Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/f017df-0d0f-4a36-ac25-4968aaafc59b/1/KHa9mVj-WNELt7pSCK9ooFTGrNA.roa
File:                     KHa9mVj-WNELt7pSCK9ooFTGrNA.roa (raw, json)
Hash identifier:          UqMuiUZn2GrnQQZzSZEJPEZOfxeCUD81uoCK7byK2Vc=
Subject key identifier:   28:76:BD:99:58:FE:58:D1:0B:B7:BA:52:08:AF:68:A0:54:C6:AC:D0
Certificate issuer:       /CN=7ca962b3b17eef069e3aba21288bb2c64221bfed
Certificate serial:       0194C18770D09FE128967621290E46F4FEDC
Authority key identifier: 7C:A9:62:B3:B1:7E:EF:06:9E:3A:BA:21:28:8B:B2:C6:42:21:BF:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fKlis7F-7waeOrohKIuyxkIhv-0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/f017df-0d0f-4a36-ac25-4968aaafc59b/1/KHa9mVj-WNELt7pSCK9ooFTGrNA.roa
Signing time:             Sat 01 Feb 2025 12:41:06 +0000
ROA not before:           Sat 01 Feb 2025 12:41:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209836
IP address blocks:        185.235.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/f017df-0d0f-4a36-ac25-4968aaafc59b/1/fKlis7F-7waeOrohKIuyxkIhv-0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/f017df-0d0f-4a36-ac25-4968aaafc59b/1/fKlis7F-7waeOrohKIuyxkIhv-0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fKlis7F-7waeOrohKIuyxkIhv-0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:c1:87:70:d0:9f:e1:28:96:76:21:29:0e:46:f4:fe:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ca962b3b17eef069e3aba21288bb2c64221bfed
        Validity
            Not Before: Feb  1 12:41:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2876bd9958fe58d10bb7ba5208af68a054c6acd0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:68:8b:6f:31:91:27:e1:e1:b4:73:00:f5:06:
                    52:ba:f5:8d:25:8b:41:0e:9b:d7:45:d0:bb:6b:e9:
                    0c:18:7d:a8:64:6d:d1:8e:8e:da:d1:a1:04:ea:00:
                    6f:b5:68:86:9b:d1:7c:41:23:a1:9d:d6:e4:75:a1:
                    1d:4d:c8:4f:2b:a9:af:e5:e7:f0:3a:f9:5c:ab:ea:
                    1c:40:33:97:b9:2e:f7:ec:1f:34:de:e6:8c:2d:80:
                    44:a0:ff:fc:74:71:fb:36:c5:ff:4b:7a:d7:b5:08:
                    b2:31:f1:97:8b:01:0f:ee:21:6d:2b:c5:96:d9:81:
                    23:cc:e5:68:42:d0:7a:93:d3:09:29:eb:4c:1e:37:
                    9d:f4:32:18:00:cf:0d:ce:03:16:c1:5e:4d:23:d0:
                    9c:b3:e3:23:1f:76:1a:ca:46:fb:be:91:22:65:f9:
                    f7:0a:98:f8:a0:bd:be:a1:5d:db:ee:4a:47:49:58:
                    2d:51:9c:69:e1:c1:95:b5:25:55:84:90:ca:4a:fe:
                    af:c4:bc:2d:63:45:b3:80:09:5a:12:86:39:a6:e9:
                    87:4a:48:07:55:f8:e1:d4:95:70:46:5a:68:8d:92:
                    a7:9b:a5:bc:55:8d:a8:be:9c:d6:05:6c:77:b5:cf:
                    e9:0c:0c:62:ec:1d:a6:14:0a:35:8d:b8:7c:17:05:
                    09:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:76:BD:99:58:FE:58:D1:0B:B7:BA:52:08:AF:68:A0:54:C6:AC:D0
            X509v3 Authority Key Identifier:
                keyid:7C:A9:62:B3:B1:7E:EF:06:9E:3A:BA:21:28:8B:B2:C6:42:21:BF:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fKlis7F-7waeOrohKIuyxkIhv-0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/f017df-0d0f-4a36-ac25-4968aaafc59b/1/KHa9mVj-WNELt7pSCK9ooFTGrNA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/f017df-0d0f-4a36-ac25-4968aaafc59b/1/fKlis7F-7waeOrohKIuyxkIhv-0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.235.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:de:75:44:e3:f1:cf:36:67:a0:40:99:ca:1f:4d:e1:e2:de:
         85:68:db:95:f3:60:36:22:52:f6:96:e1:16:ce:93:38:95:e8:
         4e:a7:1c:fb:11:bb:8b:4b:5a:5b:89:eb:60:42:e3:fc:16:df:
         a1:35:ab:03:00:d8:fc:52:63:64:15:33:9e:45:15:14:38:88:
         44:17:6d:0f:de:64:8c:27:9a:8b:7f:cd:93:b6:7f:fb:ad:d0:
         ee:3e:64:c6:e1:a0:12:17:36:85:ab:16:9b:2b:47:a1:ac:00:
         ba:25:92:1a:7b:d7:8e:31:74:f1:d2:be:92:5f:df:ce:89:95:
         50:03:81:73:7b:e8:5d:d9:d0:8c:dc:22:b5:fb:90:18:b6:84:
         d0:46:1e:77:99:dd:46:f8:24:0a:dc:c6:b7:cb:3b:e9:88:6c:
         f3:eb:f6:f1:84:92:2f:17:34:37:bc:d1:9c:dc:ed:9e:2a:23:
         c8:95:93:6b:ef:a6:aa:23:a4:20:46:4e:ab:ab:d7:eb:70:f9:
         6b:a9:c9:be:a9:7a:d6:47:71:06:7a:bf:35:ac:cd:a8:41:34:
         66:30:e3:db:34:31:dd:9c:28:22:d3:ca:d7:3f:91:41:d6:36:
         82:cf:03:73:2e:4b:a2:cd:63:21:c6:ac:63:09:10:8f:e6:8c:
         ed:11:f6:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZTBh3DQn+EolnYhKQ5G9P7cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjYTk2MmIzYjE3ZWVmMDY5ZTNhYmEyMTI4OGJiMmM2NDIy
MWJmZWQwHhcNMjUwMjAxMTI0MTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODc2YmQ5OTU4ZmU1OGQxMGJiN2JhNTIwOGFmNjhhMDU0YzZhY2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy2iLbzGRJ+HhtHMA9QZSuvWNJYtB
DpvXRdC7a+kMGH2oZG3Rjo7a0aEE6gBvtWiGm9F8QSOhndbkdaEdTchPK6mv5efw
Ovlcq+ocQDOXuS737B803uaMLYBEoP/8dHH7NsX/S3rXtQiyMfGXiwEP7iFtK8WW
2YEjzOVoQtB6k9MJKetMHjed9DIYAM8NzgMWwV5NI9Ccs+MjH3Yaykb7vpEiZfn3
Cpj4oL2+oV3b7kpHSVgtUZxp4cGVtSVVhJDKSv6vxLwtY0WzgAlaEoY5pumHSkgH
Vfjh1JVwRlpojZKnm6W8VY2ovpzWBWx3tc/pDAxi7B2mFAo1jbh8FwUJCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCh2vZlY/ljRC7e6UgivaKBUxqzQMB8GA1UdIwQY
MBaAFHypYrOxfu8Gnjq6ISiLssZCIb/tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZktsaXM3Ri03d2FlT3JvaEtJdXl4a0lodi0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My9mMDE3ZGYtMGQwZi00YTM2LWFjMjUt
NDk2OGFhYWZjNTliLzEvS0hhOW1Wai1XTkVMdDdwU0NLOW9vRlRHck5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My9mMDE3ZGYtMGQwZi00YTM2LWFjMjUtNDk2OGFhYWZjNTli
LzEvZktsaXM3Ri03d2FlT3JvaEtJdXl4a0lodi0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuevGMA0G
CSqGSIb3DQEBCwUAA4IBAQBJ3nVE4/HPNmegQJnKH03h4t6FaNuV82A2IlL2luEW
zpM4lehOpxz7EbuLS1pbietgQuP8Ft+hNasDANj8UmNkFTOeRRUUOIhEF20P3mSM
J5qLf82Ttn/7rdDuPmTG4aASFzaFqxabK0ehrAC6JZIae9eOMXTx0r6SX9/OiZVQ
A4Fze+hd2dCM3CK1+5AYtoTQRh53md1G+CQK3Ma3yzvpiGzz6/bxhJIvFzQ3vNGc
3O2eKiPIlZNr76aqI6QgRk6rq9frcPlrqcm+qXrWR3EGer81rM2oQTRmMOPbNDHd
nCgi08rXP5FB1jaCzwNzLkuizWMhxqxjCRCP5oztEfah
-----END CERTIFICATE-----