Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/54910b-9a13-4ace-abf2-a2351f4e8915/1/kLDW8S2AqSM38SEqcZhk6y6H9Zs.roa
File:                     kLDW8S2AqSM38SEqcZhk6y6H9Zs.roa (raw, json)
Hash identifier:          1uyD9ShIaMoUE8tZ7cjyGLh54i2J2KfHSIYSBkC6vac=
Subject key identifier:   90:B0:D6:F1:2D:80:A9:23:37:F1:21:2A:71:98:64:EB:2E:87:F5:9B
Certificate issuer:       /CN=d65003e24cecfbf8e8c15ff637dd15db4d7fae92
Certificate serial:       0194228D68D301389E1B3EEED9DCB1FB4D7C
Authority key identifier: D6:50:03:E2:4C:EC:FB:F8:E8:C1:5F:F6:37:DD:15:DB:4D:7F:AE:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1lAD4kzs-_jowV_2N90V201_rpI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/54910b-9a13-4ace-abf2-a2351f4e8915/1/kLDW8S2AqSM38SEqcZhk6y6H9Zs.roa
Signing time:             Wed 01 Jan 2025 15:48:00 +0000
ROA not before:           Wed 01 Jan 2025 15:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15404
IP address blocks:        193.36.241.0/24 maxlen: 24
                          193.36.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/54910b-9a13-4ace-abf2-a2351f4e8915/1/1lAD4kzs-_jowV_2N90V201_rpI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/54910b-9a13-4ace-abf2-a2351f4e8915/1/1lAD4kzs-_jowV_2N90V201_rpI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1lAD4kzs-_jowV_2N90V201_rpI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:68:d3:01:38:9e:1b:3e:ee:d9:dc:b1:fb:4d:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d65003e24cecfbf8e8c15ff637dd15db4d7fae92
        Validity
            Not Before: Jan  1 15:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=90b0d6f12d80a92337f1212a719864eb2e87f59b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:da:20:51:21:de:ba:98:17:45:1f:9b:5f:c2:
                    27:03:3a:13:f7:8c:3a:f3:4c:ca:f1:26:ef:8d:86:
                    09:03:c9:77:d9:be:4a:b7:cc:01:b4:74:a7:4e:d1:
                    ca:26:a2:2c:d6:83:3a:f2:3e:b0:52:14:70:82:57:
                    30:64:89:c9:0b:78:af:5c:4b:f0:c1:55:7f:b3:d3:
                    61:e5:d3:92:df:b4:d1:5f:35:7b:19:c4:28:c2:2b:
                    d2:b2:19:f8:6f:1a:28:a5:58:6d:f4:60:d5:66:30:
                    2f:51:d1:77:fe:ec:f8:9b:79:6a:3d:48:44:51:7c:
                    39:ce:f8:dc:ed:b8:ae:c4:ca:08:a6:93:d6:c2:d1:
                    8a:4e:f5:db:6d:0e:61:82:20:78:02:58:90:74:f5:
                    8f:49:2a:0c:15:49:48:b9:19:79:6b:74:10:2a:1d:
                    d0:23:3f:4a:f8:18:91:ff:f3:b7:77:d5:30:8f:39:
                    f0:bf:c4:63:54:f0:71:08:f9:18:22:c1:11:d0:a7:
                    79:ad:40:30:02:c8:fe:e7:f9:b5:c1:95:a5:fb:63:
                    1b:6d:fb:ed:e7:14:7d:b0:78:3d:f6:3d:e3:ec:aa:
                    bc:3f:2a:ac:62:4b:21:19:ab:87:c3:3f:7f:bb:4e:
                    64:98:a7:66:70:73:d6:3b:c7:62:8a:62:07:8e:8b:
                    f6:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:B0:D6:F1:2D:80:A9:23:37:F1:21:2A:71:98:64:EB:2E:87:F5:9B
            X509v3 Authority Key Identifier:
