Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/Kc-1Z4R9k1b9QbprK1lrnIRFuzo.roa
File:                     Kc-1Z4R9k1b9QbprK1lrnIRFuzo.roa (raw, json)
Hash identifier:          mIf5b4mKVeZgEr7VsdotpcNIdYch/DFkBdwgO8kit9A=
Subject key identifier:   29:CF:B5:67:84:7D:93:56:FD:41:BA:6B:2B:59:6B:9C:84:45:BB:3A
Certificate issuer:       /CN=297364f502534e8771a0c6259794c26e26d4bca4
Certificate serial:       01942521CBE97FE13CD896C7CA676BC4F20F
Authority key identifier: 29:73:64:F5:02:53:4E:87:71:A0:C6:25:97:94:C2:6E:26:D4:BC:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KXNk9QJTTodxoMYll5TCbibUvKQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/Kc-1Z4R9k1b9QbprK1lrnIRFuzo.roa
Signing time:             Thu 02 Jan 2025 03:49:19 +0000
ROA not before:           Thu 02 Jan 2025 03:49:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198381
IP address blocks:        141.105.162.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/KXNk9QJTTodxoMYll5TCbibUvKQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/KXNk9QJTTodxoMYll5TCbibUvKQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KXNk9QJTTodxoMYll5TCbibUvKQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 03:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:cb:e9:7f:e1:3c:d8:96:c7:ca:67:6b:c4:f2:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=297364f502534e8771a0c6259794c26e26d4bca4
        Validity
            Not Before: Jan  2 03:49:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=29cfb567847d9356fd41ba6b2b596b9c8445bb3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:03:4d:41:c5:de:81:79:b3:a2:b3:fe:65:3e:
                    6f:6a:6f:e7:1d:ad:8a:8e:4d:26:f6:94:8f:38:04:
                    a9:1d:c8:fa:13:31:08:7e:8e:f6:35:58:02:e6:db:
                    3a:a4:db:8d:a5:33:f4:02:44:b7:ce:50:fc:04:a8:
                    65:c9:ea:19:00:ef:94:88:95:67:2a:a7:7d:68:08:
                    3b:ec:db:bd:49:fc:05:2d:5a:92:b2:b9:b4:93:60:
                    9e:d8:f1:d9:5e:66:7f:e0:43:9c:05:7e:13:f5:60:
                    9e:59:b4:4a:44:c2:58:71:9d:4d:13:70:53:80:87:
                    58:68:e4:21:1a:13:13:85:6a:a7:58:69:21:e0:75:
                    9c:cc:37:a7:99:75:31:f9:20:85:24:3b:2b:de:14:
                    6b:34:8b:13:53:f1:99:10:8c:eb:6e:62:2e:6b:88:
                    a3:d5:20:ee:09:83:9f:6a:9c:ce:86:d4:5f:f2:77:
                    c1:c0:d8:f9:fe:5b:48:11:72:ec:49:05:1d:92:9b:
                    15:5e:1e:d7:a8:44:8f:20:57:5e:79:f5:bc:1f:9c:
                    54:2b:ae:21:bd:39:f5:c5:66:5e:bf:a4:72:e8:cc:
                    79:ce:eb:c6:4a:94:e9:ca:a2:76:02:3e:08:89:02:
                    92:0d:33:20:49:57:9a:74:20:54:07:3d:4d:b8:12:
                    da:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:CF:B5:67:84:7D:93:56:FD:41:BA:6B:2B:59:6B:9C:84:45:BB:3A
            X509v3 Authority Key Identifier:
                keyid:29:73:64:F5:02:53:4E:87:71:A0:C6:25:97:94:C2:6E:26:D4:BC:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KXNk9QJTTodxoMYll5TCbibUvKQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/Kc-1Z4R9k1b9QbprK1lrnIRFuzo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/KXNk9QJTTodxoMYll5TCbibUvKQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.105.162.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a2:d1:5d:79:83:a6:53:3f:3a:a0:ad:76:e7:bd:d6:0d:b7:f8:
         b1:84:0c:da:2b:75:eb:49:26:b2:1c:6c:6b:a0:59:de:b7:5c:
         50:e9:a8:27:0c:52:cc:c7:f3:11:4b:83:6e:a8:dc:59:59:ad:
         43:31:31:8d:39:2a:75:be:6d:d9:e2:28:2e:59:88:e4:9d:be:
         84:01:20:ca:09:89:24:ca:60:ba:10:ff:34:bd:38:2a:e4:01:
         e5:a7:a4:ed:c4:63:d9:ae:cc:86:8a:10:b6:de:5a:16:99:a0:
         e3:0b:44:f8:96:f1:03:62:fb:2a:a6:57:fe:50:57:82:5b:20:
         ce:ff:c2:87:3d:f1:89:70:14:a9:f3:c7:67:4e:4c:d8:77:0e:
         21:91:66:4e:bf:e6:71:09:1c:bb:65:40:9b:c4:e7:c0:16:cf:
         36:d4:69:1a:32:8c:ec:a7:d8:46:9c:59:d3:96:cb:ae:86:76:
         6f:9b:76:62:0e:88:13:c6:04:e3:a9:a7:c3:2f:10:94:0e:1d:
         96:7b:9c:e6:e0:ee:aa:80:c7:20:12:52:ee:0c:e7:6b:bf:9a:
         df:68:ef:c6:96:04:c6:b7:69:b1:5b:04:eb:d0:23:1f:ce:c6:
         0c:b2:1b:5c:12:10:2e:93:95:28:32:4c:2b:ec:52:bc:1a:c1:
         13:91:fa:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIcvpf+E82JbHymdrxPIPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NzM2NGY1MDI1MzRlODc3MWEwYzYyNTk3OTRjMjZlMjZk
NGJjYTQwHhcNMjUwMTAyMDM0OTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWNmYjU2Nzg0N2Q5MzU2ZmQ0MWJhNmIyYjU5NmI5Yzg0NDViYjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAywNNQcXegXmzorP+ZT5vam/nHa2K
jk0m9pSPOASpHcj6EzEIfo72NVgC5ts6pNuNpTP0AkS3zlD8BKhlyeoZAO+UiJVn
Kqd9aAg77Nu9SfwFLVqSsrm0k2Ce2PHZXmZ/4EOcBX4T9WCeWbRKRMJYcZ1NE3BT
gIdYaOQhGhMThWqnWGkh4HWczDenmXUx+SCFJDsr3hRrNIsTU/GZEIzrbmIua4ij
1SDuCYOfapzOhtRf8nfBwNj5/ltIEXLsSQUdkpsVXh7XqESPIFdeefW8H5xUK64h
vTn1xWZev6Ry6Mx5zuvGSpTpyqJ2Aj4IiQKSDTMgSVeadCBUBz1NuBLaCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCnPtWeEfZNW/UG6aytZa5yERbs6MB8GA1UdIwQY
MBaAFClzZPUCU06HcaDGJZeUwm4m1LykMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1hOazlRSlRUb2R4b01ZbGw1VENiaWJVdktRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi8wNDU4MjAtMzU0Ni00MDdjLTgzYTUt
MGEwZjNlNzhhNDkzLzEvS2MtMVo0UjlrMWI5UWJwcksxbHJuSVJGdXpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi8wNDU4MjAtMzU0Ni00MDdjLTgzYTUtMGEwZjNlNzhhNDkz
LzEvS1hOazlRSlRUb2R4b01ZbGw1VENiaWJVdktRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBjWmiMA0G
CSqGSIb3DQEBCwUAA4IBAQCi0V15g6ZTPzqgrXbnvdYNt/ixhAzaK3XrSSayHGxr
oFnet1xQ6agnDFLMx/MRS4NuqNxZWa1DMTGNOSp1vm3Z4iguWYjknb6EASDKCYkk
ymC6EP80vTgq5AHlp6TtxGPZrsyGihC23loWmaDjC0T4lvEDYvsqplf+UFeCWyDO
/8KHPfGJcBSp88dnTkzYdw4hkWZOv+ZxCRy7ZUCbxOfAFs821GkaMozsp9hGnFnT
lsuuhnZvm3ZiDogTxgTjqafDLxCUDh2We5zm4O6qgMcgElLuDOdrv5rfaO/GlgTG
t2mxWwTr0CMfzsYMshtcEhAuk5UoMkwr7FK8GsETkfrj
-----END CERTIFICATE-----