Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/kUc1GTQb3R--0F0wwkpXKCRBbpo.roa
File:                     kUc1GTQb3R--0F0wwkpXKCRBbpo.roa (raw, json)
Hash identifier:          45xnQl/Bh3Njb51W03snLvGhoIvVkT9pOVgjxktXqpM=
Subject key identifier:   91:47:35:19:34:1B:DD:1F:BE:D0:5D:30:C2:4A:57:28:24:41:6E:9A
Certificate issuer:       /CN=a865bae25778beed8880c08df2d3f37fc37abc1e
Certificate serial:       0191FFB63639DB599A25FE3B728BE7382948
Authority key identifier: A8:65:BA:E2:57:78:BE:ED:88:80:C0:8D:F2:D3:F3:7F:C3:7A:BC:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qGW64ld4vu2IgMCN8tPzf8N6vB4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/kUc1GTQb3R--0F0wwkpXKCRBbpo.roa
Signing time:             Tue 17 Sep 2024 11:20:17 +0000
ROA not before:           Tue 17 Sep 2024 11:20:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52180
IP address blocks:        185.126.253.0/24 maxlen: 24
                          212.79.123.0/24 maxlen: 24
                          212.79.124.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/qGW64ld4vu2IgMCN8tPzf8N6vB4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/qGW64ld4vu2IgMCN8tPzf8N6vB4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qGW64ld4vu2IgMCN8tPzf8N6vB4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 02:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:ff:b6:36:39:db:59:9a:25:fe:3b:72:8b:e7:38:29:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a865bae25778beed8880c08df2d3f37fc37abc1e
        Validity
            Not Before: Sep 17 11:20:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91473519341bdd1fbed05d30c24a572824416e9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:ad:3d:98:b3:ca:f2:22:61:c1:ed:ed:d4:12:
                    46:94:de:15:82:b1:a9:94:b8:72:d5:e3:5d:2d:c1:
                    36:c0:fd:84:44:0f:80:c0:66:94:f6:77:6a:22:5e:
                    48:e7:0b:dd:06:d3:77:c6:34:4b:27:f8:6a:36:eb:
                    dc:01:f7:07:2a:06:83:ed:d8:2e:b1:fc:6e:b5:48:
                    ff:a9:a2:5c:1c:1a:ee:ba:24:06:ba:96:76:81:94:
                    6d:59:a6:51:91:48:ab:ed:74:95:66:39:a0:de:0f:
                    b5:02:6f:29:5a:6a:48:8d:57:5a:81:b9:70:bf:a6:
                    ee:08:6a:42:90:b5:9f:e7:93:06:20:de:d2:f5:b8:
                    99:a1:6f:07:58:f1:d0:2f:ee:5e:21:56:38:3e:1c:
                    86:9e:6d:3a:52:bd:ce:e7:b7:45:47:b1:39:aa:1c:
                    d9:59:e7:98:16:e1:6c:fb:f9:0e:e6:cc:ce:a3:a6:
                    cd:97:ad:25:15:a0:52:f6:40:45:c3:20:69:ee:61:
                    bf:ae:e5:0d:a2:6c:26:6d:cf:31:10:98:e4:7b:f4:
                    5c:f5:94:11:c8:e3:70:20:b9:32:46:2f:53:7b:ca:
                    88:ce:f4:d7:32:c9:7a:60:b3:ee:64:c8:52:89:d7:
                    71:62:c2:02:39:ec:fa:ac:ab:c1:80:a4:74:7d:ef:
                    00:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:47:35:19:34:1B:DD:1F:BE:D0:5D:30:C2:4A:57:28:24:41:6E:9A
            X509v3 Authority Key Identifier:
