Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/8abeed-f53b-4776-a8e2-36e9a79bd950/1/kgi8mKAM2yCVgRH4L9W1E0GBctE.roa
File:                     kgi8mKAM2yCVgRH4L9W1E0GBctE.roa (raw, json)
Hash identifier:          /x/rSNiAHNpL5ZxR6vbLMgxwW3ubNoY4GIMOdVAovVA=
Subject key identifier:   92:08:BC:98:A0:0C:DB:20:95:81:11:F8:2F:D5:B5:13:41:81:72:D1
Certificate issuer:       /CN=297c508d23b38315bbf45b726d22050a46127b8c
Certificate serial:       019425FD568BE1BFB7E6EA6F2C7CBD7FAB22
Authority key identifier: 29:7C:50:8D:23:B3:83:15:BB:F4:5B:72:6D:22:05:0A:46:12:7B:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KXxQjSOzgxW79FtybSIFCkYSe4w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/8abeed-f53b-4776-a8e2-36e9a79bd950/1/kgi8mKAM2yCVgRH4L9W1E0GBctE.roa
Signing time:             Thu 02 Jan 2025 07:49:07 +0000
ROA not before:           Thu 02 Jan 2025 07:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49449
IP address blocks:        185.18.96.0/22 maxlen: 22
                          188.123.64.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/8abeed-f53b-4776-a8e2-36e9a79bd950/1/KXxQjSOzgxW79FtybSIFCkYSe4w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/8abeed-f53b-4776-a8e2-36e9a79bd950/1/KXxQjSOzgxW79FtybSIFCkYSe4w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KXxQjSOzgxW79FtybSIFCkYSe4w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:56:8b:e1:bf:b7:e6:ea:6f:2c:7c:bd:7f:ab:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=297c508d23b38315bbf45b726d22050a46127b8c
        Validity
            Not Before: Jan  2 07:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9208bc98a00cdb20958111f82fd5b513418172d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:08:c1:be:58:53:74:24:10:c9:85:c2:d9:e9:
                    fd:0f:ce:e6:9c:33:91:a1:0a:bd:6d:92:98:b7:ff:
                    83:56:88:d7:ff:db:b0:49:45:87:79:94:2d:c5:28:
                    53:b1:af:77:83:0c:ec:81:15:5f:3b:d7:a5:0a:ec:
                    35:ac:81:31:0b:e4:1e:a8:c2:4b:17:3b:02:3e:71:
                    53:10:4c:c5:f0:c5:9d:80:ef:d2:e0:54:ec:4a:c4:
                    77:23:73:cf:27:9f:20:41:a0:ce:6e:14:96:c4:9d:
                    b3:90:4d:fc:26:cc:bf:63:48:b4:cd:4e:5c:5a:74:
                    0f:18:32:d4:b6:fc:98:1c:29:bc:ad:b0:8d:4b:2c:
                    46:3d:19:45:6f:0d:d0:c6:2a:2b:e6:94:fa:f1:72:
                    1e:8f:88:69:c7:bd:30:67:eb:d4:39:7e:24:e5:c7:
                    8d:74:44:14:6c:c9:bb:95:46:d9:9a:d1:b3:f7:5a:
                    b2:78:16:19:28:83:7d:f8:f4:29:5c:cb:c3:04:c4:
                    7b:61:aa:a4:b5:75:21:51:79:b3:a8:14:ce:1b:4d:
                    f5:ac:a9:e6:21:95:8a:47:d7:41:72:9f:73:cf:ff:
                    04:ef:e7:ba:d6:ed:16:e0:48:be:94:b9:6f:0f:41:
                    a1:37:47:56:6f:48:99:7e:66:6a:7d:d4:ae:7d:d4:
                    b7:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:08:BC:98:A0:0C:DB:20:95:81:11:F8:2F:D5:B5:13:41:81:72:D1
            X509v3 Authority Key Identifier:
                keyid:29:7C:50:8D:23:B3:83:15:BB:F4:5B:72:6D:22:05:0A:46:12:7B:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KXxQjSOzgxW79FtybSIFCkYSe4w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/8abeed-f53b-4776-a8e2-36e9a79bd950/1/kgi8mKAM2yCVgRH4L9W1E0GBctE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/8abeed-f53b-4776-a8e2-36e9a79bd950/1/KXxQjSOzgxW79FtybSIFCkYSe4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.18.96.0/22
                  188.123.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         22:d9:24:cf:40:ce:dd:59:74:53:da:ae:0f:85:1c:25:d7:f8:
         b7:7c:86:b6:e4:fb:fb:86:29:dc:8a:7b:59:ce:77:8f:be:1b:
         a2:66:af:c4:f0:59:9d:a3:53:f1:80:b1:c2:b9:98:b2:19:27:
         be:20:b0:f9:3a:54:f9:a8:d5:1a:39:07:54:ff:0b:fb:3e:28:
         0e:05:a0:20:e9:79:a3:c9:e7:e4:d4:e7:c6:2d:c1:8c:ee:6c:
         13:6c:d9:f5:7a:45:d8:1d:06:0e:48:aa:72:f8:57:c2:1a:7e:
         cd:26:94:8f:28:b1:99:24:3d:19:cb:68:41:2a:e9:54:14:02:
         68:0e:46:bd:2d:6f:87:3b:f5:ec:ca:8d:1a:c2:b9:1d:88:6d:
         9f:dd:6c:12:09:6e:28:75:e8:4c:bc:6f:9b:68:4f:0b:f7:15:
         aa:f2:b1:84:31:da:62:c9:c6:d9:bc:11:35:31:3e:49:ee:36:
         45:fb:b7:a9:59:85:41:7a:82:8b:dc:8c:4c:18:3f:6f:2b:60:
         c7:c4:e6:4f:7d:1f:44:45:00:b7:fb:05:73:1e:bc:0a:de:09:
         87:28:74:8b:58:0e:c2:99:18:ec:65:ae:53:86:3a:26:73:39:
         e9:dc:e8:90:f5:47:d3:5b:b8:d5:c7:0f:fd:c3:fa:49:74:af:
         35:33:3e:61
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQl/VaL4b+35upvLHy9f6siMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5N2M1MDhkMjNiMzgzMTViYmY0NWI3MjZkMjIwNTBhNDYx
MjdiOGMwHhcNMjUwMTAyMDc0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjA4YmM5OGEwMGNkYjIwOTU4MTExZjgyZmQ1YjUxMzQxODE3MmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2QjBvlhTdCQQyYXC2en9D87mnDOR
oQq9bZKYt/+DVojX/9uwSUWHeZQtxShTsa93gwzsgRVfO9elCuw1rIExC+QeqMJL
FzsCPnFTEEzF8MWdgO/S4FTsSsR3I3PPJ58gQaDObhSWxJ2zkE38Jsy/Y0i0zU5c
WnQPGDLUtvyYHCm8rbCNSyxGPRlFbw3Qxior5pT68XIej4hpx70wZ+vUOX4k5ceN
dEQUbMm7lUbZmtGz91qyeBYZKIN9+PQpXMvDBMR7YaqktXUhUXmzqBTOG031rKnm
IZWKR9dBcp9zz/8E7+e61u0W4Ei+lLlvD0GhN0dWb0iZfmZqfdSufdS3wwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJIIvJigDNsglYER+C/VtRNBgXLRMB8GA1UdIwQY
MBaAFCl8UI0js4MVu/Rbcm0iBQpGEnuMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1h4UWpTT3pneFc3OUZ0eWJTSUZDa1lTZTR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC84YWJlZWQtZjUzYi00Nzc2LWE4ZTIt
MzZlOWE3OWJkOTUwLzEva2dpOG1LQU0yeUNWZ1JINEw5VzFFMEdCY3RFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC84YWJlZWQtZjUzYi00Nzc2LWE4ZTItMzZlOWE3OWJkOTUw
LzEvS1h4UWpTT3pneFc3OUZ0eWJTSUZDa1lTZTR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuRJgAwQF
vHtAMA0GCSqGSIb3DQEBCwUAA4IBAQAi2STPQM7dWXRT2q4PhRwl1/i3fIa25Pv7
hincintZznePvhuiZq/E8Fmdo1PxgLHCuZiyGSe+ILD5OlT5qNUaOQdU/wv7PigO
BaAg6Xmjyefk1OfGLcGM7mwTbNn1ekXYHQYOSKpy+FfCGn7NJpSPKLGZJD0Zy2hB
KulUFAJoDka9LW+HO/Xsyo0awrkdiG2f3WwSCW4odehMvG+baE8L9xWq8rGEMdpi
ycbZvBE1MT5J7jZF+7epWYVBeoKL3IxMGD9vK2DHxOZPfR9ERQC3+wVzHrwK3gmH
KHSLWA7CmRjsZa5Thjomcznp3OiQ9UfTW7jVxw/9w/pJdK81Mz5h
-----END CERTIFICATE-----