Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/e35ac1-05d1-406d-b668-36eaf7948531/1/KIM-NbEkTbitOU_rhpt4qAs9-Oo.roa
File:                     KIM-NbEkTbitOU_rhpt4qAs9-Oo.roa (raw, json)
Hash identifier:          H4xfbttPRqY/FlOJMk6QaNDUIdoa4V9nPRdLB2/KbPU=
Subject key identifier:   28:83:3E:35:B1:24:4D:B8:AD:39:4F:EB:86:9B:78:A8:0B:3D:F8:EA
Certificate issuer:       /CN=365b4abab716ad1407a902e5176560ecc37c966d
Certificate serial:       019427B57972EA9DC14E78CD1CCDF389F330
Authority key identifier: 36:5B:4A:BA:B7:16:AD:14:07:A9:02:E5:17:65:60:EC:C3:7C:96:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NltKurcWrRQHqQLlF2Vg7MN8lm0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/e35ac1-05d1-406d-b668-36eaf7948531/1/KIM-NbEkTbitOU_rhpt4qAs9-Oo.roa
Signing time:             Thu 02 Jan 2025 15:49:51 +0000
ROA not before:           Thu 02 Jan 2025 15:49:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29405
IP address blocks:        130.193.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/e35ac1-05d1-406d-b668-36eaf7948531/1/NltKurcWrRQHqQLlF2Vg7MN8lm0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/e35ac1-05d1-406d-b668-36eaf7948531/1/NltKurcWrRQHqQLlF2Vg7MN8lm0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NltKurcWrRQHqQLlF2Vg7MN8lm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 03:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:79:72:ea:9d:c1:4e:78:cd:1c:cd:f3:89:f3:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=365b4abab716ad1407a902e5176560ecc37c966d
        Validity
            Not Before: Jan  2 15:49:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=28833e35b1244db8ad394feb869b78a80b3df8ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:aa:c9:f1:a7:a2:92:59:7a:b5:fa:97:88:6c:
                    10:dd:2a:23:e9:42:bf:a1:ce:9e:f1:8c:1a:91:82:
                    b1:9b:6c:f9:26:54:96:ec:6e:d6:08:b2:5f:2f:ad:
                    86:cb:5f:df:6c:a1:64:9f:2d:c0:81:30:7c:25:ce:
                    8d:cd:7e:22:65:02:06:42:98:d4:8e:c2:8f:83:27:
                    ad:1a:27:c9:b3:79:52:1d:8f:59:d9:be:0f:5c:a2:
                    6c:5e:82:51:9d:68:1a:12:19:23:db:f2:d7:39:35:
                    60:ef:d1:46:17:43:ac:31:3e:95:d1:12:38:e9:eb:
                    6c:f7:3d:fd:69:33:a9:26:ac:33:4e:3c:11:02:c2:
                    75:97:58:ba:19:9c:71:dd:26:85:1c:d8:dc:15:72:
                    1a:bd:5b:59:d5:eb:da:85:14:f1:75:c7:c8:b7:9c:
                    f1:47:c2:65:49:7f:32:cb:6f:cf:8e:6c:03:3e:d1:
                    32:91:7f:a7:f6:a3:95:ba:13:c3:15:30:f1:29:50:
                    ea:b1:b2:e4:a8:2e:8c:d2:9a:24:e6:1e:a1:54:66:
                    fa:24:3b:84:fd:ee:7f:a5:89:35:a6:fa:26:21:5c:
                    ba:d7:1e:43:fe:c1:ce:b8:aa:e4:58:1e:c8:e4:05:
                    50:21:11:15:f3:ba:bb:ca:c8:5f:df:15:10:4d:61:
                    69:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:83:3E:35:B1:24:4D:B8:AD:39:4F:EB:86:9B:78:A8:0B:3D:F8:EA
            X509v3 Authority Key Identifier:
                keyid:36:5B:4A:BA:B7:16:AD:14:07:A9:02:E5:17:65:60:EC:C3:7C:96:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NltKurcWrRQHqQLlF2Vg7MN8lm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/e35ac1-05d1-406d-b668-36eaf7948531/1/KIM-NbEkTbitOU_rhpt4qAs9-Oo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/e35ac1-05d1-406d-b668-36eaf7948531/1/NltKurcWrRQHqQLlF2Vg7MN8lm0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.193.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:c1:ca:09:8f:09:a4:e1:cf:b2:c8:a4:57:dc:12:71:35:82:
         fd:fb:ea:32:46:37:8b:37:44:27:47:44:f7:d1:fe:ce:5a:dd:
         10:a1:f4:b8:1c:bf:92:34:f8:5a:1c:86:86:29:c2:47:79:41:
         0d:97:86:d2:91:89:62:4a:a3:e5:9d:55:8c:c6:ed:05:46:d1:
         e7:73:5b:63:d1:3c:d7:41:8a:1b:2d:c7:0c:86:bd:4e:e8:85:
         22:1b:6a:be:de:09:cd:3a:d6:b5:f1:9e:37:b9:0a:02:e5:3c:
         60:58:5a:21:0e:96:92:d4:08:09:d0:14:34:d4:d2:51:d7:56:
         93:d9:6a:59:26:98:4d:b2:70:2d:a4:10:88:8e:e2:76:c8:01:
         b1:fa:a6:6b:a7:96:62:d9:2c:04:68:14:dd:82:85:ef:88:3c:
         e0:75:ed:4f:35:87:de:b8:bb:c3:9a:4f:0d:1f:35:ec:ec:34:
         ff:a3:bb:2b:a4:ef:90:d3:dc:f7:dd:c2:a1:85:25:ab:1b:51:
         d1:3f:d6:dd:81:a6:a9:49:7b:48:56:04:25:d6:cc:42:0c:f3:
         9f:de:54:ed:f4:29:32:6c:1f:5a:79:68:f7:f2:dc:5f:54:ff:
         61:6e:37:72:26:8a:d2:8d:42:a6:a5:41:63:bf:81:fa:b8:d4:
         7d:1a:73:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntXly6p3BTnjNHM3zifMwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2NWI0YWJhYjcxNmFkMTQwN2E5MDJlNTE3NjU2MGVjYzM3
Yzk2NmQwHhcNMjUwMTAyMTU0OTUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODgzM2UzNWIxMjQ0ZGI4YWQzOTRmZWI4NjliNzhhODBiM2RmOGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu6rJ8aeikll6tfqXiGwQ3Soj6UK/
oc6e8YwakYKxm2z5JlSW7G7WCLJfL62Gy1/fbKFkny3AgTB8Jc6NzX4iZQIGQpjU
jsKPgyetGifJs3lSHY9Z2b4PXKJsXoJRnWgaEhkj2/LXOTVg79FGF0OsMT6V0RI4
6ets9z39aTOpJqwzTjwRAsJ1l1i6GZxx3SaFHNjcFXIavVtZ1evahRTxdcfIt5zx
R8JlSX8yy2/PjmwDPtEykX+n9qOVuhPDFTDxKVDqsbLkqC6M0pok5h6hVGb6JDuE
/e5/pYk1pvomIVy61x5D/sHOuKrkWB7I5AVQIREV87q7yshf3xUQTWFp/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCiDPjWxJE24rTlP64abeKgLPfjqMB8GA1UdIwQY
MBaAFDZbSrq3Fq0UB6kC5RdlYOzDfJZtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmx0S3VyY1dyUlFIcVFMbEYyVmc3TU44bG0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9lMzVhYzEtMDVkMS00MDZkLWI2Njgt
MzZlYWY3OTQ4NTMxLzEvS0lNLU5iRWtUYml0T1VfcmhwdDRxQXM5LU9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9lMzVhYzEtMDVkMS00MDZkLWI2NjgtMzZlYWY3OTQ4NTMx
LzEvTmx0S3VyY1dyUlFIcVFMbEYyVmc3TU44bG0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAgsESMA0G
CSqGSIb3DQEBCwUAA4IBAQB/wcoJjwmk4c+yyKRX3BJxNYL9++oyRjeLN0QnR0T3
0f7OWt0QofS4HL+SNPhaHIaGKcJHeUENl4bSkYliSqPlnVWMxu0FRtHnc1tj0TzX
QYobLccMhr1O6IUiG2q+3gnNOta18Z43uQoC5TxgWFohDpaS1AgJ0BQ01NJR11aT
2WpZJphNsnAtpBCIjuJ2yAGx+qZrp5Zi2SwEaBTdgoXviDzgde1PNYfeuLvDmk8N
HzXs7DT/o7srpO+Q09z33cKhhSWrG1HRP9bdgaapSXtIVgQl1sxCDPOf3lTt9Cky
bB9aeWj38txfVP9hbjdyJorSjUKmpUFjv4H6uNR9GnNi
-----END CERTIFICATE-----