Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/KfKDUYRtE2w33wh8p7CmpXO4HW8.roa
File:                     KfKDUYRtE2w33wh8p7CmpXO4HW8.roa (raw, json)
Hash identifier:          wVjtt49/KgqAnCCpcpmtlyZAKDWMfmDqCBsf2O+Tf80=
Subject key identifier:   29:F2:83:51:84:6D:13:6C:37:DF:08:7C:A7:B0:A6:A5:73:B8:1D:6F
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019422FBBDBB26A2C4C6AC267249DCAF0FBD
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/KfKDUYRtE2w33wh8p7CmpXO4HW8.roa
Signing time:             Wed 01 Jan 2025 17:48:30 +0000
ROA not before:           Wed 01 Jan 2025 17:48:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208139
IP address blocks:        185.200.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:bd:bb:26:a2:c4:c6:ac:26:72:49:dc:af:0f:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jan  1 17:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=29f28351846d136c37df087ca7b0a6a573b81d6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:6a:a1:50:57:4a:d1:09:00:6f:59:7c:9c:4f:
                    b1:00:9d:5c:66:5c:62:be:d2:dc:5d:95:f6:5b:78:
                    e6:f9:9a:d5:f3:3f:c1:6a:29:1a:da:a8:62:5b:6a:
                    ae:39:e8:0e:1e:2c:97:66:be:d5:e0:57:5e:92:b8:
                    3e:cb:8a:87:6a:17:ab:ac:d5:91:15:bc:0d:36:1c:
                    b7:d9:43:70:5e:56:b5:ca:fb:b4:ca:25:42:02:1b:
                    4e:de:a3:4b:13:77:b3:c4:2c:e3:da:1c:7b:6a:75:
                    a2:4f:82:4b:f0:39:2e:21:aa:56:ab:c5:ff:53:c4:
                    42:af:56:ae:3b:21:6b:48:41:83:7c:d7:68:46:8a:
                    3c:99:64:8f:94:a2:f4:50:33:2f:d0:c4:18:c2:e0:
                    16:a7:6f:97:48:74:55:e0:c8:49:60:40:82:86:1b:
                    86:a3:43:4f:be:cc:df:7d:0a:cc:92:45:b5:e6:64:
                    31:59:14:b8:eb:9d:d9:ed:b8:bd:c6:9f:0d:6c:da:
                    82:d0:62:77:70:e7:7d:d4:0c:12:82:ff:74:a8:0d:
                    75:e1:98:9f:42:7c:2f:f7:a2:7f:f9:b7:59:d4:fa:
                    e2:38:62:ad:83:14:fb:53:2c:3b:7a:ab:bd:5a:37:
                    69:14:9e:52:86:50:b8:12:c0:a3:fe:c9:43:88:c7:
                    25:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:F2:83:51:84:6D:13:6C:37:DF:08:7C:A7:B0:A6:A5:73:B8:1D:6F
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/KfKDUYRtE2w33wh8p7CmpXO4HW8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.200.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:d6:fc:7a:78:89:10:95:8c:34:4a:8c:2f:f8:78:65:c2:34:
         33:21:e5:13:71:8f:4c:25:de:8f:f3:3b:dd:9c:ff:ab:e7:5a:
         f5:ce:43:26:79:43:b0:b0:27:fd:10:7e:82:5e:85:01:81:30:
         e5:80:77:36:bd:1c:8c:b6:ce:a2:38:85:1c:8a:bf:3e:74:50:
         78:8e:ae:11:32:fb:bc:4c:81:2a:57:37:b3:c8:b2:0d:a5:f5:
         e7:65:c0:52:fd:59:21:88:84:bc:2a:a5:9c:6b:2c:41:e7:71:
         d8:21:99:d3:3e:9b:4a:54:dd:b2:9d:2f:0a:c3:00:8f:67:9a:
         8e:8f:25:cc:e2:9f:46:d4:5c:c9:ef:99:e1:59:8f:d4:e0:cb:
         85:b6:6a:4c:b9:5e:51:26:9a:80:e5:31:2a:60:d7:e2:08:95:
         15:a3:b7:4a:bf:aa:4f:f3:6f:0f:c7:44:3d:46:df:13:5d:b8:
         12:ea:2a:5d:3d:bb:46:88:04:d4:e1:53:f7:ee:98:31:f8:50:
         eb:de:39:7b:77:f3:b9:cd:bf:8d:ea:75:d5:66:53:2b:84:fc:
         95:9f:c1:e3:2e:37:ba:77:22:2c:65:f1:5b:b2:e4:48:bb:2c:
         97:0b:3d:cb:6e:da:f1:10:6e:83:c8:d0:35:3f:67:13:b8:fc:
         9f:60:5f:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+727JqLExqwmckncrw+9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUwMTAxMTc0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWYyODM1MTg0NmQxMzZjMzdkZjA4N2NhN2IwYTZhNTczYjgxZDZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjGqhUFdK0QkAb1l8nE+xAJ1cZlxi
vtLcXZX2W3jm+ZrV8z/Baika2qhiW2quOegOHiyXZr7V4Fdekrg+y4qHaherrNWR
FbwNNhy32UNwXla1yvu0yiVCAhtO3qNLE3ezxCzj2hx7anWiT4JL8DkuIapWq8X/
U8RCr1auOyFrSEGDfNdoRoo8mWSPlKL0UDMv0MQYwuAWp2+XSHRV4MhJYECChhuG
o0NPvszffQrMkkW15mQxWRS4653Z7bi9xp8NbNqC0GJ3cOd91AwSgv90qA114Zif
Qnwv96J/+bdZ1PriOGKtgxT7Uyw7equ9WjdpFJ5ShlC4EsCj/slDiMcl+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCnyg1GEbRNsN98IfKewpqVzuB1vMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvS2ZLRFVZUnRFMnczM3doOHA3Q21wWE80SFc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucg9MA0G
CSqGSIb3DQEBCwUAA4IBAQCi1vx6eIkQlYw0Sowv+HhlwjQzIeUTcY9MJd6P8zvd
nP+r51r1zkMmeUOwsCf9EH6CXoUBgTDlgHc2vRyMts6iOIUcir8+dFB4jq4RMvu8
TIEqVzezyLINpfXnZcBS/VkhiIS8KqWcayxB53HYIZnTPptKVN2ynS8KwwCPZ5qO
jyXM4p9G1FzJ75nhWY/U4MuFtmpMuV5RJpqA5TEqYNfiCJUVo7dKv6pP828Px0Q9
Rt8TXbgS6ipdPbtGiATU4VP37pgx+FDr3jl7d/O5zb+N6nXVZlMrhPyVn8HjLje6
dyIsZfFbsuRIuyyXCz3LbtrxEG6DyNA1P2cTuPyfYF8X
-----END CERTIFICATE-----