Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/7b127b-44ce-4cad-ad8f-089c1c3d4357/1/PKyx0DcFoAagRLDeVRH7IggDBvs.roa
File:                     PKyx0DcFoAagRLDeVRH7IggDBvs.roa (raw, json)
Hash identifier:          pNDjxNhK4qz1Wc21dlphpRgyPK79NSu66uAh/Cd4/LQ=
Subject key identifier:   3C:AC:B1:D0:37:05:A0:06:A0:44:B0:DE:55:11:FB:22:08:03:06:FB
Certificate issuer:       /CN=2ac3ed794adafb91cb81a969eb8a9b2905fee2ec
Certificate serial:       0194258F7CFFFA5D5E3A96EE274DAF58C704
Authority key identifier: 2A:C3:ED:79:4A:DA:FB:91:CB:81:A9:69:EB:8A:9B:29:05:FE:E2:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPteUra-5HLgalp64qbKQX-4uw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/7b127b-44ce-4cad-ad8f-089c1c3d4357/1/PKyx0DcFoAagRLDeVRH7IggDBvs.roa
Signing time:             Thu 02 Jan 2025 05:49:08 +0000
ROA not before:           Thu 02 Jan 2025 05:49:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24634
IP address blocks:        46.19.192.0/21 maxlen: 24
                          185.192.160.0/22 maxlen: 24
                          2a0a:2d40::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/7b127b-44ce-4cad-ad8f-089c1c3d4357/1/KsPteUra-5HLgalp64qbKQX-4uw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/7b127b-44ce-4cad-ad8f-089c1c3d4357/1/KsPteUra-5HLgalp64qbKQX-4uw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPteUra-5HLgalp64qbKQX-4uw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 23:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:7c:ff:fa:5d:5e:3a:96:ee:27:4d:af:58:c7:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3ed794adafb91cb81a969eb8a9b2905fee2ec
        Validity
            Not Before: Jan  2 05:49:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3cacb1d03705a006a044b0de5511fb22080306fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:57:e4:e2:00:cd:03:c0:78:6c:f9:2e:10:f7:
                    04:19:2d:43:e5:5b:05:43:d0:6b:29:ca:f3:78:1d:
                    88:33:7b:a1:d8:9c:0a:7d:38:76:3f:ce:56:07:89:
                    bd:a6:73:b5:1b:2a:49:7a:59:e6:19:70:2b:66:12:
                    17:88:b0:21:89:fd:87:81:6d:8a:1a:49:6a:dd:ee:
                    80:7b:52:23:a9:5c:58:aa:34:32:ae:8e:5c:ad:88:
                    9f:7f:eb:1c:c0:c8:7f:76:79:84:c3:e8:a9:d1:f1:
                    af:97:e2:bb:2c:ba:1a:fe:7e:a0:41:b9:63:a4:0a:
                    10:e6:dd:d9:36:b3:68:0c:ec:96:7d:46:22:de:ec:
                    fd:e3:45:af:67:2d:80:90:59:2c:ba:57:b6:c8:27:
                    3d:ea:cd:63:d3:8d:e5:43:af:1b:db:41:a0:4f:86:
                    57:89:1b:95:cc:8d:84:a5:55:3c:ae:d8:97:21:0e:
                    ae:81:64:f9:da:cb:87:85:0d:68:8b:ea:07:4d:e3:
                    ba:c2:d7:ce:9e:09:c1:7f:13:a1:c9:c1:dc:75:59:
                    70:7c:5a:dd:47:21:2b:19:d4:74:e4:77:51:97:78:
                    a0:04:16:7f:58:e8:83:27:2c:86:cd:a5:1f:71:38:
                    66:1b:a4:ed:dd:62:f5:82:a0:fe:cc:13:99:b7:79:
                    d6:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:AC:B1:D0:37:05:A0:06:A0:44:B0:DE:55:11:FB:22:08:03:06:FB
            X509v3 Authority Key Identifier:
                keyid:2A:C3:ED:79:4A:DA:FB:91:CB:81:A9:69:EB:8A:9B:29:05:FE:E2:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPteUra-5HLgalp64qbKQX-4uw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/7b127b-44ce-4cad-ad8f-089c1c3d4357/1/PKyx0DcFoAagRLDeVRH7IggDBvs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/7b127b-44ce-4cad-ad8f-089c1c3d4357/1/KsPteUra-5HLgalp64qbKQX-4uw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.19.192.0/21
                  185.192.160.0/22
                IPv6:
                  2a0a:2d40::/29

    Signature Algorithm: sha256WithRSAEncryption
         89:c1:d3:12:1f:2d:b8:f9:49:d2:9e:66:71:0a:e5:a2:21:5d:
         58:12:a4:4c:c5:82:23:4f:62:00:58:32:63:30:e5:42:9c:ac:
         a5:58:89:6f:79:d4:20:5c:b4:64:e3:74:b7:d8:3f:07:d7:80:
         2f:8f:e0:fa:2c:bd:ff:39:63:02:c4:17:7a:f1:9e:51:02:a1:
         c8:1b:f4:1b:bc:86:50:12:8a:60:0c:a3:18:4d:a2:d3:ec:c7:
         44:04:75:66:65:85:6e:57:6d:aa:c6:d8:56:11:4e:1d:2d:19:
         76:ec:db:4c:9d:1e:45:16:5e:c3:c6:2c:fc:19:4c:4f:e8:e3:
         45:a8:7d:59:21:89:d7:48:3f:c7:5a:3f:6f:34:cf:82:0a:70:
         dc:a1:c4:7d:da:dd:82:d3:67:60:52:6a:e1:dd:3a:8f:27:81:
         1f:93:43:e4:89:95:ee:68:e9:84:18:58:b2:e9:80:ab:1c:29:
         ba:71:49:9a:75:21:c3:e8:4d:0c:6c:b4:b7:90:ac:b6:9c:89:
         c8:84:52:f0:69:22:f8:30:a3:66:93:c8:fc:85:6d:f3:2f:80:
         b0:38:fb:fc:3c:2f:50:27:4e:44:22:a1:52:d0:0c:c4:2b:67:
         15:9b:e1:a7:fc:39:e0:11:28:6c:38:12:dd:b3:ab:41:c7:fd:
         cd:24:5b:fc
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQlj3z/+l1eOpbuJ02vWMcEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNlZDc5NGFkYWZiOTFjYjgxYTk2OWViOGE5YjI5MDVm
ZWUyZWMwHhcNMjUwMTAyMDU0OTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2FjYjFkMDM3MDVhMDA2YTA0NGIwZGU1NTExZmIyMjA4MDMwNmZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVfk4gDNA8B4bPkuEPcEGS1D5VsF
Q9BrKcrzeB2IM3uh2JwKfTh2P85WB4m9pnO1GypJelnmGXArZhIXiLAhif2HgW2K
Gklq3e6Ae1IjqVxYqjQyro5crYiff+scwMh/dnmEw+ip0fGvl+K7LLoa/n6gQblj
pAoQ5t3ZNrNoDOyWfUYi3uz940WvZy2AkFksule2yCc96s1j043lQ68b20GgT4ZX
iRuVzI2EpVU8rtiXIQ6ugWT52suHhQ1oi+oHTeO6wtfOngnBfxOhycHcdVlwfFrd
RyErGdR05HdRl3igBBZ/WOiDJyyGzaUfcThmG6Tt3WL1gqD+zBOZt3nW7QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFDyssdA3BaAGoESw3lUR+yIIAwb7MB8GA1UdIwQY
MBaAFCrD7XlK2vuRy4GpaeuKmykF/uLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQdGVVcmEtNUhMZ2FscDY0cWJLUVgtNHV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi83YjEyN2ItNDRjZS00Y2FkLWFkOGYt
MDg5YzFjM2Q0MzU3LzEvUEt5eDBEY0ZvQWFnUkxEZVZSSDdJZ2dEQnZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi83YjEyN2ItNDRjZS00Y2FkLWFkOGYtMDg5YzFjM2Q0MzU3
LzEvS3NQdGVVcmEtNUhMZ2FscDY0cWJLUVgtNHV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDLhPAAwQC
ucCgMA0EAgACMAcDBQMqCi1AMA0GCSqGSIb3DQEBCwUAA4IBAQCJwdMSHy24+UnS
nmZxCuWiIV1YEqRMxYIjT2IAWDJjMOVCnKylWIlvedQgXLRk43S32D8H14Avj+D6
LL3/OWMCxBd68Z5RAqHIG/QbvIZQEopgDKMYTaLT7MdEBHVmZYVuV22qxthWEU4d
LRl27NtMnR5FFl7Dxiz8GUxP6ONFqH1ZIYnXSD/HWj9vNM+CCnDcocR92t2C02dg
Umrh3TqPJ4Efk0PkiZXuaOmEGFiy6YCrHCm6cUmadSHD6E0MbLS3kKy2nInIhFLw
aSL4MKNmk8j8hW3zL4CwOPv8PC9QJ05EIqFS0AzEK2cVm+Gn/DngEShsOBLds6tB
x/3NJFv8
-----END CERTIFICATE-----