Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/KGZiYfWbrqod_nWmRvyl3sSYKI0.roa
File:                     KGZiYfWbrqod_nWmRvyl3sSYKI0.roa (raw, json)
Hash identifier:          Khu5Z2RrlQkXVAgtt6oYTaCJX+GXP24KAjpf9sk4O3w=
Subject key identifier:   28:66:62:61:F5:9B:AE:AA:1D:FE:75:A6:46:FC:A5:DE:C4:98:28:8D
Certificate issuer:       /CN=ba67bff7bad1eb8384b585df7bef1206f7f19f7e
Certificate serial:       0198F127D58CFC931483DB5607BD569E65C8
Authority key identifier: BA:67:BF:F7:BA:D1:EB:83:84:B5:85:DF:7B:EF:12:06:F7:F1:9F:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ume_97rR64OEtYXfe-8SBvfxn34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/KGZiYfWbrqod_nWmRvyl3sSYKI0.roa
Signing time:             Thu 28 Aug 2025 14:49:36 +0000
ROA not before:           Thu 28 Aug 2025 14:49:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57797
IP address blocks:        209.131.64.0/21 maxlen: 21
                          2a12:8ac0::/29 maxlen: 48
                          2a12:8ac0::/40 maxlen: 48
                          2a12:8ac1::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/ume_97rR64OEtYXfe-8SBvfxn34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/ume_97rR64OEtYXfe-8SBvfxn34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ume_97rR64OEtYXfe-8SBvfxn34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 19:02:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:f1:27:d5:8c:fc:93:14:83:db:56:07:bd:56:9e:65:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba67bff7bad1eb8384b585df7bef1206f7f19f7e
        Validity
            Not Before: Aug 28 14:49:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=28666261f59baeaa1dfe75a646fca5dec498288d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:03:b6:7b:67:4c:8d:91:73:4b:66:85:cd:42:
                    dc:08:57:79:a1:d3:06:be:c8:f1:5b:18:f0:8f:ee:
                    9a:b9:5a:9a:8c:8d:ed:3c:c7:8c:87:16:06:9d:5c:
                    a8:58:de:df:27:b3:1f:76:3b:5f:40:7a:3c:4a:c6:
                    79:aa:61:50:8e:c3:57:9b:15:c0:50:cb:1c:b9:9d:
                    c8:a1:0c:e1:7d:a8:a6:2f:24:6d:2a:6c:2b:64:aa:
                    ce:a9:a3:e5:84:b5:c7:3e:ae:8a:6c:85:68:cd:b7:
                    37:a5:c5:5f:a4:fc:31:70:46:71:f5:b0:36:72:36:
                    4e:1e:a9:d0:85:c6:8a:5b:c5:aa:44:e1:b8:bf:14:
                    22:65:de:51:76:67:f0:61:5d:4a:fe:61:08:81:71:
                    75:cf:6f:4e:55:5e:14:5a:a0:54:a6:ef:90:2d:74:
                    c8:84:15:12:1c:a4:cd:de:4d:dc:f8:7f:f1:f6:9a:
                    7a:0a:53:97:dd:2f:49:a6:16:28:c5:0b:2d:ac:a2:
                    0c:be:2e:c8:29:f9:83:93:16:5e:ce:2d:78:35:f9:
                    4b:4f:02:d2:02:02:de:fd:0f:98:9c:07:2c:dd:ef:
                    59:dc:ca:c9:ed:01:a8:fd:5a:9c:41:15:08:52:4c:
                    d3:64:e8:f6:35:c8:c5:1b:d0:0f:a1:f7:6b:f9:3d:
                    cb:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:66:62:61:F5:9B:AE:AA:1D:FE:75:A6:46:FC:A5:DE:C4:98:28:8D
            X509v3 Authority Key Identifier:
