Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/1182cb-5f95-4cd4-b72f-46b46fc0e496/1/kLoSSyOqdGXBSQRo8VZp6L-TiaM.roa
File:                     kLoSSyOqdGXBSQRo8VZp6L-TiaM.roa (raw, json)
Hash identifier:          9hIEwlHhl+bUrm5c0k44GlmKeMVBJgHOI+a/J30MoSc=
Subject key identifier:   90:BA:12:4B:23:AA:74:65:C1:49:04:68:F1:56:69:E8:BF:93:89:A3
Certificate issuer:       /CN=b2ed1d6066f4e4654ef5f3cc70a5d905a9af8290
Certificate serial:       019423D7EE1AE4E054197C71C9BAE9084980
Authority key identifier: B2:ED:1D:60:66:F4:E4:65:4E:F5:F3:CC:70:A5:D9:05:A9:AF:82:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/su0dYGb05GVO9fPMcKXZBamvgpA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/1182cb-5f95-4cd4-b72f-46b46fc0e496/1/kLoSSyOqdGXBSQRo8VZp6L-TiaM.roa
Signing time:             Wed 01 Jan 2025 21:49:01 +0000
ROA not before:           Wed 01 Jan 2025 21:49:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198949
IP address blocks:        217.145.160.0/20 maxlen: 24
                          217.145.162.0/24 maxlen: 24
                          217.145.164.0/24 maxlen: 24
                          217.145.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/1182cb-5f95-4cd4-b72f-46b46fc0e496/1/su0dYGb05GVO9fPMcKXZBamvgpA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/1182cb-5f95-4cd4-b72f-46b46fc0e496/1/su0dYGb05GVO9fPMcKXZBamvgpA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/su0dYGb05GVO9fPMcKXZBamvgpA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:ee:1a:e4:e0:54:19:7c:71:c9:ba:e9:08:49:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2ed1d6066f4e4654ef5f3cc70a5d905a9af8290
        Validity
            Not Before: Jan  1 21:49:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=90ba124b23aa7465c1490468f15669e8bf9389a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:b0:40:87:10:6e:9c:8d:f3:01:4a:2b:2c:4e:
                    4a:85:07:f7:74:87:26:ce:bb:fb:3a:b9:71:ab:ec:
                    15:6d:c0:04:5d:23:d9:93:6d:4e:e9:ca:3c:9b:f7:
                    c9:88:3f:58:cb:e5:3c:33:b3:c6:54:49:42:58:a6:
                    96:fd:61:62:00:d9:73:56:cc:d4:79:78:3f:09:76:
                    1e:17:af:44:82:f7:f5:76:90:38:93:d0:4b:0f:85:
                    5d:f5:c0:54:03:82:1d:d6:62:c2:e1:3b:13:ca:b5:
                    08:32:e0:d3:98:c5:ee:ae:09:e3:da:a4:6e:82:67:
                    78:fe:41:3a:7d:ff:fa:4b:de:84:6a:33:fc:6b:06:
                    3c:8c:83:28:63:67:1c:a8:3a:f5:b9:8e:df:07:cf:
                    e2:31:19:76:c6:34:36:59:b0:59:6b:77:bb:9f:ca:
                    9e:56:1c:6e:b7:8c:62:00:40:1f:a8:b4:b8:e2:69:
                    2a:87:b0:15:f5:8e:d3:a9:cb:b5:f9:1a:4c:cc:b8:
                    8b:13:73:e3:52:6d:ae:c3:20:d9:a8:a8:8e:0c:64:
                    2c:10:4a:39:98:71:40:08:8c:e0:8c:58:2b:16:95:
                    16:96:99:b4:aa:2c:8a:d3:c9:d5:05:40:c7:c6:fa:
                    78:0a:12:81:e9:9f:4b:b3:61:4c:4a:64:b6:08:83:
                    a3:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:BA:12:4B:23:AA:74:65:C1:49:04:68:F1:56:69:E8:BF:93:89:A3
            X509v3 Authority Key Identifier:
                keyid:B2:ED:1D:60:66:F4:E4:65:4E:F5:F3:CC:70:A5:D9:05:A9:AF:82:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/su0dYGb05GVO9fPMcKXZBamvgpA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/1182cb-5f95-4cd4-b72f-46b46fc0e496/1/kLoSSyOqdGXBSQRo8VZp6L-TiaM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/1182cb-5f95-4cd4-b72f-46b46fc0e496/1/su0dYGb05GVO9fPMcKXZBamvgpA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.145.160.0/20

    Signature Algorithm: sha256WithRSAEncryption
         34:c9:da:e4:6e:13:42:64:2e:f6:d2:e9:1c:35:bf:8c:b1:c5:
         73:cd:4c:17:72:f5:6a:00:ae:ea:d1:ee:b5:39:d0:16:8a:59:
         8a:90:02:25:1b:2b:f8:60:da:3d:64:dc:3f:7d:22:f6:63:f0:
         6c:35:d8:c0:96:fc:d5:a8:c0:d2:ea:69:b3:89:d7:5d:0c:49:
         66:03:08:de:e3:2c:01:a6:4f:21:cf:89:fb:33:2a:92:00:96:
         2b:95:aa:f3:a5:44:82:d6:b6:f1:e3:c8:00:7c:84:95:a8:27:
         da:29:c0:ef:7d:9a:83:d6:fc:cc:54:82:84:ef:9a:d6:62:02:
         da:d1:2a:bc:0c:fa:bd:e0:e4:e5:11:be:4e:38:32:d2:ea:97:
         a4:9d:92:b2:46:67:54:f1:30:14:38:a5:e1:ad:64:4a:86:c2:
         53:98:6f:c1:52:32:2e:e1:d2:07:97:ed:a2:87:98:47:a1:85:
         d1:66:36:20:db:f5:1d:53:47:94:cf:5f:87:91:7f:ed:56:f7:
         0c:4e:7a:47:2a:8c:61:f3:9d:f2:15:f1:0d:bf:2f:f4:b8:c1:
         5b:18:a0:ab:03:4d:a8:8b:44:fb:fb:96:fd:fe:a0:f3:f2:81:
         65:c9:97:d9:74:46:6f:57:f7:5e:13:75:6c:42:f7:ec:9f:ad:
         5c:a8:58:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1+4a5OBUGXxxybrpCEmAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyZWQxZDYwNjZmNGU0NjU0ZWY1ZjNjYzcwYTVkOTA1YTlh
ZjgyOTAwHhcNMjUwMTAxMjE0OTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGJhMTI0YjIzYWE3NDY1YzE0OTA0NjhmMTU2NjllOGJmOTM4OWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbBAhxBunI3zAUorLE5KhQf3dIcm
zrv7Orlxq+wVbcAEXSPZk21O6co8m/fJiD9Yy+U8M7PGVElCWKaW/WFiANlzVszU
eXg/CXYeF69Egvf1dpA4k9BLD4Vd9cBUA4Id1mLC4TsTyrUIMuDTmMXurgnj2qRu
gmd4/kE6ff/6S96EajP8awY8jIMoY2ccqDr1uY7fB8/iMRl2xjQ2WbBZa3e7n8qe
Vhxut4xiAEAfqLS44mkqh7AV9Y7Tqcu1+RpMzLiLE3PjUm2uwyDZqKiODGQsEEo5
mHFACIzgjFgrFpUWlpm0qiyK08nVBUDHxvp4ChKB6Z9Ls2FMSmS2CIOjdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJC6EksjqnRlwUkEaPFWaei/k4mjMB8GA1UdIwQY
MBaAFLLtHWBm9ORlTvXzzHCl2QWpr4KQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3UwZFlHYjA1R1ZPOWZQTWNLWFpCYW12Z3BBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS8xMTgyY2ItNWY5NS00Y2Q0LWI3MmYt
NDZiNDZmYzBlNDk2LzEva0xvU1N5T3FkR1hCU1FSbzhWWnA2TC1UaWFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS8xMTgyY2ItNWY5NS00Y2Q0LWI3MmYtNDZiNDZmYzBlNDk2
LzEvc3UwZFlHYjA1R1ZPOWZQTWNLWFpCYW12Z3BBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE2ZGgMA0G
CSqGSIb3DQEBCwUAA4IBAQA0ydrkbhNCZC720ukcNb+MscVzzUwXcvVqAK7q0e61
OdAWilmKkAIlGyv4YNo9ZNw/fSL2Y/BsNdjAlvzVqMDS6mmzidddDElmAwje4ywB
pk8hz4n7MyqSAJYrlarzpUSC1rbx48gAfISVqCfaKcDvfZqD1vzMVIKE75rWYgLa
0Sq8DPq94OTlEb5OODLS6peknZKyRmdU8TAUOKXhrWRKhsJTmG/BUjIu4dIHl+2i
h5hHoYXRZjYg2/UdU0eUz1+HkX/tVvcMTnpHKoxh853yFfENvy/0uMFbGKCrA02o
i0T7+5b9/qDz8oFlyZfZdEZvV/deE3VsQvfsn61cqFjW
-----END CERTIFICATE-----