Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/bcf272-d751-45be-9856-018a3770da77/1/K3k_GCXnaMv59dLKq-rHfPOR6HE.roa
File:                     K3k_GCXnaMv59dLKq-rHfPOR6HE.roa (raw, json)
Hash identifier:          5Q6jyJMRb9gad/mJLct+/fYWsLJ0GiEE1wJJESuoLsM=
Subject key identifier:   2B:79:3F:18:25:E7:68:CB:F9:F5:D2:CA:AB:EA:C7:7C:F3:91:E8:71
Certificate issuer:       /CN=29f14d411c20ecfc496215fcdb0f43d847219096
Certificate serial:       01942369653365F3F3D1693F35D979ACE49A
Authority key identifier: 29:F1:4D:41:1C:20:EC:FC:49:62:15:FC:DB:0F:43:D8:47:21:90:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KfFNQRwg7PxJYhX82w9D2EchkJY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/bcf272-d751-45be-9856-018a3770da77/1/K3k_GCXnaMv59dLKq-rHfPOR6HE.roa
Signing time:             Wed 01 Jan 2025 19:48:17 +0000
ROA not before:           Wed 01 Jan 2025 19:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41926
IP address blocks:        193.34.100.0/24 maxlen: 24
                          193.34.101.0/24 maxlen: 24
                          193.34.102.0/24 maxlen: 24
                          193.34.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/bcf272-d751-45be-9856-018a3770da77/1/KfFNQRwg7PxJYhX82w9D2EchkJY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/bcf272-d751-45be-9856-018a3770da77/1/KfFNQRwg7PxJYhX82w9D2EchkJY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KfFNQRwg7PxJYhX82w9D2EchkJY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 02:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:65:33:65:f3:f3:d1:69:3f:35:d9:79:ac:e4:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29f14d411c20ecfc496215fcdb0f43d847219096
        Validity
            Not Before: Jan  1 19:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2b793f1825e768cbf9f5d2caabeac77cf391e871
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:87:34:8c:5c:6e:cb:04:87:89:f0:64:ff:b8:
                    41:fe:5a:b5:04:28:56:08:ff:d9:8f:d9:03:f4:c2:
                    e9:77:fd:d1:bf:70:b0:49:42:35:9a:33:30:50:a0:
                    97:db:10:01:cd:ee:54:a3:ff:0a:4d:88:e2:d2:fc:
                    f0:b1:e1:1e:b9:82:d2:5b:01:55:7b:4f:f1:f7:8e:
                    e1:21:69:97:f5:78:07:cf:c9:35:2a:9f:30:56:d6:
                    1d:4b:74:8c:8a:1d:de:a8:89:c9:ca:21:93:8d:41:
                    1e:0f:4b:55:f5:7c:d6:5c:de:ab:c1:0a:ec:93:50:
                    5a:ca:c7:be:8f:2c:6b:c2:ef:8b:3c:53:e4:e4:9f:
                    a6:cd:f1:60:7b:b7:d0:ae:f8:00:de:37:9e:dc:7c:
                    cc:37:2f:7c:52:aa:ff:b5:35:9a:01:78:bb:f5:90:
                    c0:f1:8b:a4:f9:af:95:60:96:a9:b0:d7:53:ad:4f:
                    34:e1:dd:94:8b:a2:80:8a:1b:98:8c:fb:a9:1a:99:
                    1d:4b:e0:4d:96:7f:e1:a4:48:e4:9f:bf:84:b6:8d:
                    f3:3c:0f:64:7b:cd:21:94:b9:9c:5a:14:56:64:45:
                    52:1c:9b:6a:5e:8f:d8:e1:17:a2:c3:9f:0c:40:ef:
                    1f:09:a8:fb:ca:f4:e9:d5:4c:6f:01:f7:a2:17:32:
                    fe:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:79:3F:18:25:E7:68:CB:F9:F5:D2:CA:AB:EA:C7:7C:F3:91:E8:71
