Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/KLlmOWjGKkylhUwKLlIqKiVj2nc.roa
File:                     KLlmOWjGKkylhUwKLlIqKiVj2nc.roa (raw, json)
Hash identifier:          WA3HgTBw7hVOV8FlDEnfE0iV7fngS2b/s+ROCtLHECM=
Subject key identifier:   28:B9:66:39:68:C6:2A:4C:A5:85:4C:0A:2E:52:2A:2A:25:63:DA:77
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       019420D5C5A9AE82A88EF7056EFD3CFA7D61
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/KLlmOWjGKkylhUwKLlIqKiVj2nc.roa
Signing time:             Wed 01 Jan 2025 07:47:48 +0000
ROA not before:           Wed 01 Jan 2025 07:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8492
IP address blocks:        185.195.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:c5:a9:ae:82:a8:8e:f7:05:6e:fd:3c:fa:7d:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Jan  1 07:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=28b9663968c62a4ca5854c0a2e522a2a2563da77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:13:b7:19:d0:dd:27:dc:53:2b:3b:20:45:02:
                    19:3b:58:97:f2:a9:39:59:bf:c2:72:df:ac:2c:4d:
                    46:f6:f2:27:c1:c8:f6:0c:1c:6a:bd:e1:e5:88:27:
                    12:0c:6a:90:0a:5e:fb:ea:76:21:1b:51:bc:3f:e9:
                    33:65:ce:20:66:7c:7d:0a:6e:57:2b:35:61:61:1d:
                    c7:a0:fc:7b:e9:b5:da:0a:de:81:1c:42:92:2b:22:
                    e0:3a:79:1a:eb:ba:21:f5:0b:06:38:31:cb:6c:16:
                    3a:9a:de:09:c3:3a:57:8e:29:fd:b0:c6:ab:5c:45:
                    8d:7b:46:e9:29:9f:1d:f7:c4:59:bb:17:36:e9:8b:
                    21:ca:bf:cf:3b:3f:da:59:be:66:e9:99:05:03:cc:
                    77:26:44:4e:cc:6d:a4:c5:4e:2a:21:f8:7b:a2:4e:
                    6b:81:5e:1e:61:35:9b:08:5f:aa:53:7d:f0:e7:cf:
                    e9:6d:50:02:93:82:cc:78:13:b2:23:8a:f3:03:e7:
                    7d:af:4e:a7:fe:c9:27:f2:1f:a6:ff:ae:c3:6e:10:
                    99:e5:f1:99:71:8a:23:19:a2:66:ab:9b:f5:4c:0e:
                    04:7d:e6:8b:3f:b8:c1:e0:dd:96:49:7b:1e:8b:d5:
                    8b:ae:ba:68:08:4e:c1:7d:de:06:24:ec:26:24:85:
                    26:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:B9:66:39:68:C6:2A:4C:A5:85:4C:0A:2E:52:2A:2A:25:63:DA:77
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/KLlmOWjGKkylhUwKLlIqKiVj2nc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.195.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:50:99:a0:8d:ba:00:57:ba:ad:34:b1:bc:80:88:c8:ee:33:
         dc:5c:f6:f1:96:4e:ee:37:00:f5:8d:0c:93:d1:27:c1:1a:a0:
         fb:5d:5a:70:0d:78:32:70:00:19:13:14:f7:b1:a9:86:74:c2:
         da:8f:4b:15:4b:3b:bf:d9:b5:95:65:58:04:ba:6f:cf:b7:3e:
         32:53:51:11:e1:47:20:5e:8f:17:a4:e6:03:e0:51:8f:24:08:
         fe:af:6d:7e:1e:31:94:b9:2a:10:b9:fb:f2:c0:dc:b5:43:b7:
         4e:d7:e8:09:99:1f:02:01:0b:7c:28:eb:28:f0:fe:bc:63:3b:
         df:1a:92:84:a3:f6:f6:0a:e9:0d:77:e3:dc:76:bf:8b:7f:1e:
         c6:e9:c9:13:cd:26:0b:32:9d:ce:55:dc:d9:dd:ee:e8:bf:77:
         ca:1b:7d:06:9b:1a:23:df:14:13:8e:5a:8f:3d:af:ef:63:1f:
         28:85:1d:20:bf:a9:6c:0a:b6:a9:32:9f:2f:ec:98:f3:65:84:
         c5:f9:42:3b:60:02:1a:21:66:4f:44:67:ed:a4:30:3c:71:4e:
         97:04:e9:bd:ed:f7:1b:65:06:c5:fd:cd:9a:0e:23:5a:b3:03:
         e4:4b:82:c4:b1:05:e4:40:36:a3:f4:cf:5f:4c:07:f9:c6:f3:
         b2:5a:a0:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1cWproKojvcFbv08+n1hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjUwMTAxMDc0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGI5NjYzOTY4YzYyYTRjYTU4NTRjMGEyZTUyMmEyYTI1NjNkYTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyxO3GdDdJ9xTKzsgRQIZO1iX8qk5
Wb/Cct+sLE1G9vInwcj2DBxqveHliCcSDGqQCl776nYhG1G8P+kzZc4gZnx9Cm5X
KzVhYR3HoPx76bXaCt6BHEKSKyLgOnka67oh9QsGODHLbBY6mt4JwzpXjin9sMar
XEWNe0bpKZ8d98RZuxc26Yshyr/POz/aWb5m6ZkFA8x3JkROzG2kxU4qIfh7ok5r
gV4eYTWbCF+qU33w58/pbVACk4LMeBOyI4rzA+d9r06n/skn8h+m/67DbhCZ5fGZ
cYojGaJmq5v1TA4EfeaLP7jB4N2WSXsei9WLrrpoCE7Bfd4GJOwmJIUmnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCi5ZjloxipMpYVMCi5SKiolY9p3MB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvS0xsbU9XakdLa3lsaFV3S0xsSXFLaVZqMm5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucPyMA0G
CSqGSIb3DQEBCwUAA4IBAQCrUJmgjboAV7qtNLG8gIjI7jPcXPbxlk7uNwD1jQyT
0SfBGqD7XVpwDXgycAAZExT3samGdMLaj0sVSzu/2bWVZVgEum/Ptz4yU1ER4Ucg
Xo8XpOYD4FGPJAj+r21+HjGUuSoQufvywNy1Q7dO1+gJmR8CAQt8KOso8P68Yzvf
GpKEo/b2CukNd+Pcdr+Lfx7G6ckTzSYLMp3OVdzZ3e7ov3fKG30Gmxoj3xQTjlqP
Pa/vYx8ohR0gv6lsCrapMp8v7JjzZYTF+UI7YAIaIWZPRGftpDA8cU6XBOm97fcb
ZQbF/c2aDiNaswPkS4LEsQXkQDaj9M9fTAf5xvOyWqDH
-----END CERTIFICATE-----