Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/384645-618a-45b2-9d2b-56fadc92e400/1/KzntsBKC6xHsM4irrwPpJqTMjrE.roa
File:                     KzntsBKC6xHsM4irrwPpJqTMjrE.roa (raw, json)
Hash identifier:          rsuAHxEKxQodmj4NlR88Fkx1NvrEvEln4AFpUG54lbA=
Subject key identifier:   2B:39:ED:B0:12:82:EB:11:EC:33:88:AB:AF:03:E9:26:A4:CC:8E:B1
Certificate issuer:       /CN=f16225a500454e62f1d25253ba7a2d8c1e254429
Certificate serial:       019423697D9803F82CC3A46E7CC9FBE10465
Authority key identifier: F1:62:25:A5:00:45:4E:62:F1:D2:52:53:BA:7A:2D:8C:1E:25:44:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8WIlpQBFTmLx0lJTunotjB4lRCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/384645-618a-45b2-9d2b-56fadc92e400/1/KzntsBKC6xHsM4irrwPpJqTMjrE.roa
Signing time:             Wed 01 Jan 2025 19:48:23 +0000
ROA not before:           Wed 01 Jan 2025 19:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     926
IP address blocks:        37.10.116.0/24 maxlen: 24
                          185.184.229.0/24 maxlen: 24
                          2a13:9440::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/384645-618a-45b2-9d2b-56fadc92e400/1/8WIlpQBFTmLx0lJTunotjB4lRCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/384645-618a-45b2-9d2b-56fadc92e400/1/8WIlpQBFTmLx0lJTunotjB4lRCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8WIlpQBFTmLx0lJTunotjB4lRCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:7d:98:03:f8:2c:c3:a4:6e:7c:c9:fb:e1:04:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f16225a500454e62f1d25253ba7a2d8c1e254429
        Validity
            Not Before: Jan  1 19:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2b39edb01282eb11ec3388abaf03e926a4cc8eb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:24:13:39:11:ae:b9:65:29:ee:3f:46:09:6b:
                    eb:79:83:01:4f:1c:b9:a3:05:d6:1c:5c:d2:00:2e:
                    40:2c:57:2b:ff:ae:08:56:5a:00:f3:99:41:df:a9:
                    85:34:50:eb:71:72:d1:2c:c5:3c:d5:5b:70:da:09:
                    22:c4:03:5b:90:ed:4b:d9:60:18:58:a4:26:b6:18:
                    c0:b4:be:58:99:b6:12:33:7a:63:eb:8c:09:ca:36:
                    7a:a4:6e:a4:5e:8e:2b:3b:71:a6:e9:4e:c3:4f:44:
                    20:93:51:11:a5:f9:be:5b:18:e0:53:28:f3:7d:a6:
                    81:32:15:4a:de:4f:f1:f3:d7:3c:41:c0:6e:0f:9e:
                    43:83:e9:54:97:81:92:0b:da:38:af:8c:0d:53:0e:
                    75:84:80:d6:d4:ee:9c:a1:a8:cd:bc:8b:a8:b1:59:
                    5a:3b:a8:1a:f0:43:f7:7d:ed:e3:c7:a3:dd:3f:4c:
                    4c:82:41:fa:9f:4e:28:75:3b:f5:45:94:88:16:0e:
                    73:b6:a0:27:2c:cc:21:72:f4:52:40:15:51:90:e4:
                    47:e2:68:a4:0e:5d:56:38:6c:03:9e:95:7b:67:05:
                    82:0e:63:80:45:dc:f0:19:25:06:b5:31:96:fb:14:
                    81:53:d9:5a:c6:c3:40:33:47:d7:5a:11:ad:42:3f:
                    54:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:39:ED:B0:12:82:EB:11:EC:33:88:AB:AF:03:E9:26:A4:CC:8E:B1
            X509v3 Authority Key Identifier:
                keyid:F1:62:25:A5:00:45:4E:62:F1:D2:52:53:BA:7A:2D:8C:1E:25:44:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8WIlpQBFTmLx0lJTunotjB4lRCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/384645-618a-45b2-9d2b-56fadc92e400/1/KzntsBKC6xHsM4irrwPpJqTMjrE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/384645-618a-45b2-9d2b-56fadc92e400/1/8WIlpQBFTmLx0lJTunotjB4lRCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.10.116.0/24
                  185.184.229.0/24
                IPv6:
                  2a13:9440::/29

    Signature Algorithm: sha256WithRSAEncryption
         50:0f:d0:af:f9:90:2c:ec:1b:b5:70:0c:2d:fa:60:e0:b7:1c:
         5c:b3:07:bb:0a:64:d8:c0:e6:ad:7c:8a:d2:0e:78:a5:6e:11:
         12:7a:2d:c7:74:c9:84:3d:44:0d:09:6b:79:97:3c:83:af:57:
         83:e7:2a:59:4e:0f:ae:4f:d5:73:36:24:24:4d:21:9f:55:b3:
         83:98:38:ec:3a:67:a7:2a:54:26:84:e9:29:70:58:c2:10:a5:
         d4:d0:34:c0:06:6a:9e:31:3e:cf:8f:c6:02:84:4d:f6:1f:51:
         5c:7e:c6:6d:1a:ec:1c:dc:4d:7c:97:0f:f8:a9:e1:ee:50:af:
         cf:6e:12:e1:78:50:85:69:c8:e0:c1:1b:7f:57:50:3a:78:6f:
         0f:3d:24:8a:20:2b:1a:5e:aa:67:f7:ec:93:46:62:93:e4:0e:
         24:f6:1f:b6:59:c0:df:da:d9:bc:b0:51:e0:df:56:85:5c:54:
         e8:e2:8b:da:4d:e0:27:ad:3e:36:76:7f:be:02:fc:be:1a:b8:
         9c:df:76:2a:3a:03:94:9c:d5:25:44:f4:17:6e:d2:81:f3:88:
         87:0a:8e:e1:41:08:b8:d5:e3:e0:26:77:7e:a9:bc:0a:d0:63:
         e9:14:91:99:28:c5:a1:96:f5:51:a5:17:2e:86:15:9f:c0:b2:
         f8:12:3c:0c
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQjaX2YA/gsw6RufMn74QRlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxNjIyNWE1MDA0NTRlNjJmMWQyNTI1M2JhN2EyZDhjMWUy
NTQ0MjkwHhcNMjUwMTAxMTk0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjM5ZWRiMDEyODJlYjExZWMzMzg4YWJhZjAzZTkyNmE0Y2M4ZWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoSQTORGuuWUp7j9GCWvreYMBTxy5
owXWHFzSAC5ALFcr/64IVloA85lB36mFNFDrcXLRLMU81Vtw2gkixANbkO1L2WAY
WKQmthjAtL5YmbYSM3pj64wJyjZ6pG6kXo4rO3Gm6U7DT0Qgk1ERpfm+WxjgUyjz
faaBMhVK3k/x89c8QcBuD55Dg+lUl4GSC9o4r4wNUw51hIDW1O6coajNvIuosVla
O6ga8EP3fe3jx6PdP0xMgkH6n04odTv1RZSIFg5ztqAnLMwhcvRSQBVRkORH4mik
Dl1WOGwDnpV7ZwWCDmOARdzwGSUGtTGW+xSBU9laxsNAM0fXWhGtQj9UYQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCs57bASgusR7DOIq68D6SakzI6xMB8GA1UdIwQY
MBaAFPFiJaUARU5i8dJSU7p6LYweJUQpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFdJbHBRQkZUbUx4MGxKVHVub3RqQjRsUkNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8zODQ2NDUtNjE4YS00NWIyLTlkMmIt
NTZmYWRjOTJlNDAwLzEvS3pudHNCS0M2eEhzTTRpcnJ3UHBKcVRNanJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8zODQ2NDUtNjE4YS00NWIyLTlkMmItNTZmYWRjOTJlNDAw
LzEvOFdJbHBRQkZUbUx4MGxKVHVub3RqQjRsUkNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAJQp0AwQA
ubjlMA0EAgACMAcDBQMqE5RAMA0GCSqGSIb3DQEBCwUAA4IBAQBQD9Cv+ZAs7Bu1
cAwt+mDgtxxcswe7CmTYwOatfIrSDnilbhESei3HdMmEPUQNCWt5lzyDr1eD5ypZ
Tg+uT9VzNiQkTSGfVbODmDjsOmenKlQmhOkpcFjCEKXU0DTABmqeMT7Pj8YChE32
H1FcfsZtGuwc3E18lw/4qeHuUK/PbhLheFCFacjgwRt/V1A6eG8PPSSKICsaXqpn
9+yTRmKT5A4k9h+2WcDf2tm8sFHg31aFXFTo4ovaTeAnrT42dn++Avy+Gric33Yq
OgOUnNUlRPQXbtKB84iHCo7hQQi41ePgJnd+qbwK0GPpFJGZKMWhlvVRpRcuhhWf
wLL4EjwM
-----END CERTIFICATE-----