Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/a7e850-00be-4dc2-8c41-3866b95f485f/1/KK_qi4NMLcaN6VX_fs5Nnpo24oQ.roa
File:                     KK_qi4NMLcaN6VX_fs5Nnpo24oQ.roa (raw, json)
Hash identifier:          o1mYnl0sun9DJGzd+XokmvL8uGfknZk5uv8J3esnry8=
Subject key identifier:   28:AF:EA:8B:83:4C:2D:C6:8D:E9:55:FF:7E:CE:4D:9E:9A:36:E2:84
Certificate issuer:       /CN=5df40ee7489e95c57f104271919da268bc513f9b
Certificate serial:       0194221F49EFC416199EDE94B35FED80265D
Authority key identifier: 5D:F4:0E:E7:48:9E:95:C5:7F:10:42:71:91:9D:A2:68:BC:51:3F:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XfQO50ielcV_EEJxkZ2iaLxRP5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/a7e850-00be-4dc2-8c41-3866b95f485f/1/KK_qi4NMLcaN6VX_fs5Nnpo24oQ.roa
Signing time:             Wed 01 Jan 2025 13:47:43 +0000
ROA not before:           Wed 01 Jan 2025 13:47:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212797
IP address blocks:        194.76.58.0/23 maxlen: 23
                          194.76.104.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/a7e850-00be-4dc2-8c41-3866b95f485f/1/XfQO50ielcV_EEJxkZ2iaLxRP5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/a7e850-00be-4dc2-8c41-3866b95f485f/1/XfQO50ielcV_EEJxkZ2iaLxRP5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XfQO50ielcV_EEJxkZ2iaLxRP5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:49:ef:c4:16:19:9e:de:94:b3:5f:ed:80:26:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5df40ee7489e95c57f104271919da268bc513f9b
        Validity
            Not Before: Jan  1 13:47:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=28afea8b834c2dc68de955ff7ece4d9e9a36e284
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:9f:07:a0:f1:a5:a6:64:ff:29:91:62:78:a8:
                    42:8c:e2:4d:16:84:9c:c5:dd:1e:4d:66:b9:44:ba:
                    e5:e9:f9:02:78:1e:99:98:44:8f:69:4e:fd:d0:2a:
                    b6:d3:04:e4:c0:b2:1a:04:45:10:21:67:46:6b:54:
                    f2:07:5c:d1:0a:05:47:38:a9:67:49:0d:17:28:5b:
                    97:d1:98:04:e4:27:05:d7:d8:97:56:6d:4e:e4:55:
                    b3:ca:90:0f:e4:64:20:2e:98:6c:67:21:4d:a0:01:
                    8c:21:df:ad:bb:0a:0c:52:44:96:c4:43:29:55:93:
                    fc:d8:73:df:6f:90:12:c9:50:c2:62:c9:48:6b:68:
                    46:1b:f2:5f:9b:35:74:00:dd:da:76:8f:c6:b1:2f:
                    e9:d2:4b:af:70:81:ec:82:81:83:08:c5:85:aa:c1:
                    b9:40:23:4e:90:9a:84:59:c8:34:27:06:4c:55:e9:
                    61:69:94:60:91:47:c5:3d:0f:9b:ac:19:5b:b9:bf:
                    6e:67:4f:96:a7:bc:e3:a9:a9:e2:19:88:e5:9c:65:
                    a0:03:16:4b:fe:7f:28:3f:4d:f6:58:b4:01:6f:1a:
                    b6:6c:7a:e4:c5:0e:d1:de:06:61:7d:d3:18:fe:20:
                    25:08:3f:86:06:20:12:23:ed:d5:4f:ae:56:40:0b:
                    96:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:AF:EA:8B:83:4C:2D:C6:8D:E9:55:FF:7E:CE:4D:9E:9A:36:E2:84
            X509v3 Authority Key Identifier:
                keyid:5D:F4:0E:E7:48:9E:95:C5:7F:10:42:71:91:9D:A2:68:BC:51:3F:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XfQO50ielcV_EEJxkZ2iaLxRP5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/a7e850-00be-4dc2-8c41-3866b95f485f/1/KK_qi4NMLcaN6VX_fs5Nnpo24oQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/a7e850-00be-4dc2-8c41-3866b95f485f/1/XfQO50ielcV_EEJxkZ2iaLxRP5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.76.58.0/23
                  194.76.104.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a3:bf:a0:a6:91:2d:d2:da:50:bc:ca:cd:1c:4c:7e:1e:09:c4:
         20:21:b2:9e:f9:11:d7:98:9c:06:fd:ab:dc:81:5b:84:8a:fc:
         f2:19:b5:3f:8f:09:5e:18:0d:7e:fd:49:26:20:d5:a9:5a:f2:
         4e:c6:f9:f4:af:89:9b:1f:9c:c9:1f:cf:08:70:f5:39:ac:6a:
         f5:82:cb:57:b6:c6:97:97:00:4e:8d:90:06:22:e6:9b:0c:25:
         c3:ae:e9:d2:02:2c:29:a8:94:f6:6f:25:22:44:d7:93:ed:4b:
         a1:ef:61:70:c0:29:76:ba:4a:90:af:af:e6:3e:07:33:7e:32:
         ea:12:22:cd:98:c5:7b:48:7c:02:7a:e4:ca:23:87:1c:80:61:
         0b:ef:95:95:dd:43:2e:6e:5a:f5:57:42:3b:fe:a6:07:1c:cf:
         60:5f:a4:fb:87:a7:55:ee:21:07:b6:f7:ed:bc:96:8c:e2:a4:
         ca:c4:f0:32:83:05:0a:97:e2:90:bc:b6:eb:68:9e:8b:35:36:
         d7:80:30:32:95:41:e5:e7:ba:87:1f:73:34:17:a1:5e:48:b3:
         51:48:a2:83:fa:ad:45:58:7e:7d:4f:25:61:15:99:0a:72:c0:
         71:b8:70:ee:e8:05:85:95:ad:a5:cb:61:7a:05:7a:0f:5c:29:
         06:85:1e:23
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiH0nvxBYZnt6Us1/tgCZdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZjQwZWU3NDg5ZTk1YzU3ZjEwNDI3MTkxOWRhMjY4YmM1
MTNmOWIwHhcNMjUwMTAxMTM0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGFmZWE4YjgzNGMyZGM2OGRlOTU1ZmY3ZWNlNGQ5ZTlhMzZlMjg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZ8HoPGlpmT/KZFieKhCjOJNFoSc
xd0eTWa5RLrl6fkCeB6ZmESPaU790Cq20wTkwLIaBEUQIWdGa1TyB1zRCgVHOKln
SQ0XKFuX0ZgE5CcF19iXVm1O5FWzypAP5GQgLphsZyFNoAGMId+tuwoMUkSWxEMp
VZP82HPfb5ASyVDCYslIa2hGG/JfmzV0AN3ado/GsS/p0kuvcIHsgoGDCMWFqsG5
QCNOkJqEWcg0JwZMVelhaZRgkUfFPQ+brBlbub9uZ0+Wp7zjqaniGYjlnGWgAxZL
/n8oP032WLQBbxq2bHrkxQ7R3gZhfdMY/iAlCD+GBiASI+3VT65WQAuWUwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCiv6ouDTC3GjelV/37OTZ6aNuKEMB8GA1UdIwQY
MBaAFF30DudInpXFfxBCcZGdomi8UT+bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGZRTzUwaWVsY1ZfRUVKeGtaMmlhTHhSUDVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9hN2U4NTAtMDBiZS00ZGMyLThjNDEt
Mzg2NmI5NWY0ODVmLzEvS0tfcWk0Tk1MY2FONlZYX2ZzNU5ucG8yNG9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9hN2U4NTAtMDBiZS00ZGMyLThjNDEtMzg2NmI5NWY0ODVm
LzEvWGZRTzUwaWVsY1ZfRUVKeGtaMmlhTHhSUDVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwkw6AwQB
wkxoMA0GCSqGSIb3DQEBCwUAA4IBAQCjv6CmkS3S2lC8ys0cTH4eCcQgIbKe+RHX
mJwG/avcgVuEivzyGbU/jwleGA1+/UkmINWpWvJOxvn0r4mbH5zJH88IcPU5rGr1
gstXtsaXlwBOjZAGIuabDCXDrunSAiwpqJT2byUiRNeT7Uuh72FwwCl2ukqQr6/m
PgczfjLqEiLNmMV7SHwCeuTKI4ccgGEL75WV3UMublr1V0I7/qYHHM9gX6T7h6dV
7iEHtvftvJaM4qTKxPAygwUKl+KQvLbraJ6LNTbXgDAylUHl57qHH3M0F6FeSLNR
SKKD+q1FWH59TyVhFZkKcsBxuHDu6AWFla2ly2F6BXoPXCkGhR4j
-----END CERTIFICATE-----