                keyid:BA:67:BF:F7:BA:D1:EB:83:84:B5:85:DF:7B:EF:12:06:F7:F1:9F:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ume_97rR64OEtYXfe-8SBvfxn34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/KGZiYfWbrqod_nWmRvyl3sSYKI0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/ume_97rR64OEtYXfe-8SBvfxn34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.131.64.0/21
                IPv6:
                  2a12:8ac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         83:9e:7d:ac:39:41:93:0b:c4:d7:60:c8:79:8d:9f:22:f0:01:
         af:1d:ec:c1:59:2a:d3:ad:fa:b9:b8:3e:99:7c:19:36:b0:da:
         3b:18:8c:66:7b:dd:82:22:8b:bb:6c:ec:f9:e3:3a:d1:68:ab:
         a1:35:6d:32:fc:29:c1:66:4e:05:3c:b4:60:4d:49:d4:74:6b:
         7f:36:31:df:1c:ec:88:04:c6:00:fb:11:2d:de:26:88:a3:25:
         6b:c2:fa:0d:6d:8c:aa:2e:ea:2e:31:77:f2:88:fc:a0:31:b8:
         9b:b0:d5:4f:b7:a8:b3:40:3f:b1:08:ba:6a:a2:00:d5:2a:dc:
         87:1d:af:7b:04:e8:3f:bd:30:1a:04:5b:ac:2a:49:db:86:95:
         6d:17:b8:04:0b:35:4e:60:c2:57:be:31:0b:a1:fe:4f:2a:6b:
         0b:d0:46:9e:d9:36:52:08:1e:96:12:d2:b0:5a:53:44:a9:76:
         d9:ee:75:b9:dd:1e:5e:2f:27:90:ba:ad:65:e6:d1:40:0b:3c:
         f8:95:22:37:97:8e:21:ee:6b:f0:18:97:82:3f:9b:86:42:00:
         93:24:f3:fe:19:b3:6d:fe:c4:38:c7:d7:55:67:df:70:72:c9:
         5a:f7:fb:16:07:cb:30:3a:35:74:fd:62:9d:12:22:10:55:c4:
         61:33:7b:83
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZjxJ9WM/JMUg9tWB71WnmXIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNjdiZmY3YmFkMWViODM4NGI1ODVkZjdiZWYxMjA2Zjdm
MTlmN2UwHhcNMjUwODI4MTQ0OTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODY2NjI2MWY1OWJhZWFhMWRmZTc1YTY0NmZjYTVkZWM0OTgyODhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAngO2e2dMjZFzS2aFzULcCFd5odMG
vsjxWxjwj+6auVqajI3tPMeMhxYGnVyoWN7fJ7MfdjtfQHo8SsZ5qmFQjsNXmxXA
UMscuZ3IoQzhfaimLyRtKmwrZKrOqaPlhLXHPq6KbIVozbc3pcVfpPwxcEZx9bA2
cjZOHqnQhcaKW8WqROG4vxQiZd5RdmfwYV1K/mEIgXF1z29OVV4UWqBUpu+QLXTI
hBUSHKTN3k3c+H/x9pp6ClOX3S9JphYoxQstrKIMvi7IKfmDkxZezi14NflLTwLS
AgLe/Q+YnAcs3e9Z3MrJ7QGo/VqcQRUIUkzTZOj2NcjFG9APofdr+T3L7QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFChmYmH1m66qHf51pkb8pd7EmCiNMB8GA1UdIwQY
MBaAFLpnv/e60euDhLWF33vvEgb38Z9+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW1lXzk3clI2NE9FdFlYZmUtOFNCdmZ4bjM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi80YTI0NGQtNTFkMS00MTQzLWI2YWYt
ZGE0NTM4MDIyYWM3LzEvS0daaVlmV2JycW9kX25XbVJ2eWwzc1NZS0kwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi80YTI0NGQtNTFkMS00MTQzLWI2YWYtZGE0NTM4MDIyYWM3
LzEvdW1lXzk3clI2NE9FdFlYZmUtOFNCdmZ4bjM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQD0YNAMA0E
AgACMAcDBQMqEorAMA0GCSqGSIb3DQEBCwUAA4IBAQCDnn2sOUGTC8TXYMh5jZ8i
8AGvHezBWSrTrfq5uD6ZfBk2sNo7GIxme92CIou7bOz54zrRaKuhNW0y/CnBZk4F
PLRgTUnUdGt/NjHfHOyIBMYA+xEt3iaIoyVrwvoNbYyqLuouMXfyiPygMbibsNVP
t6izQD+xCLpqogDVKtyHHa97BOg/vTAaBFusKknbhpVtF7gECzVOYMJXvjELof5P
KmsL0Eae2TZSCB6WEtKwWlNEqXbZ7nW53R5eLyeQuq1l5tFACzz4lSI3l44h7mvw
GJeCP5uGQgCTJPP+GbNt/sQ4x9dVZ99wcsla9/sWB8swOjV0/WKdEiIQVcRhM3uD
-----END CERTIFICATE-----