Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/4737c9-e263-44e7-8fed-57c955c9c85d/1/KWN7lbu9UX4daUEdNDAK3ZMrFAk.roa
File:                     KWN7lbu9UX4daUEdNDAK3ZMrFAk.roa (raw, json)
Hash identifier:          WqU1UFiFL55OvehHLohuI3Znyc7Zm1Aa844JXIgkQ7A=
Subject key identifier:   29:63:7B:95:BB:BD:51:7E:1D:69:41:1D:34:30:0A:DD:93:2B:14:09
Certificate issuer:       /CN=006b06b5d0ff1000e10c4276eea0880af209d7a2
Certificate serial:       019424B404A390031E2CDC5DE3D5E328DB13
Authority key identifier: 00:6B:06:B5:D0:FF:10:00:E1:0C:42:76:EE:A0:88:0A:F2:09:D7:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AGsGtdD_EADhDEJ27qCICvIJ16I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/4737c9-e263-44e7-8fed-57c955c9c85d/1/KWN7lbu9UX4daUEdNDAK3ZMrFAk.roa
Signing time:             Thu 02 Jan 2025 01:49:24 +0000
ROA not before:           Thu 02 Jan 2025 01:49:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49477
IP address blocks:        185.22.116.0/22 maxlen: 22
                          193.169.66.0/23 maxlen: 23
                          2a04:1f40::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/4737c9-e263-44e7-8fed-57c955c9c85d/1/AGsGtdD_EADhDEJ27qCICvIJ16I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/4737c9-e263-44e7-8fed-57c955c9c85d/1/AGsGtdD_EADhDEJ27qCICvIJ16I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AGsGtdD_EADhDEJ27qCICvIJ16I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 19:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b4:04:a3:90:03:1e:2c:dc:5d:e3:d5:e3:28:db:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=006b06b5d0ff1000e10c4276eea0880af209d7a2
        Validity
            Not Before: Jan  2 01:49:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=29637b95bbbd517e1d69411d34300add932b1409
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:4a:4d:be:1a:92:8e:1b:77:a3:ce:7d:c8:68:
                    12:5a:96:ce:27:44:ea:7f:96:38:71:33:7e:5e:bf:
                    f1:ef:e3:07:fd:6f:e1:3f:6a:e1:78:fe:27:f2:c4:
                    05:7a:79:20:5e:39:a5:ac:ac:4b:23:fe:6f:ed:e9:
                    6b:63:b2:40:ad:70:44:ad:84:c9:af:98:46:25:67:
                    e3:8a:37:4b:3b:2a:2c:de:1c:ed:06:e5:c6:7b:b7:
                    4e:c8:55:ee:84:c9:a5:a7:ab:5c:33:cb:f8:00:27:
                    99:a3:cd:8c:38:4c:ff:b6:87:79:2e:6a:c0:8f:ab:
                    20:dc:96:f0:2f:8d:49:b9:06:ef:75:3a:a3:82:3e:
                    2d:d1:01:1e:95:80:2d:dd:49:e0:39:8a:54:cc:69:
                    97:4d:5f:28:88:0f:a6:fb:52:ba:cd:e6:cf:19:c4:
                    a7:3c:e2:26:ec:6b:79:86:01:1f:7d:55:1e:af:9e:
                    ec:04:8c:03:43:54:8d:65:42:34:8d:47:13:1e:f5:
                    65:00:5f:b2:e3:71:09:11:59:0e:6f:e9:e9:7d:0f:
                    b1:43:11:64:85:eb:6e:0b:f4:cf:34:7e:b4:47:a8:
                    ea:5b:81:9b:27:48:04:19:12:0e:02:95:d1:23:fb:
                    2b:53:3e:ca:68:33:2c:2e:d1:74:b6:95:67:c8:cd:
                    94:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:63:7B:95:BB:BD:51:7E:1D:69:41:1D:34:30:0A:DD:93:2B:14:09
            X509v3 Authority Key Identifier:
                keyid:00:6B:06:B5:D0:FF:10:00:E1:0C:42:76:EE:A0:88:0A:F2:09:D7:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AGsGtdD_EADhDEJ27qCICvIJ16I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/4737c9-e263-44e7-8fed-57c955c9c85d/1/KWN7lbu9UX4daUEdNDAK3ZMrFAk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/4737c9-e263-44e7-8fed-57c955c9c85d/1/AGsGtdD_EADhDEJ27qCICvIJ16I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.22.116.0/22
                  193.169.66.0/23
                IPv6:
                  2a04:1f40::/29

    Signature Algorithm: sha256WithRSAEncryption
         3b:08:e0:d0:4c:65:7d:8d:54:12:04:eb:98:a0:a5:f9:14:1d:
         95:94:e1:91:6c:dd:7c:e3:9b:57:82:45:8c:41:e1:16:fd:57:
         91:96:1d:f7:ca:90:48:56:6b:66:e0:e2:dd:3b:ca:49:71:34:
         2b:9b:ab:33:d3:e6:fd:96:e1:1a:bc:f4:22:5f:b9:d5:19:bd:
         a2:07:e0:6e:f1:79:37:b3:75:11:b3:3b:54:be:d6:1f:8e:2f:
         2d:4d:ac:82:65:1b:d6:38:96:06:da:d7:12:4a:ec:34:03:15:
         71:02:57:05:0c:34:8e:1f:72:d5:86:3b:a4:d8:7a:84:0f:d2:
         55:f9:5f:ff:9f:01:d5:16:dc:c9:81:71:e1:f2:c7:01:b9:a3:
         23:74:74:15:37:45:e6:9c:23:65:10:3f:36:ff:a9:e4:6f:46:
         27:02:d0:79:68:98:cc:e3:f2:36:9f:22:27:51:4b:34:5c:8d:
         6a:3b:0b:75:01:2b:3b:67:56:8d:a6:75:05:eb:72:73:32:f1:
         4c:32:1f:89:36:16:b9:58:0a:75:d6:b3:bc:3f:21:12:54:ec:
         19:00:ec:b1:57:69:eb:5c:9b:2c:1a:8b:34:82:5f:b2:8c:ff:
         cd:47:93:ef:bc:54:1d:d4:de:14:dd:f0:73:24:73:1d:f5:f5:
         65:a8:ee:0f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQktASjkAMeLNxd49XjKNsTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNmIwNmI1ZDBmZjEwMDBlMTBjNDI3NmVlYTA4ODBhZjIw
OWQ3YTIwHhcNMjUwMTAyMDE0OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTYzN2I5NWJiYmQ1MTdlMWQ2OTQxMWQzNDMwMGFkZDkzMmIxNDA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyUpNvhqSjht3o859yGgSWpbOJ0Tq
f5Y4cTN+Xr/x7+MH/W/hP2rheP4n8sQFenkgXjmlrKxLI/5v7elrY7JArXBErYTJ
r5hGJWfjijdLOyos3hztBuXGe7dOyFXuhMmlp6tcM8v4ACeZo82MOEz/tod5LmrA
j6sg3JbwL41JuQbvdTqjgj4t0QEelYAt3UngOYpUzGmXTV8oiA+m+1K6zebPGcSn
POIm7Gt5hgEffVUer57sBIwDQ1SNZUI0jUcTHvVlAF+y43EJEVkOb+npfQ+xQxFk
hetuC/TPNH60R6jqW4GbJ0gEGRIOApXRI/srUz7KaDMsLtF0tpVnyM2UXwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFClje5W7vVF+HWlBHTQwCt2TKxQJMB8GA1UdIwQY
MBaAFABrBrXQ/xAA4QxCdu6giAryCdeiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUdzR3RkRF9FQURoREVKMjdxQ0lDdklKMTZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80NzM3YzktZTI2My00NGU3LThmZWQt
NTdjOTU1YzljODVkLzEvS1dON2xidTlVWDRkYVVFZE5EQUszWk1yRkFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80NzM3YzktZTI2My00NGU3LThmZWQtNTdjOTU1YzljODVk
LzEvQUdzR3RkRF9FQURoREVKMjdxQ0lDdklKMTZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuRZ0AwQB
walCMA0EAgACMAcDBQMqBB9AMA0GCSqGSIb3DQEBCwUAA4IBAQA7CODQTGV9jVQS
BOuYoKX5FB2VlOGRbN1845tXgkWMQeEW/VeRlh33ypBIVmtm4OLdO8pJcTQrm6sz
0+b9luEavPQiX7nVGb2iB+Bu8Xk3s3URsztUvtYfji8tTayCZRvWOJYG2tcSSuw0
AxVxAlcFDDSOH3LVhjuk2HqED9JV+V//nwHVFtzJgXHh8scBuaMjdHQVN0XmnCNl
ED82/6nkb0YnAtB5aJjM4/I2nyInUUs0XI1qOwt1ASs7Z1aNpnUF63JzMvFMMh+J
Nha5WAp11rO8PyESVOwZAOyxV2nrXJssGos0gl+yjP/NR5PvvFQd1N4U3fBzJHMd
9fVlqO4P
-----END CERTIFICATE-----