Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/897378-c556-4352-9a04-b10a832bca43/1/kuEKx2U4QvxJlxKVhQhik2lJEgI.roa
File:                     kuEKx2U4QvxJlxKVhQhik2lJEgI.roa (raw, json)
Hash identifier:          Qx3rCnkBtHpp+92dSRAWEecHh9MHk9psUWWDYZFra0o=
Subject key identifier:   92:E1:0A:C7:65:38:42:FC:49:97:12:95:85:08:62:93:69:49:12:02
Certificate issuer:       /CN=af6da9d56b42c2b816b1ae6b185125abf21593ef
Certificate serial:       0196FCEED5BB4127450FEB164C0639531114
Authority key identifier: AF:6D:A9:D5:6B:42:C2:B8:16:B1:AE:6B:18:51:25:AB:F2:15:93:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r22p1WtCwrgWsa5rGFElq_IVk-8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/897378-c556-4352-9a04-b10a832bca43/1/kuEKx2U4QvxJlxKVhQhik2lJEgI.roa
Signing time:             Fri 23 May 2025 11:37:12 +0000
ROA not before:           Fri 23 May 2025 11:37:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25090
IP address blocks:        193.8.222.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/897378-c556-4352-9a04-b10a832bca43/1/r22p1WtCwrgWsa5rGFElq_IVk-8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/897378-c556-4352-9a04-b10a832bca43/1/r22p1WtCwrgWsa5rGFElq_IVk-8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r22p1WtCwrgWsa5rGFElq_IVk-8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 22:50:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:fc:ee:d5:bb:41:27:45:0f:eb:16:4c:06:39:53:11:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af6da9d56b42c2b816b1ae6b185125abf21593ef
        Validity
            Not Before: May 23 11:37:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=92e10ac7653842fc499712958508629369491202
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:69:49:84:f9:e0:25:7e:76:9e:d2:98:db:e2:
                    63:1b:ed:e2:3b:90:e3:66:29:0c:eb:2e:5e:f3:65:
                    b1:65:15:55:45:1a:d9:a3:f2:ff:58:db:22:b0:72:
                    df:51:ae:54:8f:0b:b8:86:5a:f2:80:f0:51:fe:9a:
                    65:3d:e4:a9:57:7a:6a:39:2e:ba:d7:81:8e:25:33:
                    d6:80:c4:31:19:54:65:9c:fe:72:62:f2:dc:ca:09:
                    43:f2:80:38:83:0d:b3:e9:2f:96:e4:51:ac:b5:cb:
                    11:c6:02:43:7d:ff:25:d5:bf:ae:57:94:cb:7f:18:
                    d7:ea:c7:18:f5:f4:7d:be:e3:52:83:f9:f9:7c:85:
                    17:a8:47:6f:e7:5f:d9:66:2a:54:e8:86:e3:71:58:
                    66:30:f6:c3:bc:fe:9b:f5:56:de:74:8c:ab:61:fa:
                    d7:3e:fb:05:bc:63:80:c0:ba:b4:ae:7a:08:a4:16:
                    f4:cd:13:02:40:38:b0:55:e6:c4:1b:f1:23:f6:36:
                    8d:91:ec:87:3e:7c:5f:88:f2:c7:e6:d4:5e:86:40:
                    6a:e3:cc:dd:cd:25:25:9b:4c:41:16:64:1e:8c:38:
                    cf:10:cf:ab:6a:76:a3:1c:e6:ec:3d:a0:c6:75:09:
                    ec:ac:4a:ae:ea:52:af:b0:77:29:ad:01:0c:24:6f:
                    d8:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:E1:0A:C7:65:38:42:FC:49:97:12:95:85:08:62:93:69:49:12:02
            X509v3 Authority Key Identifier:
                keyid:AF:6D:A9:D5:6B:42:C2:B8:16:B1:AE:6B:18:51:25:AB:F2:15:93:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r22p1WtCwrgWsa5rGFElq_IVk-8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/897378-c556-4352-9a04-b10a832bca43/1/kuEKx2U4QvxJlxKVhQhik2lJEgI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/897378-c556-4352-9a04-b10a832bca43/1/r22p1WtCwrgWsa5rGFElq_IVk-8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.222.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4c:63:58:00:96:95:00:1c:2f:c2:0e:b1:ff:3d:d8:ee:73:e8:
         fd:83:49:e7:f1:04:73:03:4c:f2:48:1a:d6:c6:b4:eb:39:3a:
         58:6e:8c:86:76:58:13:98:32:31:2b:b3:56:90:3c:bd:f0:d8:
         c5:d6:9a:08:2e:d5:94:9c:12:c5:f8:ae:c6:85:90:79:c2:6d:
         6b:25:18:c3:22:1f:6a:76:11:d4:d8:4d:21:44:64:c6:ec:f4:
         a9:34:aa:d1:e2:fb:0e:d9:7f:49:a1:d5:b8:4b:84:b6:67:0b:
         e0:25:da:24:ef:c7:f2:a2:e9:fa:15:ea:a2:eb:1f:e1:01:d5:
         60:ef:e0:be:e0:a8:97:33:6f:1b:d3:fa:00:b7:27:0d:14:17:
         b6:f1:bf:7a:d9:67:8f:17:3f:8c:5b:53:4c:ad:1f:03:02:f0:
         7e:84:83:5f:69:95:24:9b:80:78:5f:55:3a:77:30:db:a3:c6:
         0f:ab:df:e4:5c:28:e0:28:ea:1d:77:f1:97:14:24:47:d8:e3:
         b2:03:32:4b:1d:54:63:57:64:a0:ef:0a:2d:79:df:de:6f:ed:
         37:54:99:c7:5f:34:da:d0:81:26:a4:ba:25:58:79:ef:cd:a3:
         51:fe:f0:c5:c0:04:2f:05:87:e6:94:f1:57:ec:e4:25:4a:42:
         d2:94:fe:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZb87tW7QSdFD+sWTAY5UxEUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNmRhOWQ1NmI0MmMyYjgxNmIxYWU2YjE4NTEyNWFiZjIx
NTkzZWYwHhcNMjUwNTIzMTEzNzEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmUxMGFjNzY1Mzg0MmZjNDk5NzEyOTU4NTA4NjI5MzY5NDkxMjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq2lJhPngJX52ntKY2+JjG+3iO5Dj
ZikM6y5e82WxZRVVRRrZo/L/WNsisHLfUa5Ujwu4hlrygPBR/pplPeSpV3pqOS66
14GOJTPWgMQxGVRlnP5yYvLcyglD8oA4gw2z6S+W5FGstcsRxgJDff8l1b+uV5TL
fxjX6scY9fR9vuNSg/n5fIUXqEdv51/ZZipU6IbjcVhmMPbDvP6b9VbedIyrYfrX
PvsFvGOAwLq0rnoIpBb0zRMCQDiwVebEG/Ej9jaNkeyHPnxfiPLH5tRehkBq48zd
zSUlm0xBFmQejDjPEM+ranajHObsPaDGdQnsrEqu6lKvsHcprQEMJG/YlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJLhCsdlOEL8SZcSlYUIYpNpSRICMB8GA1UdIwQY
MBaAFK9tqdVrQsK4FrGuaxhRJavyFZPvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjIycDFXdEN3cmdXc2E1ckdGRWxxX0lWay04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy84OTczNzgtYzU1Ni00MzUyLTlhMDQt
YjEwYTgzMmJjYTQzLzEva3VFS3gyVTRRdnhKbHhLVmhRaGlrMmxKRWdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy84OTczNzgtYzU1Ni00MzUyLTlhMDQtYjEwYTgzMmJjYTQz
LzEvcjIycDFXdEN3cmdXc2E1ckdGRWxxX0lWay04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwQjeMA0G
CSqGSIb3DQEBCwUAA4IBAQBMY1gAlpUAHC/CDrH/Pdjuc+j9g0nn8QRzA0zySBrW
xrTrOTpYboyGdlgTmDIxK7NWkDy98NjF1poILtWUnBLF+K7GhZB5wm1rJRjDIh9q
dhHU2E0hRGTG7PSpNKrR4vsO2X9JodW4S4S2ZwvgJdok78fyoun6Feqi6x/hAdVg
7+C+4KiXM28b0/oAtycNFBe28b962WePFz+MW1NMrR8DAvB+hINfaZUkm4B4X1U6
dzDbo8YPq9/kXCjgKOodd/GXFCRH2OOyAzJLHVRjV2Sg7woted/eb+03VJnHXzTa
0IEmpLolWHnvzaNR/vDFwAQvBYfmlPFX7OQlSkLSlP6B
-----END CERTIFICATE-----