Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/KBH5_k1ABLmKeJO7l-34IXPXqRs.roa
File:                     KBH5_k1ABLmKeJO7l-34IXPXqRs.roa (raw, json)
Hash identifier:          P/JtMtW3yU+sxA5fXStKTboD+4DMtOGbsll537HWOk4=
Subject key identifier:   28:11:F9:FE:4D:40:04:B9:8A:78:93:BB:97:ED:F8:21:73:D7:A9:1B
Certificate issuer:       /CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
Certificate serial:       0196E55450D9B509ABE60D9AC36C8A08188A
Authority key identifier: 05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/KBH5_k1ABLmKeJO7l-34IXPXqRs.roa
Signing time:             Sun 18 May 2025 21:37:10 +0000
ROA not before:           Sun 18 May 2025 21:37:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     63473
IP address blocks:        188.209.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 20:42:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:e5:54:50:d9:b5:09:ab:e6:0d:9a:c3:6c:8a:08:18:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
        Validity
            Not Before: May 18 21:37:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2811f9fe4d4004b98a7893bb97edf82173d7a91b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:50:11:3c:6a:47:58:fe:75:1c:23:aa:03:d2:
                    c8:47:3d:7f:05:b9:ce:58:20:e0:b5:a8:68:3f:99:
                    2d:56:1d:fd:05:96:cb:ca:21:3e:be:c0:df:83:48:
                    b5:db:1f:02:de:bd:43:f4:2b:5a:d3:9a:41:6d:0b:
                    96:e3:80:b6:ed:1e:ac:cd:e2:dc:38:78:af:8c:ce:
                    77:71:70:1b:8b:a0:85:d1:d2:e2:26:87:90:e0:49:
                    3a:f4:99:3c:cf:b0:b7:27:fc:1f:33:0f:47:e5:c0:
                    10:5c:3f:84:2b:62:83:8b:5f:96:c3:3c:da:bd:e2:
                    5d:b6:cc:ea:91:e3:d3:cc:b3:bc:f4:ce:6d:a7:2b:
                    40:42:6c:50:96:d9:ea:6b:e9:48:b9:78:00:f1:29:
                    84:e0:67:6c:fc:eb:37:ff:2d:52:f0:3e:b5:91:10:
                    b2:ea:81:7d:f4:3a:6c:32:e2:45:5e:7b:d1:e9:4c:
                    b3:bc:43:a5:c2:d7:32:d0:f9:e5:16:25:95:01:e2:
                    2e:66:ec:41:3d:35:76:f2:14:39:16:cf:fe:e5:02:
                    7d:39:0c:cf:f5:53:66:3c:dd:8e:21:29:58:41:ec:
                    5a:83:14:d8:56:0f:2a:9a:47:8d:fa:31:76:0d:42:
                    67:e7:7c:6c:6a:5a:13:41:35:58:17:ab:46:72:b9:
                    08:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:11:F9:FE:4D:40:04:B9:8A:78:93:BB:97:ED:F8:21:73:D7:A9:1B
            X509v3 Authority Key Identifier:
                keyid:05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/KBH5_k1ABLmKeJO7l-34IXPXqRs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.209.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:c6:5a:de:d5:30:2d:4e:3c:0c:b8:41:c8:9c:2d:43:a6:67:
         e9:c0:ca:2f:8d:e8:6a:4c:b5:01:15:de:0e:57:a2:01:4e:14:
         85:49:c4:81:ee:79:b2:b6:7c:24:e7:6d:18:aa:31:cd:9b:bb:
         11:d0:47:bc:c6:6d:65:91:0c:0e:66:f6:ec:be:26:f2:d4:63:
         b3:56:e6:22:8d:81:6c:a6:91:76:39:e7:fe:63:9a:06:42:8a:
         fa:c0:bd:58:a1:80:d1:ad:65:95:84:d0:6f:a9:df:a8:06:07:
         79:43:0e:ca:e8:06:28:9f:e8:ed:e7:b5:dc:f6:96:91:2c:5b:
         88:3c:64:3f:e3:54:4c:cf:2f:81:7e:91:d2:27:36:bc:88:5c:
         25:b0:68:7d:18:fe:dc:f3:4c:d9:b7:2e:0e:92:58:70:4c:7c:
         e2:53:67:f2:0e:73:11:d2:5f:c9:64:ce:95:f0:74:5f:32:2d:
         58:64:8a:50:a4:c8:13:b2:41:45:85:9f:0d:07:0d:e3:88:b6:
         64:4c:50:63:79:6b:23:83:8a:ef:d5:6b:03:0d:90:b2:d0:76:
         eb:f8:32:ba:29:51:9a:b2:db:31:a4:68:39:01:ea:a9:70:48:
         f0:9d:29:a5:8e:bc:08:50:df:6e:11:87:34:14:15:13:b5:87:
         cb:2e:58:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZblVFDZtQmr5g2aw2yKCBiKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MWYyOTQ2MmU3YTdkYTdlYjVmNDVkYTc4NzNmMTRlNDAz
ZmUzYWIwHhcNMjUwNTE4MjEzNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODExZjlmZTRkNDAwNGI5OGE3ODkzYmI5N2VkZjgyMTczZDdhOTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVARPGpHWP51HCOqA9LIRz1/BbnO
WCDgtahoP5ktVh39BZbLyiE+vsDfg0i12x8C3r1D9Cta05pBbQuW44C27R6szeLc
OHivjM53cXAbi6CF0dLiJoeQ4Ek69Jk8z7C3J/wfMw9H5cAQXD+EK2KDi1+Wwzza
veJdtszqkePTzLO89M5tpytAQmxQltnqa+lIuXgA8SmE4Gds/Os3/y1S8D61kRCy
6oF99DpsMuJFXnvR6UyzvEOlwtcy0PnlFiWVAeIuZuxBPTV28hQ5Fs/+5QJ9OQzP
9VNmPN2OISlYQexagxTYVg8qmkeN+jF2DUJn53xsaloTQTVYF6tGcrkIdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCgR+f5NQAS5iniTu5ft+CFz16kbMB8GA1UdIwQY
MBaAFAUfKUYuen2n619F2nhz8U5AP+OrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEt
M2Y4YjU1ZGExYWM0LzEvS0JINV9rMUFCTG1LZUpPN2wtMzRJWFBYcVJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEtM2Y4YjU1ZGExYWM0
LzEvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvNGNMA0G
CSqGSIb3DQEBCwUAA4IBAQAGxlre1TAtTjwMuEHInC1DpmfpwMovjehqTLUBFd4O
V6IBThSFScSB7nmytnwk520YqjHNm7sR0Ee8xm1lkQwOZvbsviby1GOzVuYijYFs
ppF2Oef+Y5oGQor6wL1YoYDRrWWVhNBvqd+oBgd5Qw7K6AYon+jt57Xc9paRLFuI
PGQ/41RMzy+BfpHSJza8iFwlsGh9GP7c80zZty4OklhwTHziU2fyDnMR0l/JZM6V
8HRfMi1YZIpQpMgTskFFhZ8NBw3jiLZkTFBjeWsjg4rv1WsDDZCy0Hbr+DK6KVGa
stsxpGg5AeqpcEjwnSmljrwIUN9uEYc0FBUTtYfLLlh8
-----END CERTIFICATE-----