Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/fefb40-d14a-4c58-899b-a952dea2a651/1/kZrHy6O_C92bogsRpN6C84e22aM.roa
File:                     kZrHy6O_C92bogsRpN6C84e22aM.roa (raw, json)
Hash identifier:          J0JdPtLBeCRlUbxJ0oXF2YO76tJDIcSvEt4BcuHJUL8=
Subject key identifier:   91:9A:C7:CB:A3:BF:0B:DD:9B:A2:0B:11:A4:DE:82:F3:87:B6:D9:A3
Certificate issuer:       /CN=52b12ccc7ea1068c30d78c955c56b9763bcf3b4d
Certificate serial:       0194F4E6043AF9D753C5F4D0DF764D91AEA4
Authority key identifier: 52:B1:2C:CC:7E:A1:06:8C:30:D7:8C:95:5C:56:B9:76:3B:CF:3B:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UrEszH6hBoww14yVXFa5djvPO00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/fefb40-d14a-4c58-899b-a952dea2a651/1/kZrHy6O_C92bogsRpN6C84e22aM.roa
Signing time:             Tue 11 Feb 2025 12:05:02 +0000
ROA not before:           Tue 11 Feb 2025 12:05:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34828
IP address blocks:        93.95.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/fefb40-d14a-4c58-899b-a952dea2a651/1/UrEszH6hBoww14yVXFa5djvPO00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/fefb40-d14a-4c58-899b-a952dea2a651/1/UrEszH6hBoww14yVXFa5djvPO00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UrEszH6hBoww14yVXFa5djvPO00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:f4:e6:04:3a:f9:d7:53:c5:f4:d0:df:76:4d:91:ae:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52b12ccc7ea1068c30d78c955c56b9763bcf3b4d
        Validity
            Not Before: Feb 11 12:05:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=919ac7cba3bf0bdd9ba20b11a4de82f387b6d9a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:79:74:d6:e9:c3:21:2a:49:84:a5:51:71:93:
                    e8:14:d6:19:60:81:63:57:e6:ad:a6:11:31:a2:d4:
                    f1:0c:08:a1:ab:d5:a5:9a:dc:8e:59:d8:0a:34:2b:
                    69:fd:28:d6:aa:cd:3b:a1:56:00:62:8c:a1:12:bc:
                    09:9c:f4:73:aa:6d:e4:87:af:9d:a0:4f:25:80:4f:
                    1c:50:d9:2d:1b:d7:2f:ab:b3:65:08:47:96:a1:87:
                    fb:d3:48:80:71:27:28:12:91:ba:41:a9:0a:9f:d8:
                    f7:54:76:24:20:25:13:c5:c9:73:8e:09:5d:0d:c0:
                    6c:dd:81:07:26:5b:d6:73:93:74:a2:ae:bc:6e:b5:
                    17:66:1c:99:34:ec:4c:21:21:57:0c:af:db:0c:6b:
                    f6:28:45:81:d3:dc:49:c7:a7:7a:bc:f8:da:42:30:
                    2b:b1:93:12:0e:71:ab:8e:3b:b9:37:c3:4f:30:80:
                    f1:05:a4:9e:48:c0:67:46:a9:62:32:a7:77:1f:e0:
                    1d:64:94:00:11:26:69:da:fc:7b:64:40:78:ad:a0:
                    70:3b:f7:d2:90:a0:6b:97:4f:70:69:67:77:59:d8:
                    82:79:e7:51:07:a3:8e:1f:3d:3c:9f:a7:02:a0:78:
                    ce:a3:6c:50:48:bf:c1:55:f6:e4:ca:21:af:d4:8c:
                    66:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:9A:C7:CB:A3:BF:0B:DD:9B:A2:0B:11:A4:DE:82:F3:87:B6:D9:A3
            X509v3 Authority Key Identifier:
                keyid:52:B1:2C:CC:7E:A1:06:8C:30:D7:8C:95:5C:56:B9:76:3B:CF:3B:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UrEszH6hBoww14yVXFa5djvPO00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/fefb40-d14a-4c58-899b-a952dea2a651/1/kZrHy6O_C92bogsRpN6C84e22aM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/fefb40-d14a-4c58-899b-a952dea2a651/1/UrEszH6hBoww14yVXFa5djvPO00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.95.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:6a:df:03:f9:48:57:69:32:61:be:b3:44:00:39:2d:a5:b0:
         26:e5:f6:e9:77:1d:82:f3:c9:4d:c0:aa:1b:8c:03:ae:b8:7d:
         cc:d1:cc:cf:ac:af:64:ad:2f:97:7c:85:bc:11:50:50:10:8e:
         0f:a7:65:e9:f4:b2:cf:56:58:ae:20:f2:93:29:76:dd:a0:fd:
         24:dc:09:60:20:f9:34:b4:7f:25:6b:1d:47:26:e7:92:8d:db:
         81:53:f6:b1:a6:36:5d:57:7f:2f:3c:be:a1:70:8e:e0:73:f8:
         a0:a9:74:46:73:10:68:8e:98:66:14:55:b8:ff:e7:02:83:7d:
         82:de:c3:93:77:6f:6a:0c:e5:43:d3:4e:e3:66:4d:13:55:ee:
         8c:a5:14:a8:62:14:59:11:4d:a6:30:d8:75:3c:54:50:42:d5:
         37:17:20:de:b6:10:22:9e:29:13:44:c1:3d:fb:79:57:3c:18:
         91:5c:bb:26:45:03:62:2e:96:87:fc:7e:bb:42:58:e3:e7:6b:
         b1:fa:8f:53:25:91:e9:70:13:4e:3a:98:fe:9f:eb:b9:0b:14:
         fe:f7:78:9b:ef:ad:16:e4:b2:15:d2:5e:ab:60:26:3b:e0:d4:
         92:18:df:d2:52:fc:a3:00:81:3a:20:d4:07:64:23:ce:55:02:
         a0:eb:f1:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZT05gQ6+ddTxfTQ33ZNka6kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyYjEyY2NjN2VhMTA2OGMzMGQ3OGM5NTVjNTZiOTc2M2Jj
ZjNiNGQwHhcNMjUwMjExMTIwNTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTlhYzdjYmEzYmYwYmRkOWJhMjBiMTFhNGRlODJmMzg3YjZkOWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3l01unDISpJhKVRcZPoFNYZYIFj
V+atphExotTxDAihq9WlmtyOWdgKNCtp/SjWqs07oVYAYoyhErwJnPRzqm3kh6+d
oE8lgE8cUNktG9cvq7NlCEeWoYf700iAcScoEpG6QakKn9j3VHYkICUTxclzjgld
DcBs3YEHJlvWc5N0oq68brUXZhyZNOxMISFXDK/bDGv2KEWB09xJx6d6vPjaQjAr
sZMSDnGrjju5N8NPMIDxBaSeSMBnRqliMqd3H+AdZJQAESZp2vx7ZEB4raBwO/fS
kKBrl09waWd3WdiCeedRB6OOHz08n6cCoHjOo2xQSL/BVfbkyiGv1IxmJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJGax8ujvwvdm6ILEaTegvOHttmjMB8GA1UdIwQY
MBaAFFKxLMx+oQaMMNeMlVxWuXY7zztNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXJFc3pINmhCb3d3MTR5VlhGYTVkanZQTzAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny9mZWZiNDAtZDE0YS00YzU4LTg5OWIt
YTk1MmRlYTJhNjUxLzEva1pySHk2T19DOTJib2dzUnBONkM4NGUyMmFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny9mZWZiNDAtZDE0YS00YzU4LTg5OWItYTk1MmRlYTJhNjUx
LzEvVXJFc3pINmhCb3d3MTR5VlhGYTVkanZQTzAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXV8aMA0G
CSqGSIb3DQEBCwUAA4IBAQB+at8D+UhXaTJhvrNEADktpbAm5fbpdx2C88lNwKob
jAOuuH3M0czPrK9krS+XfIW8EVBQEI4Pp2Xp9LLPVliuIPKTKXbdoP0k3AlgIPk0
tH8lax1HJueSjduBU/axpjZdV38vPL6hcI7gc/igqXRGcxBojphmFFW4/+cCg32C
3sOTd29qDOVD007jZk0TVe6MpRSoYhRZEU2mMNh1PFRQQtU3FyDethAinikTRME9
+3lXPBiRXLsmRQNiLpaH/H67Qljj52ux+o9TJZHpcBNOOpj+n+u5CxT+93ib760W
5LIV0l6rYCY74NSSGN/SUvyjAIE6INQHZCPOVQKg6/Ew
-----END CERTIFICATE-----