Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/25e660-4056-42cc-a8b0-d0517db26dad/1/__KLjvjgMO1LuKrx6zZXZJBcRtk.roa
File:                     __KLjvjgMO1LuKrx6zZXZJBcRtk.roa (raw, json)
Hash identifier:          kZSjdOtgx956Q9WcOxsnl5QBMbkPJAPdg2gED1ZbQy4=
Subject key identifier:   FF:F2:8B:8E:F8:E0:30:ED:4B:B8:AA:F1:EB:36:57:64:90:5C:46:D9
Certificate issuer:       /CN=c9a9484ca708ab771eb1db90bafc8a114c2c3d79
Certificate serial:       019423D745DA9A7B555268396653DFA77D74
Authority key identifier: C9:A9:48:4C:A7:08:AB:77:1E:B1:DB:90:BA:FC:8A:11:4C:2C:3D:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yalITKcIq3cesduQuvyKEUwsPXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/25e660-4056-42cc-a8b0-d0517db26dad/1/__KLjvjgMO1LuKrx6zZXZJBcRtk.roa
Signing time:             Wed 01 Jan 2025 21:48:18 +0000
ROA not before:           Wed 01 Jan 2025 21:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207629
IP address blocks:        193.111.73.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/25e660-4056-42cc-a8b0-d0517db26dad/1/yalITKcIq3cesduQuvyKEUwsPXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/25e660-4056-42cc-a8b0-d0517db26dad/1/yalITKcIq3cesduQuvyKEUwsPXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yalITKcIq3cesduQuvyKEUwsPXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:45:da:9a:7b:55:52:68:39:66:53:df:a7:7d:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9a9484ca708ab771eb1db90bafc8a114c2c3d79
        Validity
            Not Before: Jan  1 21:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fff28b8ef8e030ed4bb8aaf1eb365764905c46d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:98:bf:3c:6c:37:b2:27:69:26:1d:80:07:8f:
                    c5:e4:09:1a:43:d9:b1:2d:95:a9:a7:66:05:8b:5e:
                    03:49:b5:9b:97:6e:88:2a:0d:4f:84:43:2f:56:f4:
                    a8:90:7a:8e:1b:c9:30:a7:50:db:c3:a4:a2:56:52:
                    06:30:8f:32:ad:20:ba:b3:a6:e8:58:6a:1f:70:27:
                    f4:43:09:c0:75:b4:7c:58:34:f5:40:fd:fd:b6:26:
                    53:72:e9:93:10:53:76:6f:5f:4c:55:5a:11:8a:29:
                    7b:92:be:12:f6:2c:32:5d:7e:ed:40:1f:9a:89:30:
                    94:ac:8a:1d:19:79:78:51:fd:e8:60:90:ed:92:51:
                    8c:53:94:5b:e7:ad:05:96:0c:55:cd:51:7b:ba:5d:
                    09:51:41:15:5b:76:5f:37:78:a0:b1:68:7d:f8:2e:
                    2f:cd:27:9a:3f:7e:eb:59:78:0e:18:03:91:a4:1f:
                    38:ba:e8:b2:af:2e:67:65:48:70:44:7d:dc:d8:99:
                    7a:48:ba:e7:b6:32:0a:df:91:35:89:14:54:de:1d:
                    3b:b4:7e:1b:28:06:91:6d:57:0f:65:db:f2:15:34:
                    cc:37:b4:a8:f4:2b:d0:3f:de:c4:6e:7d:a6:24:e1:
                    58:85:a0:77:23:6e:c0:97:a5:1c:11:9a:b4:93:b2:
                    78:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:F2:8B:8E:F8:E0:30:ED:4B:B8:AA:F1:EB:36:57:64:90:5C:46:D9
            X509v3 Authority Key Identifier:
