Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/kYqAky72P3pEnQEl7_H71_oXMrA.roa
File:                     kYqAky72P3pEnQEl7_H71_oXMrA.roa (raw, json)
Hash identifier:          OI+pqrPoYdkxRhXaxBipc3lXLF5qKe9eg06gVgRqd68=
Subject key identifier:   91:8A:80:93:2E:F6:3F:7A:44:9D:01:25:EF:F1:FB:D7:FA:17:32:B0
Certificate issuer:       /CN=b343514630dc17f3fe9b51dd434184d0b62b03c0
Certificate serial:       01942144143D31E012513AD6C43AF4DAB544
Authority key identifier: B3:43:51:46:30:DC:17:F3:FE:9B:51:DD:43:41:84:D0:B6:2B:03:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/kYqAky72P3pEnQEl7_H71_oXMrA.roa
Signing time:             Wed 01 Jan 2025 09:48:17 +0000
ROA not before:           Wed 01 Jan 2025 09:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207648
IP address blocks:        81.29.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:14:3d:31:e0:12:51:3a:d6:c4:3a:f4:da:b5:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b343514630dc17f3fe9b51dd434184d0b62b03c0
        Validity
            Not Before: Jan  1 09:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=918a80932ef63f7a449d0125eff1fbd7fa1732b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:d8:4a:e1:a0:e2:84:c6:44:79:38:86:26:b5:
                    6a:71:47:13:d7:46:22:9f:f2:7d:a1:6b:1d:45:8d:
                    dc:a3:3d:2c:44:cf:8b:24:49:97:22:75:07:55:6b:
                    93:f3:76:a9:42:b7:5c:80:31:a2:35:b9:6e:dd:43:
                    a9:5c:ca:f0:c3:1e:b6:84:a5:85:53:c5:87:63:e0:
                    98:57:bd:a6:9c:df:8e:1a:80:d4:de:f2:94:53:5e:
                    6f:f9:c7:67:4d:c3:0f:51:de:e7:45:ec:27:03:4f:
                    f7:07:93:b3:c4:93:c4:0e:3e:3a:f0:1d:78:63:c1:
                    a4:8d:95:53:a3:b5:4b:d3:a6:4d:c8:5d:56:41:cf:
                    b4:e5:26:5b:d1:3c:61:31:e9:27:7c:02:c8:d4:f0:
                    f4:8a:88:63:f4:47:6b:53:18:bd:fd:65:4f:9e:f0:
                    f5:1a:21:11:5f:40:ff:1f:e5:22:b1:de:22:65:2a:
                    93:50:35:3a:e9:2d:8a:0c:bf:f9:de:80:ee:26:db:
                    7e:1d:c0:02:07:17:04:f8:ab:f9:4f:51:05:10:a9:
                    bd:01:97:09:8d:8c:41:a0:64:e0:92:ca:41:12:d6:
                    4e:e8:74:7b:3f:a0:cd:54:ea:c3:3d:07:8d:3a:9e:
                    31:c6:81:22:b8:6f:45:39:7a:1f:ca:60:ef:14:44:
                    fd:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:8A:80:93:2E:F6:3F:7A:44:9D:01:25:EF:F1:FB:D7:FA:17:32:B0
            X509v3 Authority Key Identifier:
                keyid:B3:43:51:46:30:DC:17:F3:FE:9B:51:DD:43:41:84:D0:B6:2B:03:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/kYqAky72P3pEnQEl7_H71_oXMrA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.29.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:a6:bd:17:05:0a:05:8c:71:d6:71:c6:2c:5e:17:a3:aa:06:
