Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/Kkr4WQTbiLrBJjIFNHmfQjqdMFs.roa
File:                     Kkr4WQTbiLrBJjIFNHmfQjqdMFs.roa (raw, json)
Hash identifier:          AX2E33mALAyiSH2uL+jaoucILuyqIMUcyM5PTXw0LYA=
Subject key identifier:   2A:4A:F8:59:04:DB:88:BA:C1:26:32:05:34:79:9F:42:3A:9D:30:5B
Certificate issuer:       /CN=9cb25ce550e4d9bda05bd5d45c8b6ba37430bbba
Certificate serial:       0194236A295A4154EF2DE6911AB2B087330B
Authority key identifier: 9C:B2:5C:E5:50:E4:D9:BD:A0:5B:D5:D4:5C:8B:6B:A3:74:30:BB:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/Kkr4WQTbiLrBJjIFNHmfQjqdMFs.roa
Signing time:             Wed 01 Jan 2025 19:49:07 +0000
ROA not before:           Wed 01 Jan 2025 19:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        5.253.186.0/24 maxlen: 24
                          45.130.32.0/24 maxlen: 24
                          185.219.162.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/nLJc5VDk2b2gW9XUXItro3Qwu7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/nLJc5VDk2b2gW9XUXItro3Qwu7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:29:5a:41:54:ef:2d:e6:91:1a:b2:b0:87:33:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9cb25ce550e4d9bda05bd5d45c8b6ba37430bbba
        Validity
            Not Before: Jan  1 19:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2a4af85904db88bac126320534799f423a9d305b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:ff:a2:fc:a7:3e:d8:df:8d:c2:ed:eb:43:a6:
                    01:57:7c:85:21:ac:5d:ea:4b:88:6f:59:b2:99:28:
                    f1:35:28:83:3d:9a:cb:16:d5:e4:09:42:83:eb:40:
                    08:33:a9:6e:89:b7:03:12:b7:58:fd:99:85:f1:e2:
                    05:41:24:db:c9:73:e8:7a:8e:30:56:6f:16:43:27:
                    62:ea:64:64:c1:21:b5:26:a4:ab:39:2e:e7:05:75:
                    00:be:3d:22:cc:9a:50:9c:cc:c5:de:01:eb:fc:22:
                    5a:f6:62:84:40:ae:a8:6b:04:10:06:80:61:f8:84:
                    da:01:aa:54:71:93:68:72:de:84:a8:8f:a5:15:41:
                    a3:56:9c:7b:e5:e1:48:64:98:78:34:a7:6f:18:a7:
                    43:51:3c:77:ac:aa:8b:1a:5c:d0:bd:2b:58:8d:0c:
                    61:fb:95:2e:e5:5d:3b:de:cb:07:bb:fc:89:1f:32:
                    de:dc:7a:cc:b0:76:1c:93:47:0a:87:ba:8c:25:8c:
                    dd:0e:37:77:62:e0:a2:a3:0a:7e:c1:c2:f7:fa:02:
                    79:5e:68:f2:08:7b:b1:18:88:e2:96:60:b5:66:7d:
                    1c:75:50:43:6c:f2:2f:c6:4e:ce:f9:cd:e0:32:8d:
                    36:53:41:f1:10:6f:21:3c:83:41:48:76:90:ad:34:
                    61:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:4A:F8:59:04:DB:88:BA:C1:26:32:05:34:79:9F:42:3A:9D:30:5B
            X509v3 Authority Key Identifier:
                keyid:9C:B2:5C:E5:50:E4:D9:BD:A0:5B:D5:D4:5C:8B:6B:A3:74:30:BB:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/Kkr4WQTbiLrBJjIFNHmfQjqdMFs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/nLJc5VDk2b2gW9XUXItro3Qwu7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.186.0/24
                  45.130.32.0/24
                  185.219.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:84:f7:02:a6:75:79:41:28:79:d6:17:ce:47:2e:59:76:58:
         99:8d:9c:5d:be:b4:6a:87:72:a9:d4:2e:02:16:5c:83:f7:2e:
         db:56:99:be:b4:c6:20:a9:98:13:6d:e7:a9:f0:a0:a6:fb:1e:
         04:67:5e:ea:a4:ac:c0:74:36:50:16:d6:c4:56:5a:15:94:37:
         95:78:c4:67:63:e7:e2:aa:57:56:cd:05:c3:ec:5d:8f:64:02:
         bd:20:e0:a4:ff:57:d4:75:7e:d5:a2:c0:0e:34:e3:d8:67:c8:
         e0:fa:34:d2:b1:8f:63:4c:4e:c8:89:96:d4:fe:88:ef:37:37:
         f1:3f:63:0f:c2:de:a8:fb:54:d4:a1:49:7a:66:d5:1e:55:36:
         c9:d6:52:7a:cb:98:0c:30:0d:55:cd:1d:f7:b2:14:f6:74:a7:
         43:11:bf:22:56:af:04:38:98:57:0d:f2:f2:8d:cf:17:ba:2b:
         11:69:9d:cd:81:a9:a4:b0:46:1f:d5:a4:77:c1:53:83:1e:c4:
         1b:6e:62:25:73:aa:b7:42:6c:9a:dc:a8:cd:25:d7:ae:44:b5:
         fc:fd:93:ee:8b:f7:3f:5c:ad:e7:b3:f5:ae:39:28:0a:07:bd:
         2a:d1:ed:bd:62:26:3f:e1:81:dd:a7:8b:a4:8d:63:9b:2e:6e:
         74:11:ff:c7
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQjailaQVTvLeaRGrKwhzMLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljYjI1Y2U1NTBlNGQ5YmRhMDViZDVkNDVjOGI2YmEzNzQz
MGJiYmEwHhcNMjUwMTAxMTk0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTRhZjg1OTA0ZGI4OGJhYzEyNjMyMDUzNDc5OWY0MjNhOWQzMDViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1f+i/Kc+2N+Nwu3rQ6YBV3yFIaxd
6kuIb1mymSjxNSiDPZrLFtXkCUKD60AIM6luibcDErdY/ZmF8eIFQSTbyXPoeo4w
Vm8WQydi6mRkwSG1JqSrOS7nBXUAvj0izJpQnMzF3gHr/CJa9mKEQK6oawQQBoBh
+ITaAapUcZNoct6EqI+lFUGjVpx75eFIZJh4NKdvGKdDUTx3rKqLGlzQvStYjQxh
+5Uu5V073ssHu/yJHzLe3HrMsHYck0cKh7qMJYzdDjd3YuCiowp+wcL3+gJ5Xmjy
CHuxGIjilmC1Zn0cdVBDbPIvxk7O+c3gMo02U0HxEG8hPINBSHaQrTRhFQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCpK+FkE24i6wSYyBTR5n0I6nTBbMB8GA1UdIwQY
MBaAFJyyXOVQ5Nm9oFvV1FyLa6N0MLu6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkxKYzVWRGsyYjJnVzlYVVhJdHJvM1F3dTdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS80ZjMzNmItNGE3OS00NDI1LTk1NTYt
YmU0NWYwZDJhYmJiLzEvS2tyNFdRVGJpTHJCSmpJRk5IbWZRanFkTUZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS80ZjMzNmItNGE3OS00NDI1LTk1NTYtYmU0NWYwZDJhYmJi
LzEvbkxKYzVWRGsyYjJnVzlYVVhJdHJvM1F3dTdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABf26AwQA
LYIgAwQAuduiMA0GCSqGSIb3DQEBCwUAA4IBAQCRhPcCpnV5QSh51hfORy5ZdliZ
jZxdvrRqh3Kp1C4CFlyD9y7bVpm+tMYgqZgTbeep8KCm+x4EZ17qpKzAdDZQFtbE
VloVlDeVeMRnY+fiqldWzQXD7F2PZAK9IOCk/1fUdX7VosAONOPYZ8jg+jTSsY9j
TE7IiZbU/ojvNzfxP2MPwt6o+1TUoUl6ZtUeVTbJ1lJ6y5gMMA1VzR33shT2dKdD
Eb8iVq8EOJhXDfLyjc8XuisRaZ3NgamksEYf1aR3wVODHsQbbmIlc6q3Qmya3KjN
JdeuRLX8/ZPui/c/XK3ns/WuOSgKB70q0e29YiY/4YHdp4ukjWObLm50Ef/H
-----END CERTIFICATE-----