Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/d99947-2298-422f-9da0-fe0d28b68cd5/1/KnO7E8tJ1abhGCx2wXuCqs1IO3U.roa
File:                     KnO7E8tJ1abhGCx2wXuCqs1IO3U.roa (raw, json)
Hash identifier:          BCSVnZM2aJUhjEMy986ORQcWilXP95wH0oKfNXEAgBs=
Subject key identifier:   2A:73:BB:13:CB:49:D5:A6:E1:18:2C:76:C1:7B:82:AA:CD:48:3B:75
Certificate issuer:       /CN=06e4bbdab896e66113f351b4d9c82df50e66a712
Certificate serial:       019736F641C706D49595762B44A43DB84907
Authority key identifier: 06:E4:BB:DA:B8:96:E6:61:13:F3:51:B4:D9:C8:2D:F5:0E:66:A7:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BuS72riW5mET81G02cgt9Q5mpxI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/d99947-2298-422f-9da0-fe0d28b68cd5/1/KnO7E8tJ1abhGCx2wXuCqs1IO3U.roa
Signing time:             Tue 03 Jun 2025 18:03:17 +0000
ROA not before:           Tue 03 Jun 2025 18:03:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206110
IP address blocks:        185.196.68.0/22 maxlen: 24
                          185.196.68.0/24 maxlen: 24
                          185.196.69.0/24 maxlen: 24
                          185.196.70.0/24 maxlen: 24
                          185.196.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/d99947-2298-422f-9da0-fe0d28b68cd5/1/BuS72riW5mET81G02cgt9Q5mpxI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/d99947-2298-422f-9da0-fe0d28b68cd5/1/BuS72riW5mET81G02cgt9Q5mpxI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BuS72riW5mET81G02cgt9Q5mpxI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 17:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:36:f6:41:c7:06:d4:95:95:76:2b:44:a4:3d:b8:49:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06e4bbdab896e66113f351b4d9c82df50e66a712
        Validity
            Not Before: Jun  3 18:03:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2a73bb13cb49d5a6e1182c76c17b82aacd483b75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:bb:92:51:63:97:c0:1f:23:2d:ea:42:ac:07:
                    35:d0:9d:0a:b2:f2:75:36:32:6f:7f:3e:28:00:11:
                    51:96:97:6b:05:74:ea:a4:98:61:c4:07:fe:0e:3c:
                    0e:62:68:e9:43:c2:08:18:9f:d1:30:ae:f5:60:fa:
                    9e:91:df:a4:00:7d:74:e9:94:3a:e3:61:5a:8e:c1:
                    dd:18:99:86:94:3e:8c:ff:50:f7:d4:dc:65:d2:a6:
                    42:6c:8a:b6:b5:98:07:c1:a4:a1:ae:6b:dd:54:4c:
                    6a:48:41:24:ac:5e:bb:c0:94:f8:7b:55:17:66:87:
                    0c:ef:50:0e:1a:8f:2b:1e:95:46:05:cc:fe:09:36:
                    e8:27:fb:78:61:d4:d3:5d:06:50:5e:e4:c1:a5:c6:
                    20:5f:37:6f:5e:f3:12:fd:dd:ad:01:aa:40:d1:8f:
                    63:ef:6e:e0:b7:53:98:d9:53:63:57:30:5c:e2:e7:
                    08:d4:6d:78:24:f3:45:3b:a3:8f:f2:d6:fa:88:08:
                    4a:1b:0e:5e:79:15:c5:a7:93:3d:4b:0d:62:a7:83:
                    7f:6a:26:9f:ca:e7:82:eb:61:4e:cd:f9:cc:44:bf:
                    8c:78:2e:ac:a7:44:95:57:b7:02:1e:ab:88:10:a6:
                    80:1b:74:50:d2:68:44:b1:e7:76:67:cf:ae:cc:c6:
                    4b:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:73:BB:13:CB:49:D5:A6:E1:18:2C:76:C1:7B:82:AA:CD:48:3B:75
