Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/1b90de-2b76-4d0b-9093-2fc35cd1ac2a/1/khFY4LCzs_C_2FKxTxDOR-38KnY.roa
File:                     khFY4LCzs_C_2FKxTxDOR-38KnY.roa (raw, json)
Hash identifier:          XM0c5kYBwYH9YLOtd32YXHex7zgvtOBEgciRDVMSUbU=
Subject key identifier:   92:11:58:E0:B0:B3:B3:F0:BF:D8:52:B1:4F:10:CE:47:ED:FC:2A:76
Certificate issuer:       /CN=08e7d7b3bc4c0791c0cffe3f1555ab773e3ed16e
Certificate serial:       019561D53DFE328CF430EF17D38A71269082
Authority key identifier: 08:E7:D7:B3:BC:4C:07:91:C0:CF:FE:3F:15:55:AB:77:3E:3E:D1:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/COfXs7xMB5HAz_4_FVWrdz4-0W4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/1b90de-2b76-4d0b-9093-2fc35cd1ac2a/1/khFY4LCzs_C_2FKxTxDOR-38KnY.roa
Signing time:             Tue 04 Mar 2025 15:45:19 +0000
ROA not before:           Tue 04 Mar 2025 15:45:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199102
IP address blocks:        93.189.224.0/22 maxlen: 24
                          93.189.224.0/24 maxlen: 24
                          93.189.226.0/24 maxlen: 24
                          93.189.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/1b90de-2b76-4d0b-9093-2fc35cd1ac2a/1/COfXs7xMB5HAz_4_FVWrdz4-0W4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/1b90de-2b76-4d0b-9093-2fc35cd1ac2a/1/COfXs7xMB5HAz_4_FVWrdz4-0W4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/COfXs7xMB5HAz_4_FVWrdz4-0W4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 03:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:61:d5:3d:fe:32:8c:f4:30:ef:17:d3:8a:71:26:90:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08e7d7b3bc4c0791c0cffe3f1555ab773e3ed16e
        Validity
            Not Before: Mar  4 15:45:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=921158e0b0b3b3f0bfd852b14f10ce47edfc2a76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:c0:38:b6:d6:1d:f9:70:af:e7:19:6a:13:7b:
                    73:58:df:3b:8d:9b:ba:86:1f:ee:c5:e9:73:e3:eb:
                    ff:b7:70:3f:c6:89:12:86:23:d0:c5:f3:57:40:fc:
                    ac:bf:d7:8c:e7:64:40:86:24:24:ae:45:6c:b8:bf:
                    d1:05:55:9b:7d:8f:8a:63:0c:b7:ed:7e:4d:09:a8:
                    45:b5:e0:05:8c:f4:13:6d:10:4c:f9:38:b2:87:bf:
                    a5:17:d0:8f:c0:fd:fd:5e:08:fc:dc:b1:df:e4:53:
                    9b:a3:b6:d8:f1:10:3a:2c:c0:75:f9:7c:c4:05:2b:
                    1d:fa:d7:68:f4:b5:5b:4f:b5:ed:27:45:14:dc:ce:
                    15:77:f4:73:9c:18:c7:4c:73:97:c5:c1:85:a1:6d:
                    50:f1:77:5a:91:03:27:b1:b4:3b:59:4e:a6:8e:fc:
                    4b:27:02:6f:2e:3f:e0:87:fc:45:ce:fe:03:1a:46:
                    7e:51:1f:ab:95:bf:9c:e4:0b:1b:06:51:70:f4:66:
                    b1:06:69:ad:13:a5:fc:02:a2:c3:91:c3:40:00:30:
                    d0:7e:03:03:21:f0:a3:bd:2a:f0:47:ba:ba:71:56:
                    cf:be:ae:3a:1f:8c:bc:74:1f:38:82:ab:e7:25:42:
                    51:a0:00:38:5e:42:58:a3:90:30:39:c7:fb:99:4c:
                    b4:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:11:58:E0:B0:B3:B3:F0:BF:D8:52:B1:4F:10:CE:47:ED:FC:2A:76
