Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/_K0BWZ_stZe84EL_peOxUFKFCCY.roa
File:                     _K0BWZ_stZe84EL_peOxUFKFCCY.roa (raw, json)
Hash identifier:          6JiOQ185PalZ+aky+RRHmp+1NLMR68q9NXdXomLIHN8=
Subject key identifier:   FC:AD:01:59:9F:EC:B5:97:BC:E0:42:FF:A5:E3:B1:50:52:85:08:26
Certificate issuer:       /CN=67b5b02dc401666ee045ab90cc88817fe09d706a
Certificate serial:       019422201055CADAE0603EDBFFEC82EB1007
Authority key identifier: 67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/_K0BWZ_stZe84EL_peOxUFKFCCY.roa
Signing time:             Wed 01 Jan 2025 13:48:34 +0000
ROA not before:           Wed 01 Jan 2025 13:48:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        148.253.244.0/24 maxlen: 24
                          148.253.245.0/24 maxlen: 24
                          163.171.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:10:55:ca:da:e0:60:3e:db:ff:ec:82:eb:10:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67b5b02dc401666ee045ab90cc88817fe09d706a
        Validity
            Not Before: Jan  1 13:48:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fcad01599fecb597bce042ffa5e3b15052850826
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:07:3e:0a:7f:b9:f1:58:6d:aa:45:c2:65:41:
                    43:a8:7d:05:28:df:c9:73:3f:78:6c:53:d2:61:0c:
                    8c:4b:8a:af:72:e0:d2:28:5d:9c:70:f6:95:71:8c:
                    b3:db:ca:fa:3a:35:66:e4:c4:1f:66:69:89:ba:09:
                    69:07:64:6e:d5:36:56:38:e1:1c:d4:d3:87:8e:91:
                    94:b6:9f:32:39:cf:81:56:70:90:f5:6d:36:49:b4:
                    55:8a:9d:69:5b:42:55:c1:0c:ac:b9:02:5a:3f:f0:
                    ba:74:c3:e6:52:d9:c2:c2:f0:e6:86:26:f6:ca:ef:
                    57:f2:5a:aa:89:12:51:45:ba:a5:b2:06:7d:56:ee:
                    a5:28:b7:46:77:c3:0a:ad:8f:0f:d9:60:cf:9d:b1:
                    65:76:6a:6f:5f:f6:81:fa:5a:9b:af:46:03:f6:f2:
                    18:b9:73:80:1a:83:2b:e3:e0:01:ba:07:ec:ea:12:
                    c9:d1:f5:8a:a6:c1:f4:61:3c:a6:1e:48:62:e8:0e:
                    cb:73:6e:68:db:24:28:75:05:e7:73:26:10:51:47:
                    cf:d1:cb:a3:89:65:a9:f6:23:c1:83:90:a6:1a:ca:
                    c1:33:3c:4b:28:7b:1e:11:81:43:84:89:2e:8a:ac:
                    a8:18:1f:61:04:cf:33:53:9f:17:98:59:47:08:2d:
                    8d:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:AD:01:59:9F:EC:B5:97:BC:E0:42:FF:A5:E3:B1:50:52:85:08:26
            X509v3 Authority Key Identifier:
                keyid:67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/_K0BWZ_stZe84EL_peOxUFKFCCY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  148.253.244.0/23