                keyid:D6:50:03:E2:4C:EC:FB:F8:E8:C1:5F:F6:37:DD:15:DB:4D:7F:AE:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1lAD4kzs-_jowV_2N90V201_rpI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/54910b-9a13-4ace-abf2-a2351f4e8915/1/kLDW8S2AqSM38SEqcZhk6y6H9Zs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/54910b-9a13-4ace-abf2-a2351f4e8915/1/1lAD4kzs-_jowV_2N90V201_rpI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.36.241.0/24
                  193.36.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:12:86:59:aa:5e:e7:5a:92:81:1c:d5:38:91:c3:3d:b9:d7:
         f7:ec:0d:2d:04:b4:17:04:89:9d:a1:16:ee:21:77:25:2d:db:
         eb:88:d5:f8:c2:7e:2a:9b:5c:a3:dc:4f:e0:95:9e:e4:8d:a3:
         ab:7c:e0:a2:bc:44:c1:27:79:5b:f3:e6:12:f4:61:c7:e4:f9:
         56:b5:49:79:5e:40:cf:cc:6c:75:16:1f:e7:54:c6:42:9d:ea:
         81:18:aa:59:91:e1:9a:33:74:21:d9:44:46:de:d1:de:7b:22:
         a8:f4:60:75:90:8b:17:62:28:ab:96:d2:e3:fa:25:93:87:df:
         83:d3:af:7e:06:48:02:fd:24:67:fe:11:78:55:37:82:cf:1d:
         aa:13:19:bf:0c:68:f7:a0:84:22:7e:6a:dd:43:66:c3:70:ce:
         03:0c:2f:15:a9:1d:22:ba:50:32:c9:7d:3e:45:9c:70:b2:7c:
         f3:77:85:8c:d2:f1:e0:9b:1d:02:48:55:15:c8:03:5a:e6:70:
         0d:21:9a:1e:f7:f9:5a:f3:25:87:1e:bc:13:2e:5d:67:c3:f4:
         5f:86:40:a1:25:8f:07:4f:65:95:50:74:7a:7c:96:08:1f:3e:
         61:70:26:2f:48:de:9f:46:c3:85:36:83:6d:b6:25:ca:4c:ed:
         97:4e:61:82
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQijWjTATieGz7u2dyx+018MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2NTAwM2UyNGNlY2ZiZjhlOGMxNWZmNjM3ZGQxNWRiNGQ3
ZmFlOTIwHhcNMjUwMTAxMTU0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGIwZDZmMTJkODBhOTIzMzdmMTIxMmE3MTk4NjRlYjJlODdmNTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA19ogUSHeupgXRR+bX8InAzoT94w6
80zK8SbvjYYJA8l32b5Kt8wBtHSnTtHKJqIs1oM68j6wUhRwglcwZInJC3ivXEvw
wVV/s9Nh5dOS37TRXzV7GcQowivSshn4bxoopVht9GDVZjAvUdF3/uz4m3lqPUhE
UXw5zvjc7biuxMoIppPWwtGKTvXbbQ5hgiB4AliQdPWPSSoMFUlIuRl5a3QQKh3Q
Iz9K+BiR//O3d9Uwjznwv8RjVPBxCPkYIsER0Kd5rUAwAsj+5/m1wZWl+2Mbbfvt
5xR9sHg99j3j7Kq8PyqsYkshGauHwz9/u05kmKdmcHPWO8diimIHjov2qwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJCw1vEtgKkjN/EhKnGYZOsuh/WbMB8GA1UdIwQY
MBaAFNZQA+JM7Pv46MFf9jfdFdtNf66SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWxBRDRrenMtX2pvd1ZfMk45MFYyMDFfcnBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC81NDkxMGItOWExMy00YWNlLWFiZjIt
YTIzNTFmNGU4OTE1LzEva0xEVzhTMkFxU00zOFNFcWNaaGs2eTZIOVpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC81NDkxMGItOWExMy00YWNlLWFiZjItYTIzNTFmNGU4OTE1
LzEvMWxBRDRrenMtX2pvd1ZfMk45MFYyMDFfcnBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwSTxAwQA
wST+MA0GCSqGSIb3DQEBCwUAA4IBAQCoEoZZql7nWpKBHNU4kcM9udf37A0tBLQX
BImdoRbuIXclLdvriNX4wn4qm1yj3E/glZ7kjaOrfOCivETBJ3lb8+YS9GHH5PlW
tUl5XkDPzGx1Fh/nVMZCneqBGKpZkeGaM3Qh2URG3tHeeyKo9GB1kIsXYiirltLj
+iWTh9+D069+BkgC/SRn/hF4VTeCzx2qExm/DGj3oIQifmrdQ2bDcM4DDC8VqR0i
ulAyyX0+RZxwsnzzd4WM0vHgmx0CSFUVyANa5nANIZoe9/la8yWHHrwTLl1nw/Rf
hkChJY8HT2WVUHR6fJYIHz5hcCYvSN6fRsOFNoNttiXKTO2XTmGC
-----END CERTIFICATE-----