Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/KOw7xMKHlQCXW_5gRyvKjG3BAa4.roa
File:                     KOw7xMKHlQCXW_5gRyvKjG3BAa4.roa (raw, json)
Hash identifier:          lL3/S+AcvkiAqiXw9PyhHyyK0CE6Zf/JEzIe2/vsusg=
Subject key identifier:   28:EC:3B:C4:C2:87:95:00:97:5B:FE:60:47:2B:CA:8C:6D:C1:01:AE
Certificate issuer:       /CN=f98a02d20c6b7de357125f38b1735ca1b91f87b3
Certificate serial:       01941FFA5937E0F51A118672B4E0897F8F63
Authority key identifier: F9:8A:02:D2:0C:6B:7D:E3:57:12:5F:38:B1:73:5C:A1:B9:1F:87:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-YoC0gxrfeNXEl84sXNcobkfh7M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/KOw7xMKHlQCXW_5gRyvKjG3BAa4.roa
Signing time:             Wed 01 Jan 2025 03:48:08 +0000
ROA not before:           Wed 01 Jan 2025 03:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210016
IP address blocks:        131.117.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/1-YoC0gxrfeNXEl84sXNcobkfh7M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/1-YoC0gxrfeNXEl84sXNcobkfh7M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-YoC0gxrfeNXEl84sXNcobkfh7M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 03:02:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:59:37:e0:f5:1a:11:86:72:b4:e0:89:7f:8f:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f98a02d20c6b7de357125f38b1735ca1b91f87b3
        Validity
            Not Before: Jan  1 03:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=28ec3bc4c2879500975bfe60472bca8c6dc101ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:17:20:7a:ba:22:88:94:e3:c6:d5:78:a5:9a:
                    76:5a:c1:a4:9d:cc:7f:b9:05:5a:78:71:50:e9:26:
                    6b:28:f0:79:de:2b:d0:55:28:2a:b5:7f:fe:a3:f5:
                    47:82:68:fb:0a:d6:6b:07:3f:11:dd:9e:35:1a:31:
                    fc:a3:00:1d:72:16:85:88:a9:ba:9b:db:25:2c:a3:
                    41:09:5c:fe:df:1c:9d:d0:31:b5:1f:6f:6a:e3:26:
                    9f:d3:bd:98:b4:5b:1a:1c:65:53:3c:8e:48:44:89:
                    85:b4:9e:6c:5d:23:6f:4a:65:9e:3c:7b:bd:af:03:
                    b0:df:1a:bb:b8:14:bf:5a:89:76:cb:55:ec:2c:ba:
                    97:70:fa:28:18:4e:23:5e:91:28:3e:4a:eb:c0:db:
                    52:b3:38:c9:66:cb:26:44:d4:c7:59:3d:b0:39:82:
                    70:57:10:04:9a:a3:6e:52:9a:eb:b1:1f:80:56:87:
                    41:2a:a9:93:ee:f4:5e:e2:93:c8:b8:45:2b:7a:f5:
                    62:77:e8:b5:26:03:84:61:23:4e:9b:f7:84:85:a7:
                    83:ae:08:d4:92:7c:86:9a:55:09:59:d2:08:d3:6c:
                    cf:9f:7f:37:37:dc:d0:5c:a2:74:cc:0d:5e:eb:be:
                    0a:b2:6c:cd:21:97:94:ce:99:bb:d5:29:1a:89:8b:
                    f3:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:EC:3B:C4:C2:87:95:00:97:5B:FE:60:47:2B:CA:8C:6D:C1:01:AE
            X509v3 Authority Key Identifier:
