Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/2f870e-2ba5-4b88-91a0-1d2348dbd036/1/kM9y4GrDXnCdNW0cB_r7lGW0ZiE.roa
File:                     kM9y4GrDXnCdNW0cB_r7lGW0ZiE.roa (raw, json)
Hash identifier:          zTejL3tH1JMvgJP62ZpXEO3alzMxsTDuTLqKj9I1/dA=
Subject key identifier:   90:CF:72:E0:6A:C3:5E:70:9D:35:6D:1C:07:FA:FB:94:65:B4:66:21
Certificate issuer:       /CN=e3ac635fd45f5471c6c2c3fe45ef1bb4338bc279
Certificate serial:       0194258F3E1CADD1846FAC58A9E76AAB75C9
Authority key identifier: E3:AC:63:5F:D4:5F:54:71:C6:C2:C3:FE:45:EF:1B:B4:33:8B:C2:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/46xjX9RfVHHGwsP-Re8btDOLwnk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/2f870e-2ba5-4b88-91a0-1d2348dbd036/1/kM9y4GrDXnCdNW0cB_r7lGW0ZiE.roa
Signing time:             Thu 02 Jan 2025 05:48:51 +0000
ROA not before:           Thu 02 Jan 2025 05:48:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     553
IP address blocks:        141.69.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/2f870e-2ba5-4b88-91a0-1d2348dbd036/1/46xjX9RfVHHGwsP-Re8btDOLwnk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/2f870e-2ba5-4b88-91a0-1d2348dbd036/1/46xjX9RfVHHGwsP-Re8btDOLwnk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/46xjX9RfVHHGwsP-Re8btDOLwnk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 20:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:3e:1c:ad:d1:84:6f:ac:58:a9:e7:6a:ab:75:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3ac635fd45f5471c6c2c3fe45ef1bb4338bc279
        Validity
            Not Before: Jan  2 05:48:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=90cf72e06ac35e709d356d1c07fafb9465b46621
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:de:64:6a:37:66:93:68:3c:e5:94:7b:21:a1:
                    10:f3:b3:9e:eb:5a:9a:d9:a4:75:45:de:48:f9:6a:
                    88:6e:7e:0d:2b:49:8a:bb:10:fa:38:7b:55:c8:f4:
                    d4:fe:4b:c8:cb:c2:a1:d1:3f:8b:03:d9:57:97:a0:
                    be:37:ac:81:37:55:bd:a6:fd:3f:a5:16:61:b6:71:
                    6e:16:8d:2d:df:33:f6:c4:99:17:b0:9f:17:8c:33:
                    d4:26:94:db:c0:26:0c:6e:0b:88:21:b4:d4:8f:f5:
                    6f:14:0b:68:4a:4a:86:32:6c:ae:f3:e6:3f:1c:c7:
                    db:f1:4c:5d:2a:5e:a6:bd:a7:d2:11:03:a0:b4:45:
                    9e:a9:3a:6f:ec:16:60:3e:13:d6:6f:72:39:25:4d:
                    d8:f2:64:09:53:65:2f:16:df:ab:d4:a1:61:6a:43:
                    d8:b2:55:22:30:e9:fb:c0:63:eb:9e:0b:37:ea:ed:
                    02:70:91:a5:e6:56:6e:f7:87:66:ab:80:69:b6:41:
                    a0:85:69:79:c1:a6:69:54:93:c4:b9:cf:58:72:37:
                    c8:e7:76:ba:0c:6d:02:e2:ed:c2:fc:34:1f:c5:b2:
                    de:56:8a:9f:da:ee:ed:3c:0b:32:54:46:5c:19:52:
                    4e:cb:fc:d7:34:70:17:2c:51:02:d3:d0:55:a4:13:
                    18:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:CF:72:E0:6A:C3:5E:70:9D:35:6D:1C:07:FA:FB:94:65:B4:66:21
            X509v3 Authority Key Identifier:
