Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/975e4f-6c26-44bb-9ada-2fc6d17f8b58/1/KV7R1N_V77pOGNFqnvFI6VhE9Go.roa
File:                     KV7R1N_V77pOGNFqnvFI6VhE9Go.roa (raw, json)
Hash identifier:          ih2S77Xnd5LfWtkG7w1ATz4hnQOa5DPl2XBfQ5D61xc=
Subject key identifier:   29:5E:D1:D4:DF:D5:EF:BA:4E:18:D1:6A:9E:F1:48:E9:58:44:F4:6A
Certificate issuer:       /CN=cd394757e1416202a4022956dbf48d707458520c
Certificate serial:       0194221FBECE21C2FFB2B513307D348A0812
Authority key identifier: CD:39:47:57:E1:41:62:02:A4:02:29:56:DB:F4:8D:70:74:58:52:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zTlHV-FBYgKkAilW2_SNcHRYUgw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/975e4f-6c26-44bb-9ada-2fc6d17f8b58/1/KV7R1N_V77pOGNFqnvFI6VhE9Go.roa
Signing time:             Wed 01 Jan 2025 13:48:13 +0000
ROA not before:           Wed 01 Jan 2025 13:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        185.39.10.0/24 maxlen: 24
                          2a12:1b80::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/975e4f-6c26-44bb-9ada-2fc6d17f8b58/1/zTlHV-FBYgKkAilW2_SNcHRYUgw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/975e4f-6c26-44bb-9ada-2fc6d17f8b58/1/zTlHV-FBYgKkAilW2_SNcHRYUgw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zTlHV-FBYgKkAilW2_SNcHRYUgw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:be:ce:21:c2:ff:b2:b5:13:30:7d:34:8a:08:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd394757e1416202a4022956dbf48d707458520c
        Validity
            Not Before: Jan  1 13:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=295ed1d4dfd5efba4e18d16a9ef148e95844f46a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:53:de:92:c4:b1:c3:1c:95:a0:f7:df:a4:c6:
                    85:b4:cb:4f:df:ea:81:85:48:23:02:1f:43:e6:c1:
                    02:f9:71:6d:e5:63:cc:f1:53:37:44:fa:65:3c:87:
                    87:1c:85:df:c7:73:98:20:a6:da:63:53:ec:e5:54:
                    43:81:06:65:fa:31:08:33:64:bd:b2:51:e4:8f:94:
                    62:fb:58:1e:22:f6:a2:56:27:38:66:d6:7d:6d:a2:
                    0a:53:7a:8e:fb:f8:00:20:2c:3b:95:ba:10:5f:c3:
                    53:2d:15:84:98:96:64:84:3f:e8:e3:12:5f:4a:ea:
                    d3:bd:d8:f4:27:4e:c2:eb:ce:5a:b3:36:96:0d:c8:
                    50:3d:b9:d4:60:4e:63:b4:d7:c7:cd:29:42:cb:5f:
                    0c:a9:ee:23:00:67:75:84:84:25:fe:95:41:36:84:
                    e8:52:47:ec:4c:43:8b:b6:80:eb:55:c7:26:8f:e6:
                    54:bb:ec:44:cf:25:7b:c5:86:c2:c1:ca:82:77:de:
                    cb:ab:84:95:8c:8b:d6:e7:e5:f4:13:14:bf:27:fa:
                    d6:76:f0:11:76:ae:39:80:b2:95:ae:53:aa:8c:7f:
                    03:76:7e:64:75:6f:9a:83:71:83:90:9e:21:2f:28:
                    48:69:92:5a:64:0d:70:58:5a:f9:c6:15:b5:06:3a:
                    22:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:5E:D1:D4:DF:D5:EF:BA:4E:18:D1:6A:9E:F1:48:E9:58:44:F4:6A
            X509v3 Authority Key Identifier:
                keyid:CD:39:47:57:E1:41:62:02:A4:02:29:56:DB:F4:8D:70:74:58:52:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zTlHV-FBYgKkAilW2_SNcHRYUgw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/975e4f-6c26-44bb-9ada-2fc6d17f8b58/1/KV7R1N_V77pOGNFqnvFI6VhE9Go.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/975e4f-6c26-44bb-9ada-2fc6d17f8b58/1/zTlHV-FBYgKkAilW2_SNcHRYUgw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.39.10.0/24
                IPv6:
                  2a12:1b80::/32

    Signature Algorithm: sha256WithRSAEncryption
         26:91:b6:f5:80:cf:48:72:ba:81:6d:4e:f1:fa:1a:b2:e9:b6:
         8b:f7:55:ac:7d:c5:16:d4:a8:e9:3f:db:b6:dc:9c:71:15:4e:
         28:83:39:4a:3f:40:c4:56:c8:f4:86:10:63:7a:c7:92:fc:f4:
         02:0a:34:99:0e:b3:5e:0f:1f:38:1f:7a:e8:3d:1d:39:de:22:
         bf:7d:32:b6:6c:30:a2:c3:02:f4:41:1d:77:17:78:fb:6d:cd:
         d4:fc:c1:1f:3f:2a:c6:4e:d2:4d:24:48:10:4b:7b:01:d7:71:
         33:6e:83:c9:86:90:5b:8d:c1:f9:f7:f6:1a:a7:11:30:ff:ea:
         97:68:9b:34:53:c4:ee:9d:c4:e0:2f:17:bb:c0:a1:77:73:ea:
         d2:47:5d:a5:7b:2f:b4:f8:d2:ec:a4:0d:25:69:ba:16:d8:5e:
         fa:3f:ee:18:fa:64:ed:0c:be:90:af:c3:66:c3:cc:c4:ec:b1:
         5c:44:e5:b4:84:0a:ba:f3:16:d7:cf:1b:6c:3d:30:8e:04:d0:
         10:d0:f3:67:d6:c2:cb:6c:00:a7:a5:8b:93:43:2a:69:de:15:
         e8:cc:9b:3b:2e:5f:90:5c:e4:4b:d4:96:71:9a:5c:e5:6f:b6:
         17:06:98:07:d1:b8:fe:b5:38:c6:dd:34:ac:0d:1e:da:2d:36:
         22:47:4a:b0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQiH77OIcL/srUTMH00iggSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkMzk0NzU3ZTE0MTYyMDJhNDAyMjk1NmRiZjQ4ZDcwNzQ1
ODUyMGMwHhcNMjUwMTAxMTM0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTVlZDFkNGRmZDVlZmJhNGUxOGQxNmE5ZWYxNDhlOTU4NDRmNDZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0lPeksSxwxyVoPffpMaFtMtP3+qB
hUgjAh9D5sEC+XFt5WPM8VM3RPplPIeHHIXfx3OYIKbaY1Ps5VRDgQZl+jEIM2S9
slHkj5Ri+1geIvaiVic4ZtZ9baIKU3qO+/gAICw7lboQX8NTLRWEmJZkhD/o4xJf
SurTvdj0J07C685aszaWDchQPbnUYE5jtNfHzSlCy18Mqe4jAGd1hIQl/pVBNoTo
UkfsTEOLtoDrVccmj+ZUu+xEzyV7xYbCwcqCd97Lq4SVjIvW5+X0ExS/J/rWdvAR
dq45gLKVrlOqjH8Ddn5kdW+ag3GDkJ4hLyhIaZJaZA1wWFr5xhW1BjoiuQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCle0dTf1e+6ThjRap7xSOlYRPRqMB8GA1UdIwQY
MBaAFM05R1fhQWICpAIpVtv0jXB0WFIMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelRsSFYtRkJZZ0trQWlsVzJfU05jSFJZVWd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi85NzVlNGYtNmMyNi00NGJiLTlhZGEt
MmZjNmQxN2Y4YjU4LzEvS1Y3UjFOX1Y3N3BPR05GcW52Rkk2VmhFOUdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi85NzVlNGYtNmMyNi00NGJiLTlhZGEtMmZjNmQxN2Y4YjU4
LzEvelRsSFYtRkJZZ0trQWlsVzJfU05jSFJZVWd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuScKMA0E
AgACMAcDBQAqEhuAMA0GCSqGSIb3DQEBCwUAA4IBAQAmkbb1gM9IcrqBbU7x+hqy
6baL91WsfcUW1KjpP9u23JxxFU4ogzlKP0DEVsj0hhBjeseS/PQCCjSZDrNeDx84
H3roPR053iK/fTK2bDCiwwL0QR13F3j7bc3U/MEfPyrGTtJNJEgQS3sB13EzboPJ
hpBbjcH59/YapxEw/+qXaJs0U8TuncTgLxe7wKF3c+rSR12ley+0+NLspA0laboW
2F76P+4Y+mTtDL6Qr8Nmw8zE7LFcROW0hAq68xbXzxtsPTCOBNAQ0PNn1sLLbACn
pYuTQypp3hXozJs7Ll+QXORL1JZxmlzlb7YXBpgH0bj+tTjG3TSsDR7aLTYiR0qw
-----END CERTIFICATE-----