Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/4ec569-8caf-4198-bae1-773120ff7c0f/1/kx7UofzIMm_m_XlnrQs2X_ZwrTs.roa
File:                     kx7UofzIMm_m_XlnrQs2X_ZwrTs.roa (raw, json)
Hash identifier:          FMY4CRQkCPFhXww6V/ELCA3IQUBWPklogLha1wHTo1w=
Subject key identifier:   93:1E:D4:A1:FC:C8:32:6F:E6:FD:79:67:AD:0B:36:5F:F6:70:AD:3B
Certificate issuer:       /CN=a016588bd1ccb2dd221c6f87838567475d7ef29b
Certificate serial:       01942444ADE9321ED435869CFC9A02A8C3B2
Authority key identifier: A0:16:58:8B:D1:CC:B2:DD:22:1C:6F:87:83:85:67:47:5D:7E:F2:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oBZYi9HMst0iHG-Hg4VnR11-8ps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/4ec569-8caf-4198-bae1-773120ff7c0f/1/kx7UofzIMm_m_XlnrQs2X_ZwrTs.roa
Signing time:             Wed 01 Jan 2025 23:47:48 +0000
ROA not before:           Wed 01 Jan 2025 23:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21219
IP address blocks:        176.105.168.0/21 maxlen: 21
                          176.105.176.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/4ec569-8caf-4198-bae1-773120ff7c0f/1/oBZYi9HMst0iHG-Hg4VnR11-8ps.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/4ec569-8caf-4198-bae1-773120ff7c0f/1/oBZYi9HMst0iHG-Hg4VnR11-8ps.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oBZYi9HMst0iHG-Hg4VnR11-8ps.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 05:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:ad:e9:32:1e:d4:35:86:9c:fc:9a:02:a8:c3:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a016588bd1ccb2dd221c6f87838567475d7ef29b
        Validity
            Not Before: Jan  1 23:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=931ed4a1fcc8326fe6fd7967ad0b365ff670ad3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:c5:5f:9f:ae:3e:6e:20:4f:e0:16:26:e4:46:
                    de:19:2f:dc:87:8e:83:8f:3e:68:fd:13:11:08:5b:
                    c4:cb:f6:bc:97:5b:fb:1e:8b:67:f6:fc:7e:10:9c:
                    ec:93:5b:b9:d8:b1:bc:f9:dc:b9:d0:e9:b2:b4:79:
                    fb:1d:e6:47:dd:92:13:1b:a7:4c:2b:12:a2:5b:01:
                    07:ba:e8:11:f8:68:6d:86:40:fa:03:9e:c3:fb:c7:
                    ed:ab:c4:e8:ff:22:ec:c2:78:90:f6:d0:2c:98:9d:
                    58:32:42:2f:9b:fb:94:21:b0:e9:70:17:40:3d:2b:
                    42:d8:e7:d6:79:15:28:da:70:fa:21:d8:50:33:9d:
                    d2:9f:8a:e9:f5:02:0b:05:64:fb:79:85:45:c6:7d:
                    e8:b9:c6:4f:fc:91:25:8e:cb:45:07:b8:0f:7f:13:
                    5e:56:61:7f:4f:46:e7:89:12:5f:21:cd:85:4f:3c:
                    87:1e:a7:3a:7f:47:85:19:94:ee:8e:8a:01:a0:ab:
                    89:22:96:c7:5f:b7:40:24:9c:24:12:fe:20:1d:ab:
                    97:65:13:ad:fc:5f:e1:37:50:74:50:20:3b:8d:79:
                    cd:49:d9:53:16:1c:9f:a5:3c:e5:10:02:2a:21:b8:
                    24:12:ff:64:dd:66:e5:a0:ac:5f:39:df:ef:46:95:
                    2a:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:1E:D4:A1:FC:C8:32:6F:E6:FD:79:67:AD:0B:36:5F:F6:70:AD:3B
            X509v3 Authority Key Identifier:
                keyid:A0:16:58:8B:D1:CC:B2:DD:22:1C:6F:87:83:85:67:47:5D:7E:F2:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oBZYi9HMst0iHG-Hg4VnR11-8ps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/4ec569-8caf-4198-bae1-773120ff7c0f/1/kx7UofzIMm_m_XlnrQs2X_ZwrTs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/4ec569-8caf-4198-bae1-773120ff7c0f/1/oBZYi9HMst0iHG-Hg4VnR11-8ps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.105.168.0-176.105.183.255

    Signature Algorithm: sha256WithRSAEncryption
         48:bd:a1:8d:3c:1c:02:36:b9:78:cb:d4:cf:73:4f:28:2b:19:
         c1:62:0c:b0:6e:d6:0a:c1:58:1e:46:f6:42:45:71:42:da:73:
         e4:19:d2:03:f3:4e:17:58:f1:c5:24:ee:75:a9:a9:2f:a0:30:
         6c:0b:8e:9b:96:df:8e:9c:62:29:94:b9:d5:d7:40:c1:28:ac:
         9c:a4:ba:f0:63:cd:0f:16:89:c2:9a:84:50:2c:21:a8:79:c8:
         f3:82:2e:eb:97:eb:8d:02:3a:be:31:35:92:1e:cb:c3:89:91:
         c9:06:01:97:07:2f:03:0a:14:f4:84:89:e5:43:bd:2a:8a:63:
         cf:18:91:c4:55:04:aa:c1:db:ad:a4:2e:b0:22:43:8c:81:12:
         b5:67:e4:d8:89:3f:fb:0e:75:5b:2e:01:d7:d2:89:42:7b:fe:
         6a:7f:26:b5:da:41:47:d1:b3:0f:94:ac:f4:5f:c3:ab:f2:13:
         20:cb:42:ba:02:e0:28:b9:6f:07:60:e0:d9:85:ea:64:b6:90:
         9b:67:d9:11:f6:3f:21:e1:83:d8:60:d8:6b:1a:a6:c3:f7:c6:
         71:a7:97:f5:e4:9e:9d:15:08:37:4f:93:e6:29:61:6d:d4:3b:
         46:63:83:bd:35:1c:ae:3e:0e:ca:02:ed:0c:fe:13:eb:28:9a:
         01:d5:09:8e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQkRK3pMh7UNYac/JoCqMOyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwMTY1ODhiZDFjY2IyZGQyMjFjNmY4NzgzODU2NzQ3NWQ3
ZWYyOWIwHhcNMjUwMTAxMjM0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzFlZDRhMWZjYzgzMjZmZTZmZDc5NjdhZDBiMzY1ZmY2NzBhZDNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo8Vfn64+biBP4BYm5EbeGS/ch46D
jz5o/RMRCFvEy/a8l1v7Hotn9vx+EJzsk1u52LG8+dy50OmytHn7HeZH3ZITG6dM
KxKiWwEHuugR+GhthkD6A57D+8ftq8To/yLswniQ9tAsmJ1YMkIvm/uUIbDpcBdA
PStC2OfWeRUo2nD6IdhQM53Sn4rp9QILBWT7eYVFxn3oucZP/JEljstFB7gPfxNe
VmF/T0bniRJfIc2FTzyHHqc6f0eFGZTujooBoKuJIpbHX7dAJJwkEv4gHauXZROt
/F/hN1B0UCA7jXnNSdlTFhyfpTzlEAIqIbgkEv9k3WbloKxfOd/vRpUqrQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJMe1KH8yDJv5v15Z60LNl/2cK07MB8GA1UdIwQY
MBaAFKAWWIvRzLLdIhxvh4OFZ0ddfvKbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0JaWWk5SE1zdDBpSEctSGc0Vm5SMTEtOHBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi80ZWM1NjktOGNhZi00MTk4LWJhZTEt
NzczMTIwZmY3YzBmLzEva3g3VW9meklNbV9tX1hsbnJRczJYX1p3clRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi80ZWM1NjktOGNhZi00MTk4LWJhZTEtNzczMTIwZmY3YzBm
LzEvb0JaWWk5SE1zdDBpSEctSGc0Vm5SMTEtOHBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAOwaagD
BAOwabAwDQYJKoZIhvcNAQELBQADggEBAEi9oY08HAI2uXjL1M9zTygrGcFiDLBu
1grBWB5G9kJFcULac+QZ0gPzThdY8cUk7nWpqS+gMGwLjpuW346cYimUudXXQMEo
rJykuvBjzQ8WicKahFAsIah5yPOCLuuX640COr4xNZIey8OJkckGAZcHLwMKFPSE
ieVDvSqKY88YkcRVBKrB262kLrAiQ4yBErVn5NiJP/sOdVsuAdfSiUJ7/mp/JrXa
QUfRsw+UrPRfw6vyEyDLQroC4Ci5bwdg4NmF6mS2kJtn2RH2PyHhg9hg2GsapsP3
xnGnl/Xknp0VCDdPk+YpYW3UO0Zjg701HK4+DsoC7Qz+E+somgHVCY4=
-----END CERTIFICATE-----