Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/cf5c10-2131-4116-b6f9-510525c4744c/1/KLjjQzFk9GYkvqPEoe40SA-mXbg.roa
File:                     KLjjQzFk9GYkvqPEoe40SA-mXbg.roa (raw, json)
Hash identifier:          2jEymy+mMO9pWyCpodUhIwEZFiuwLfDEfoelvtg+xqA=
Subject key identifier:   28:B8:E3:43:31:64:F4:66:24:BE:A3:C4:A1:EE:34:48:0F:A6:5D:B8
Certificate issuer:       /CN=d8ee90d342d865ea67f2b0d2fb74c039f83e4a48
Certificate serial:       01942368EA7CE1FB9CCC565D962DE7377B41
Authority key identifier: D8:EE:90:D3:42:D8:65:EA:67:F2:B0:D2:FB:74:C0:39:F8:3E:4A:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2O6Q00LYZepn8rDS-3TAOfg-Skg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/cf5c10-2131-4116-b6f9-510525c4744c/1/KLjjQzFk9GYkvqPEoe40SA-mXbg.roa
Signing time:             Wed 01 Jan 2025 19:47:45 +0000
ROA not before:           Wed 01 Jan 2025 19:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25464
IP address blocks:        195.43.45.0/24 maxlen: 24
                          195.43.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/cf5c10-2131-4116-b6f9-510525c4744c/1/2O6Q00LYZepn8rDS-3TAOfg-Skg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/cf5c10-2131-4116-b6f9-510525c4744c/1/2O6Q00LYZepn8rDS-3TAOfg-Skg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2O6Q00LYZepn8rDS-3TAOfg-Skg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 01:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:68:ea:7c:e1:fb:9c:cc:56:5d:96:2d:e7:37:7b:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8ee90d342d865ea67f2b0d2fb74c039f83e4a48
        Validity
            Not Before: Jan  1 19:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=28b8e3433164f46624bea3c4a1ee34480fa65db8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:c9:2f:d8:b6:d6:84:72:6a:0e:7e:6f:0a:9b:
                    be:e6:cf:16:96:1e:81:12:f6:99:e1:e1:fc:b8:57:
                    30:e7:5e:0d:84:70:03:19:5c:7b:ab:33:ad:83:df:
                    9c:7c:ef:a7:17:65:bd:4f:54:6b:65:46:83:e6:3f:
                    07:50:13:b9:65:02:1a:68:1b:12:51:f8:a6:23:4b:
                    e9:26:8e:bb:48:b0:b0:3a:38:05:b0:00:34:10:6e:
                    2a:29:4b:d5:85:4c:9d:49:36:ab:84:eb:e9:56:a7:
                    b1:ee:5f:94:c1:e3:01:72:dd:0f:eb:ad:bc:0d:8b:
                    e9:12:8e:ee:fd:10:7e:b7:63:c7:7e:4c:98:58:bb:
                    b0:37:59:68:54:b3:06:f7:fb:c5:9e:67:e0:16:c6:
                    3c:f8:c6:9b:c6:48:e8:1f:ff:9d:1e:d0:58:0d:a3:
                    84:20:ca:ee:39:b2:5a:91:fc:e3:f4:ac:89:77:3d:
                    4e:db:3f:40:71:c5:a3:7e:fd:f1:2d:cf:b2:84:13:
                    6b:05:49:ff:ca:e7:52:58:d7:68:93:9e:1f:d4:40:
                    06:da:73:b0:76:07:21:b4:9e:ba:bb:61:5a:9a:bd:
                    97:dd:c0:c4:05:04:e2:34:c2:ba:5c:1d:1f:79:4e:
                    be:36:02:ce:4d:3a:72:9c:4b:02:b8:f7:38:13:50:
                    87:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:B8:E3:43:31:64:F4:66:24:BE:A3:C4:A1:EE:34:48:0F:A6:5D:B8
            X509v3 Authority Key Identifier:
                keyid:D8:EE:90:D3:42:D8:65:EA:67:F2:B0:D2:FB:74:C0:39:F8:3E:4A:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2O6Q00LYZepn8rDS-3TAOfg-Skg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/cf5c10-2131-4116-b6f9-510525c4744c/1/KLjjQzFk9GYkvqPEoe40SA-mXbg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/cf5c10-2131-4116-b6f9-510525c4744c/1/2O6Q00LYZepn8rDS-3TAOfg-Skg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.43.45.0/24
                  195.43.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:54:1f:12:52:91:fd:ff:79:ca:10:ab:c5:a9:a3:d1:4d:bd:
         f8:7f:78:6e:d1:7a:30:ab:d9:3c:bb:e9:f3:b0:49:2d:15:c0:
         b5:91:ee:3d:ef:60:94:af:63:c6:8f:ef:fb:4c:11:03:2d:81:
         56:fa:cc:bc:d2:95:f9:eb:71:70:03:6d:c9:d8:ec:ef:26:f9:
         03:97:fb:4f:b7:e7:90:ba:41:8e:b1:68:24:7d:5e:ad:7a:5c:
         22:7d:ca:72:08:4f:9f:ad:a9:48:98:9b:57:cd:6d:23:77:53:
         e7:d8:64:05:18:de:bf:a9:e0:88:d8:df:86:3f:1e:14:64:52:
         f6:79:f9:86:89:61:36:58:d7:8c:6c:05:82:b5:32:e8:f5:5a:
         e7:58:3b:ac:3c:84:5b:56:b9:2d:5f:86:40:85:7b:b0:10:26:
         b1:29:40:65:da:76:df:c2:bb:cf:74:5b:d7:d7:f0:7f:6e:7f:
         57:fc:10:93:50:81:7a:f7:02:8a:bd:6c:d1:58:81:3b:2f:6f:
         31:ee:76:35:de:b1:ca:16:cf:69:6c:41:62:78:49:a3:2e:16:
         1c:f7:9b:c5:56:68:af:8e:2a:1d:2f:40:13:23:21:e2:54:d9:
         a0:4a:68:b2:68:96:75:12:d3:fd:62:28:1b:cb:9b:5d:bb:c8:
         e8:13:d5:cf
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQjaOp84fuczFZdli3nN3tBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZWU5MGQzNDJkODY1ZWE2N2YyYjBkMmZiNzRjMDM5Zjgz
ZTRhNDgwHhcNMjUwMTAxMTk0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGI4ZTM0MzMxNjRmNDY2MjRiZWEzYzRhMWVlMzQ0ODBmYTY1ZGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs8kv2LbWhHJqDn5vCpu+5s8Wlh6B
EvaZ4eH8uFcw514NhHADGVx7qzOtg9+cfO+nF2W9T1RrZUaD5j8HUBO5ZQIaaBsS
UfimI0vpJo67SLCwOjgFsAA0EG4qKUvVhUydSTarhOvpVqex7l+UweMBct0P6628
DYvpEo7u/RB+t2PHfkyYWLuwN1loVLMG9/vFnmfgFsY8+MabxkjoH/+dHtBYDaOE
IMruObJakfzj9KyJdz1O2z9AccWjfv3xLc+yhBNrBUn/yudSWNdok54f1EAG2nOw
dgchtJ66u2Famr2X3cDEBQTiNMK6XB0feU6+NgLOTTpynEsCuPc4E1CH5QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCi440MxZPRmJL6jxKHuNEgPpl24MB8GA1UdIwQY
MBaAFNjukNNC2GXqZ/Kw0vt0wDn4PkpIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk82UTAwTFlaZXBuOHJEUy0zVEFPZmctU2tnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9jZjVjMTAtMjEzMS00MTE2LWI2Zjkt
NTEwNTI1YzQ3NDRjLzEvS0xqalF6Rms5R1lrdnFQRW9lNDBTQS1tWGJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9jZjVjMTAtMjEzMS00MTE2LWI2ZjktNTEwNTI1YzQ3NDRj
LzEvMk82UTAwTFlaZXBuOHJEUy0zVEFPZmctU2tnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwystAwQA
wysvMA0GCSqGSIb3DQEBCwUAA4IBAQAvVB8SUpH9/3nKEKvFqaPRTb34f3hu0Xow
q9k8u+nzsEktFcC1ke4972CUr2PGj+/7TBEDLYFW+sy80pX563FwA23J2OzvJvkD
l/tPt+eQukGOsWgkfV6telwifcpyCE+fralImJtXzW0jd1Pn2GQFGN6/qeCI2N+G
Px4UZFL2efmGiWE2WNeMbAWCtTLo9VrnWDusPIRbVrktX4ZAhXuwECaxKUBl2nbf
wrvPdFvX1/B/bn9X/BCTUIF69wKKvWzRWIE7L28x7nY13rHKFs9pbEFieEmjLhYc
95vFVmivjiodL0ATIyHiVNmgSmiyaJZ1EtP9Yigby5tdu8joE9XP
-----END CERTIFICATE-----