                keyid:C9:A9:48:4C:A7:08:AB:77:1E:B1:DB:90:BA:FC:8A:11:4C:2C:3D:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yalITKcIq3cesduQuvyKEUwsPXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/25e660-4056-42cc-a8b0-d0517db26dad/1/__KLjvjgMO1LuKrx6zZXZJBcRtk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/25e660-4056-42cc-a8b0-d0517db26dad/1/yalITKcIq3cesduQuvyKEUwsPXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.111.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:21:56:56:df:a0:60:2f:71:8d:1d:ac:09:ef:06:f2:0e:64:
         91:10:e3:bd:4e:df:d9:c7:88:53:1e:bc:a4:00:c2:13:35:4b:
         67:80:8f:67:57:9c:91:b0:8b:34:37:8b:80:c7:44:1e:f2:69:
         c7:17:07:22:12:cc:a3:af:08:da:7d:99:f9:69:19:b4:0b:52:
         fe:77:9d:e3:4d:88:f6:73:3e:de:77:a0:2d:56:d8:2b:d8:5f:
         b0:61:b4:c2:fc:70:77:22:80:dc:c6:fc:9c:0a:53:0e:8c:ac:
         e5:73:1e:3b:e3:12:2e:44:e6:24:47:a9:c8:14:eb:2e:ba:df:
         65:8a:6f:01:4d:69:ce:b4:fe:84:66:4a:52:0a:18:1a:b1:fa:
         69:37:9d:73:5c:8e:7f:1a:86:33:63:80:af:9d:8f:10:ec:eb:
         3d:0f:1c:65:be:95:a1:bf:d0:1e:72:b7:b2:27:65:df:8c:56:
         50:97:7c:01:4d:3f:6a:e7:78:ce:2b:81:9f:2b:82:74:5f:a4:
         a1:a6:ff:3f:b4:d6:90:60:73:0a:91:6f:ec:02:74:9e:50:c1:
         81:dc:00:d7:68:f3:b4:61:3d:75:21:b3:97:ea:9a:08:d6:a6:
         42:10:65:bc:27:5f:9f:6f:d9:fd:95:28:62:ec:a5:7a:fc:9f:
         4f:c7:17:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj10XamntVUmg5ZlPfp310MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5YTk0ODRjYTcwOGFiNzcxZWIxZGI5MGJhZmM4YTExNGMy
YzNkNzkwHhcNMjUwMTAxMjE0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmYyOGI4ZWY4ZTAzMGVkNGJiOGFhZjFlYjM2NTc2NDkwNWM0NmQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZi/PGw3sidpJh2AB4/F5AkaQ9mx
LZWpp2YFi14DSbWbl26IKg1PhEMvVvSokHqOG8kwp1Dbw6SiVlIGMI8yrSC6s6bo
WGofcCf0QwnAdbR8WDT1QP39tiZTcumTEFN2b19MVVoRiil7kr4S9iwyXX7tQB+a
iTCUrIodGXl4Uf3oYJDtklGMU5Rb560FlgxVzVF7ul0JUUEVW3ZfN3igsWh9+C4v
zSeaP37rWXgOGAORpB84uuiyry5nZUhwRH3c2Jl6SLrntjIK35E1iRRU3h07tH4b
KAaRbVcPZdvyFTTMN7So9CvQP97Ebn2mJOFYhaB3I27Al6UcEZq0k7J4UwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP/yi4744DDtS7iq8es2V2SQXEbZMB8GA1UdIwQY
MBaAFMmpSEynCKt3HrHbkLr8ihFMLD15MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWFsSVRLY0lxM2Nlc2R1UXV2eUtFVXdzUFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi8yNWU2NjAtNDA1Ni00MmNjLWE4YjAt
ZDA1MTdkYjI2ZGFkLzEvX19LTGp2amdNTzFMdUtyeDZ6WlhaSkJjUnRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi8yNWU2NjAtNDA1Ni00MmNjLWE4YjAtZDA1MTdkYjI2ZGFk
LzEveWFsSVRLY0lxM2Nlc2R1UXV2eUtFVXdzUFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwW9JMA0G
CSqGSIb3DQEBCwUAA4IBAQBjIVZW36BgL3GNHawJ7wbyDmSREOO9Tt/Zx4hTHryk
AMITNUtngI9nV5yRsIs0N4uAx0Qe8mnHFwciEsyjrwjafZn5aRm0C1L+d53jTYj2
cz7ed6AtVtgr2F+wYbTC/HB3IoDcxvycClMOjKzlcx474xIuROYkR6nIFOsuut9l
im8BTWnOtP6EZkpSChgasfppN51zXI5/GoYzY4CvnY8Q7Os9DxxlvpWhv9Aecrey
J2XfjFZQl3wBTT9q53jOK4GfK4J0X6Shpv8/tNaQYHMKkW/sAnSeUMGB3ADXaPO0
YT11IbOX6poI1qZCEGW8J1+fb9n9lShi7KV6/J9Pxxc6
-----END CERTIFICATE-----