Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/KNg_TScubKiJ2WSk1PndDHXafcs.roa
File:                     KNg_TScubKiJ2WSk1PndDHXafcs.roa (raw, json)
Hash identifier:          OLVAzv3WRT7v8ayDj8gM91zwzw+fJVhu8S1Dv4NJlCY=
Subject key identifier:   28:D8:3F:4D:27:2E:6C:A8:89:D9:64:A4:D4:F9:DD:0C:75:DA:7D:CB
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       01955D6A91379EDC8442EBBC3D80C17B3DA8
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/KNg_TScubKiJ2WSk1PndDHXafcs.roa
Signing time:             Mon 03 Mar 2025 19:10:19 +0000
ROA not before:           Mon 03 Mar 2025 19:10:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29802
IP address blocks:        5.102.104.0/22 maxlen: 24
                          82.163.96.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:5d:6a:91:37:9e:dc:84:42:eb:bc:3d:80:c1:7b:3d:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Mar  3 19:10:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=28d83f4d272e6ca889d964a4d4f9dd0c75da7dcb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:ee:07:fa:b8:8e:5c:b9:d3:fb:d9:14:f4:b6:
                    49:8c:9c:03:c0:7d:52:3d:a5:4b:3a:a5:9c:67:f9:
                    37:2a:17:11:5e:2f:c1:b2:f0:ca:b8:80:07:0a:63:
                    07:80:2c:3e:6f:88:cc:6f:72:94:fb:9c:fe:c9:52:
                    f5:91:38:f7:be:b3:72:66:a6:36:01:51:2a:34:15:
                    21:21:e5:a0:fe:cf:8b:06:2f:81:13:42:98:81:16:
                    72:39:a5:19:a3:0d:76:31:e5:0e:2d:aa:3c:a3:bb:
                    b8:4a:a1:f3:0a:67:3f:ca:e5:a9:5e:7e:19:a5:a2:
                    98:46:be:bd:7b:b5:2d:92:57:b8:bc:fe:1e:da:3f:
                    cc:22:94:f9:e3:f2:8d:d0:64:ee:8f:2b:bf:34:62:
                    0d:08:6f:66:1f:bb:c6:26:ab:09:ef:fd:9e:cc:4f:
                    74:83:22:f5:55:e7:d0:05:c7:9c:86:2b:ed:6b:12:
                    e6:ff:3b:07:5e:18:a4:e3:a6:97:9a:b1:28:f0:a4:
                    45:3f:6a:73:68:22:bc:68:ca:af:af:89:ea:ec:fc:
                    83:ee:57:5e:9f:7a:0a:f7:13:48:36:bf:8b:48:7d:
                    7c:09:5e:b4:b0:e2:58:39:0e:12:4d:7f:49:35:60:
                    9e:05:f5:43:f6:25:6d:4b:88:fe:c4:69:1f:8e:35:
                    3f:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:D8:3F:4D:27:2E:6C:A8:89:D9:64:A4:D4:F9:DD:0C:75:DA:7D:CB
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/KNg_TScubKiJ2WSk1PndDHXafcs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.104.0/22
                  82.163.96.0/21

    Signature Algorithm: sha256WithRSAEncryption
         83:f8:44:30:5f:c5:9b:09:53:68:fb:fc:fa:17:4d:98:4b:66:
         ff:73:dd:76:2e:41:b0:68:80:31:fb:ff:1c:58:a0:84:82:59:
         bc:b8:90:24:78:dd:2f:a6:28:0c:1d:55:17:45:fb:6b:6e:43:
         c4:90:07:55:a0:04:a4:df:98:7c:47:55:88:08:ff:df:b6:c8:
         8a:5c:05:bb:2b:0d:a8:ce:12:3e:df:e3:64:2c:71:37:12:11:
         18:e7:3c:f5:ae:4e:3d:24:62:45:13:52:ba:60:c1:7f:ce:7e:
         a7:bb:6d:a6:ff:3b:28:b7:a2:71:db:84:ae:2f:a0:08:5a:be:
         23:c4:4d:07:3c:a9:a9:61:5d:5d:9c:22:df:46:07:29:c2:8f:
         82:a6:42:f0:64:46:9b:00:19:fa:e7:b8:6e:1f:7a:cd:ff:47:
         71:0c:71:9a:9c:c6:30:5a:f0:bd:a4:23:f6:fa:20:73:27:f3:
         13:74:d9:f1:37:21:3a:a3:95:58:5a:ca:4a:b2:31:42:a4:5a:
         fb:08:24:27:18:00:a5:5a:2f:e5:ba:69:c4:b3:43:83:6e:3e:
         b7:f0:18:0b:57:7f:4f:88:a8:ab:ae:11:68:6a:f5:ed:c9:7a:
         51:ee:2b:a3:f5:63:1d:c7:c7:44:ed:c9:c5:47:15:0a:2e:fc:
         ad:12:f4:c4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZVdapE3ntyEQuu8PYDBez2oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjUwMzAzMTkxMDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGQ4M2Y0ZDI3MmU2Y2E4ODlkOTY0YTRkNGY5ZGQwYzc1ZGE3ZGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1e4H+riOXLnT+9kU9LZJjJwDwH1S
PaVLOqWcZ/k3KhcRXi/BsvDKuIAHCmMHgCw+b4jMb3KU+5z+yVL1kTj3vrNyZqY2
AVEqNBUhIeWg/s+LBi+BE0KYgRZyOaUZow12MeUOLao8o7u4SqHzCmc/yuWpXn4Z
paKYRr69e7Utkle4vP4e2j/MIpT54/KN0GTujyu/NGINCG9mH7vGJqsJ7/2ezE90
gyL1VefQBcechivtaxLm/zsHXhik46aXmrEo8KRFP2pzaCK8aMqvr4nq7PyD7lde
n3oK9xNINr+LSH18CV60sOJYOQ4STX9JNWCeBfVD9iVtS4j+xGkfjjU/CwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCjYP00nLmyoidlkpNT53Qx12n3LMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvS05nX1RTY3ViS2lKMldTazFQbmRESFhhZmNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCBWZoAwQD
UqNgMA0GCSqGSIb3DQEBCwUAA4IBAQCD+EQwX8WbCVNo+/z6F02YS2b/c912LkGw
aIAx+/8cWKCEglm8uJAkeN0vpigMHVUXRftrbkPEkAdVoASk35h8R1WICP/ftsiK
XAW7Kw2ozhI+3+NkLHE3EhEY5zz1rk49JGJFE1K6YMF/zn6nu22m/zsot6Jx24Su
L6AIWr4jxE0HPKmpYV1dnCLfRgcpwo+CpkLwZEabABn657huH3rN/0dxDHGanMYw
WvC9pCP2+iBzJ/MTdNnxNyE6o5VYWspKsjFCpFr7CCQnGAClWi/lumnEs0ODbj63
8BgLV39PiKirrhFoavXtyXpR7iuj9WMdx8dE7cnFRxUKLvytEvTE
-----END CERTIFICATE-----