Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/c2df59-9f1e-48df-8466-c6495853cc1a/1/kmGblmvAAGyRlFsROEtILxJX0AY.roa
File:                     kmGblmvAAGyRlFsROEtILxJX0AY.roa (raw, json)
Hash identifier:          j4zVjRnml2SsYMPrYKgAmMnMiU9kMLQ4Se/WCN6WRCY=
Subject key identifier:   92:61:9B:96:6B:C0:00:6C:91:94:5B:11:38:4B:48:2F:12:57:D0:06
Certificate issuer:       /CN=1d2fefbd168f18661eca15569dc6218f86746942
Certificate serial:       01941F8C09131913357D3535A2A5A8B5B721
Authority key identifier: 1D:2F:EF:BD:16:8F:18:66:1E:CA:15:56:9D:C6:21:8F:86:74:69:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HS_vvRaPGGYeyhVWncYhj4Z0aUI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/c2df59-9f1e-48df-8466-c6495853cc1a/1/kmGblmvAAGyRlFsROEtILxJX0AY.roa
Signing time:             Wed 01 Jan 2025 01:47:38 +0000
ROA not before:           Wed 01 Jan 2025 01:47:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     786
IP address blocks:        140.203.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/c2df59-9f1e-48df-8466-c6495853cc1a/1/HS_vvRaPGGYeyhVWncYhj4Z0aUI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/c2df59-9f1e-48df-8466-c6495853cc1a/1/HS_vvRaPGGYeyhVWncYhj4Z0aUI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HS_vvRaPGGYeyhVWncYhj4Z0aUI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:09:13:19:13:35:7d:35:35:a2:a5:a8:b5:b7:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d2fefbd168f18661eca15569dc6218f86746942
        Validity
            Not Before: Jan  1 01:47:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=92619b966bc0006c91945b11384b482f1257d006
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:00:67:9b:63:a4:c7:c9:b3:f5:1e:31:53:f8:
                    41:b4:52:95:f6:bf:d6:9c:59:34:e6:a7:72:2a:4a:
                    ce:20:f9:44:4d:d0:10:24:85:07:46:3c:25:b0:cc:
                    1e:ec:55:48:fd:e6:fc:fc:a4:c4:2a:5e:b3:6c:d3:
                    5e:0a:5e:82:50:84:66:bf:76:44:a2:62:a2:7b:d5:
                    0a:6f:51:e8:da:fe:8a:b5:63:11:0f:28:49:bc:f7:
                    b5:62:1e:83:84:2d:f0:f0:42:69:10:b2:7b:26:47:
                    cc:0a:a2:9d:06:b9:86:94:24:93:04:c4:82:01:f2:
                    9b:cc:5b:f7:ab:ff:5d:45:a1:ae:e1:7f:10:d5:19:
                    36:2c:f5:ed:5c:90:3f:0e:28:5b:30:82:62:4f:e3:
                    cd:e9:13:a1:54:d1:46:8f:74:37:1e:82:71:6b:24:
                    7e:41:6c:27:77:be:00:93:40:72:ab:39:3f:86:2b:
                    b5:46:2a:58:e2:70:80:02:b6:8f:94:58:53:21:0d:
                    62:18:75:ff:04:4e:e7:3c:51:f5:8b:3f:2e:84:01:
                    11:51:b5:b6:94:96:41:af:c3:bd:85:1a:47:e1:ab:
                    2c:95:9f:23:57:48:81:57:b5:ca:bd:64:8a:29:4f:
                    8a:81:d7:fd:f0:4c:8b:3b:c0:e6:ec:42:ce:f9:a9:
                    32:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:61:9B:96:6B:C0:00:6C:91:94:5B:11:38:4B:48:2F:12:57:D0:06
            X509v3 Authority Key Identifier:
                keyid:1D:2F:EF:BD:16:8F:18:66:1E:CA:15:56:9D:C6:21:8F:86:74:69:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HS_vvRaPGGYeyhVWncYhj4Z0aUI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/c2df59-9f1e-48df-8466-c6495853cc1a/1/kmGblmvAAGyRlFsROEtILxJX0AY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/c2df59-9f1e-48df-8466-c6495853cc1a/1/HS_vvRaPGGYeyhVWncYhj4Z0aUI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.203.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         84:48:6d:33:48:d4:08:85:fa:ab:a5:ef:12:41:50:52:40:50:
         cb:be:a6:7e:0d:81:c1:7e:57:a4:64:be:1a:43:28:87:e0:98:
         ae:0f:ec:b1:0b:07:b3:33:4a:b7:a0:35:10:8e:6e:c3:cd:19:
         3c:80:d3:cf:5b:bc:ab:04:d7:3a:7f:3f:a6:44:bc:07:e8:da:
         23:00:45:94:ac:56:1d:1f:8a:c1:3a:63:2f:f4:40:b1:af:06:
         49:e0:5f:9f:b2:95:c7:e4:62:75:3b:c0:82:71:f6:c4:34:97:
         f4:fa:6c:2a:db:0c:a2:19:2d:d0:08:81:4b:88:0e:59:c1:58:
         55:f0:87:16:4c:a7:d1:15:7c:60:81:4d:31:9b:c2:c2:74:db:
         6d:ba:b6:a8:28:9b:67:e9:16:23:1c:86:a3:61:b8:6f:79:3b:
         64:55:33:55:69:2c:f7:4f:f4:83:5d:ad:83:d0:1c:76:e1:81:
         f1:4a:71:4a:ac:84:3f:35:d8:08:67:02:e2:33:75:7f:89:03:
         c1:bf:c1:fb:78:6b:e4:96:d2:cc:8a:96:63:c7:88:d1:3e:ce:
         ed:2d:11:cb:5b:60:a2:8f:13:35:e0:b2:b4:fc:26:b8:94:4b:
         53:60:f6:37:5d:3f:7d:d2:3f:a7:52:84:e9:b9:2c:4a:d9:1a:
         58:3d:1d:9f
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQfjAkTGRM1fTU1oqWotbchMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMmZlZmJkMTY4ZjE4NjYxZWNhMTU1NjlkYzYyMThmODY3
NDY5NDIwHhcNMjUwMTAxMDE0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjYxOWI5NjZiYzAwMDZjOTE5NDViMTEzODRiNDgyZjEyNTdkMDA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1gBnm2Okx8mz9R4xU/hBtFKV9r/W
nFk05qdyKkrOIPlETdAQJIUHRjwlsMwe7FVI/eb8/KTEKl6zbNNeCl6CUIRmv3ZE
omKie9UKb1Ho2v6KtWMRDyhJvPe1Yh6DhC3w8EJpELJ7JkfMCqKdBrmGlCSTBMSC
AfKbzFv3q/9dRaGu4X8Q1Rk2LPXtXJA/DihbMIJiT+PN6ROhVNFGj3Q3HoJxayR+
QWwnd74Ak0Byqzk/hiu1RipY4nCAAraPlFhTIQ1iGHX/BE7nPFH1iz8uhAERUbW2
lJZBr8O9hRpH4asslZ8jV0iBV7XKvWSKKU+Kgdf98EyLO8Dm7ELO+aky1wIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFJJhm5ZrwABskZRbEThLSC8SV9AGMB8GA1UdIwQY
MBaAFB0v770WjxhmHsoVVp3GIY+GdGlCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFNfdnZSYVBHR1lleWhWV25jWWhqNFowYVVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My9jMmRmNTktOWYxZS00OGRmLTg0NjYt
YzY0OTU4NTNjYzFhLzEva21HYmxtdkFBR3lSbEZzUk9FdElMeEpYMEFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My9jMmRmNTktOWYxZS00OGRmLTg0NjYtYzY0OTU4NTNjYzFh
LzEvSFNfdnZSYVBHR1lleWhWV25jWWhqNFowYVVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjMswDQYJ
KoZIhvcNAQELBQADggEBAIRIbTNI1AiF+qul7xJBUFJAUMu+pn4NgcF+V6RkvhpD
KIfgmK4P7LELB7MzSregNRCObsPNGTyA089bvKsE1zp/P6ZEvAfo2iMARZSsVh0f
isE6Yy/0QLGvBkngX5+ylcfkYnU7wIJx9sQ0l/T6bCrbDKIZLdAIgUuIDlnBWFXw
hxZMp9EVfGCBTTGbwsJ02226tqgom2fpFiMchqNhuG95O2RVM1VpLPdP9INdrYPQ
HHbhgfFKcUqshD812AhnAuIzdX+JA8G/wft4a+SW0syKlmPHiNE+zu0tEctbYKKP
EzXgsrT8JriUS1Ng9jddP33SP6dShOm5LErZGlg9HZ8=
-----END CERTIFICATE-----