Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/kdW_5V8ldS6KbnUeAyiJGSoIP2E.roa
File:                     kdW_5V8ldS6KbnUeAyiJGSoIP2E.roa (raw, json)
Hash identifier:          /YQe2Lqi5GrU+2hUXjgFaSHZXQ7zULbq+NFCylBxnHM=
Subject key identifier:   91:D5:BF:E5:5F:25:75:2E:8A:6E:75:1E:03:28:89:19:2A:08:3F:61
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       0194611BFC9FE7EEA093C6EC92F03206776A
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/kdW_5V8ldS6KbnUeAyiJGSoIP2E.roa
Signing time:             Mon 13 Jan 2025 19:20:11 +0000
ROA not before:           Mon 13 Jan 2025 19:20:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212150
IP address blocks:        80.244.15.0/24 maxlen: 24
                          185.244.106.0/24 maxlen: 24
                          212.46.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:61:1b:fc:9f:e7:ee:a0:93:c6:ec:92:f0:32:06:77:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jan 13 19:20:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=91d5bfe55f25752e8a6e751e032889192a083f61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:2d:37:84:90:11:e8:b2:52:1d:e8:cd:14:48:
                    dc:62:c8:04:fe:5c:f4:ee:49:28:74:bb:d1:e7:00:
                    8c:c8:96:09:19:ed:bb:6d:60:f8:d4:74:d2:d7:6a:
                    eb:11:fb:2f:54:e3:05:25:36:b5:fb:b6:11:48:02:
                    8b:44:74:17:f4:6a:72:72:83:5e:46:35:08:db:44:
                    37:6e:c3:35:39:e7:58:3b:13:fc:9b:ef:57:db:d2:
                    3a:ef:96:ab:7f:1f:98:d7:b7:7e:68:e2:0f:90:55:
                    0a:b6:96:6d:56:b4:a6:9f:e7:28:38:5f:75:c5:9f:
                    2f:63:37:59:6c:b2:ba:7c:f1:69:79:05:45:03:d0:
                    e5:3e:04:dc:5d:52:cb:3e:90:57:98:cf:68:c7:b0:
                    11:cf:2c:b0:1f:a4:a6:26:d3:fe:75:f1:dc:c9:9e:
                    ab:ac:ad:a7:2d:dd:be:58:a7:99:d4:5c:cf:23:48:
                    34:2c:44:4c:4c:9c:01:3e:6e:ee:eb:2a:91:97:e5:
                    de:98:e7:37:8a:2b:04:f0:e3:8f:d5:be:24:ad:bc:
                    4d:85:0e:19:7d:a5:cf:75:53:43:85:70:20:ad:9c:
                    b9:f4:d6:f1:1a:b9:f1:99:21:df:b6:7e:5a:0e:ab:
                    28:82:2a:9a:e5:4d:56:bc:22:97:d5:92:1f:35:eb:
                    e0:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:D5:BF:E5:5F:25:75:2E:8A:6E:75:1E:03:28:89:19:2A:08:3F:61
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/kdW_5V8ldS6KbnUeAyiJGSoIP2E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.244.15.0/24
                  185.244.106.0/24
                  212.46.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:c0:ab:53:d5:de:57:f2:2e:c7:8e:2e:ac:77:a3:67:f2:1d:
         9b:87:ba:e6:b7:6b:fa:e0:ad:96:e1:ce:60:c7:59:29:aa:d9:
         5b:2d:66:bb:9e:33:af:04:f5:c7:df:6b:82:77:47:9b:4b:61:
         86:85:b1:7f:83:77:ed:61:e5:19:47:f8:fb:3b:ea:a1:bb:0a:
         f9:56:6a:5f:2e:94:a7:d2:c1:9e:cd:94:6e:43:eb:de:57:9c:
         6c:03:a5:b9:73:f7:1f:e3:62:54:76:23:a9:16:47:44:36:89:
         21:7f:8e:cf:7f:86:2c:dc:86:41:3d:57:53:a2:d3:2e:26:15:
         57:ae:c9:26:14:47:e8:81:d3:fd:bf:36:6e:28:0b:bb:53:ca:
         c5:49:d6:a4:a4:a0:b3:a9:5b:9c:0d:70:48:2b:5e:d4:08:de:
         3f:ab:63:24:56:45:82:e4:0c:86:fa:c9:cd:71:87:87:95:ec:
         67:ab:b3:86:f3:81:f0:ac:ec:d2:8b:e2:3c:a9:5b:e1:dc:70:
         38:2c:dc:6c:b6:88:00:e3:4d:c9:35:0c:50:00:f7:4c:77:a9:
         85:58:80:79:26:82:d4:da:61:49:e1:10:90:36:b9:08:0d:b2:
         e2:39:3d:23:4d:5e:c1:90:6a:e3:cd:d4:54:ab:8f:96:7e:ff:
         3f:be:89:68
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZRhG/yf5+6gk8bskvAyBndqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwMTEzMTkyMDExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWQ1YmZlNTVmMjU3NTJlOGE2ZTc1MWUwMzI4ODkxOTJhMDgzZjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuS03hJAR6LJSHejNFEjcYsgE/lz0
7kkodLvR5wCMyJYJGe27bWD41HTS12rrEfsvVOMFJTa1+7YRSAKLRHQX9GpycoNe
RjUI20Q3bsM1OedYOxP8m+9X29I675arfx+Y17d+aOIPkFUKtpZtVrSmn+coOF91
xZ8vYzdZbLK6fPFpeQVFA9DlPgTcXVLLPpBXmM9ox7ARzyywH6SmJtP+dfHcyZ6r
rK2nLd2+WKeZ1FzPI0g0LERMTJwBPm7u6yqRl+XemOc3iisE8OOP1b4krbxNhQ4Z
faXPdVNDhXAgrZy59NbxGrnxmSHftn5aDqsogiqa5U1WvCKX1ZIfNevg7QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJHVv+VfJXUuim51HgMoiRkqCD9hMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEva2RXXzVWOGxkUzZLYm5VZUF5aUpHU29JUDJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUPQPAwQA
ufRqAwQA1C4lMA0GCSqGSIb3DQEBCwUAA4IBAQBFwKtT1d5X8i7Hji6sd6Nn8h2b
h7rmt2v64K2W4c5gx1kpqtlbLWa7njOvBPXH32uCd0ebS2GGhbF/g3ftYeUZR/j7
O+qhuwr5VmpfLpSn0sGezZRuQ+veV5xsA6W5c/cf42JUdiOpFkdENokhf47Pf4Ys
3IZBPVdTotMuJhVXrskmFEfogdP9vzZuKAu7U8rFSdakpKCzqVucDXBIK17UCN4/
q2MkVkWC5AyG+snNcYeHlexnq7OG84HwrOzSi+I8qVvh3HA4LNxstogA403JNQxQ
APdMd6mFWIB5JoLU2mFJ4RCQNrkIDbLiOT0jTV7BkGrjzdRUq4+Wfv8/volo
-----END CERTIFICATE-----