Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/3ac761-9ad8-4513-8a32-1f55d9999eeb/1/KNngLPUEeJfGeGvW_sjNLwrjlmo.roa
File:                     KNngLPUEeJfGeGvW_sjNLwrjlmo.roa (raw, json)
Hash identifier:          VdgpRYVhUpsamPtzdnV+HbncE6iEYGQS6JyumMp2yn8=
Subject key identifier:   28:D9:E0:2C:F5:04:78:97:C6:78:6B:D6:FE:C8:CD:2F:0A:E3:96:6A
Certificate issuer:       /CN=44728fb31c4ebdfb9bf129745b91bd2e2ee8ef31
Certificate serial:       01942444D7B59D28E62ADE1A8D7ECBDC8523
Authority key identifier: 44:72:8F:B3:1C:4E:BD:FB:9B:F1:29:74:5B:91:BD:2E:2E:E8:EF:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RHKPsxxOvfub8Sl0W5G9Li7o7zE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/3ac761-9ad8-4513-8a32-1f55d9999eeb/1/KNngLPUEeJfGeGvW_sjNLwrjlmo.roa
Signing time:             Wed 01 Jan 2025 23:47:58 +0000
ROA not before:           Wed 01 Jan 2025 23:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19750
IP address blocks:        91.199.242.0/24 maxlen: 24
                          91.212.98.0/24 maxlen: 24
                          185.235.85.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/3ac761-9ad8-4513-8a32-1f55d9999eeb/1/RHKPsxxOvfub8Sl0W5G9Li7o7zE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/3ac761-9ad8-4513-8a32-1f55d9999eeb/1/RHKPsxxOvfub8Sl0W5G9Li7o7zE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RHKPsxxOvfub8Sl0W5G9Li7o7zE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 05:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:d7:b5:9d:28:e6:2a:de:1a:8d:7e:cb:dc:85:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44728fb31c4ebdfb9bf129745b91bd2e2ee8ef31
        Validity
            Not Before: Jan  1 23:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=28d9e02cf5047897c6786bd6fec8cd2f0ae3966a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:3c:00:3b:1f:60:6a:46:ed:8e:60:63:8a:7e:
                    f3:4d:ae:4f:5c:5c:9c:75:92:3b:c0:a9:10:cb:a4:
                    a0:88:c1:8e:29:a8:8c:eb:98:fc:d6:7c:49:38:d8:
                    3a:a1:8c:d9:aa:cf:11:c3:b2:f0:65:56:29:0f:d0:
                    17:a0:82:e7:08:9d:b4:9a:0a:43:04:09:fc:4f:30:
                    c7:2f:64:e2:7e:e9:a0:d3:53:6a:69:1f:cc:4e:cf:
                    60:3f:7d:62:70:01:de:97:b6:41:c0:17:59:dd:e9:
                    19:54:dd:95:8d:7a:c4:46:56:b2:d6:50:be:f0:20:
                    e4:aa:13:eb:13:18:97:2d:3d:d7:ed:9d:b8:72:54:
                    c0:c4:52:61:39:74:05:79:f5:c3:b4:db:fe:6b:2e:
                    9e:49:8a:cb:77:b9:28:7a:15:b6:17:3a:c1:5b:5c:
                    65:bd:c9:20:fc:dd:cd:b7:be:79:b3:93:a0:63:32:
                    2e:5a:c8:28:84:62:8e:9f:2e:89:87:f5:3c:42:37:
                    cc:1e:74:c2:d7:48:c7:8f:43:0f:39:7f:70:96:ac:
                    85:21:2d:7c:59:14:09:f6:d5:75:d3:14:1f:84:15:
                    90:69:36:41:e1:a8:b0:90:fe:da:b9:62:10:88:da:
                    56:dc:3a:46:4e:23:19:54:b5:ce:28:66:1a:18:25:
                    09:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:D9:E0:2C:F5:04:78:97:C6:78:6B:D6:FE:C8:CD:2F:0A:E3:96:6A
            X509v3 Authority Key Identifier:
                keyid:44:72:8F:B3:1C:4E:BD:FB:9B:F1:29:74:5B:91:BD:2E:2E:E8:EF:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RHKPsxxOvfub8Sl0W5G9Li7o7zE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/3ac761-9ad8-4513-8a32-1f55d9999eeb/1/KNngLPUEeJfGeGvW_sjNLwrjlmo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/3ac761-9ad8-4513-8a32-1f55d9999eeb/1/RHKPsxxOvfub8Sl0W5G9Li7o7zE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.242.0/24
                  91.212.98.0/24
                  185.235.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:d0:c9:45:6f:0c:2f:09:08:1f:a3:13:d4:be:8a:e5:c3:cf:
         f7:9f:78:ca:1c:0e:89:f5:70:11:b7:9f:45:ae:a7:c8:d0:23:
         e1:79:04:09:4e:1f:89:7e:42:c2:28:38:0b:ac:44:2d:96:d9:
         d6:47:45:60:93:b1:05:c7:ea:31:0a:5e:d0:52:cd:9e:a8:98:
         fb:3d:09:7e:b4:e4:4b:6c:cc:89:f8:94:c6:48:41:da:9f:3e:
         e7:f8:53:4a:c0:8e:42:63:ca:f5:18:ba:ee:a6:60:94:a4:f3:
         da:ef:5a:95:51:f2:74:fb:1c:dd:09:90:6b:45:89:69:71:2a:
         34:85:31:35:9f:18:3a:c9:b1:f2:68:df:60:82:f5:e9:ed:77:
         63:22:78:4c:bb:76:1f:34:c8:f3:b2:41:dc:6f:40:30:d4:c4:
         15:f5:bd:83:56:ce:64:5d:f3:9e:e5:e6:d5:7e:f6:63:68:98:
         02:a7:ea:47:48:fa:f7:6e:c0:ce:02:0f:08:b0:82:fa:1a:fb:
         ff:eb:df:90:16:b4:ab:63:1a:f3:89:13:a5:d4:50:4e:8c:b9:
         af:15:9f:dc:36:90:97:35:3b:31:5c:9d:02:a1:ef:f9:e5:2d:
         f6:a5:ec:1c:93:ba:ad:ed:95:a2:33:1c:57:69:3f:cd:f3:14:
         03:89:0c:20
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQkRNe1nSjmKt4ajX7L3IUjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NzI4ZmIzMWM0ZWJkZmI5YmYxMjk3NDViOTFiZDJlMmVl
OGVmMzEwHhcNMjUwMTAxMjM0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGQ5ZTAyY2Y1MDQ3ODk3YzY3ODZiZDZmZWM4Y2QyZjBhZTM5NjZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwTwAOx9gakbtjmBjin7zTa5PXFyc
dZI7wKkQy6SgiMGOKaiM65j81nxJONg6oYzZqs8Rw7LwZVYpD9AXoILnCJ20mgpD
BAn8TzDHL2Tifumg01NqaR/MTs9gP31icAHel7ZBwBdZ3ekZVN2VjXrERlay1lC+
8CDkqhPrExiXLT3X7Z24clTAxFJhOXQFefXDtNv+ay6eSYrLd7koehW2FzrBW1xl
vckg/N3Nt755s5OgYzIuWsgohGKOny6Jh/U8QjfMHnTC10jHj0MPOX9wlqyFIS18
WRQJ9tV10xQfhBWQaTZB4aiwkP7auWIQiNpW3DpGTiMZVLXOKGYaGCUJ+wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCjZ4Cz1BHiXxnhr1v7IzS8K45ZqMB8GA1UdIwQY
MBaAFERyj7McTr37m/EpdFuRvS4u6O8xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkhLUHN4eE92ZnViOFNsMFc1RzlMaTdvN3pFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS8zYWM3NjEtOWFkOC00NTEzLThhMzIt
MWY1NWQ5OTk5ZWViLzEvS05uZ0xQVUVlSmZHZUd2V19zak5Md3JqbG1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS8zYWM3NjEtOWFkOC00NTEzLThhMzItMWY1NWQ5OTk5ZWVi
LzEvUkhLUHN4eE92ZnViOFNsMFc1RzlMaTdvN3pFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW8fyAwQA
W9RiAwQAuetVMA0GCSqGSIb3DQEBCwUAA4IBAQCU0MlFbwwvCQgfoxPUvorlw8/3
n3jKHA6J9XARt59FrqfI0CPheQQJTh+JfkLCKDgLrEQtltnWR0Vgk7EFx+oxCl7Q
Us2eqJj7PQl+tORLbMyJ+JTGSEHanz7n+FNKwI5CY8r1GLrupmCUpPPa71qVUfJ0
+xzdCZBrRYlpcSo0hTE1nxg6ybHyaN9ggvXp7XdjInhMu3YfNMjzskHcb0Aw1MQV
9b2DVs5kXfOe5ebVfvZjaJgCp+pHSPr3bsDOAg8IsIL6Gvv/69+QFrSrYxrziROl
1FBOjLmvFZ/cNpCXNTsxXJ0Coe/55S32pewck7qt7ZWiMxxXaT/N8xQDiQwg
-----END CERTIFICATE-----