Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/ddc1aa-5a3a-4163-b5e8-15ea337a7840/1/kgdBEe32jL4o_RNVND7NTLfwJwI.roa
File:                     kgdBEe32jL4o_RNVND7NTLfwJwI.roa (raw, json)
Hash identifier:          PZIGs+YorN99DtOYFOROjFtihI/jC535mZ5OqGnLcRA=
Subject key identifier:   92:07:41:11:ED:F6:8C:BE:28:FD:13:55:34:3E:CD:4C:B7:F0:27:02
Certificate issuer:       /CN=9d3d627c297fe542d8359a86d8e2f9ebd9565a81
Certificate serial:       0195D700346890577CE65C271DBC432817B1
Authority key identifier: 9D:3D:62:7C:29:7F:E5:42:D8:35:9A:86:D8:E2:F9:EB:D9:56:5A:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nT1ifCl_5ULYNZqG2OL569lWWoE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/ddc1aa-5a3a-4163-b5e8-15ea337a7840/1/kgdBEe32jL4o_RNVND7NTLfwJwI.roa
Signing time:             Thu 27 Mar 2025 09:47:49 +0000
ROA not before:           Thu 27 Mar 2025 09:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208324
IP address blocks:        94.231.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/ddc1aa-5a3a-4163-b5e8-15ea337a7840/1/nT1ifCl_5ULYNZqG2OL569lWWoE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/ddc1aa-5a3a-4163-b5e8-15ea337a7840/1/nT1ifCl_5ULYNZqG2OL569lWWoE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nT1ifCl_5ULYNZqG2OL569lWWoE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 21:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:d7:00:34:68:90:57:7c:e6:5c:27:1d:bc:43:28:17:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d3d627c297fe542d8359a86d8e2f9ebd9565a81
        Validity
            Not Before: Mar 27 09:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=92074111edf68cbe28fd1355343ecd4cb7f02702
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:50:2e:f5:8d:ed:af:ad:1b:d7:f3:4c:09:14:
                    81:e4:6f:27:de:4d:f8:cb:8c:b2:4c:fc:0f:39:71:
                    8e:99:28:f1:72:df:78:7d:ea:77:0c:eb:9b:6d:fb:
                    2c:ce:61:84:4e:15:07:94:92:11:ba:de:44:5a:77:
                    cb:6e:f2:a0:fc:1e:45:d8:b7:b4:a4:54:ce:83:05:
                    de:29:94:f0:51:0b:e0:12:de:27:a5:6f:81:bd:6b:
                    13:77:5c:e2:9e:b4:69:46:17:a8:66:12:a7:cc:fe:
                    7c:96:71:52:3a:96:92:dc:27:75:ce:1d:fe:8c:07:
                    34:53:ad:a6:d2:60:28:23:f4:a0:c5:fb:37:4e:b3:
                    ae:39:9a:e0:da:61:8f:78:49:a7:4e:7f:9a:88:4a:
                    f0:0a:a0:92:75:40:6b:19:6d:f1:74:cb:c0:63:1c:
                    fc:ea:ce:a2:4e:c6:1b:c2:2e:3e:3a:de:16:fc:f1:
                    d7:ca:ef:12:5c:3c:b7:de:09:21:0c:33:c5:e6:f3:
                    ba:61:93:36:b8:6a:28:f8:89:e8:a3:bb:a3:a6:56:
                    c6:24:f8:24:c9:44:16:70:a9:5b:f7:88:1e:91:5e:
                    0c:33:5d:74:ce:82:f9:3e:47:b6:6d:44:c4:49:57:
                    19:e8:fe:3f:3d:af:6e:2d:2e:6a:0c:75:d0:f6:92:
                    12:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:07:41:11:ED:F6:8C:BE:28:FD:13:55:34:3E:CD:4C:B7:F0:27:02
            X509v3 Authority Key Identifier:
                keyid:9D:3D:62:7C:29:7F:E5:42:D8:35:9A:86:D8:E2:F9:EB:D9:56:5A:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nT1ifCl_5ULYNZqG2OL569lWWoE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/ddc1aa-5a3a-4163-b5e8-15ea337a7840/1/kgdBEe32jL4o_RNVND7NTLfwJwI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/ddc1aa-5a3a-4163-b5e8-15ea337a7840/1/nT1ifCl_5ULYNZqG2OL569lWWoE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.231.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:e1:3d:65:ae:40:db:d2:b1:c8:e5:f5:ce:e2:2a:82:df:8e:
         39:de:60:97:d1:38:7e:c4:90:c8:14:9c:0c:55:90:cd:a0:a9:
         9c:9f:72:64:97:60:43:c1:be:17:ca:05:f5:cf:78:81:e4:03:
         65:86:5c:1d:98:f7:fb:17:9b:99:2c:6d:97:47:4b:8e:0d:1f:
         4f:79:b1:08:98:ae:2e:66:c4:50:7b:a2:76:c9:62:61:c2:e6:
         e0:ab:3b:0e:36:16:99:72:7c:8e:7c:44:32:b5:6b:0a:f6:a2:
         8f:c8:9a:8a:6e:09:82:e0:91:d9:61:e6:17:c5:d2:11:40:b8:
         aa:bc:20:6f:af:dc:3a:9f:d2:25:8b:96:26:37:35:73:42:77:
         78:59:17:2d:44:ec:ed:82:73:e3:96:3d:3a:0f:c2:f6:31:bf:
         82:49:e4:31:06:40:67:f9:ba:e0:67:74:84:5b:4d:71:7d:9b:
         a3:c1:76:78:cc:99:d6:5f:28:cc:b7:ca:cb:9c:02:27:f7:e1:
         16:93:a6:6f:73:a8:a0:1a:1c:a0:61:85:bb:80:f7:ed:79:3d:
         dc:c2:3b:ae:6b:99:5e:f5:51:e9:01:c6:e1:ad:a0:d0:f4:cf:
         38:be:3c:19:bc:4b:4b:e0:b9:07:c4:9a:4a:89:71:97:66:75:
         c2:45:30:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXXADRokFd85lwnHbxDKBexMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkM2Q2MjdjMjk3ZmU1NDJkODM1OWE4NmQ4ZTJmOWViZDk1
NjVhODEwHhcNMjUwMzI3MDk0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjA3NDExMWVkZjY4Y2JlMjhmZDEzNTUzNDNlY2Q0Y2I3ZjAyNzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoVAu9Y3tr60b1/NMCRSB5G8n3k34
y4yyTPwPOXGOmSjxct94fep3DOubbfsszmGEThUHlJIRut5EWnfLbvKg/B5F2Le0
pFTOgwXeKZTwUQvgEt4npW+BvWsTd1zinrRpRheoZhKnzP58lnFSOpaS3Cd1zh3+
jAc0U62m0mAoI/Sgxfs3TrOuOZrg2mGPeEmnTn+aiErwCqCSdUBrGW3xdMvAYxz8
6s6iTsYbwi4+Ot4W/PHXyu8SXDy33gkhDDPF5vO6YZM2uGoo+Inoo7ujplbGJPgk
yUQWcKlb94gekV4MM110zoL5Pke2bUTESVcZ6P4/Pa9uLS5qDHXQ9pISMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJIHQRHt9oy+KP0TVTQ+zUy38CcCMB8GA1UdIwQY
MBaAFJ09Ynwpf+VC2DWahtji+evZVlqBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblQxaWZDbF81VUxZTlpxRzJPTDU2OWxXV29FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny9kZGMxYWEtNWEzYS00MTYzLWI1ZTgt
MTVlYTMzN2E3ODQwLzEva2dkQkVlMzJqTDRvX1JOVk5EN05UTGZ3SndJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny9kZGMxYWEtNWEzYS00MTYzLWI1ZTgtMTVlYTMzN2E3ODQw
LzEvblQxaWZDbF81VUxZTlpxRzJPTDU2OWxXV29FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXufHMA0G
CSqGSIb3DQEBCwUAA4IBAQCv4T1lrkDb0rHI5fXO4iqC34453mCX0Th+xJDIFJwM
VZDNoKmcn3Jkl2BDwb4XygX1z3iB5ANlhlwdmPf7F5uZLG2XR0uODR9PebEImK4u
ZsRQe6J2yWJhwubgqzsONhaZcnyOfEQytWsK9qKPyJqKbgmC4JHZYeYXxdIRQLiq
vCBvr9w6n9Ili5YmNzVzQnd4WRctROztgnPjlj06D8L2Mb+CSeQxBkBn+brgZ3SE
W01xfZujwXZ4zJnWXyjMt8rLnAIn9+EWk6Zvc6igGhygYYW7gPfteT3cwjuua5le
9VHpAcbhraDQ9M84vjwZvEtL4LkHxJpKiXGXZnXCRTA+
-----END CERTIFICATE-----