            X509v3 Authority Key Identifier:
                keyid:29:F1:4D:41:1C:20:EC:FC:49:62:15:FC:DB:0F:43:D8:47:21:90:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KfFNQRwg7PxJYhX82w9D2EchkJY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/bcf272-d751-45be-9856-018a3770da77/1/K3k_GCXnaMv59dLKq-rHfPOR6HE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/bcf272-d751-45be-9856-018a3770da77/1/KfFNQRwg7PxJYhX82w9D2EchkJY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.34.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4f:07:4e:1d:7e:48:40:55:6e:45:0e:70:2e:d4:55:9d:f3:9c:
         42:55:a6:c8:3a:d3:8d:54:a9:11:38:3f:e0:17:88:d8:80:5c:
         3b:7e:5d:20:c1:6d:14:c2:58:30:75:59:be:78:3c:f9:6b:95:
         c4:43:ee:cc:7c:f5:e0:35:1e:ed:9c:a0:8f:9e:e0:a4:6c:7d:
         88:6d:71:d9:60:ec:9e:98:5a:ed:a7:47:4e:83:a5:9a:a5:b1:
         f5:d4:96:60:57:fd:15:47:83:24:24:ac:1b:55:2f:07:e1:4d:
         8e:b7:6d:f8:6d:dd:1e:c3:0d:40:55:c1:e1:3a:53:7d:5e:6c:
         74:e6:e8:e5:7b:db:73:9a:20:f2:ee:c0:56:81:7e:86:27:fd:
         91:22:66:52:c9:69:a7:46:21:cb:ce:ee:01:c8:79:84:49:e9:
         00:16:f5:36:52:a7:64:2d:0b:63:5c:6e:00:78:eb:94:06:c6:
         eb:29:bf:76:9b:44:71:2c:13:c2:b9:7d:53:15:26:35:2f:f2:
         f0:81:e6:9f:55:86:df:17:1f:ea:b8:d7:0c:db:e2:c1:b5:c3:
         c7:0f:46:ba:3a:37:b0:64:9f:af:d7:ac:89:0d:dd:2f:b7:c6:
         c9:09:e5:71:2a:38:7c:4a:d1:4b:c2:c9:e7:84:77:3f:0f:2a:
         88:1d:64:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaWUzZfPz0Wk/Ndl5rOSaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZjE0ZDQxMWMyMGVjZmM0OTYyMTVmY2RiMGY0M2Q4NDcy
MTkwOTYwHhcNMjUwMTAxMTk0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjc5M2YxODI1ZTc2OGNiZjlmNWQyY2FhYmVhYzc3Y2YzOTFlODcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvIc0jFxuywSHifBk/7hB/lq1BChW
CP/Zj9kD9MLpd/3Rv3CwSUI1mjMwUKCX2xABze5Uo/8KTYji0vzwseEeuYLSWwFV
e0/x947hIWmX9XgHz8k1Kp8wVtYdS3SMih3eqInJyiGTjUEeD0tV9XzWXN6rwQrs
k1Bayse+jyxrwu+LPFPk5J+mzfFge7fQrvgA3jee3HzMNy98Uqr/tTWaAXi79ZDA
8Yuk+a+VYJapsNdTrU804d2Ui6KAihuYjPupGpkdS+BNln/hpEjkn7+Eto3zPA9k
e80hlLmcWhRWZEVSHJtqXo/Y4Reiw58MQO8fCaj7yvTp1UxvAfeiFzL+VwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCt5Pxgl52jL+fXSyqvqx3zzkehxMB8GA1UdIwQY
MBaAFCnxTUEcIOz8SWIV/NsPQ9hHIZCWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2ZGTlFSd2c3UHhKWWhYODJ3OUQyRWNoa0pZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9iY2YyNzItZDc1MS00NWJlLTk4NTYt
MDE4YTM3NzBkYTc3LzEvSzNrX0dDWG5hTXY1OWRMS3EtckhmUE9SNkhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9iY2YyNzItZDc1MS00NWJlLTk4NTYtMDE4YTM3NzBkYTc3
LzEvS2ZGTlFSd2c3UHhKWWhYODJ3OUQyRWNoa0pZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwSJkMA0G
CSqGSIb3DQEBCwUAA4IBAQBPB04dfkhAVW5FDnAu1FWd85xCVabIOtONVKkROD/g
F4jYgFw7fl0gwW0UwlgwdVm+eDz5a5XEQ+7MfPXgNR7tnKCPnuCkbH2IbXHZYOye
mFrtp0dOg6WapbH11JZgV/0VR4MkJKwbVS8H4U2Ot234bd0eww1AVcHhOlN9Xmx0
5ujle9tzmiDy7sBWgX6GJ/2RImZSyWmnRiHLzu4ByHmESekAFvU2UqdkLQtjXG4A
eOuUBsbrKb92m0RxLBPCuX1TFSY1L/LwgeafVYbfFx/quNcM2+LBtcPHD0a6Ojew
ZJ+v16yJDd0vt8bJCeVxKjh8StFLwsnnhHc/DyqIHWSJ
-----END CERTIFICATE-----