Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/7dae2f-d236-41f7-b1bc-8448dcfb27aa/1/KVm2tYPFHZBApahJuh-yFMOKwBk.roa
File:                     KVm2tYPFHZBApahJuh-yFMOKwBk.roa (raw, json)
Hash identifier:          wUvjfCvCqFvECtRMSyawvlGReq6AkWwtmpZ7EFcDmTk=
Subject key identifier:   29:59:B6:B5:83:C5:1D:90:40:A5:A8:49:BA:1F:B2:14:C3:8A:C0:19
Certificate issuer:       /CN=391462364ed45f676ad50a9eae2d342d8cfd7441
Certificate serial:       0194221FE3D4827D3D613A6B631595B949B5
Authority key identifier: 39:14:62:36:4E:D4:5F:67:6A:D5:0A:9E:AE:2D:34:2D:8C:FD:74:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ORRiNk7UX2dq1Qqeri00LYz9dEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/7dae2f-d236-41f7-b1bc-8448dcfb27aa/1/KVm2tYPFHZBApahJuh-yFMOKwBk.roa
Signing time:             Wed 01 Jan 2025 13:48:22 +0000
ROA not before:           Wed 01 Jan 2025 13:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     680
IP address blocks:        141.83.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/7dae2f-d236-41f7-b1bc-8448dcfb27aa/1/ORRiNk7UX2dq1Qqeri00LYz9dEE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/7dae2f-d236-41f7-b1bc-8448dcfb27aa/1/ORRiNk7UX2dq1Qqeri00LYz9dEE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ORRiNk7UX2dq1Qqeri00LYz9dEE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:e3:d4:82:7d:3d:61:3a:6b:63:15:95:b9:49:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=391462364ed45f676ad50a9eae2d342d8cfd7441
        Validity
            Not Before: Jan  1 13:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2959b6b583c51d9040a5a849ba1fb214c38ac019
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:f1:a4:99:b4:94:0a:9b:6b:7e:d7:d1:ac:d9:
                    17:44:8e:bf:c6:17:d3:98:4b:b4:b9:58:2a:7d:e6:
                    bb:01:72:cd:5e:ba:75:2d:7a:57:5b:d2:08:f5:f7:
                    db:54:9e:5a:71:ad:40:7d:7e:14:31:7b:25:b4:8f:
                    90:b1:ab:b0:6d:c0:3e:08:f0:86:ec:00:fc:9f:fb:
                    78:db:0f:46:e5:28:1c:3d:d5:9f:6b:aa:fc:74:ca:
                    1a:50:ef:79:93:6a:ed:5a:43:62:d1:1b:9a:4d:6d:
                    53:ca:a2:11:5c:dc:45:d5:49:40:72:43:49:16:ff:
                    19:6d:c4:ea:32:47:14:8d:20:b6:10:c0:97:cf:04:
                    0f:52:ab:48:ca:d9:e7:e6:b5:23:23:be:c8:3b:d8:
                    ee:c2:6e:b2:89:09:e7:95:b3:45:ac:b1:a5:23:7b:
                    1c:0b:a5:d4:c3:2c:74:45:c9:d7:c8:8f:7d:9e:9d:
                    9c:80:47:ac:83:f7:78:35:be:d2:8b:0c:92:66:1d:
                    5d:94:3b:33:4b:b7:a4:8e:62:41:60:19:32:87:0c:
                    09:05:39:8a:d2:8f:6c:84:ee:07:16:e7:84:fb:bf:
                    f0:81:a3:56:e9:e3:d1:94:14:77:82:09:02:40:75:
                    3a:5b:26:f8:36:5c:d9:44:bf:b8:68:79:b0:b9:e0:
                    39:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:59:B6:B5:83:C5:1D:90:40:A5:A8:49:BA:1F:B2:14:C3:8A:C0:19
            X509v3 Authority Key Identifier:
                keyid:39:14:62:36:4E:D4:5F:67:6A:D5:0A:9E:AE:2D:34:2D:8C:FD:74:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ORRiNk7UX2dq1Qqeri00LYz9dEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/7dae2f-d236-41f7-b1bc-8448dcfb27aa/1/KVm2tYPFHZBApahJuh-yFMOKwBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/7dae2f-d236-41f7-b1bc-8448dcfb27aa/1/ORRiNk7UX2dq1Qqeri00LYz9dEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.83.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         1d:24:78:1a:e6:30:5e:75:ed:bd:eb:f0:62:9f:7a:fb:57:e9:
         cd:f0:6c:f2:34:8b:7b:f7:2f:85:75:44:40:ae:af:dd:4c:87:
         76:40:c6:92:29:e3:e4:04:3b:3e:cb:c8:38:e3:e8:ef:51:aa:
         c1:88:ae:8c:c5:a0:96:fe:5b:bb:60:df:fd:f4:81:8f:7d:28:
         a8:54:24:96:57:88:4a:e4:f3:45:c1:a1:4c:77:56:76:cd:ef:
         aa:3b:37:65:30:47:98:08:48:56:26:89:df:58:1f:a7:f3:4c:
         97:e3:f8:ae:b0:27:71:71:ce:b1:cc:49:ca:d7:82:0f:23:d5:
         61:af:63:95:d8:ff:32:6a:09:0e:3c:14:93:a2:81:f7:91:89:
         1e:d3:bf:38:45:5d:b5:d0:79:36:b8:8c:aa:5c:d8:eb:33:9b:
         30:4f:9b:d2:a4:94:57:67:81:67:ca:42:cc:b1:86:9e:de:a0:
         37:8e:cf:7b:9b:6c:19:f9:71:e9:95:a4:e2:1c:77:ad:2f:80:
         59:6c:53:16:cb:ee:f2:53:cb:4c:bc:f2:49:ec:38:f0:e7:ed:
         16:99:ec:fb:d3:e8:80:7c:c4:72:d6:62:f5:4f:02:02:55:fb:
         ce:61:c6:d6:94:9e:02:b7:79:64:59:0c:d6:26:ac:ca:19:22:
         56:58:5f:7a
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQiH+PUgn09YTprYxWVuUm1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MTQ2MjM2NGVkNDVmNjc2YWQ1MGE5ZWFlMmQzNDJkOGNm
ZDc0NDEwHhcNMjUwMTAxMTM0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTU5YjZiNTgzYzUxZDkwNDBhNWE4NDliYTFmYjIxNGMzOGFjMDE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn/GkmbSUCptrftfRrNkXRI6/xhfT
mEu0uVgqfea7AXLNXrp1LXpXW9II9ffbVJ5aca1AfX4UMXsltI+QsauwbcA+CPCG
7AD8n/t42w9G5SgcPdWfa6r8dMoaUO95k2rtWkNi0RuaTW1TyqIRXNxF1UlAckNJ
Fv8ZbcTqMkcUjSC2EMCXzwQPUqtIytnn5rUjI77IO9juwm6yiQnnlbNFrLGlI3sc
C6XUwyx0RcnXyI99np2cgEesg/d4Nb7SiwySZh1dlDszS7ekjmJBYBkyhwwJBTmK
0o9shO4HFueE+7/wgaNW6ePRlBR3ggkCQHU6Wyb4NlzZRL+4aHmwueA57wIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFClZtrWDxR2QQKWoSbofshTDisAZMB8GA1UdIwQY
MBaAFDkUYjZO1F9natUKnq4tNC2M/XRBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1JSaU5rN1VYMmRxMVFxZXJpMDBMWXo5ZEVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi83ZGFlMmYtZDIzNi00MWY3LWIxYmMt
ODQ0OGRjZmIyN2FhLzEvS1ZtMnRZUEZIWkJBcGFoSnVoLXlGTU9Ld0JrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi83ZGFlMmYtZDIzNi00MWY3LWIxYmMtODQ0OGRjZmIyN2Fh
LzEvT1JSaU5rN1VYMmRxMVFxZXJpMDBMWXo5ZEVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjVMwDQYJ
KoZIhvcNAQELBQADggEBAB0keBrmMF517b3r8GKfevtX6c3wbPI0i3v3L4V1RECu
r91Mh3ZAxpIp4+QEOz7LyDjj6O9RqsGIrozFoJb+W7tg3/30gY99KKhUJJZXiErk
80XBoUx3VnbN76o7N2UwR5gISFYmid9YH6fzTJfj+K6wJ3FxzrHMScrXgg8j1WGv
Y5XY/zJqCQ48FJOigfeRiR7TvzhFXbXQeTa4jKpc2OszmzBPm9KklFdngWfKQsyx
hp7eoDeOz3ubbBn5cemVpOIcd60vgFlsUxbL7vJTy0y88knsOPDn7RaZ7PvT6IB8
xHLWYvVPAgJV+85hxtaUngK3eWRZDNYmrMoZIlZYX3o=
-----END CERTIFICATE-----