                keyid:E3:AC:63:5F:D4:5F:54:71:C6:C2:C3:FE:45:EF:1B:B4:33:8B:C2:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/46xjX9RfVHHGwsP-Re8btDOLwnk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/2f870e-2ba5-4b88-91a0-1d2348dbd036/1/kM9y4GrDXnCdNW0cB_r7lGW0ZiE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/2f870e-2ba5-4b88-91a0-1d2348dbd036/1/46xjX9RfVHHGwsP-Re8btDOLwnk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.69.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         43:b2:86:64:7b:d5:36:bd:08:ef:c2:9f:47:04:dd:02:19:47:
         e0:a1:6f:be:3a:00:e4:90:ea:72:fb:a0:d2:f5:75:36:fc:27:
         38:10:0d:e5:fb:c0:31:19:f7:8c:0d:01:d3:b0:1f:03:b5:71:
         68:9c:77:15:93:33:f8:8b:03:c3:41:eb:67:c6:a2:0f:43:41:
         6a:ce:98:73:ca:c4:e9:30:ca:40:36:ac:2f:a8:8d:8d:0d:ca:
         33:f5:a6:a3:c1:47:17:64:d4:d3:96:b0:c6:5d:0c:b5:1a:6e:
         03:c6:6d:81:9d:75:d9:04:46:c8:bf:20:96:cb:72:07:33:63:
         58:c2:db:cd:ca:ec:05:d5:77:aa:42:b6:0b:0d:c7:10:ed:6b:
         42:4e:6b:40:f0:06:9d:f4:55:1f:7a:bc:d6:11:77:54:21:6b:
         1d:13:70:4c:fd:51:ff:b2:78:45:70:d1:2c:5d:d2:ea:f6:88:
         dd:f5:d5:d7:f4:75:4c:91:61:41:43:68:f4:2c:63:03:dc:96:
         62:4e:b6:36:99:5b:15:b5:4f:19:5c:4a:40:3e:8f:0d:53:a7:
         36:f0:9e:e2:b2:89:25:d8:93:cd:7e:bc:3c:60:f7:27:78:c6:
         27:98:e3:bb:7e:5e:76:1d:99:32:10:f3:29:c6:21:c8:d2:6d:
         61:6f:fe:d6
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQljz4crdGEb6xYqedqq3XJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzYWM2MzVmZDQ1ZjU0NzFjNmMyYzNmZTQ1ZWYxYmI0MzM4
YmMyNzkwHhcNMjUwMTAyMDU0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGNmNzJlMDZhYzM1ZTcwOWQzNTZkMWMwN2ZhZmI5NDY1YjQ2NjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2N5kajdmk2g85ZR7IaEQ87Oe61qa
2aR1Rd5I+WqIbn4NK0mKuxD6OHtVyPTU/kvIy8Kh0T+LA9lXl6C+N6yBN1W9pv0/
pRZhtnFuFo0t3zP2xJkXsJ8XjDPUJpTbwCYMbguIIbTUj/VvFAtoSkqGMmyu8+Y/
HMfb8UxdKl6mvafSEQOgtEWeqTpv7BZgPhPWb3I5JU3Y8mQJU2UvFt+r1KFhakPY
slUiMOn7wGPrngs36u0CcJGl5lZu94dmq4BptkGghWl5waZpVJPEuc9YcjfI53a6
DG0C4u3C/DQfxbLeVoqf2u7tPAsyVEZcGVJOy/zXNHAXLFEC09BVpBMY3QIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFJDPcuBqw15wnTVtHAf6+5RltGYhMB8GA1UdIwQY
MBaAFOOsY1/UX1RxxsLD/kXvG7Qzi8J5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDZ4alg5UmZWSEhHd3NQLVJlOGJ0RE9Md25rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy8yZjg3MGUtMmJhNS00Yjg4LTkxYTAt
MWQyMzQ4ZGJkMDM2LzEva005eTRHckRYbkNkTlcwY0JfcjdsR1cwWmlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy8yZjg3MGUtMmJhNS00Yjg4LTkxYTAtMWQyMzQ4ZGJkMDM2
LzEvNDZ4alg5UmZWSEhHd3NQLVJlOGJ0RE9Md25rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjUUwDQYJ
KoZIhvcNAQELBQADggEBAEOyhmR71Ta9CO/Cn0cE3QIZR+Chb746AOSQ6nL7oNL1
dTb8JzgQDeX7wDEZ94wNAdOwHwO1cWicdxWTM/iLA8NB62fGog9DQWrOmHPKxOkw
ykA2rC+ojY0NyjP1pqPBRxdk1NOWsMZdDLUabgPGbYGdddkERsi/IJbLcgczY1jC
283K7AXVd6pCtgsNxxDta0JOa0DwBp30VR96vNYRd1Qhax0TcEz9Uf+yeEVw0Sxd
0ur2iN311df0dUyRYUFDaPQsYwPclmJOtjaZWxW1TxlcSkA+jw1TpzbwnuKyiSXY
k81+vDxg9yd4xieY47t+XnYdmTIQ8ynGIcjSbWFv/tY=
-----END CERTIFICATE-----