Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/bPTKlYF7fifjOqSTQNeQoeP_kuk.roa
File:                     bPTKlYF7fifjOqSTQNeQoeP_kuk.roa (raw, json)
Hash identifier:          Ig5CuSUtEUSpLkPiPPlcB0rfKh8VZMxcp4q355338uk=
Subject key identifier:   6C:F4:CA:95:81:7B:7E:27:E3:3A:A4:93:40:D7:90:A1:E3:FF:92:E9
Certificate issuer:       /CN=dafb645f134f4fdada45e70bcfcd93b897dbd725
Certificate serial:       0194266C1DC7FA8C593F2B2892AF0079303A
Authority key identifier: DA:FB:64:5F:13:4F:4F:DA:DA:45:E7:0B:CF:CD:93:B8:97:DB:D7:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2vtkXxNPT9raRecLz82TuJfb1yU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/bPTKlYF7fifjOqSTQNeQoeP_kuk.roa
Signing time:             Thu 02 Jan 2025 09:50:07 +0000
ROA not before:           Thu 02 Jan 2025 09:50:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42019
IP address blocks:        178.252.150.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/2vtkXxNPT9raRecLz82TuJfb1yU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/2vtkXxNPT9raRecLz82TuJfb1yU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2vtkXxNPT9raRecLz82TuJfb1yU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:1d:c7:fa:8c:59:3f:2b:28:92:af:00:79:30:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dafb645f134f4fdada45e70bcfcd93b897dbd725
        Validity
            Not Before: Jan  2 09:50:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6cf4ca95817b7e27e33aa49340d790a1e3ff92e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:37:24:ca:08:7f:11:80:62:be:7a:e1:d2:99:
                    38:8b:0f:32:5f:d7:c0:de:98:d9:c3:80:f1:76:b6:
                    48:e4:90:9d:83:c0:1f:42:bc:8e:4f:11:7a:a6:3f:
                    77:21:dd:5a:44:31:9e:2d:c1:b3:6b:72:d6:97:1e:
                    5f:87:b1:81:da:7c:40:db:34:a6:b1:46:9d:a9:54:
                    04:5e:d0:50:42:33:ac:ef:2f:46:8f:29:50:08:e3:
                    f9:c3:53:f7:85:eb:ff:93:03:2b:bf:26:1f:a0:93:
                    23:39:88:d6:4a:0a:2b:de:dd:fe:41:d5:fb:32:00:
                    4b:1e:ed:37:8a:1c:0f:d8:b4:8d:ee:a4:ab:c4:78:
                    cb:53:1f:5b:3b:4a:e2:05:be:d4:61:e0:de:d7:74:
                    9c:38:3c:5d:a8:ff:3e:32:94:0b:f4:60:5f:bf:f8:
                    c0:11:e8:e9:46:05:ee:0e:59:c2:e1:47:24:a2:7b:
                    16:5e:ca:a7:65:c3:5e:bf:78:d0:b3:c6:b7:09:1f:
                    a3:ac:cd:d7:73:39:33:a2:2b:73:0c:47:48:34:83:
                    e0:f6:52:32:6c:65:97:fc:03:13:66:f3:96:88:6f:
                    2e:11:f7:f9:54:c1:16:48:c9:8b:67:e9:f6:d7:18:
                    3c:e7:c5:43:26:ea:17:c7:8a:43:1d:f3:83:ea:9a:
                    10:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:F4:CA:95:81:7B:7E:27:E3:3A:A4:93:40:D7:90:A1:E3:FF:92:E9
            X509v3 Authority Key Identifier:
                keyid:DA:FB:64:5F:13:4F:4F:DA:DA:45:E7:0B:CF:CD:93:B8:97:DB:D7:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2vtkXxNPT9raRecLz82TuJfb1yU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/bPTKlYF7fifjOqSTQNeQoeP_kuk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/2vtkXxNPT9raRecLz82TuJfb1yU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.252.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:fd:47:33:de:e6:92:c0:55:54:ca:42:8d:3e:2c:89:e7:1f:
         24:8a:3b:ff:6c:9d:93:ff:7b:fa:08:61:a9:b6:ca:b3:b1:66:
         d8:0b:60:5e:9e:42:41:a8:69:1a:bc:f0:7e:2a:a1:fc:72:8e:
         47:c7:4d:30:ba:28:38:06:97:e5:34:1e:86:59:38:89:94:82:
         86:83:f2:a2:6b:19:25:fc:83:38:18:6e:c7:eb:21:43:9d:8e:
         2c:29:7a:ee:a2:2b:0a:8e:15:da:d9:76:93:c5:b2:93:5e:a6:
         2e:e9:c2:f6:60:57:8d:58:d1:82:19:c7:19:ed:fe:2d:ff:91:
         bb:47:7b:b4:49:90:0c:65:13:0b:4c:cd:38:3c:b3:74:0a:55:
         dd:12:d6:49:9e:f3:38:53:ad:b7:d2:3f:ab:02:71:28:ce:88:
         58:04:c1:97:9c:d3:2a:40:3e:a4:e7:b0:a7:32:fa:a9:e6:e1:
         d7:9d:65:17:ac:5a:8c:a0:59:e5:f9:c7:a2:fb:36:2b:6a:79:
         e5:8e:3c:bb:87:e2:10:74:49:b3:36:a6:63:ca:01:b4:ae:8a:
         79:8b:84:4e:b1:ff:09:b8:3c:81:6e:37:99:9b:18:d1:c0:2d:
         3e:c2:c0:14:4c:e4:55:e3:2e:45:15:47:89:86:e3:9f:c6:04:
         cf:1e:6d:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbB3H+oxZPysokq8AeTA6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhZmI2NDVmMTM0ZjRmZGFkYTQ1ZTcwYmNmY2Q5M2I4OTdk
YmQ3MjUwHhcNMjUwMTAyMDk1MDA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2Y0Y2E5NTgxN2I3ZTI3ZTMzYWE0OTM0MGQ3OTBhMWUzZmY5MmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjckygh/EYBivnrh0pk4iw8yX9fA
3pjZw4DxdrZI5JCdg8AfQryOTxF6pj93Id1aRDGeLcGza3LWlx5fh7GB2nxA2zSm
sUadqVQEXtBQQjOs7y9GjylQCOP5w1P3hev/kwMrvyYfoJMjOYjWSgor3t3+QdX7
MgBLHu03ihwP2LSN7qSrxHjLUx9bO0riBb7UYeDe13ScODxdqP8+MpQL9GBfv/jA
EejpRgXuDlnC4UckonsWXsqnZcNev3jQs8a3CR+jrM3XczkzoitzDEdINIPg9lIy
bGWX/AMTZvOWiG8uEff5VMEWSMmLZ+n21xg858VDJuoXx4pDHfOD6poQrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGz0ypWBe34n4zqkk0DXkKHj/5LpMB8GA1UdIwQY
MBaAFNr7ZF8TT0/a2kXnC8/Nk7iX29clMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnZ0a1h4TlBUOXJhUmVjTHo4MlR1SmZiMXlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi83YTQ4ZjUtYmQyNC00ZGM0LThjY2Et
NmJhMGEwY2UwMWVkLzEvYlBUS2xZRjdmaWZqT3FTVFFOZVFvZVBfa3VrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi83YTQ4ZjUtYmQyNC00ZGM0LThjY2EtNmJhMGEwY2UwMWVk
LzEvMnZ0a1h4TlBUOXJhUmVjTHo4MlR1SmZiMXlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsvyWMA0G
CSqGSIb3DQEBCwUAA4IBAQAN/Ucz3uaSwFVUykKNPiyJ5x8kijv/bJ2T/3v6CGGp
tsqzsWbYC2BenkJBqGkavPB+KqH8co5Hx00wuig4BpflNB6GWTiJlIKGg/Kiaxkl
/IM4GG7H6yFDnY4sKXruoisKjhXa2XaTxbKTXqYu6cL2YFeNWNGCGccZ7f4t/5G7
R3u0SZAMZRMLTM04PLN0ClXdEtZJnvM4U6230j+rAnEozohYBMGXnNMqQD6k57Cn
Mvqp5uHXnWUXrFqMoFnl+cei+zYrannljjy7h+IQdEmzNqZjygG0rop5i4ROsf8J
uDyBbjeZmxjRwC0+wsAUTORV4y5FFUeJhuOfxgTPHm3d
-----END CERTIFICATE-----