                  163.171.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:b1:d9:17:18:5f:b3:bc:68:51:47:d8:d2:dc:03:7c:27:3b:
         5e:ef:15:f4:33:8c:27:f0:56:6e:66:47:f4:74:10:f8:47:a9:
         dc:6f:72:4a:86:b0:f3:cf:82:b1:87:15:d8:54:08:d8:40:e6:
         70:b3:5b:bf:5d:8f:02:f8:02:d0:76:c4:34:7d:5a:72:8b:c9:
         0c:4a:05:9a:68:61:55:7b:fc:58:ee:3b:7c:a7:50:23:d7:42:
         fc:e2:df:cf:e0:b6:46:19:1c:13:31:0a:92:12:63:b5:33:a1:
         a0:74:b5:75:df:7d:15:dc:b6:e3:dd:31:c9:af:80:20:90:fe:
         89:36:c3:1e:0e:a6:a5:20:66:8d:dc:3d:fc:11:ed:7c:9b:74:
         5a:58:1f:16:37:b8:d1:19:5e:e6:b3:87:3f:75:4f:75:23:72:
         6b:09:e5:50:79:c8:48:59:53:7c:8c:ca:c8:d7:11:39:b7:e8:
         1f:a5:cc:cb:86:3b:98:f8:7b:ca:f1:a5:63:0b:34:cc:8d:41:
         0a:72:5f:86:c6:00:72:d3:a4:8f:ad:45:6d:3b:a5:3e:66:69:
         69:c1:6b:06:34:76:32:48:3a:ee:6c:cb:f1:6d:6c:12:24:a4:
         b2:a8:23:5b:76:99:e8:7e:58:04:3b:18:96:68:7d:5a:b4:05:
         c2:37:d1:a8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiIBBVytrgYD7b/+yC6xAHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3YjViMDJkYzQwMTY2NmVlMDQ1YWI5MGNjODg4MTdmZTA5
ZDcwNmEwHhcNMjUwMTAxMTM0ODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2FkMDE1OTlmZWNiNTk3YmNlMDQyZmZhNWUzYjE1MDUyODUwODI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Qc+Cn+58VhtqkXCZUFDqH0FKN/J
cz94bFPSYQyMS4qvcuDSKF2ccPaVcYyz28r6OjVm5MQfZmmJuglpB2Ru1TZWOOEc
1NOHjpGUtp8yOc+BVnCQ9W02SbRVip1pW0JVwQysuQJaP/C6dMPmUtnCwvDmhib2
yu9X8lqqiRJRRbqlsgZ9Vu6lKLdGd8MKrY8P2WDPnbFldmpvX/aB+lqbr0YD9vIY
uXOAGoMr4+ABugfs6hLJ0fWKpsH0YTymHkhi6A7Lc25o2yQodQXncyYQUUfP0cuj
iWWp9iPBg5CmGsrBMzxLKHseEYFDhIkuiqyoGB9hBM8zU58XmFlHCC2NcwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPytAVmf7LWXvOBC/6XjsVBShQgmMB8GA1UdIwQY
MBaAFGe1sC3EAWZu4EWrkMyIgX/gnXBqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjdXd0xjUUJabTdnUmF1UXpJaUJmLUNkY0dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82NGEzZGUtODEyYS00YWNlLTgxNGQt
YjVkODg4YWRmZDM3LzEvX0swQldaX3N0WmU4NEVMX3BlT3hVRktGQ0NZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82NGEzZGUtODEyYS00YWNlLTgxNGQtYjVkODg4YWRmZDM3
LzEvWjdXd0xjUUJabTdnUmF1UXpJaUJmLUNkY0dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBlP30AwQA
o6tZMA0GCSqGSIb3DQEBCwUAA4IBAQCIsdkXGF+zvGhRR9jS3AN8Jzte7xX0M4wn
8FZuZkf0dBD4R6ncb3JKhrDzz4KxhxXYVAjYQOZws1u/XY8C+ALQdsQ0fVpyi8kM
SgWaaGFVe/xY7jt8p1Aj10L84t/P4LZGGRwTMQqSEmO1M6GgdLV1330V3Lbj3THJ
r4AgkP6JNsMeDqalIGaN3D38Ee18m3RaWB8WN7jRGV7ms4c/dU91I3JrCeVQechI
WVN8jMrI1xE5t+gfpczLhjuY+HvK8aVjCzTMjUEKcl+GxgBy06SPrUVtO6U+Zmlp
wWsGNHYySDrubMvxbWwSJKSyqCNbdpnoflgEOxiWaH1atAXCN9Go
-----END CERTIFICATE-----