Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/kmseDDPsfZyLHw6lSPpSy57aWf4.roa
File:                     kmseDDPsfZyLHw6lSPpSy57aWf4.roa (raw, json)
Hash identifier:          TXhaMP6UbjVr4/iaalHGSlVKxmprZPoIEh5A5dZX96E=
Subject key identifier:   92:6B:1E:0C:33:EC:7D:9C:8B:1F:0E:A5:48:FA:52:CB:9E:DA:59:FE
Certificate issuer:       /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial:       0194228DAAEEB15E005A3FFA15B67DD003D5
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/kmseDDPsfZyLHw6lSPpSy57aWf4.roa
Signing time:             Wed 01 Jan 2025 15:48:17 +0000
ROA not before:           Wed 01 Jan 2025 15:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200967
IP address blocks:        213.14.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 02:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:aa:ee:b1:5e:00:5a:3f:fa:15:b6:7d:d0:03:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
        Validity
            Not Before: Jan  1 15:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=926b1e0c33ec7d9c8b1f0ea548fa52cb9eda59fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:45:69:99:98:1e:03:7a:c6:4e:da:6a:d2:ff:
                    a7:e2:ac:e1:c1:73:97:f1:85:11:6d:b3:39:6d:bd:
                    9b:3b:5b:47:3a:b1:a9:a2:58:94:1b:59:3d:ef:65:
                    cd:15:85:4a:f3:13:3d:d4:15:59:b6:34:5f:59:93:
                    b6:e3:04:a4:ad:e1:2c:23:9d:03:62:6a:67:b0:58:
                    76:30:0d:f6:ba:66:b3:55:1e:d7:08:82:f3:f6:70:
                    af:80:01:a8:94:cf:7d:89:eb:38:9c:02:67:ad:9a:
                    36:a3:46:72:a0:2f:e7:d3:6c:ea:44:1a:ce:5d:5a:
                    80:ce:db:bf:ae:08:22:a1:79:d9:34:62:55:4c:d5:
                    4b:b4:b6:f4:5f:a9:78:fe:c4:ac:c4:5f:87:e6:81:
                    6a:af:26:a6:50:e0:a4:80:ca:99:c7:f6:09:ca:83:
                    85:3c:d7:25:d4:88:1f:dd:19:aa:f6:a9:7d:46:32:
                    7e:de:09:43:d9:fe:a0:9d:0e:d8:08:ed:85:a5:20:
                    f0:08:b1:c0:96:eb:43:be:7d:9d:24:f6:2f:1e:a8:
                    73:6e:30:82:3a:d3:36:f3:71:37:d5:c0:49:a0:0f:
                    eb:02:b3:1c:a4:ea:9c:6b:64:95:13:ae:cb:d7:f2:
                    69:fd:c9:76:45:19:1c:e2:0c:13:3e:61:0b:3b:f4:
                    70:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:6B:1E:0C:33:EC:7D:9C:8B:1F:0E:A5:48:FA:52:CB:9E:DA:59:FE
            X509v3 Authority Key Identifier:
                keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/kmseDDPsfZyLHw6lSPpSy57aWf4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.14.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:2b:db:d7:59:3b:62:60:af:b8:3d:54:93:51:6b:08:13:4d:
         e1:19:34:e2:96:87:51:e2:87:b1:bd:5c:bc:ed:5b:41:60:81:
         b2:ee:7a:38:6e:f3:52:97:f3:40:b7:a4:28:dd:bc:c3:d5:87:
         02:d4:5e:0a:e9:7e:3c:2b:fa:4f:7f:2b:a1:5b:75:1d:03:2b:
         b0:8f:bc:6d:fa:6c:a4:59:50:8a:db:7c:2d:59:7c:ea:4f:7c:
         7f:d8:67:de:4c:ba:3d:e7:f3:d4:f5:6e:4e:79:66:7e:01:31:
         ca:43:03:a5:28:e1:a5:2d:de:7f:bc:47:97:11:57:1e:ba:4f:
         2b:8a:d5:b9:3f:7d:c5:63:df:56:01:71:7f:a4:c3:e0:2c:2b:
         ec:03:79:0e:27:31:25:28:d1:98:ce:e1:57:12:c7:bc:ec:44:
         b3:ad:4f:44:9b:4e:90:c0:c6:09:65:33:25:43:43:5e:5b:68:
         e0:2b:23:2d:f2:61:ad:79:71:c3:25:33:c6:93:fb:07:fe:22:
         4c:e7:c2:95:5b:a4:ad:ba:d6:a0:95:95:b3:ee:e1:44:ad:7c:
         fd:2a:d4:bf:72:d8:a6:ce:ca:4c:f8:66:2f:f7:81:f0:73:a9:
         24:47:f9:83:59:b5:fb:f4:3a:5b:4c:b4:94:66:c5:37:86:72:
         34:45:fb:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijarusV4AWj/6FbZ90APVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjUwMTAxMTU0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjZiMWUwYzMzZWM3ZDljOGIxZjBlYTU0OGZhNTJjYjllZGE1OWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr0VpmZgeA3rGTtpq0v+n4qzhwXOX
8YURbbM5bb2bO1tHOrGpoliUG1k972XNFYVK8xM91BVZtjRfWZO24wSkreEsI50D
YmpnsFh2MA32umazVR7XCILz9nCvgAGolM99ies4nAJnrZo2o0ZyoC/n02zqRBrO
XVqAztu/rggioXnZNGJVTNVLtLb0X6l4/sSsxF+H5oFqryamUOCkgMqZx/YJyoOF
PNcl1Igf3Rmq9ql9RjJ+3glD2f6gnQ7YCO2FpSDwCLHAlutDvn2dJPYvHqhzbjCC
OtM283E31cBJoA/rArMcpOqca2SVE67L1/Jp/cl2RRkc4gwTPmELO/RwPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJJrHgwz7H2cix8OpUj6Usue2ln+MB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEva21zZUREUHNmWnlMSHc2bFNQcFN5NTdhV2Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Q7jMA0G
CSqGSIb3DQEBCwUAA4IBAQBdK9vXWTtiYK+4PVSTUWsIE03hGTTilodR4oexvVy8
7VtBYIGy7no4bvNSl/NAt6Qo3bzD1YcC1F4K6X48K/pPfyuhW3UdAyuwj7xt+myk
WVCK23wtWXzqT3x/2GfeTLo95/PU9W5OeWZ+ATHKQwOlKOGlLd5/vEeXEVceuk8r
itW5P33FY99WAXF/pMPgLCvsA3kOJzElKNGYzuFXEse87ESzrU9Em06QwMYJZTMl
Q0NeW2jgKyMt8mGteXHDJTPGk/sH/iJM58KVW6StutaglZWz7uFErXz9KtS/ctim
zspM+GYv94Hwc6kkR/mDWbX79DpbTLSUZsU3hnI0RfvB
-----END CERTIFICATE-----