Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/kqDz7smZzEggwnOtTZ91wrlBE4c.roa
File:                     kqDz7smZzEggwnOtTZ91wrlBE4c.roa (raw, json)
Hash identifier:          OteTjZY0hrzoBDeoZG9laIbeOhFIt32mklvyy1YBT38=
Subject key identifier:   92:A0:F3:EE:C9:99:CC:48:20:C2:73:AD:4D:9F:75:C2:B9:41:13:87
Certificate issuer:       /CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Certificate serial:       019426D9FF853C8DAD0CC04E7612F50A896B
Authority key identifier: D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/kqDz7smZzEggwnOtTZ91wrlBE4c.roa
Signing time:             Thu 02 Jan 2025 11:50:08 +0000
ROA not before:           Thu 02 Jan 2025 11:50:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47447
IP address blocks:        149.154.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:ff:85:3c:8d:ad:0c:c0:4e:76:12:f5:0a:89:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
        Validity
            Not Before: Jan  2 11:50:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=92a0f3eec999cc4820c273ad4d9f75c2b9411387
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:96:f3:9a:e1:68:2a:14:e7:66:86:8b:32:5f:
                    f0:47:00:55:31:ac:4e:aa:63:d0:d1:a8:a3:ce:5a:
                    d2:ae:b9:60:a1:3f:9a:e8:cb:4e:59:de:20:ed:f3:
                    33:f1:13:ff:15:74:fd:92:b9:64:20:30:81:d5:a7:
                    42:d8:c2:64:b5:35:8f:01:e0:65:1f:5a:13:70:f3:
                    01:8c:ba:56:b6:25:11:45:1c:6b:cd:48:47:9b:a2:
                    b6:5e:2b:09:e1:6b:1d:cd:c6:7d:44:92:a5:c1:30:
                    2c:86:be:8b:48:8a:63:ee:9c:10:00:06:7d:c6:33:
                    01:c9:3f:76:a3:5c:1f:ac:57:8e:94:bc:2f:d9:d7:
                    ca:54:57:cb:96:a3:cc:de:e8:cf:25:ff:29:96:4c:
                    5f:0a:28:d6:92:5c:f4:a4:75:16:8e:10:ee:74:7d:
                    f0:98:15:bb:e4:d8:12:b7:78:51:c4:a7:01:e9:7f:
                    00:c5:16:c2:34:ba:c9:8e:73:61:60:c7:a2:f7:60:
                    fb:c4:cc:86:7d:a0:86:4f:aa:cc:e2:2d:26:fb:30:
                    1c:13:89:f5:4e:09:c9:8f:ac:4a:a3:5c:45:a4:fd:
                    ef:0c:9b:bf:2e:bc:cc:e6:0d:df:55:b9:35:30:fe:
                    7c:5b:3b:d0:a0:6e:16:e5:58:65:53:6e:e9:86:dd:
                    67:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:A0:F3:EE:C9:99:CC:48:20:C2:73:AD:4D:9F:75:C2:B9:41:13:87
            X509v3 Authority Key Identifier:
                keyid:D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/kqDz7smZzEggwnOtTZ91wrlBE4c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.154.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:32:0a:b3:55:c6:92:e6:40:5c:4f:f3:6f:ef:e6:f9:74:3d:
         85:d7:c9:d0:eb:77:9d:d3:12:15:f8:24:58:af:34:71:98:bc:
         8c:0e:66:fe:f8:2f:84:57:bf:82:3a:58:43:43:98:04:df:a2:
         fb:30:ea:63:a6:1e:a8:d8:a8:c7:ae:15:2f:62:ad:fa:35:f3:
         bd:20:94:53:1b:1c:35:b5:cc:3d:48:be:ae:b3:b3:a9:f2:3e:
         fa:8d:d8:83:5b:04:8c:a0:05:18:0a:71:dd:de:fd:8e:ce:73:
         95:b6:4c:6e:87:95:89:2c:4d:68:f7:97:75:40:46:b0:93:d3:
         7d:59:e8:cb:5c:c7:9e:9e:b3:9c:e2:43:2f:0f:b6:79:59:48:
         86:1a:cf:76:52:55:33:5e:6a:62:29:53:76:1d:e9:c6:a2:19:
         5c:9e:f5:cb:de:f7:4a:3f:b7:74:c2:36:2c:dd:c3:c5:68:be:
         7b:37:ee:e2:94:8c:1e:99:0b:43:12:cd:a7:19:60:f0:57:9b:
         85:86:86:d5:b8:20:3b:a6:b2:9f:98:bf:cc:7f:23:25:64:0f:
         0b:d7:54:de:72:6c:4a:fd:52:f0:9e:6b:1e:84:80:9c:d8:ee:
         bc:df:6e:a4:e2:d5:c1:16:8a:30:1d:f0:60:a4:1b:6d:96:aa:
         06:b4:17:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2f+FPI2tDMBOdhL1ColrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMTdiNDcyYzg0MWMxZDY4NTUwYTI0ZjE5MzZkMjljYzZj
MjhmNmEwHhcNMjUwMTAyMTE1MDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmEwZjNlZWM5OTljYzQ4MjBjMjczYWQ0ZDlmNzVjMmI5NDExMzg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvZbzmuFoKhTnZoaLMl/wRwBVMaxO
qmPQ0aijzlrSrrlgoT+a6MtOWd4g7fMz8RP/FXT9krlkIDCB1adC2MJktTWPAeBl
H1oTcPMBjLpWtiURRRxrzUhHm6K2XisJ4WsdzcZ9RJKlwTAshr6LSIpj7pwQAAZ9
xjMByT92o1wfrFeOlLwv2dfKVFfLlqPM3ujPJf8plkxfCijWklz0pHUWjhDudH3w
mBW75NgSt3hRxKcB6X8AxRbCNLrJjnNhYMei92D7xMyGfaCGT6rM4i0m+zAcE4n1
TgnJj6xKo1xFpP3vDJu/LrzM5g3fVbk1MP58WzvQoG4W5VhlU27pht1nJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJKg8+7JmcxIIMJzrU2fdcK5QROHMB8GA1UdIwQY
MBaAFNIXtHLIQcHWhVCiTxk20pzGwo9qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGIt
YjM4ZTI2NzdiM2RjLzEva3FEejdzbVp6RWdnd25PdFRaOTF3cmxCRTRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGItYjM4ZTI2NzdiM2Rj
LzEvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAlZqfMA0G
CSqGSIb3DQEBCwUAA4IBAQBLMgqzVcaS5kBcT/Nv7+b5dD2F18nQ63ed0xIV+CRY
rzRxmLyMDmb++C+EV7+COlhDQ5gE36L7MOpjph6o2KjHrhUvYq36NfO9IJRTGxw1
tcw9SL6us7Op8j76jdiDWwSMoAUYCnHd3v2OznOVtkxuh5WJLE1o95d1QEawk9N9
WejLXMeenrOc4kMvD7Z5WUiGGs92UlUzXmpiKVN2HenGohlcnvXL3vdKP7d0wjYs
3cPFaL57N+7ilIwemQtDEs2nGWDwV5uFhobVuCA7prKfmL/MfyMlZA8L11TecmxK
/VLwnmsehICc2O68326k4tXBFoowHfBgpBttlqoGtBdr
-----END CERTIFICATE-----