Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/KrdTU0G-COzDrvDHsZBW5blc87s.roa
File:                     KrdTU0G-COzDrvDHsZBW5blc87s.roa (raw, json)
Hash identifier:          e5MURfE1fxjsWjv7NV6qAZnNvSH7df1epSs+k1soGdU=
Subject key identifier:   2A:B7:53:53:41:BE:08:EC:C3:AE:F0:C7:B1:90:56:E5:B9:5C:F3:BB
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       01942747BFE71359DE590056AC7025B1A391
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/KrdTU0G-COzDrvDHsZBW5blc87s.roa
Signing time:             Thu 02 Jan 2025 13:50:01 +0000
ROA not before:           Thu 02 Jan 2025 13:50:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44834
IP address blocks:        109.248.255.0/24 maxlen: 24
                          188.130.236.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 03:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:bf:e7:13:59:de:59:00:56:ac:70:25:b1:a3:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  2 13:50:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2ab7535341be08ecc3aef0c7b19056e5b95cf3bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:88:8d:a5:d2:3e:fb:0c:7f:16:c3:b3:90:c5:
                    8e:91:23:56:af:31:a1:85:c8:24:f7:0f:3b:56:74:
                    44:44:7e:30:ff:5a:89:03:3b:2c:b2:88:da:21:49:
                    5f:5b:cb:d7:e3:f2:f9:d9:e1:d5:e0:99:a5:5f:45:
                    1d:d3:ce:a5:99:8a:07:3c:8f:4f:f0:11:ba:bc:fa:
                    2e:e1:76:67:f1:85:24:10:9d:0b:a4:36:49:ce:6d:
                    74:9b:f1:bf:f4:f8:a6:97:b2:77:d4:62:ed:31:45:
                    2e:f1:42:6d:10:82:fc:6a:d0:4b:82:22:18:7e:f9:
                    17:bc:52:1d:21:ee:39:0d:f5:11:11:1f:a3:ad:d8:
                    c5:8a:98:9b:ed:26:d4:c3:06:e7:61:2f:ab:4c:7e:
                    45:a9:95:76:7e:07:07:68:b8:ce:f8:9a:61:22:94:
                    63:e8:d1:f0:7f:40:d9:17:09:05:28:dc:8c:59:ae:
                    0d:8f:7d:39:c4:70:2c:8b:28:58:ae:65:e8:bd:8e:
                    ac:7f:69:ce:a7:c5:a4:c1:b3:9f:e7:fe:4e:8b:a6:
                    3a:2d:86:62:51:38:eb:9e:3d:98:a6:93:68:0a:98:
                    94:0a:70:35:dc:f0:95:10:ef:e2:cc:a0:e2:b6:b3:
                    cb:d4:41:be:5b:58:4c:95:25:88:e5:60:fb:39:63:
                    c6:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:B7:53:53:41:BE:08:EC:C3:AE:F0:C7:B1:90:56:E5:B9:5C:F3:BB
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/KrdTU0G-COzDrvDHsZBW5blc87s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.248.255.0/24
                  188.130.236.0/23

    Signature Algorithm: sha256WithRSAEncryption
         24:31:88:9b:6e:54:66:bc:26:50:6c:d2:c3:5f:2b:a6:b8:d4:
         c0:85:06:be:db:d9:4e:c8:30:80:22:b7:3b:e1:e9:3a:e2:0e:
         ab:07:7a:4e:f3:24:8e:39:1d:96:d9:dc:20:b8:f0:31:e9:b2:
         f0:dd:40:ad:5c:0f:aa:97:f2:06:f9:50:c8:c2:27:73:db:58:
         19:c7:ac:ad:9a:47:4e:12:5e:60:37:5d:61:31:16:fc:bb:38:
         d6:81:ba:1f:6c:22:1b:d2:ed:8d:4b:7a:42:7a:6f:89:ee:bb:
         3f:d8:76:51:68:03:e2:66:3c:8b:13:5c:6e:1d:d6:90:9b:b0:
         66:0b:27:9c:9e:7f:80:ef:23:64:3d:f0:ac:6f:94:f6:70:fc:
         08:fa:52:60:de:32:bf:ac:06:af:9a:bb:47:1c:b9:d6:ff:d3:
         11:d6:fb:68:d4:d3:2e:f0:81:de:66:b7:fa:ed:b8:7d:7a:67:
         8f:b4:c6:03:5d:ee:aa:10:ba:55:26:33:45:74:84:b0:b9:a4:
         8e:b0:8b:58:49:dc:05:34:9e:92:5b:79:5f:94:46:14:71:05:
         3c:70:05:ca:7a:61:c8:a5:2f:a7:5a:53:92:a8:4d:a8:d8:a4:
         b4:cb:6d:8c:41:06:b6:84:1b:68:1f:a9:80:f7:80:19:b7:d6:
         17:55:44:1a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQnR7/nE1neWQBWrHAlsaORMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjUwMTAyMTM1MDAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWI3NTM1MzQxYmUwOGVjYzNhZWYwYzdiMTkwNTZlNWI5NWNmM2JiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYiNpdI++wx/FsOzkMWOkSNWrzGh
hcgk9w87VnRERH4w/1qJAzsssojaIUlfW8vX4/L52eHV4JmlX0Ud086lmYoHPI9P
8BG6vPou4XZn8YUkEJ0LpDZJzm10m/G/9Piml7J31GLtMUUu8UJtEIL8atBLgiIY
fvkXvFIdIe45DfURER+jrdjFipib7SbUwwbnYS+rTH5FqZV2fgcHaLjO+JphIpRj
6NHwf0DZFwkFKNyMWa4Nj305xHAsiyhYrmXovY6sf2nOp8WkwbOf5/5Oi6Y6LYZi
UTjrnj2YppNoCpiUCnA13PCVEO/izKDitrPL1EG+W1hMlSWI5WD7OWPGGQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCq3U1NBvgjsw67wx7GQVuW5XPO7MB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvS3JkVFUwRy1DT3pEcnZESHNaQlc1YmxjODdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbfj/AwQB
vILsMA0GCSqGSIb3DQEBCwUAA4IBAQAkMYibblRmvCZQbNLDXyumuNTAhQa+29lO
yDCAIrc74ek64g6rB3pO8ySOOR2W2dwguPAx6bLw3UCtXA+ql/IG+VDIwidz21gZ
x6ytmkdOEl5gN11hMRb8uzjWgbofbCIb0u2NS3pCem+J7rs/2HZRaAPiZjyLE1xu
HdaQm7BmCyecnn+A7yNkPfCsb5T2cPwI+lJg3jK/rAavmrtHHLnW/9MR1vto1NMu
8IHeZrf67bh9emePtMYDXe6qELpVJjNFdISwuaSOsItYSdwFNJ6SW3lflEYUcQU8
cAXKemHIpS+nWlOSqE2o2KS0y22MQQa2hBtoH6mA94AZt9YXVUQa
-----END CERTIFICATE-----