Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/a38693-cfa0-43e8-a51b-11e9e9f01343/1/KlHNG1wkVyOFx-j7DYZVfmh5bYE.roa
File:                     KlHNG1wkVyOFx-j7DYZVfmh5bYE.roa (raw, json)
Hash identifier:          L5JYU64abXKhXkIrpf3gdfvIS55/epAy6+ULSIZ/xw8=
Subject key identifier:   2A:51:CD:1B:5C:24:57:23:85:C7:E8:FB:0D:86:55:7E:68:79:6D:81
Certificate issuer:       /CN=330fe971b3e36b16a92be85f59985be45968b864
Certificate serial:       0194221F5DB9540450AB7358ECD06187DEBA
Authority key identifier: 33:0F:E9:71:B3:E3:6B:16:A9:2B:E8:5F:59:98:5B:E4:59:68:B8:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mw_pcbPjaxapK-hfWZhb5FlouGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/a38693-cfa0-43e8-a51b-11e9e9f01343/1/KlHNG1wkVyOFx-j7DYZVfmh5bYE.roa
Signing time:             Wed 01 Jan 2025 13:47:48 +0000
ROA not before:           Wed 01 Jan 2025 13:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        185.1.112.0/24 maxlen: 24
                          2001:7f8:83::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/a38693-cfa0-43e8-a51b-11e9e9f01343/1/Mw_pcbPjaxapK-hfWZhb5FlouGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/a38693-cfa0-43e8-a51b-11e9e9f01343/1/Mw_pcbPjaxapK-hfWZhb5FlouGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mw_pcbPjaxapK-hfWZhb5FlouGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 22:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:5d:b9:54:04:50:ab:73:58:ec:d0:61:87:de:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=330fe971b3e36b16a92be85f59985be45968b864
        Validity
            Not Before: Jan  1 13:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2a51cd1b5c24572385c7e8fb0d86557e68796d81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:1d:a0:07:5e:9b:47:73:1d:af:ba:09:77:bd:
                    72:b3:05:45:48:da:c8:ce:6c:de:97:19:fd:26:aa:
                    f2:a4:08:d0:d5:2a:55:f6:df:8a:2a:60:e9:9f:62:
                    a3:d3:88:7b:e2:aa:e4:eb:3e:82:91:07:0d:85:8c:
                    7b:8a:2d:60:66:bf:f1:2c:33:5c:2a:3c:46:d7:1d:
                    83:57:b4:a5:72:31:8c:76:3a:3f:85:48:04:9f:53:
                    82:4e:c2:35:94:2f:5f:d2:33:5c:95:58:cc:16:76:
                    bd:9a:93:a6:53:4d:e0:23:b1:87:ea:75:92:db:94:
                    67:9e:cf:f3:1c:c1:b8:67:1e:51:ff:7b:fc:42:70:
                    91:30:3b:25:74:5c:22:c0:06:5a:8a:9c:0b:4d:4a:
                    c0:b3:7a:37:0c:9c:2b:7b:a7:61:8a:4f:27:4b:2b:
                    1b:53:74:ab:f8:01:e2:39:ee:26:cf:25:b4:5c:91:
                    7f:0e:28:16:06:f3:6b:49:a1:77:5f:14:27:6d:99:
                    51:b6:1f:36:9c:f2:aa:a6:64:a0:f5:1a:90:ed:42:
                    13:fb:41:86:b9:cb:6b:e1:7e:b0:9f:02:90:cb:14:
                    5b:1d:30:87:fd:89:6c:a4:57:89:30:3c:43:44:69:
                    57:1c:ce:88:0e:3d:60:b6:bd:7a:75:e3:21:4f:42:
                    e9:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:51:CD:1B:5C:24:57:23:85:C7:E8:FB:0D:86:55:7E:68:79:6D:81
            X509v3 Authority Key Identifier:
                keyid:33:0F:E9:71:B3:E3:6B:16:A9:2B:E8:5F:59:98:5B:E4:59:68:B8:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mw_pcbPjaxapK-hfWZhb5FlouGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/a38693-cfa0-43e8-a51b-11e9e9f01343/1/KlHNG1wkVyOFx-j7DYZVfmh5bYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/a38693-cfa0-43e8-a51b-11e9e9f01343/1/Mw_pcbPjaxapK-hfWZhb5FlouGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.112.0/24
                IPv6:
                  2001:7f8:83::/48

    Signature Algorithm: sha256WithRSAEncryption
         53:df:ef:2a:13:a3:c2:0b:71:20:68:2b:b0:18:16:0b:6a:0c:
         29:0f:e5:23:71:71:90:4f:38:1e:fe:9a:f7:8e:13:75:9b:e8:
         76:34:6f:4e:be:f4:b5:21:38:42:3e:09:95:bd:80:f1:72:31:
         32:ca:d8:5f:de:69:f6:55:75:52:1a:0b:33:d8:6e:ba:76:c0:
         c4:69:1b:34:d2:05:16:91:24:3c:8d:98:10:a0:2a:18:af:90:
         da:98:de:ef:63:7b:dc:6a:94:dc:8a:d7:2b:7f:f2:ec:f6:ce:
         0b:bb:7a:41:4f:34:0d:29:f0:f7:06:c0:5d:08:ea:43:c5:b3:
         2d:51:de:6f:f7:4d:30:78:20:51:bf:91:58:aa:d9:f6:f5:1d:
         a2:4a:e6:fe:c6:ab:1a:5c:17:bf:1a:07:b3:9f:dd:f1:bd:4b:
         4d:53:24:83:1c:68:81:49:f6:c0:6f:73:11:32:09:df:f4:9c:
         7a:a7:02:2c:f7:1c:20:53:d3:85:e7:d6:3a:bb:05:b6:8b:23:
         31:19:9b:b4:3c:5c:9f:fc:cf:32:99:23:43:ce:45:28:38:ef:
         9d:c7:70:57:f1:1e:cc:b4:29:c0:35:cc:20:9d:24:95:5d:d4:
         8a:47:be:30:2a:6e:0c:80:ca:d1:cf:b1:77:75:50:b4:f8:1c:
         3d:fa:f3:e4
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQiH125VARQq3NY7NBhh966MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMGZlOTcxYjNlMzZiMTZhOTJiZTg1ZjU5OTg1YmU0NTk2
OGI4NjQwHhcNMjUwMTAxMTM0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTUxY2QxYjVjMjQ1NzIzODVjN2U4ZmIwZDg2NTU3ZTY4Nzk2ZDgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmh2gB16bR3Mdr7oJd71yswVFSNrI
zmzelxn9JqrypAjQ1SpV9t+KKmDpn2Kj04h74qrk6z6CkQcNhYx7ii1gZr/xLDNc
KjxG1x2DV7SlcjGMdjo/hUgEn1OCTsI1lC9f0jNclVjMFna9mpOmU03gI7GH6nWS
25Rnns/zHMG4Zx5R/3v8QnCRMDsldFwiwAZaipwLTUrAs3o3DJwre6dhik8nSysb
U3Sr+AHiOe4mzyW0XJF/DigWBvNrSaF3XxQnbZlRth82nPKqpmSg9RqQ7UIT+0GG
uctr4X6wnwKQyxRbHTCH/YlspFeJMDxDRGlXHM6IDj1gtr16deMhT0LpsQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCpRzRtcJFcjhcfo+w2GVX5oeW2BMB8GA1UdIwQY
MBaAFDMP6XGz42sWqSvoX1mYW+RZaLhkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXdfcGNiUGpheGFwSy1oZldaaGI1RmxvdUdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9hMzg2OTMtY2ZhMC00M2U4LWE1MWIt
MTFlOWU5ZjAxMzQzLzEvS2xITkcxd2tWeU9GeC1qN0RZWlZmbWg1YllFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9hMzg2OTMtY2ZhMC00M2U4LWE1MWItMTFlOWU5ZjAxMzQz
LzEvTXdfcGNiUGpheGFwSy1oZldaaGI1RmxvdUdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuQFwMA8E
AgACMAkDBwAgAQf4AIMwDQYJKoZIhvcNAQELBQADggEBAFPf7yoTo8ILcSBoK7AY
FgtqDCkP5SNxcZBPOB7+mveOE3Wb6HY0b06+9LUhOEI+CZW9gPFyMTLK2F/eafZV
dVIaCzPYbrp2wMRpGzTSBRaRJDyNmBCgKhivkNqY3u9je9xqlNyK1yt/8uz2zgu7
ekFPNA0p8PcGwF0I6kPFsy1R3m/3TTB4IFG/kViq2fb1HaJK5v7GqxpcF78aB7Of
3fG9S01TJIMcaIFJ9sBvcxEyCd/0nHqnAiz3HCBT04Xn1jq7BbaLIzEZm7Q8XJ/8
zzKZI0PORSg4753HcFfxHsy0KcA1zCCdJJVd1IpHvjAqbgyAytHPsXd1ULT4HD36
8+Q=
-----END CERTIFICATE-----