Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/8c5787-09fa-4988-81a1-75d6be4e5c37/1/kvXcpQTzKfI6gYewmYSpRpe0IKs.roa
File:                     kvXcpQTzKfI6gYewmYSpRpe0IKs.roa (raw, json)
Hash identifier:          My61/36Uwh1IIiMu1AIZdI2rmfYYECW0U4UcdSmLLaU=
Subject key identifier:   92:F5:DC:A5:04:F3:29:F2:3A:81:87:B0:99:84:A9:46:97:B4:20:AB
Certificate issuer:       /CN=66491883cb4c50122fdb2754b6252fdd6fc9d51f
Certificate serial:       01942445821E4EAB4880F1056C9184B8D734
Authority key identifier: 66:49:18:83:CB:4C:50:12:2F:DB:27:54:B6:25:2F:DD:6F:C9:D5:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZkkYg8tMUBIv2ydUtiUv3W_J1R8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/8c5787-09fa-4988-81a1-75d6be4e5c37/1/kvXcpQTzKfI6gYewmYSpRpe0IKs.roa
Signing time:             Wed 01 Jan 2025 23:48:42 +0000
ROA not before:           Wed 01 Jan 2025 23:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25244
IP address blocks:        212.126.224.0/19 maxlen: 19
                          212.126.240.0/21 maxlen: 21
                          212.126.248.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/8c5787-09fa-4988-81a1-75d6be4e5c37/1/ZkkYg8tMUBIv2ydUtiUv3W_J1R8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/8c5787-09fa-4988-81a1-75d6be4e5c37/1/ZkkYg8tMUBIv2ydUtiUv3W_J1R8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZkkYg8tMUBIv2ydUtiUv3W_J1R8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:82:1e:4e:ab:48:80:f1:05:6c:91:84:b8:d7:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66491883cb4c50122fdb2754b6252fdd6fc9d51f
        Validity
            Not Before: Jan  1 23:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=92f5dca504f329f23a8187b09984a94697b420ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:95:f5:f8:ab:7a:94:b6:cf:e9:c8:e1:31:ed:
                    95:8c:7f:aa:e6:7e:da:4c:1c:39:1c:8d:b7:3d:f9:
                    db:ac:36:72:be:cd:6a:85:ab:e5:a9:41:42:5c:56:
                    80:e1:4d:99:4f:db:b7:e1:af:29:ab:24:3e:b5:5d:
                    d2:a0:85:be:aa:b1:58:90:31:4e:70:6e:d7:c2:88:
                    13:da:a0:e2:a9:32:c3:a0:5e:35:04:42:a7:89:03:
                    7d:68:aa:81:66:b8:c9:29:f8:30:19:b4:13:36:42:
                    56:c1:e4:29:01:c9:40:37:5c:c8:34:ec:6c:a6:e9:
                    a6:3a:db:fb:1f:62:22:49:04:02:55:a8:ca:2e:f0:
                    5e:c2:22:d1:ee:48:e6:25:dc:07:89:67:20:32:bc:
                    99:92:40:4c:a2:9a:30:90:6f:e1:ed:c9:ac:3d:cd:
                    f9:df:22:14:2a:88:15:f6:93:65:0f:d7:84:50:b8:
                    70:df:3f:26:0b:91:f2:b0:9a:4b:9e:c9:cb:a9:2c:
                    84:45:08:55:49:15:de:d2:07:9d:bc:0b:8c:d0:0b:
                    76:38:07:bb:75:4d:25:a2:a9:be:ce:14:92:37:1d:
                    af:26:12:99:e4:88:ed:92:8c:b4:a4:b0:f5:89:b7:
                    0d:67:d3:60:e1:7b:92:f0:28:cf:94:3c:bf:9d:03:
                    02:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:F5:DC:A5:04:F3:29:F2:3A:81:87:B0:99:84:A9:46:97:B4:20:AB
            X509v3 Authority Key Identifier:
                keyid:66:49:18:83:CB:4C:50:12:2F:DB:27:54:B6:25:2F:DD:6F:C9:D5:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZkkYg8tMUBIv2ydUtiUv3W_J1R8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/8c5787-09fa-4988-81a1-75d6be4e5c37/1/kvXcpQTzKfI6gYewmYSpRpe0IKs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/8c5787-09fa-4988-81a1-75d6be4e5c37/1/ZkkYg8tMUBIv2ydUtiUv3W_J1R8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.126.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         32:85:c9:85:59:c0:82:e3:1e:b6:f9:78:52:24:9c:71:0b:42:
         a2:1a:90:d2:3e:44:dd:45:de:6e:30:fe:24:a6:28:ee:cf:87:
         c3:b0:bb:f9:3c:57:e6:d0:2e:ee:76:45:73:9c:a7:13:a7:af:
         7e:95:8a:19:3e:3b:33:84:38:af:74:ca:fb:6c:4f:84:6b:0d:
         6e:37:07:8c:d5:93:d3:c7:3c:13:4b:33:39:54:d4:d1:77:fe:
         96:54:3a:2b:43:84:90:ca:f3:1a:14:0d:f6:fd:4c:c3:9a:7d:
         ea:2f:7d:a4:8c:a3:0e:41:cf:45:0e:3e:4d:38:a0:99:73:4d:
         79:53:48:9c:31:5b:de:bd:64:cf:e8:d7:c2:3b:cf:44:fb:e5:
         e8:b7:30:14:5b:1d:d0:4d:7c:06:44:b9:3b:6f:29:2e:19:2b:
         0c:7b:c4:85:d1:78:2f:36:38:d9:e2:91:d1:a1:6c:9a:d6:12:
         fa:f7:91:af:ee:b9:a6:41:a1:6f:7e:bf:8d:f1:7f:40:5a:0f:
         f9:7a:57:2e:ed:f7:38:7e:95:32:0e:43:4f:a6:b7:5b:76:73:
         b8:ca:1b:4a:19:7e:13:6b:d2:76:1f:71:fa:2d:0c:2e:32:90:
         81:2f:5f:16:d8:9d:b5:59:3b:6c:31:7f:09:26:d5:e9:5a:9e:
         a6:fa:31:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRYIeTqtIgPEFbJGEuNc0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NDkxODgzY2I0YzUwMTIyZmRiMjc1NGI2MjUyZmRkNmZj
OWQ1MWYwHhcNMjUwMTAxMjM0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmY1ZGNhNTA0ZjMyOWYyM2E4MTg3YjA5OTg0YTk0Njk3YjQyMGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp5X1+Kt6lLbP6cjhMe2VjH+q5n7a
TBw5HI23PfnbrDZyvs1qhavlqUFCXFaA4U2ZT9u34a8pqyQ+tV3SoIW+qrFYkDFO
cG7XwogT2qDiqTLDoF41BEKniQN9aKqBZrjJKfgwGbQTNkJWweQpAclAN1zINOxs
pummOtv7H2IiSQQCVajKLvBewiLR7kjmJdwHiWcgMryZkkBMopowkG/h7cmsPc35
3yIUKogV9pNlD9eEULhw3z8mC5HysJpLnsnLqSyERQhVSRXe0gedvAuM0At2OAe7
dU0loqm+zhSSNx2vJhKZ5Ijtkoy0pLD1ibcNZ9Ng4XuS8CjPlDy/nQMC5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJL13KUE8ynyOoGHsJmEqUaXtCCrMB8GA1UdIwQY
MBaAFGZJGIPLTFASL9snVLYlL91vydUfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmtrWWc4dE1VQkl2MnlkVXRpVXYzV19KMVI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC84YzU3ODctMDlmYS00OTg4LTgxYTEt
NzVkNmJlNGU1YzM3LzEva3ZYY3BRVHpLZkk2Z1lld21ZU3BScGUwSUtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC84YzU3ODctMDlmYS00OTg4LTgxYTEtNzVkNmJlNGU1YzM3
LzEvWmtrWWc4dE1VQkl2MnlkVXRpVXYzV19KMVI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF1H7gMA0G
CSqGSIb3DQEBCwUAA4IBAQAyhcmFWcCC4x62+XhSJJxxC0KiGpDSPkTdRd5uMP4k
pijuz4fDsLv5PFfm0C7udkVznKcTp69+lYoZPjszhDivdMr7bE+Eaw1uNweM1ZPT
xzwTSzM5VNTRd/6WVDorQ4SQyvMaFA32/UzDmn3qL32kjKMOQc9FDj5NOKCZc015
U0icMVvevWTP6NfCO89E++XotzAUWx3QTXwGRLk7bykuGSsMe8SF0XgvNjjZ4pHR
oWya1hL695Gv7rmmQaFvfr+N8X9AWg/5elcu7fc4fpUyDkNPprdbdnO4yhtKGX4T
a9J2H3H6LQwuMpCBL18W2J21WTtsMX8JJtXpWp6m+jFF
-----END CERTIFICATE-----