHV6VWo0WEhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8wMTIxMzAtODEwMy00YzI1LTkzYmEt
OTkyOGRkM2YyZjgyLzEvS1VlU3VuRklrNDhTMHhGakR0WTJURnNzLVRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8wMTIxMzAtODEwMy00YzI1LTkzYmEtOTkyOGRkM2YyZjgy
LzEvZ05ZSW9VRVlzYWpjM2V1N1FQbHV6VWo0WEhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueRcMA0G
CSqGSIb3DQEBCwUAA4IBAQBCIBMmOf9Mi0wBw24JM1Z9VtHJOghITnjNxBE8XVFU
mRk/uj77xztoAhBOLAvFJdzCOyMfnyf3vcKDF1bDDrxYnMoEOcDs7aF/Z6YvIqTN
QnpFWwgVZKB6S3+c0hlouwBa5LrWMw7bqiDMRVGq5rSoYZ+GLpdjxuKB55xlPuHH
n3bR15yituBp/ttbvoGkrE4zBtLwy16znFHZJkV6bQ6tastl5kfCoOuoE3WQKlZR
79D7r+lWT5viR2QROnI6uFm1KnH5nrDH+f9mkKMBBOZUifNFWf9tDcVibJIo5GPD
h/Vajd/qFkjjHshQmIpWduln9aFpJMHLf4ofTcdeJgVU
-----END CERTIFICATE-----