                keyid:A8:65:BA:E2:57:78:BE:ED:88:80:C0:8D:F2:D3:F3:7F:C3:7A:BC:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qGW64ld4vu2IgMCN8tPzf8N6vB4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/kUc1GTQb3R--0F0wwkpXKCRBbpo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/qGW64ld4vu2IgMCN8tPzf8N6vB4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.126.253.0/24
                  212.79.123.0-212.79.124.255

    Signature Algorithm: sha256WithRSAEncryption
         78:32:65:30:c9:40:ff:86:99:c9:24:56:a4:4a:b5:e2:cb:19:
         d7:9e:58:74:d4:86:c5:f0:16:4b:46:8b:ea:a1:f5:d1:a6:30:
         33:b8:a4:d1:39:7e:1c:10:88:01:b5:2f:98:2b:be:32:ec:7a:
         b7:c3:0c:51:14:05:b4:d3:5d:29:87:f6:7f:72:99:e1:4d:90:
         e6:d0:f6:b7:df:d5:f2:fd:ea:81:84:9a:24:62:bb:8d:68:0f:
         2d:1a:b0:1f:ee:f5:1d:6f:bc:5b:f1:d6:49:25:59:3b:d5:8b:
         ca:ae:e0:a1:87:67:ad:e3:12:1a:76:c0:ca:b6:e4:8f:82:b8:
         9f:ca:5d:a0:11:f2:75:87:0c:de:d0:61:47:d8:72:e7:ca:24:
         4e:50:5f:bc:3b:8b:25:e1:01:c1:d5:1f:9a:6a:be:2d:64:3a:
         81:8a:40:29:a7:e5:0d:1d:f5:2a:a3:44:61:23:c3:87:06:5a:
         84:5b:cf:03:a7:fd:44:75:ac:5d:97:6f:0f:1a:36:33:56:08:
         ac:c8:f3:c4:b2:5a:63:59:6e:ed:a8:3b:67:36:7e:83:53:db:
         35:2a:8e:e4:5c:84:e8:1d:ab:34:c8:1e:a4:14:24:43:d2:73:
         63:5a:de:20:42:76:bc:e4:96:88:7b:73:8a:f4:96:c0:39:a3:
         b5:03:4a:2f
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZH/tjY521maJf47covnOClIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NjViYWUyNTc3OGJlZWQ4ODgwYzA4ZGYyZDNmMzdmYzM3
YWJjMWUwHhcNMjQwOTE3MTEyMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTQ3MzUxOTM0MWJkZDFmYmVkMDVkMzBjMjRhNTcyODI0NDE2ZTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwa09mLPK8iJhwe3t1BJGlN4VgrGp
lLhy1eNdLcE2wP2ERA+AwGaU9ndqIl5I5wvdBtN3xjRLJ/hqNuvcAfcHKgaD7dgu
sfxutUj/qaJcHBruuiQGupZ2gZRtWaZRkUir7XSVZjmg3g+1Am8pWmpIjVdagblw
v6buCGpCkLWf55MGIN7S9biZoW8HWPHQL+5eIVY4PhyGnm06Ur3O57dFR7E5qhzZ
WeeYFuFs+/kO5szOo6bNl60lFaBS9kBFwyBp7mG/ruUNomwmbc8xEJjke/Rc9ZQR
yONwILkyRi9Te8qIzvTXMsl6YLPuZMhSiddxYsICOez6rKvBgKR0fe8AYQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFJFHNRk0G90fvtBdMMJKVygkQW6aMB8GA1UdIwQY
MBaAFKhluuJXeL7tiIDAjfLT83/DerweMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUdXNjRsZDR2dTJJZ01DTjh0UHpmOE42dkI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi82NDQ0ZDEtNWYwMC00ZTUwLTgwMTkt
MWI2Zjc1MGNmOWEyLzEva1VjMUdUUWIzUi0tMEYwd3drcFhLQ1JCYnBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi82NDQ0ZDEtNWYwMC00ZTUwLTgwMTktMWI2Zjc1MGNmOWEy
LzEvcUdXNjRsZDR2dTJJZ01DTjh0UHpmOE42dkI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAuX79MAwD
BADUT3sDBADUT3wwDQYJKoZIhvcNAQELBQADggEBAHgyZTDJQP+GmckkVqRKteLL
GdeeWHTUhsXwFktGi+qh9dGmMDO4pNE5fhwQiAG1L5grvjLserfDDFEUBbTTXSmH
9n9ymeFNkObQ9rff1fL96oGEmiRiu41oDy0asB/u9R1vvFvx1kklWTvVi8qu4KGH
Z63jEhp2wMq25I+CuJ/KXaAR8nWHDN7QYUfYcufKJE5QX7w7iyXhAcHVH5pqvi1k
OoGKQCmn5Q0d9SqjRGEjw4cGWoRbzwOn/UR1rF2Xbw8aNjNWCKzI88SyWmNZbu2o
O2c2foNT2zUqjuRchOgdqzTIHqQUJEPSc2Na3iBCdrzkloh7c4r0lsA5o7UDSi8=
-----END CERTIFICATE-----