Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/265efa-f049-4647-8cf1-824ccefd9c81/1/KKoVkt36UzhB8KBbFPImmZW73vA.roa
File:                     KKoVkt36UzhB8KBbFPImmZW73vA.roa (raw, json)
Hash identifier:          GhpkIl47GYlGJw2nWrVttpHKLmkRE0ZfoRg/RpNRI/I=
Subject key identifier:   28:AA:15:92:DD:FA:53:38:41:F0:A0:5B:14:F2:26:99:95:BB:DE:F0
Certificate issuer:       /CN=0f91e5b58da326e654e994fef2195276759579be
Certificate serial:       019427B384497D5D9D5D9D7D8F67BABEC9B1
Authority key identifier: 0F:91:E5:B5:8D:A3:26:E6:54:E9:94:FE:F2:19:52:76:75:95:79:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D5HltY2jJuZU6ZT-8hlSdnWVeb4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/265efa-f049-4647-8cf1-824ccefd9c81/1/KKoVkt36UzhB8KBbFPImmZW73vA.roa
Signing time:             Thu 02 Jan 2025 15:47:43 +0000
ROA not before:           Thu 02 Jan 2025 15:47:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41638
IP address blocks:        195.138.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/265efa-f049-4647-8cf1-824ccefd9c81/1/D5HltY2jJuZU6ZT-8hlSdnWVeb4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/265efa-f049-4647-8cf1-824ccefd9c81/1/D5HltY2jJuZU6ZT-8hlSdnWVeb4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D5HltY2jJuZU6ZT-8hlSdnWVeb4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 21:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b3:84:49:7d:5d:9d:5d:9d:7d:8f:67:ba:be:c9:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f91e5b58da326e654e994fef2195276759579be
        Validity
            Not Before: Jan  2 15:47:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=28aa1592ddfa533841f0a05b14f2269995bbdef0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:d5:d9:ca:9a:ba:35:5d:4d:15:ed:64:40:24:
                    bf:e4:3e:0e:13:13:86:ba:52:36:d0:1b:cc:9d:dc:
                    fa:9d:26:99:b4:47:d5:09:ed:89:b3:48:4a:7e:ef:
                    0b:b7:da:50:85:38:26:d2:32:7d:66:8f:1a:19:d4:
                    82:25:f4:25:dd:91:0f:e2:53:30:dd:cb:05:be:44:
                    4d:c3:1f:a6:81:4a:55:89:71:d9:31:af:af:8d:f9:
                    f6:6e:08:2f:33:44:5f:de:e8:2f:41:4f:c9:f6:cc:
                    50:0e:45:eb:dd:d9:1a:79:55:d0:20:71:f7:73:da:
                    26:a5:01:01:6d:00:3e:0b:90:ec:86:04:df:62:56:
                    50:8d:5f:d6:66:a3:42:17:b6:86:91:eb:24:7b:a0:
                    d6:eb:42:fc:87:d0:86:e5:26:d6:b5:fe:ba:b7:19:
                    3a:d5:a3:a0:92:07:69:b0:a2:44:f2:00:e0:ca:a5:
                    b5:20:9f:b7:10:7b:33:2c:48:2e:1f:e6:ba:01:0a:
                    9f:a6:d4:32:a2:ac:e8:6f:ef:09:12:23:9d:27:84:
                    81:ac:25:fb:9f:ff:e5:57:0d:3e:f4:89:13:3c:f1:
                    89:32:c3:26:8e:28:ef:6a:a3:8f:bf:2c:27:7b:e4:
                    71:bd:57:bf:5b:11:f8:db:e3:2f:fa:00:8e:2a:c4:
                    ae:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:AA:15:92:DD:FA:53:38:41:F0:A0:5B:14:F2:26:99:95:BB:DE:F0
            X509v3 Authority Key Identifier:
                keyid:0F:91:E5:B5:8D:A3:26:E6:54:E9:94:FE:F2:19:52:76:75:95:79:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D5HltY2jJuZU6ZT-8hlSdnWVeb4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/265efa-f049-4647-8cf1-824ccefd9c81/1/KKoVkt36UzhB8KBbFPImmZW73vA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/265efa-f049-4647-8cf1-824ccefd9c81/1/D5HltY2jJuZU6ZT-8hlSdnWVeb4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.138.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:17:69:7f:11:41:b8:04:b8:5f:71:68:fa:81:7d:23:d8:69:
         71:2f:56:e1:17:bd:54:9c:3a:08:30:e6:7c:01:97:94:f1:5c:
         94:bb:16:c5:71:43:b7:c4:01:7d:9e:05:b5:47:eb:bb:6f:b3:
         50:3a:dc:fd:c6:55:a1:b1:f3:a6:2e:d1:22:f2:8b:ea:16:b7:
         3b:ba:f1:07:ce:b4:30:2d:e7:44:c0:aa:eb:c4:7f:62:d6:1c:
         a5:ad:47:db:2b:08:c6:e5:63:81:61:27:23:f9:2a:58:b0:69:
         1e:d7:1e:88:ad:f7:6c:0c:2f:6e:0a:4a:78:7a:77:64:ef:71:
         37:96:8d:8a:58:3d:4c:42:bd:59:75:84:3d:7a:73:33:74:28:
         62:25:97:30:71:5c:8a:f9:de:97:f0:3f:72:07:5b:ff:4b:18:
         ad:2e:7c:bf:c7:6c:53:1e:22:1b:73:e2:27:28:7a:f0:a4:bb:
         8d:29:7c:3c:99:73:dd:4b:29:b2:13:05:b9:78:a7:54:f4:63:
         04:50:6f:5d:81:32:d4:76:b2:9f:f9:bf:f7:cf:c7:0c:12:0c:
         4c:eb:d8:58:b6:72:ca:86:90:82:6d:10:e4:13:ab:45:4b:82:
         65:77:cc:de:7e:f0:42:85:a6:56:33:d1:0b:4d:38:92:9f:56:
         57:8e:ef:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQns4RJfV2dXZ19j2e6vsmxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmOTFlNWI1OGRhMzI2ZTY1NGU5OTRmZWYyMTk1Mjc2NzU5
NTc5YmUwHhcNMjUwMTAyMTU0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGFhMTU5MmRkZmE1MzM4NDFmMGEwNWIxNGYyMjY5OTk1YmJkZWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9XZypq6NV1NFe1kQCS/5D4OExOG
ulI20BvMndz6nSaZtEfVCe2Js0hKfu8Lt9pQhTgm0jJ9Zo8aGdSCJfQl3ZEP4lMw
3csFvkRNwx+mgUpViXHZMa+vjfn2bggvM0Rf3ugvQU/J9sxQDkXr3dkaeVXQIHH3
c9ompQEBbQA+C5DshgTfYlZQjV/WZqNCF7aGkeske6DW60L8h9CG5SbWtf66txk6
1aOgkgdpsKJE8gDgyqW1IJ+3EHszLEguH+a6AQqfptQyoqzob+8JEiOdJ4SBrCX7
n//lVw0+9IkTPPGJMsMmjijvaqOPvywne+RxvVe/WxH42+Mv+gCOKsSudQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCiqFZLd+lM4QfCgWxTyJpmVu97wMB8GA1UdIwQY
MBaAFA+R5bWNoybmVOmU/vIZUnZ1lXm+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRDVIbHRZMmpKdVpVNlpULThobFNkbldWZWI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8yNjVlZmEtZjA0OS00NjQ3LThjZjEt
ODI0Y2NlZmQ5YzgxLzEvS0tvVmt0MzZVemhCOEtCYkZQSW1tWlc3M3ZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8yNjVlZmEtZjA0OS00NjQ3LThjZjEtODI0Y2NlZmQ5Yzgx
LzEvRDVIbHRZMmpKdVpVNlpULThobFNkbldWZWI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4reMA0G
CSqGSIb3DQEBCwUAA4IBAQBiF2l/EUG4BLhfcWj6gX0j2GlxL1bhF71UnDoIMOZ8
AZeU8VyUuxbFcUO3xAF9ngW1R+u7b7NQOtz9xlWhsfOmLtEi8ovqFrc7uvEHzrQw
LedEwKrrxH9i1hylrUfbKwjG5WOBYScj+SpYsGke1x6IrfdsDC9uCkp4endk73E3
lo2KWD1MQr1ZdYQ9enMzdChiJZcwcVyK+d6X8D9yB1v/SxitLny/x2xTHiIbc+In
KHrwpLuNKXw8mXPdSymyEwW5eKdU9GMEUG9dgTLUdrKf+b/3z8cMEgxM69hYtnLK
hpCCbRDkE6tFS4Jld8zefvBChaZWM9ELTTiSn1ZXju88
-----END CERTIFICATE-----