         e8:55:8a:e7:8a:e9:28:4c:3d:2a:e6:17:76:9d:8d:6d:3a:88:
         27:ff:0a:ed:e5:d4:7f:19:ae:22:b2:49:83:33:09:09:56:d9:
         db:0a:f2:1d:72:52:ac:29:1e:07:15:35:b9:5b:e6:01:b1:54:
         8a:4e:9f:52:b7:3b:5b:39:09:08:83:c1:8b:6f:a7:4c:d5:f1:
         64:a7:09:08:76:05:50:df:f0:46:62:86:f1:48:b6:ec:cc:30:
         cb:b8:93:a9:5e:1f:a2:6f:14:3e:4a:c5:3d:50:b2:3e:56:7a:
         b6:36:5e:2d:a3:7e:4f:3b:b9:18:04:d4:4c:be:69:67:f3:3e:
         fb:56:4c:15:c9:fd:37:05:2e:27:2e:b6:32:86:a9:07:7c:c6:
         4b:f1:1a:d5:75:f2:d6:a7:39:14:81:3b:ec:f9:14:4f:01:4b:
         13:2e:73:37:d1:2f:30:fa:9a:1b:77:01:f9:6a:71:11:bd:ee:
         f7:85:c2:cf:6e:bc:ee:22:50:91:62:06:c6:fe:ca:14:d3:4d:
         df:99:ee:79:e0:cd:8d:f8:85:db:13:cb:1c:90:7c:a0:53:c6:
         38:d4:3b:52:a4:0b:aa:69:1c:09:9b:17:ae:5a:2b:b3:0d:65:
         31:cd:5b:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRBQ9MeASUTrWxDr02rVEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzNDM1MTQ2MzBkYzE3ZjNmZTliNTFkZDQzNDE4NGQwYjYy
YjAzYzAwHhcNMjUwMTAxMDk0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MThhODA5MzJlZjYzZjdhNDQ5ZDAxMjVlZmYxZmJkN2ZhMTczMmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9hK4aDihMZEeTiGJrVqcUcT10Yi
n/J9oWsdRY3coz0sRM+LJEmXInUHVWuT83apQrdcgDGiNblu3UOpXMrwwx62hKWF
U8WHY+CYV72mnN+OGoDU3vKUU15v+cdnTcMPUd7nRewnA0/3B5OzxJPEDj468B14
Y8GkjZVTo7VL06ZNyF1WQc+05SZb0TxhMeknfALI1PD0iohj9EdrUxi9/WVPnvD1
GiERX0D/H+Uisd4iZSqTUDU66S2KDL/53oDuJtt+HcACBxcE+Kv5T1EFEKm9AZcJ
jYxBoGTgkspBEtZO6HR7P6DNVOrDPQeNOp4xxoEiuG9FOXofymDvFET9hQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJGKgJMu9j96RJ0BJe/x+9f6FzKwMB8GA1UdIwQY
MBaAFLNDUUYw3Bfz/ptR3UNBhNC2KwPAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczBOUlJqRGNGX1AtbTFIZFEwR0UwTFlyQThBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xMzgwNDYtN2JlMC00MDE3LWE5OGIt
YTcyNDdlOWQ1ZjNhLzEva1lxQWt5NzJQM3BFblFFbDdfSDcxX29YTXJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8xMzgwNDYtN2JlMC00MDE3LWE5OGItYTcyNDdlOWQ1ZjNh
LzEvczBOUlJqRGNGX1AtbTFIZFEwR0UwTFlyQThBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUR2FMA0G
CSqGSIb3DQEBCwUAA4IBAQABpr0XBQoFjHHWccYsXhejqgboVYrniukoTD0q5hd2
nY1tOogn/wrt5dR/Ga4iskmDMwkJVtnbCvIdclKsKR4HFTW5W+YBsVSKTp9Stztb
OQkIg8GLb6dM1fFkpwkIdgVQ3/BGYobxSLbszDDLuJOpXh+ibxQ+SsU9ULI+Vnq2
Nl4to35PO7kYBNRMvmln8z77VkwVyf03BS4nLrYyhqkHfMZL8RrVdfLWpzkUgTvs
+RRPAUsTLnM30S8w+pobdwH5anERve73hcLPbrzuIlCRYgbG/soU003fme554M2N
+IXbE8sckHygU8Y41DtSpAuqaRwJmxeuWiuzDWUxzVv4
-----END CERTIFICATE-----