Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/64ae31-d1c8-4004-a778-06df1dc03367/1/kaNw-FHXt38Mw3A3i3ZxTrdgH0U.roa
File:                     kaNw-FHXt38Mw3A3i3ZxTrdgH0U.roa (raw, json)
Hash identifier:          ED9csh7TrZ7bmaYOf//aESLX76NQ2OO78tAxi9fibZE=
Subject key identifier:   91:A3:70:F8:51:D7:B7:7F:0C:C3:70:37:8B:76:71:4E:B7:60:1F:45
Certificate issuer:       /CN=5813e26d71ac5b6a601156d90ce0dccec5986243
Certificate serial:       019426D9E2DC96B0EDC8594A7B5C90B28D23
Authority key identifier: 58:13:E2:6D:71:AC:5B:6A:60:11:56:D9:0C:E0:DC:CE:C5:98:62:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WBPibXGsW2pgEVbZDODczsWYYkM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/64ae31-d1c8-4004-a778-06df1dc03367/1/kaNw-FHXt38Mw3A3i3ZxTrdgH0U.roa
Signing time:             Thu 02 Jan 2025 11:50:01 +0000
ROA not before:           Thu 02 Jan 2025 11:50:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207388
IP address blocks:        185.224.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/64ae31-d1c8-4004-a778-06df1dc03367/1/WBPibXGsW2pgEVbZDODczsWYYkM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/64ae31-d1c8-4004-a778-06df1dc03367/1/WBPibXGsW2pgEVbZDODczsWYYkM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WBPibXGsW2pgEVbZDODczsWYYkM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:e2:dc:96:b0:ed:c8:59:4a:7b:5c:90:b2:8d:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5813e26d71ac5b6a601156d90ce0dccec5986243
        Validity
            Not Before: Jan  2 11:50:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=91a370f851d7b77f0cc370378b76714eb7601f45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:89:c6:9e:d4:2b:1d:c9:ca:22:34:11:fe:f3:
                    f0:31:b3:ce:6b:e7:5c:26:dc:7a:35:18:1d:36:65:
                    fe:2e:d7:92:a2:c5:ee:c1:13:fd:e5:5b:4a:30:d7:
                    b3:9c:50:d2:29:3d:25:87:34:48:50:af:7a:03:b0:
                    d8:b8:07:d4:32:e1:b8:19:0f:68:a1:38:d7:2c:10:
                    10:84:b8:8d:30:59:97:ca:b1:b0:70:6b:a2:13:a0:
                    61:16:5a:7d:60:fd:69:20:30:41:62:0a:2a:4f:ce:
                    0d:84:4d:d4:f3:34:9c:cf:35:9b:5e:ff:96:83:c9:
                    71:ee:5f:cd:78:8e:6b:cb:43:f0:0b:16:2d:d8:50:
                    93:e5:0a:df:2c:f2:ce:b8:cb:0d:fe:d9:a1:83:8d:
                    ca:90:a7:dc:59:41:e0:19:f6:f0:8a:60:49:d9:59:
                    7f:59:3f:65:dd:ff:60:4c:99:cb:e0:8a:b4:7d:a8:
                    0e:6f:d3:0c:89:01:72:5f:ab:8c:b0:7e:65:c8:41:
                    34:84:c4:27:e8:d1:4d:b0:0b:63:64:6c:e8:c4:64:
                    29:24:8e:31:3d:2c:08:73:92:85:c4:2b:c9:49:d6:
                    e0:31:b4:d6:4d:e5:30:77:45:d4:62:70:43:92:5a:
                    44:24:69:de:4d:b8:1e:3a:f6:d1:76:a8:aa:a9:fb:
                    9d:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:A3:70:F8:51:D7:B7:7F:0C:C3:70:37:8B:76:71:4E:B7:60:1F:45
            X509v3 Authority Key Identifier:
                keyid:58:13:E2:6D:71:AC:5B:6A:60:11:56:D9:0C:E0:DC:CE:C5:98:62:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WBPibXGsW2pgEVbZDODczsWYYkM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/64ae31-d1c8-4004-a778-06df1dc03367/1/kaNw-FHXt38Mw3A3i3ZxTrdgH0U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/64ae31-d1c8-4004-a778-06df1dc03367/1/WBPibXGsW2pgEVbZDODczsWYYkM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.224.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:60:dc:c1:0d:0c:14:d8:01:7e:35:4a:57:ec:4e:ad:35:c8:
         11:8e:71:69:db:a5:86:dc:34:dd:0a:df:8e:d2:08:63:aa:c5:
         17:4e:f9:49:23:3f:75:e4:c9:14:73:15:65:22:c2:44:ac:90:
         43:62:fd:14:f0:a8:1c:69:14:29:ca:2d:b9:d3:08:3b:43:c9:
         f2:5a:7b:b0:c0:cd:ae:e0:fb:92:3e:7a:61:df:e2:30:bb:e0:
         c6:67:cf:21:84:7c:e8:dc:f2:4c:a3:2b:1f:df:78:1f:25:6b:
         ab:96:5e:35:9e:ec:06:92:42:0f:f6:c6:fe:b7:49:42:1d:68:
         19:cc:3e:21:02:b1:7b:2c:1e:1a:17:3e:e1:a5:4c:3c:0e:16:
         42:49:e5:c9:8b:1f:6d:62:e9:49:36:e9:85:34:44:81:53:d7:
         b1:0e:61:cf:c3:20:1e:17:53:fd:59:6f:f4:a4:ac:cc:6a:27:
         b0:a8:a7:5a:e0:62:45:96:f1:0f:2d:d7:38:59:71:2e:43:64:
         86:06:cf:17:ca:5c:05:a9:7e:82:e3:07:df:08:d0:a3:59:1e:
         e2:52:b2:0b:a7:41:8e:db:6a:9d:89:89:73:4b:cf:ad:61:f8:
         d6:9f:a7:f8:a9:ca:34:70:74:7d:f3:01:a4:af:af:61:c2:4a:
         7b:3b:3f:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2eLclrDtyFlKe1yQso0jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4MTNlMjZkNzFhYzViNmE2MDExNTZkOTBjZTBkY2NlYzU5
ODYyNDMwHhcNMjUwMTAyMTE1MDAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWEzNzBmODUxZDdiNzdmMGNjMzcwMzc4Yjc2NzE0ZWI3NjAxZjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoYnGntQrHcnKIjQR/vPwMbPOa+dc
Jtx6NRgdNmX+LteSosXuwRP95VtKMNeznFDSKT0lhzRIUK96A7DYuAfUMuG4GQ9o
oTjXLBAQhLiNMFmXyrGwcGuiE6BhFlp9YP1pIDBBYgoqT84NhE3U8zSczzWbXv+W
g8lx7l/NeI5ry0PwCxYt2FCT5QrfLPLOuMsN/tmhg43KkKfcWUHgGfbwimBJ2Vl/
WT9l3f9gTJnL4Iq0fagOb9MMiQFyX6uMsH5lyEE0hMQn6NFNsAtjZGzoxGQpJI4x
PSwIc5KFxCvJSdbgMbTWTeUwd0XUYnBDklpEJGneTbgeOvbRdqiqqfudmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJGjcPhR17d/DMNwN4t2cU63YB9FMB8GA1UdIwQY
MBaAFFgT4m1xrFtqYBFW2Qzg3M7FmGJDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0JQaWJYR3NXMnBnRVZiWkRPRGN6c1dZWWtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi82NGFlMzEtZDFjOC00MDA0LWE3Nzgt
MDZkZjFkYzAzMzY3LzEva2FOdy1GSFh0MzhNdzNBM2kzWnhUcmRnSDBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi82NGFlMzEtZDFjOC00MDA0LWE3NzgtMDZkZjFkYzAzMzY3
LzEvV0JQaWJYR3NXMnBnRVZiWkRPRGN6c1dZWWtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueACMA0G
CSqGSIb3DQEBCwUAA4IBAQCJYNzBDQwU2AF+NUpX7E6tNcgRjnFp26WG3DTdCt+O
0ghjqsUXTvlJIz915MkUcxVlIsJErJBDYv0U8KgcaRQpyi250wg7Q8nyWnuwwM2u
4PuSPnph3+Iwu+DGZ88hhHzo3PJMoysf33gfJWurll41nuwGkkIP9sb+t0lCHWgZ
zD4hArF7LB4aFz7hpUw8DhZCSeXJix9tYulJNumFNESBU9exDmHPwyAeF1P9WW/0
pKzMaiewqKda4GJFlvEPLdc4WXEuQ2SGBs8XylwFqX6C4wffCNCjWR7iUrILp0GO
22qdiYlzS8+tYfjWn6f4qco0cHR98wGkr69hwkp7Oz8Y
-----END CERTIFICATE-----