                keyid:F9:8A:02:D2:0C:6B:7D:E3:57:12:5F:38:B1:73:5C:A1:B9:1F:87:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-YoC0gxrfeNXEl84sXNcobkfh7M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/KOw7xMKHlQCXW_5gRyvKjG3BAa4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/1-YoC0gxrfeNXEl84sXNcobkfh7M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  131.117.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:05:c1:95:18:88:ea:3b:44:16:77:ec:a9:76:f9:81:b4:de:
         45:1e:5e:65:7c:3d:13:0f:98:a5:fc:7b:ce:56:7a:e2:fd:8d:
         6d:7a:ed:e0:61:90:c1:04:44:c0:83:d5:86:8c:1b:ce:f9:fe:
         6b:b2:e6:6b:1d:18:dc:24:22:ef:08:b0:31:8a:99:2d:00:65:
         35:d7:4a:91:18:3f:33:11:e2:ef:18:80:28:d3:34:6b:2f:ae:
         dd:69:9e:df:40:51:f3:c5:58:82:9c:6d:17:2d:e6:cb:37:23:
         6e:6c:63:4c:44:36:67:35:5e:5b:6a:2a:67:5e:78:3d:d6:70:
         be:62:59:9c:f3:58:fc:8a:26:40:ee:e0:7f:84:77:f1:3d:7f:
         f4:57:0d:dd:e5:06:9c:9b:2f:b8:9c:e9:ad:9e:18:be:86:9e:
         cd:cc:38:71:ae:ff:39:9b:3c:0e:ee:5c:52:44:bf:85:14:b4:
         3c:5a:5c:5e:9a:4c:29:c4:eb:7a:49:ff:9b:31:f4:1e:f7:b3:
         c3:06:35:e5:0d:e0:83:82:26:45:53:26:9c:ce:29:a8:f3:65:
         90:a6:05:e6:62:11:9b:ee:9a:dd:3e:93:c9:54:ae:d0:cc:ce:
         fe:97:18:12:20:7e:b8:d3:d6:1d:f4:85:a1:e1:3a:89:56:1a:
         41:81:37:6f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQf+lk34PUaEYZytOCJf49jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5OGEwMmQyMGM2YjdkZTM1NzEyNWYzOGIxNzM1Y2ExYjkx
Zjg3YjMwHhcNMjUwMTAxMDM0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGVjM2JjNGMyODc5NTAwOTc1YmZlNjA0NzJiY2E4YzZkYzEwMWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyhcgeroiiJTjxtV4pZp2WsGkncx/
uQVaeHFQ6SZrKPB53ivQVSgqtX/+o/VHgmj7CtZrBz8R3Z41GjH8owAdchaFiKm6
m9slLKNBCVz+3xyd0DG1H29q4yaf072YtFsaHGVTPI5IRImFtJ5sXSNvSmWePHu9
rwOw3xq7uBS/Wol2y1XsLLqXcPooGE4jXpEoPkrrwNtSszjJZssmRNTHWT2wOYJw
VxAEmqNuUprrsR+AVodBKqmT7vRe4pPIuEUrevVid+i1JgOEYSNOm/eEhaeDrgjU
knyGmlUJWdII02zPn383N9zQXKJ0zA1e674KsmzNIZeUzpm71SkaiYvzSQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFCjsO8TCh5UAl1v+YEcryoxtwQGuMB8GA1UdIwQY
MBaAFPmKAtIMa33jVxJfOLFzXKG5H4ezMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1Zb0MwZ3hyZmVOWEVsODRzWE5jb2JrZmg3TS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2IvYTkyMDZlLWMxZTEtNGMxNS05NTMz
LWFjZTNkNjc1ZDNjZC8xL0tPdzd4TUtIbFFDWFdfNWdSeXZLakczQkFhNC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvN2IvYTkyMDZlLWMxZTEtNGMxNS05NTMzLWFjZTNkNjc1ZDNj
ZC8xLzEtWW9DMGd4cmZlTlhFbDg0c1hOY29ia2ZoN00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACDdegw
DQYJKoZIhvcNAQELBQADggEBAEcFwZUYiOo7RBZ37Kl2+YG03kUeXmV8PRMPmKX8
e85WeuL9jW167eBhkMEERMCD1YaMG875/muy5msdGNwkIu8IsDGKmS0AZTXXSpEY
PzMR4u8YgCjTNGsvrt1pnt9AUfPFWIKcbRct5ss3I25sY0xENmc1XltqKmdeeD3W
cL5iWZzzWPyKJkDu4H+Ed/E9f/RXDd3lBpybL7ic6a2eGL6Gns3MOHGu/zmbPA7u
XFJEv4UUtDxaXF6aTCnE63pJ/5sx9B73s8MGNeUN4IOCJkVTJpzOKajzZZCmBeZi
EZvumt0+k8lUrtDMzv6XGBIgfrjT1h30haHhOolWGkGBN28=
-----END CERTIFICATE-----