Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/9a7dda-0f68-4088-a075-e7fdf7741a65/1/Khmhefi6kwckslHGfWvU_2oMALk.roa
File:                     Khmhefi6kwckslHGfWvU_2oMALk.roa (raw, json)
Hash identifier:          GCH2SF4oCWT5irU/tNDWYDBbGKrkiI0SguGZAk1/bwY=
Subject key identifier:   2A:19:A1:79:F8:BA:93:07:24:B2:51:C6:7D:6B:D4:FF:6A:0C:00:B9
Certificate issuer:       /CN=09a8ed97abe8b8014dd31c2c244f9f28f5f97a21
Certificate serial:       019428253F34A88FEDA0D4E04C7CD2B68EF3
Authority key identifier: 09:A8:ED:97:AB:E8:B8:01:4D:D3:1C:2C:24:4F:9F:28:F5:F9:7A:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Cajtl6vouAFN0xwsJE-fKPX5eiE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/9a7dda-0f68-4088-a075-e7fdf7741a65/1/Khmhefi6kwckslHGfWvU_2oMALk.roa
Signing time:             Thu 02 Jan 2025 17:51:57 +0000
ROA not before:           Thu 02 Jan 2025 17:51:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208663
IP address blocks:        45.91.0.0/22 maxlen: 22
                          45.91.3.0/24 maxlen: 24
                          2a0e:840::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/9a7dda-0f68-4088-a075-e7fdf7741a65/1/Cajtl6vouAFN0xwsJE-fKPX5eiE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/9a7dda-0f68-4088-a075-e7fdf7741a65/1/Cajtl6vouAFN0xwsJE-fKPX5eiE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Cajtl6vouAFN0xwsJE-fKPX5eiE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:3f:34:a8:8f:ed:a0:d4:e0:4c:7c:d2:b6:8e:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09a8ed97abe8b8014dd31c2c244f9f28f5f97a21
        Validity
            Not Before: Jan  2 17:51:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2a19a179f8ba930724b251c67d6bd4ff6a0c00b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:cf:d5:bf:b1:04:5c:7c:13:e3:33:47:82:6c:
                    1c:45:e6:ee:46:b4:33:cc:3d:1a:e9:42:7e:9b:d3:
                    c0:53:ce:c4:b4:6a:90:e4:d4:4e:fc:5c:1a:07:a6:
                    d0:fe:5c:fd:ec:8c:7e:d9:24:11:a9:6c:2d:31:c2:
                    f9:96:80:15:b0:50:89:a9:ad:5b:60:e2:7b:b5:fb:
                    35:21:46:ec:f3:00:e2:32:f6:84:18:1a:c1:e9:21:
                    79:90:d1:ef:ab:9f:7a:38:6e:89:df:e9:88:d4:d7:
                    05:7d:0b:8b:b2:20:22:95:21:58:05:53:1c:00:a4:
                    49:bb:41:4c:e2:eb:d7:39:16:46:c6:b1:89:44:59:
                    66:c2:4b:34:ce:31:30:d2:29:87:1a:dd:5f:9d:58:
                    e0:00:a1:dc:de:3b:4d:29:16:52:99:08:b4:2e:d1:
                    3f:df:c5:c7:44:30:49:1f:78:02:e3:2e:77:78:2a:
                    7e:0b:c8:32:d7:29:e2:4b:e8:04:7b:df:ed:74:7b:
                    57:ce:a4:8e:f8:27:06:d9:e6:a6:b7:e9:f8:2e:77:
                    5d:3e:3d:a3:00:2d:8f:fa:54:88:a8:a6:23:79:30:
                    f6:7a:13:4e:d2:a1:6b:80:38:90:86:5b:60:6e:68:
                    ba:e6:9a:5d:93:6f:19:05:47:26:f2:14:4f:cd:7e:
                    ad:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:19:A1:79:F8:BA:93:07:24:B2:51:C6:7D:6B:D4:FF:6A:0C:00:B9
            X509v3 Authority Key Identifier:
                keyid:09:A8:ED:97:AB:E8:B8:01:4D:D3:1C:2C:24:4F:9F:28:F5:F9:7A:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Cajtl6vouAFN0xwsJE-fKPX5eiE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/9a7dda-0f68-4088-a075-e7fdf7741a65/1/Khmhefi6kwckslHGfWvU_2oMALk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/9a7dda-0f68-4088-a075-e7fdf7741a65/1/Cajtl6vouAFN0xwsJE-fKPX5eiE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.0.0/22
                IPv6:
                  2a0e:840::/29

    Signature Algorithm: sha256WithRSAEncryption
         66:2f:d4:2f:c3:d2:34:ee:30:b2:f9:ce:00:de:61:05:40:69:
         12:b9:26:31:e1:2a:bb:79:fc:fd:64:d8:1d:26:20:b0:e1:24:
         10:56:d1:3a:11:49:0f:f6:68:90:b8:69:a1:ac:00:d6:36:f8:
         0c:06:bf:44:ec:59:55:05:81:07:6e:71:7f:61:7e:d4:50:a8:
         39:02:ff:d6:21:ab:7a:6c:e8:73:92:7c:96:98:47:d7:bc:8c:
         57:3b:30:8c:e7:2f:53:50:03:ce:b8:c0:43:20:20:70:7f:cc:
         7c:5e:44:90:e5:97:2a:36:8a:ec:30:94:16:85:c9:08:fd:e2:
         ba:10:8e:02:12:c9:af:28:68:4d:39:28:4e:3e:6f:8c:b9:c8:
         90:2a:a1:e9:b8:6b:57:21:f7:13:6f:06:16:fe:67:13:a2:62:
         d2:df:af:f9:06:5e:8a:91:27:19:8f:31:3a:93:c0:5b:7e:e7:
         66:42:f8:85:c0:32:83:fb:0c:60:c5:2f:47:af:d6:86:c8:8f:
         31:e8:5c:1c:d6:6d:0a:73:28:28:02:7f:15:37:64:5b:bd:35:
         99:a7:bf:9e:9b:60:68:5e:d8:c6:b3:16:bf:a3:74:f3:49:f9:
         24:79:e9:e4:1d:06:48:bb:a8:12:53:81:db:98:b5:28:9a:d0:
         78:fe:e0:bb
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQoJT80qI/toNTgTHzSto7zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5YThlZDk3YWJlOGI4MDE0ZGQzMWMyYzI0NGY5ZjI4ZjVm
OTdhMjEwHhcNMjUwMTAyMTc1MTU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTE5YTE3OWY4YmE5MzA3MjRiMjUxYzY3ZDZiZDRmZjZhMGMwMGI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuM/Vv7EEXHwT4zNHgmwcRebuRrQz
zD0a6UJ+m9PAU87EtGqQ5NRO/FwaB6bQ/lz97Ix+2SQRqWwtMcL5loAVsFCJqa1b
YOJ7tfs1IUbs8wDiMvaEGBrB6SF5kNHvq596OG6J3+mI1NcFfQuLsiAilSFYBVMc
AKRJu0FM4uvXORZGxrGJRFlmwks0zjEw0imHGt1fnVjgAKHc3jtNKRZSmQi0LtE/
38XHRDBJH3gC4y53eCp+C8gy1yniS+gEe9/tdHtXzqSO+CcG2eamt+n4LnddPj2j
AC2P+lSIqKYjeTD2ehNO0qFrgDiQhltgbmi65ppdk28ZBUcm8hRPzX6tcwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCoZoXn4upMHJLJRxn1r1P9qDAC5MB8GA1UdIwQY
MBaAFAmo7Zer6LgBTdMcLCRPnyj1+XohMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2FqdGw2dm91QUZOMHh3c0pFLWZLUFg1ZWlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi85YTdkZGEtMGY2OC00MDg4LWEwNzUt
ZTdmZGY3NzQxYTY1LzEvS2htaGVmaTZrd2Nrc2xIR2ZXdlVfMm9NQUxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi85YTdkZGEtMGY2OC00MDg4LWEwNzUtZTdmZGY3NzQxYTY1
LzEvQ2FqdGw2dm91QUZOMHh3c0pFLWZLUFg1ZWlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLVsAMA0E
AgACMAcDBQMqDghAMA0GCSqGSIb3DQEBCwUAA4IBAQBmL9Qvw9I07jCy+c4A3mEF
QGkSuSYx4Sq7efz9ZNgdJiCw4SQQVtE6EUkP9miQuGmhrADWNvgMBr9E7FlVBYEH
bnF/YX7UUKg5Av/WIat6bOhzknyWmEfXvIxXOzCM5y9TUAPOuMBDICBwf8x8XkSQ
5ZcqNorsMJQWhckI/eK6EI4CEsmvKGhNOShOPm+MuciQKqHpuGtXIfcTbwYW/mcT
omLS36/5Bl6KkScZjzE6k8BbfudmQviFwDKD+wxgxS9Hr9aGyI8x6Fwc1m0Kcygo
An8VN2RbvTWZp7+em2BoXtjGsxa/o3TzSfkkeenkHQZIu6gSU4HbmLUomtB4/uC7
-----END CERTIFICATE-----