Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/KEGRp9lF3eOtp_NU5vopR7NUvzI.roa
File:                     KEGRp9lF3eOtp_NU5vopR7NUvzI.roa (raw, json)
Hash identifier:          jpsJGPnnH2GKG8dtxw5w00oiYteLqAMDnm7NeGPwc4U=
Subject key identifier:   28:41:91:A7:D9:45:DD:E3:AD:A7:F3:54:E6:FA:29:47:B3:54:BF:32
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       0194282761A539750A182280C025ADE55C90
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/KEGRp9lF3eOtp_NU5vopR7NUvzI.roa
Signing time:             Thu 02 Jan 2025 17:54:17 +0000
ROA not before:           Thu 02 Jan 2025 17:54:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197715
IP address blocks:        37.153.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 28 Mar 2025 06:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:61:a5:39:75:0a:18:22:80:c0:25:ad:e5:5c:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan  2 17:54:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=284191a7d945dde3ada7f354e6fa2947b354bf32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:5d:88:ea:b3:db:f9:71:f0:33:42:20:bd:c1:
                    5b:cb:7d:85:0b:a9:8e:b1:17:cc:96:bf:01:65:aa:
                    71:48:20:79:36:ad:e5:54:80:9d:ad:68:9f:54:c6:
                    8d:88:1f:ca:b5:37:3a:56:76:39:d0:2b:db:68:95:
                    2d:d3:68:dd:2b:b7:17:ec:e7:d1:07:7c:29:f0:5b:
                    2b:d2:8d:5b:b0:55:29:cc:c6:d2:b1:cc:89:aa:30:
                    43:78:be:cc:98:6e:0b:22:cc:6c:f2:b4:25:e6:e2:
                    7c:5e:08:de:40:2b:96:4f:f7:9e:19:19:3f:fe:db:
                    3e:cf:12:bb:c3:3e:80:4a:1d:a3:1d:2c:b8:5b:ea:
                    46:42:23:a9:16:24:74:6b:ac:17:78:f0:34:2f:67:
                    8c:88:56:3b:2e:af:07:a9:e9:90:b5:0c:7a:22:a7:
                    4c:f2:13:93:20:b3:df:0d:fa:ef:cd:5a:d5:57:f7:
                    4f:67:a6:16:7a:05:2a:e2:eb:cb:cc:87:43:99:99:
                    2f:b6:f0:4e:c9:ee:57:ff:dd:07:4d:ff:31:ff:3a:
                    2b:8c:25:2c:fc:d8:f5:e1:50:04:94:a6:51:ea:17:
                    08:f7:13:7a:13:0c:41:d1:e0:00:79:27:af:14:43:
                    4f:08:0c:1b:43:56:35:86:42:a1:62:be:7d:6a:66:
                    1b:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:41:91:A7:D9:45:DD:E3:AD:A7:F3:54:E6:FA:29:47:B3:54:BF:32
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/KEGRp9lF3eOtp_NU5vopR7NUvzI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.153.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:21:d6:9c:ea:5c:bb:ac:22:e8:55:3c:84:92:e8:5e:bc:6c:
         4d:f5:34:91:3b:7c:3a:03:b6:6f:4a:51:40:5f:6e:e4:67:de:
         fe:32:35:83:8a:58:1a:a4:e0:63:42:a9:46:64:76:a6:fe:6c:
         9e:31:80:83:e1:a3:41:ee:af:72:a0:ce:e5:51:61:d2:5e:d9:
         10:2b:cb:2a:a9:08:f6:74:2e:d7:b1:a5:21:8f:6f:e7:81:c4:
         f6:30:1e:ae:48:98:c7:58:08:16:de:f7:55:fa:5f:b6:40:32:
         b0:ee:e6:10:94:0b:e0:e9:86:63:bc:a0:e2:84:3b:02:f7:65:
         4f:63:5c:8b:b5:3f:f1:b8:bf:13:ed:a9:d5:6f:a1:89:a5:5c:
         61:49:8e:30:56:9e:56:85:41:f0:8a:32:bf:cb:42:1e:8d:da:
         c1:85:be:66:48:d6:9f:f1:66:ce:b2:50:5b:51:04:75:d0:8f:
         cb:b5:8e:78:5c:34:40:de:24:e1:60:6b:80:ca:0b:89:66:7b:
         56:2d:c0:01:7c:0d:81:47:90:f9:ac:0e:fd:b8:a8:0c:1d:6e:
         95:80:ab:4b:55:21:6d:f8:6b:d7:aa:6a:d7:15:5c:a3:ad:d2:
         ad:55:a5:b5:93:aa:67:54:d7:ca:2c:a4:5d:8c:a5:b1:83:27:
         9c:b9:24:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJ2GlOXUKGCKAwCWt5VyQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwMTAyMTc1NDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODQxOTFhN2Q5NDVkZGUzYWRhN2YzNTRlNmZhMjk0N2IzNTRiZjMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsl2I6rPb+XHwM0IgvcFby32FC6mO
sRfMlr8BZapxSCB5Nq3lVICdrWifVMaNiB/KtTc6VnY50CvbaJUt02jdK7cX7OfR
B3wp8Fsr0o1bsFUpzMbSscyJqjBDeL7MmG4LIsxs8rQl5uJ8XgjeQCuWT/eeGRk/
/ts+zxK7wz6ASh2jHSy4W+pGQiOpFiR0a6wXePA0L2eMiFY7Lq8HqemQtQx6IqdM
8hOTILPfDfrvzVrVV/dPZ6YWegUq4uvLzIdDmZkvtvBOye5X/90HTf8x/zorjCUs
/Nj14VAElKZR6hcI9xN6EwxB0eAAeSevFENPCAwbQ1Y1hkKhYr59amYbMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFChBkafZRd3jrafzVOb6KUezVL8yMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvS0VHUnA5bEYzZU90cF9OVTV2b3BSN05VdnpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJZmeMA0G
CSqGSIb3DQEBCwUAA4IBAQBGIdac6ly7rCLoVTyEkuhevGxN9TSRO3w6A7ZvSlFA
X27kZ97+MjWDilgapOBjQqlGZHam/myeMYCD4aNB7q9yoM7lUWHSXtkQK8sqqQj2
dC7XsaUhj2/ngcT2MB6uSJjHWAgW3vdV+l+2QDKw7uYQlAvg6YZjvKDihDsC92VP
Y1yLtT/xuL8T7anVb6GJpVxhSY4wVp5WhUHwijK/y0IejdrBhb5mSNaf8WbOslBb
UQR10I/LtY54XDRA3iThYGuAyguJZntWLcABfA2BR5D5rA79uKgMHW6VgKtLVSFt
+GvXqmrXFVyjrdKtVaW1k6pnVNfKLKRdjKWxgyecuSTW
-----END CERTIFICATE-----