            X509v3 Authority Key Identifier:
                keyid:08:E7:D7:B3:BC:4C:07:91:C0:CF:FE:3F:15:55:AB:77:3E:3E:D1:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/COfXs7xMB5HAz_4_FVWrdz4-0W4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/1b90de-2b76-4d0b-9093-2fc35cd1ac2a/1/khFY4LCzs_C_2FKxTxDOR-38KnY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/1b90de-2b76-4d0b-9093-2fc35cd1ac2a/1/COfXs7xMB5HAz_4_FVWrdz4-0W4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.189.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         06:57:b3:8a:78:d5:2f:87:0a:0f:4c:bf:1c:09:8d:bd:1e:44:
         79:ed:20:76:a5:06:50:ea:f1:1d:f5:90:3e:4a:60:14:b5:17:
         06:17:55:b9:6c:41:fb:5e:6c:53:74:dd:59:8d:f1:b9:ad:1e:
         b3:b4:66:66:7a:9c:ab:4e:82:9e:8a:2c:7e:d4:98:34:e6:02:
         87:21:dd:51:68:39:2b:ea:fd:85:93:27:ec:df:72:59:8d:da:
         b3:94:66:ac:dc:cf:b0:f4:34:86:dc:7b:8f:61:8f:9d:89:54:
         27:89:7b:e4:28:a6:9b:4d:61:a5:39:8e:7f:b2:ee:b9:87:0c:
         f6:8c:cb:74:b8:4d:1c:f3:49:d1:f4:37:a6:73:b9:22:6a:48:
         82:d9:fa:99:6a:47:e4:d1:31:d6:54:39:8a:56:ad:e2:6a:e0:
         7b:52:b0:b3:60:b8:cf:65:92:44:0d:ba:56:40:d1:79:e0:cc:
         c3:30:0f:a2:05:c7:b5:5f:b9:3c:4e:43:b4:a5:7c:f8:91:69:
         fa:74:1a:23:60:84:47:9c:7d:a7:49:fa:fd:8c:81:79:5a:8c:
         05:c6:33:23:8c:85:48:43:bd:90:cf:28:02:19:82:bc:cf:3d:
         dd:d7:d4:e1:c4:db:2d:fd:e5:1e:97:e1:70:ff:56:4c:c3:33:
         ea:8a:a0:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVh1T3+Moz0MO8X04pxJpCCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ZTdkN2IzYmM0YzA3OTFjMGNmZmUzZjE1NTVhYjc3M2Uz
ZWQxNmUwHhcNMjUwMzA0MTU0NTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjExNThlMGIwYjNiM2YwYmZkODUyYjE0ZjEwY2U0N2VkZmMyYTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo8A4ttYd+XCv5xlqE3tzWN87jZu6
hh/uxelz4+v/t3A/xokShiPQxfNXQPysv9eM52RAhiQkrkVsuL/RBVWbfY+KYwy3
7X5NCahFteAFjPQTbRBM+Tiyh7+lF9CPwP39Xgj83LHf5FObo7bY8RA6LMB1+XzE
BSsd+tdo9LVbT7XtJ0UU3M4Vd/RznBjHTHOXxcGFoW1Q8XdakQMnsbQ7WU6mjvxL
JwJvLj/gh/xFzv4DGkZ+UR+rlb+c5AsbBlFw9GaxBmmtE6X8AqLDkcNAADDQfgMD
IfCjvSrwR7q6cVbPvq46H4y8dB84gqvnJUJRoAA4XkJYo5AwOcf7mUy0VQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJIRWOCws7Pwv9hSsU8Qzkft/Cp2MB8GA1UdIwQY
MBaAFAjn17O8TAeRwM/+PxVVq3c+PtFuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ09mWHM3eE1CNUhBel80X0ZWV3JkejQtMFc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8xYjkwZGUtMmI3Ni00ZDBiLTkwOTMt
MmZjMzVjZDFhYzJhLzEva2hGWTRMQ3pzX0NfMkZLeFR4RE9SLTM4S25ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8xYjkwZGUtMmI3Ni00ZDBiLTkwOTMtMmZjMzVjZDFhYzJh
LzEvQ09mWHM3eE1CNUhBel80X0ZWV3JkejQtMFc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXb3gMA0G
CSqGSIb3DQEBCwUAA4IBAQAGV7OKeNUvhwoPTL8cCY29HkR57SB2pQZQ6vEd9ZA+
SmAUtRcGF1W5bEH7XmxTdN1ZjfG5rR6ztGZmepyrToKeiix+1Jg05gKHId1RaDkr
6v2Fkyfs33JZjdqzlGas3M+w9DSG3HuPYY+diVQniXvkKKabTWGlOY5/su65hwz2
jMt0uE0c80nR9Demc7kiakiC2fqZakfk0THWVDmKVq3iauB7UrCzYLjPZZJEDbpW
QNF54MzDMA+iBce1X7k8TkO0pXz4kWn6dBojYIRHnH2nSfr9jIF5WowFxjMjjIVI
Q72QzygCGYK8zz3d19ThxNst/eUel+Fw/1ZMwzPqiqBr
-----END CERTIFICATE-----