            X509v3 Authority Key Identifier:
                keyid:06:E4:BB:DA:B8:96:E6:61:13:F3:51:B4:D9:C8:2D:F5:0E:66:A7:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BuS72riW5mET81G02cgt9Q5mpxI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/d99947-2298-422f-9da0-fe0d28b68cd5/1/KnO7E8tJ1abhGCx2wXuCqs1IO3U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/d99947-2298-422f-9da0-fe0d28b68cd5/1/BuS72riW5mET81G02cgt9Q5mpxI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.196.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3c:89:42:1d:26:22:c7:70:1a:4a:dc:6a:f3:1a:16:08:be:6b:
         2d:10:36:ec:59:fc:59:5a:a0:6b:8b:57:ba:19:69:f1:8c:bc:
         df:34:55:87:c3:b2:6d:a5:3a:0a:b8:61:cf:29:e8:b8:fe:d7:
         2c:7c:0d:80:b3:b5:f4:72:f9:b5:9e:56:41:51:56:53:aa:34:
         d0:07:a1:f5:33:0f:cd:bb:cc:85:f8:49:7a:c0:27:c8:56:da:
         41:6b:8e:d6:cb:f6:06:c6:69:4f:64:be:39:54:16:8e:be:a0:
         b5:bb:ee:95:78:f7:23:ae:c2:05:34:43:f5:7d:1f:e5:ba:d8:
         ca:46:14:2b:76:b6:e6:5e:27:50:52:ba:9e:d4:8a:4b:6d:68:
         56:a3:5a:5c:43:9b:7d:0a:4c:f7:31:ff:06:85:e4:03:82:99:
         de:b7:16:1a:ba:32:17:c9:2a:14:52:21:4b:6b:ac:2c:54:0a:
         00:85:39:ea:f6:48:73:ae:dc:88:7b:5e:68:a1:7b:1f:82:50:
         97:9e:ba:73:24:bf:6d:30:c6:ad:ac:a9:38:10:ae:7a:59:94:
         41:af:56:29:31:62:a9:86:93:c2:a4:27:9c:2c:6c:2f:e5:2c:
         94:52:c7:d0:e7:72:e3:14:7c:83:c7:72:c7:b8:a9:60:67:92:
         3b:ef:35:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc29kHHBtSVlXYrRKQ9uEkHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2ZTRiYmRhYjg5NmU2NjExM2YzNTFiNGQ5YzgyZGY1MGU2
NmE3MTIwHhcNMjUwNjAzMTgwMzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTczYmIxM2NiNDlkNWE2ZTExODJjNzZjMTdiODJhYWNkNDgzYjc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsruSUWOXwB8jLepCrAc10J0KsvJ1
NjJvfz4oABFRlpdrBXTqpJhhxAf+DjwOYmjpQ8IIGJ/RMK71YPqekd+kAH106ZQ6
42FajsHdGJmGlD6M/1D31Nxl0qZCbIq2tZgHwaShrmvdVExqSEEkrF67wJT4e1UX
ZocM71AOGo8rHpVGBcz+CTboJ/t4YdTTXQZQXuTBpcYgXzdvXvMS/d2tAapA0Y9j
727gt1OY2VNjVzBc4ucI1G14JPNFO6OP8tb6iAhKGw5eeRXFp5M9Sw1ip4N/aiaf
yueC62FOzfnMRL+MeC6sp0SVV7cCHquIEKaAG3RQ0mhEsed2Z8+uzMZLIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCpzuxPLSdWm4RgsdsF7gqrNSDt1MB8GA1UdIwQY
MBaAFAbku9q4luZhE/NRtNnILfUOZqcSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnVTNzJyaVc1bUVUODFHMDJjZ3Q5UTVtcHhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny9kOTk5NDctMjI5OC00MjJmLTlkYTAt
ZmUwZDI4YjY4Y2Q1LzEvS25PN0U4dEoxYWJoR0N4MndYdUNxczFJTzNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny9kOTk5NDctMjI5OC00MjJmLTlkYTAtZmUwZDI4YjY4Y2Q1
LzEvQnVTNzJyaVc1bUVUODFHMDJjZ3Q5UTVtcHhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucREMA0G
CSqGSIb3DQEBCwUAA4IBAQA8iUIdJiLHcBpK3GrzGhYIvmstEDbsWfxZWqBri1e6
GWnxjLzfNFWHw7JtpToKuGHPKei4/tcsfA2As7X0cvm1nlZBUVZTqjTQB6H1Mw/N
u8yF+El6wCfIVtpBa47Wy/YGxmlPZL45VBaOvqC1u+6VePcjrsIFNEP1fR/lutjK
RhQrdrbmXidQUrqe1IpLbWhWo1pcQ5t9Ckz3Mf8GheQDgpnetxYaujIXySoUUiFL
a6wsVAoAhTnq9khzrtyIe15ooXsfglCXnrpzJL9tMMatrKk4EK56WZRBr1YpMWKp
hpPCpCecLGwv5SyUUsfQ53LjFHyDx3LHuKlgZ5I77zVG
-----END CERTIFICATE-----