Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/ead79a-d8a1-4e87-bacf-23ba4a91a105/1/kNClGUwsPzE1RbZ5kG_8xETA5bQ.roa
File:                     kNClGUwsPzE1RbZ5kG_8xETA5bQ.roa (raw, json)
Hash identifier:          roFZQPowyRc/yMP0/ECMaCg3rilRHfIteyaYIvj0RIc=
Subject key identifier:   90:D0:A5:19:4C:2C:3F:31:35:45:B6:79:90:6F:FC:C4:44:C0:E5:B4
Certificate issuer:       /CN=cebf65e0069dbcc76b7b556e8c1d705889df27e9
Certificate serial:       0196B1749795D629A69715F9D93EAFD201F1
Authority key identifier: CE:BF:65:E0:06:9D:BC:C7:6B:7B:55:6E:8C:1D:70:58:89:DF:27:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zr9l4AadvMdre1VujB1wWInfJ-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/ead79a-d8a1-4e87-bacf-23ba4a91a105/1/kNClGUwsPzE1RbZ5kG_8xETA5bQ.roa
Signing time:             Thu 08 May 2025 19:52:10 +0000
ROA not before:           Thu 08 May 2025 19:52:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202364
IP address blocks:        185.119.108.0/24 maxlen: 24
                          185.119.109.0/24 maxlen: 24
                          185.119.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/ead79a-d8a1-4e87-bacf-23ba4a91a105/1/zr9l4AadvMdre1VujB1wWInfJ-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/ead79a-d8a1-4e87-bacf-23ba4a91a105/1/zr9l4AadvMdre1VujB1wWInfJ-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zr9l4AadvMdre1VujB1wWInfJ-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 11:44:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b1:74:97:95:d6:29:a6:97:15:f9:d9:3e:af:d2:01:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cebf65e0069dbcc76b7b556e8c1d705889df27e9
        Validity
            Not Before: May  8 19:52:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=90d0a5194c2c3f313545b679906ffcc444c0e5b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:6d:34:30:60:f3:9c:eb:a5:fd:6c:47:56:e8:
                    ad:d8:9e:50:9f:21:52:fa:6f:b6:11:ce:6c:28:70:
                    3f:8f:43:b9:55:b1:49:b0:28:c2:57:e8:51:fe:c6:
                    54:28:1b:7a:ad:0c:b7:08:e6:fc:e0:69:03:5a:56:
                    83:9d:31:65:f0:50:40:7b:65:46:bb:58:3b:66:fc:
                    b5:b2:36:41:91:77:9c:2c:15:ac:ca:dc:b1:51:ed:
                    3f:38:f5:52:28:e3:17:ea:c9:c0:8d:61:b7:50:1f:
                    42:9a:85:31:aa:8c:10:3a:b9:4f:b6:7b:90:b3:25:
                    93:01:f9:fe:85:51:26:88:da:20:51:5d:6f:4d:51:
                    78:94:f7:55:4e:82:fd:ec:65:20:4d:58:8b:4f:de:
                    bb:20:cd:7f:d2:ab:1e:1f:be:74:d7:95:b0:a4:7e:
                    e8:c6:9c:47:86:41:2c:e7:4f:09:73:3e:74:b5:3e:
                    9d:df:a2:2f:c0:38:3b:ff:b1:08:10:5c:13:45:a2:
                    22:58:ab:fe:95:9f:19:a0:fc:d3:a5:fd:ae:fd:25:
                    0b:a9:0d:4e:8d:11:09:b5:19:d9:1d:0f:e3:4a:2f:
                    38:b3:34:c9:2f:7f:ad:72:9f:7d:41:b5:12:fa:64:
                    f5:da:82:fa:67:05:6b:6c:7b:d0:54:40:cb:7d:21:
                    6f:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:D0:A5:19:4C:2C:3F:31:35:45:B6:79:90:6F:FC:C4:44:C0:E5:B4
            X509v3 Authority Key Identifier:
                keyid:CE:BF:65:E0:06:9D:BC:C7:6B:7B:55:6E:8C:1D:70:58:89:DF:27:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zr9l4AadvMdre1VujB1wWInfJ-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/ead79a-d8a1-4e87-bacf-23ba4a91a105/1/kNClGUwsPzE1RbZ5kG_8xETA5bQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/ead79a-d8a1-4e87-bacf-23ba4a91a105/1/zr9l4AadvMdre1VujB1wWInfJ-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.119.108.0/23
                  185.119.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:f4:a5:52:c2:71:ff:e1:24:95:67:c9:21:fb:85:79:98:6e:
         d2:12:e0:e6:dd:ef:60:98:72:ff:71:7c:31:00:75:73:1b:24:
         56:01:6e:b0:29:45:57:26:46:dd:71:ba:e4:0c:45:a8:15:46:
         82:09:8f:8f:19:bb:95:e5:51:52:28:e1:2f:c2:5a:7d:83:cf:
         20:48:90:de:4a:74:e1:bf:11:23:4b:1a:22:6f:f2:b4:79:03:
         a2:2a:5c:bd:32:10:78:eb:ad:a8:7d:c0:9e:f2:c8:7b:3e:03:
         48:6d:5b:03:45:a2:94:ac:7e:06:62:6a:b1:80:2e:23:96:c3:
         b9:3e:ab:98:ab:6a:14:d7:50:0b:82:be:e6:88:01:77:12:c4:
         ea:1e:de:f4:11:c9:37:53:b6:9a:9d:34:18:08:6c:91:ae:40:
         d8:00:9e:94:9f:1c:1e:12:14:e6:81:e3:3f:8e:5b:05:67:02:
         e6:72:d8:32:cd:6d:9b:8c:8d:23:b1:02:a1:36:d3:a2:2f:7d:
         f4:1a:fc:72:ea:f8:22:1a:7c:88:c4:83:8a:40:97:5c:3e:09:
         7c:40:79:17:57:89:25:6d:8c:f6:72:6c:66:9d:b1:31:a8:61:
         d1:19:d1:51:f3:7d:72:88:3c:c7:47:c8:40:4d:93:dd:11:1e:
         66:fc:d3:6b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZaxdJeV1immlxX52T6v0gHxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYmY2NWUwMDY5ZGJjYzc2YjdiNTU2ZThjMWQ3MDU4ODlk
ZjI3ZTkwHhcNMjUwNTA4MTk1MjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGQwYTUxOTRjMmMzZjMxMzU0NWI2Nzk5MDZmZmNjNDQ0YzBlNWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0m00MGDznOul/WxHVuit2J5QnyFS
+m+2Ec5sKHA/j0O5VbFJsCjCV+hR/sZUKBt6rQy3COb84GkDWlaDnTFl8FBAe2VG
u1g7Zvy1sjZBkXecLBWsytyxUe0/OPVSKOMX6snAjWG3UB9CmoUxqowQOrlPtnuQ
syWTAfn+hVEmiNogUV1vTVF4lPdVToL97GUgTViLT967IM1/0qseH75015WwpH7o
xpxHhkEs508Jcz50tT6d36IvwDg7/7EIEFwTRaIiWKv+lZ8ZoPzTpf2u/SULqQ1O
jREJtRnZHQ/jSi84szTJL3+tcp99QbUS+mT12oL6ZwVrbHvQVEDLfSFvPQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJDQpRlMLD8xNUW2eZBv/MREwOW0MB8GA1UdIwQY
MBaAFM6/ZeAGnbzHa3tVbowdcFiJ3yfpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenI5bDRBYWR2TWRyZTFWdWpCMXdXSW5mSi1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9lYWQ3OWEtZDhhMS00ZTg3LWJhY2Yt
MjNiYTRhOTFhMTA1LzEva05DbEdVd3NQekUxUmJaNWtHXzh4RVRBNWJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9lYWQ3OWEtZDhhMS00ZTg3LWJhY2YtMjNiYTRhOTFhMTA1
LzEvenI5bDRBYWR2TWRyZTFWdWpCMXdXSW5mSi1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuXdsAwQA
uXdvMA0GCSqGSIb3DQEBCwUAA4IBAQBG9KVSwnH/4SSVZ8kh+4V5mG7SEuDm3e9g
mHL/cXwxAHVzGyRWAW6wKUVXJkbdcbrkDEWoFUaCCY+PGbuV5VFSKOEvwlp9g88g
SJDeSnThvxEjSxoib/K0eQOiKly9MhB4662ofcCe8sh7PgNIbVsDRaKUrH4GYmqx
gC4jlsO5PquYq2oU11ALgr7miAF3EsTqHt70Eck3U7aanTQYCGyRrkDYAJ6Unxwe
EhTmgeM/jlsFZwLmctgyzW2bjI0jsQKhNtOiL330Gvxy6vgiGnyIxIOKQJdcPgl8
QHkXV4klbYz2cmxmnbExqGHRGdFR831yiDzHR8hATZPdER5m/NNr
-----END CERTIFICATE-----