Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/fe05b4-0873-4f1f-ba1f-7e9c0b02248e/1/KkxpxMmS8S1Mkz143AE6R41uFZE.roa
File:                     KkxpxMmS8S1Mkz143AE6R41uFZE.roa (raw, json)
Hash identifier:          eXPgSZI2TwSvGEkwL2CEgSDrAeeuar7/NsGxHBBximA=
Subject key identifier:   2A:4C:69:C4:C9:92:F1:2D:4C:93:3D:78:DC:01:3A:47:8D:6E:15:91
Certificate issuer:       /CN=011bf02928cccb516b719fe558884842f19c0877
Certificate serial:       019423D7FDE6B415A6E685C7ACA129D79D98
Authority key identifier: 01:1B:F0:29:28:CC:CB:51:6B:71:9F:E5:58:88:48:42:F1:9C:08:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ARvwKSjMy1FrcZ_lWIhIQvGcCHc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/fe05b4-0873-4f1f-ba1f-7e9c0b02248e/1/KkxpxMmS8S1Mkz143AE6R41uFZE.roa
Signing time:             Wed 01 Jan 2025 21:49:05 +0000
ROA not before:           Wed 01 Jan 2025 21:49:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2830
IP address blocks:        194.33.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/fe05b4-0873-4f1f-ba1f-7e9c0b02248e/1/ARvwKSjMy1FrcZ_lWIhIQvGcCHc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/fe05b4-0873-4f1f-ba1f-7e9c0b02248e/1/ARvwKSjMy1FrcZ_lWIhIQvGcCHc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ARvwKSjMy1FrcZ_lWIhIQvGcCHc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:fd:e6:b4:15:a6:e6:85:c7:ac:a1:29:d7:9d:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=011bf02928cccb516b719fe558884842f19c0877
        Validity
            Not Before: Jan  1 21:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2a4c69c4c992f12d4c933d78dc013a478d6e1591
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:be:57:9b:71:93:df:0f:9f:be:3c:96:a8:94:
                    a4:98:08:2a:8f:78:99:55:b8:db:dc:bc:2f:81:a9:
                    62:4b:f2:f2:85:73:cb:c4:37:a5:5b:4f:5b:b7:01:
                    69:f7:0f:36:39:57:da:98:19:89:a9:3e:a3:62:46:
                    3f:bf:f4:b9:67:a0:96:78:ea:14:7a:e3:52:b5:c4:
                    9a:c7:f4:d0:1e:e6:9d:a5:23:42:08:83:a9:80:3d:
                    51:6d:a1:73:75:9c:0d:3d:4f:96:09:86:47:9e:1d:
                    8b:f3:7f:57:fa:42:90:87:ce:e3:64:8a:eb:99:45:
                    39:38:16:e6:6b:95:0a:e3:fb:a7:dc:8c:00:b5:11:
                    95:d1:5f:71:c7:d0:55:08:f8:4b:6a:15:39:10:79:
                    c2:1a:d6:ff:0c:6d:6b:ee:49:6c:eb:dc:65:3f:16:
                    a5:4a:0d:e2:19:10:45:41:b4:bc:bd:27:ae:cb:6f:
                    7b:cc:0a:d9:0a:b1:87:44:65:00:48:51:38:88:99:
                    fc:a5:e0:81:ba:47:02:a1:9b:ea:31:a9:42:40:67:
                    c8:4b:93:89:9b:88:31:d5:a1:b9:9d:27:88:a6:be:
                    f3:ff:e1:84:6c:5a:d0:4f:8a:4f:0f:1e:2f:3d:d8:
                    b8:06:ae:e8:11:dd:1b:04:99:4b:e2:da:67:23:f9:
                    dd:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:4C:69:C4:C9:92:F1:2D:4C:93:3D:78:DC:01:3A:47:8D:6E:15:91
            X509v3 Authority Key Identifier:
                keyid:01:1B:F0:29:28:CC:CB:51:6B:71:9F:E5:58:88:48:42:F1:9C:08:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ARvwKSjMy1FrcZ_lWIhIQvGcCHc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/fe05b4-0873-4f1f-ba1f-7e9c0b02248e/1/KkxpxMmS8S1Mkz143AE6R41uFZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/fe05b4-0873-4f1f-ba1f-7e9c0b02248e/1/ARvwKSjMy1FrcZ_lWIhIQvGcCHc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.33.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:6d:38:b5:03:c2:56:85:3a:15:ce:29:96:f4:cf:2a:80:a0:
         0e:f4:23:56:39:63:a7:51:2e:b3:d9:e3:9f:d9:10:5e:d3:fd:
         f1:38:c8:79:25:90:39:e7:7c:c4:7b:83:b3:b0:ca:7f:dd:18:
         88:a4:a7:ff:c2:c2:af:8a:06:2f:c7:ee:db:fd:b1:78:25:45:
         66:76:d3:1c:7a:57:ab:e5:be:e4:e0:dd:98:bf:24:37:db:3a:
         f3:7f:c3:41:55:b3:57:12:29:17:7f:70:b7:42:89:b5:73:3d:
         d9:68:b4:d1:7d:68:28:1b:eb:7d:6c:b7:04:38:ec:b4:ab:cc:
         53:11:23:92:91:bf:7a:b6:bf:59:b2:99:c9:af:8c:52:1b:33:
         de:22:34:d0:6a:01:c1:66:04:78:0c:fb:61:98:2c:68:92:ca:
         af:54:72:9b:34:8a:13:b4:b1:25:91:42:0c:6e:c8:21:2e:f4:
         00:f0:cb:f5:bb:60:36:21:18:3c:dd:80:a7:f0:0f:26:d3:ea:
         f1:87:06:11:ed:3e:96:00:b8:e9:36:b8:d1:d5:87:e3:34:36:
         94:e2:b5:63:3c:ec:48:8d:48:d0:a0:89:71:06:93:01:84:dc:
         55:7b:5e:b4:5d:6a:e2:18:8d:9f:ae:3f:6f:0d:3e:48:e0:95:
         ef:02:1a:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1/3mtBWm5oXHrKEp152YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxMWJmMDI5MjhjY2NiNTE2YjcxOWZlNTU4ODg0ODQyZjE5
YzA4NzcwHhcNMjUwMTAxMjE0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTRjNjljNGM5OTJmMTJkNGM5MzNkNzhkYzAxM2E0NzhkNmUxNTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnr5Xm3GT3w+fvjyWqJSkmAgqj3iZ
Vbjb3LwvgaliS/LyhXPLxDelW09btwFp9w82OVfamBmJqT6jYkY/v/S5Z6CWeOoU
euNStcSax/TQHuadpSNCCIOpgD1RbaFzdZwNPU+WCYZHnh2L839X+kKQh87jZIrr
mUU5OBbma5UK4/un3IwAtRGV0V9xx9BVCPhLahU5EHnCGtb/DG1r7kls69xlPxal
Sg3iGRBFQbS8vSeuy297zArZCrGHRGUASFE4iJn8peCBukcCoZvqMalCQGfIS5OJ
m4gx1aG5nSeIpr7z/+GEbFrQT4pPDx4vPdi4Bq7oEd0bBJlL4tpnI/ndmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCpMacTJkvEtTJM9eNwBOkeNbhWRMB8GA1UdIwQY
MBaAFAEb8CkozMtRa3Gf5ViISELxnAh3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVJ2d0tTak15MUZyY1pfbFdJaElRdkdjQ0hjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS9mZTA1YjQtMDg3My00ZjFmLWJhMWYt
N2U5YzBiMDIyNDhlLzEvS2t4cHhNbVM4UzFNa3oxNDNBRTZSNDF1RlpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS9mZTA1YjQtMDg3My00ZjFmLWJhMWYtN2U5YzBiMDIyNDhl
LzEvQVJ2d0tTak15MUZyY1pfbFdJaElRdkdjQ0hjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiG3MA0G
CSqGSIb3DQEBCwUAA4IBAQCUbTi1A8JWhToVzimW9M8qgKAO9CNWOWOnUS6z2eOf
2RBe0/3xOMh5JZA553zEe4OzsMp/3RiIpKf/wsKvigYvx+7b/bF4JUVmdtMceler
5b7k4N2YvyQ32zrzf8NBVbNXEikXf3C3Qom1cz3ZaLTRfWgoG+t9bLcEOOy0q8xT
ESOSkb96tr9ZspnJr4xSGzPeIjTQagHBZgR4DPthmCxoksqvVHKbNIoTtLElkUIM
bsghLvQA8Mv1u2A2IRg83YCn8A8m0+rxhwYR7T6WALjpNrjR1YfjNDaU4rVjPOxI
jUjQoIlxBpMBhNxVe160XWriGI2frj9vDT5I4JXvAhou
-----END CERTIFICATE-----