Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/8060df-a6f7-4166-a929-a980bed33ab0/1/Kl_sSsnBSJGgCcK7zw2V9NmYKfk.roa
File:                     Kl_sSsnBSJGgCcK7zw2V9NmYKfk.roa (raw, json)
Hash identifier:          KW6ns1JLYPOvHGE8JNv7Utb34UMVmmzeR921gIwdXX0=
Subject key identifier:   2A:5F:EC:4A:C9:C1:48:91:A0:09:C2:BB:CF:0D:95:F4:D9:98:29:F9
Certificate issuer:       /CN=dbb653bbd1704c47bada62ab6ce3502307f244b6
Certificate serial:       019421442A04D145024420E173F5409D61CE
Authority key identifier: DB:B6:53:BB:D1:70:4C:47:BA:DA:62:AB:6C:E3:50:23:07:F2:44:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/27ZTu9FwTEe62mKrbONQIwfyRLY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/8060df-a6f7-4166-a929-a980bed33ab0/1/Kl_sSsnBSJGgCcK7zw2V9NmYKfk.roa
Signing time:             Wed 01 Jan 2025 09:48:22 +0000
ROA not before:           Wed 01 Jan 2025 09:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8412
IP address blocks:        193.186.86.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/8060df-a6f7-4166-a929-a980bed33ab0/1/27ZTu9FwTEe62mKrbONQIwfyRLY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/8060df-a6f7-4166-a929-a980bed33ab0/1/27ZTu9FwTEe62mKrbONQIwfyRLY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/27ZTu9FwTEe62mKrbONQIwfyRLY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:2a:04:d1:45:02:44:20:e1:73:f5:40:9d:61:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbb653bbd1704c47bada62ab6ce3502307f244b6
        Validity
            Not Before: Jan  1 09:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2a5fec4ac9c14891a009c2bbcf0d95f4d99829f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:25:16:51:17:89:b3:86:e5:06:d4:bd:6e:99:
                    90:79:1d:59:88:33:61:c7:8a:75:8d:86:bb:62:ee:
                    cc:33:dd:26:1e:af:f1:9f:1f:7a:b8:11:7e:8f:e9:
                    3c:c5:36:a2:cf:22:80:4b:53:45:f9:fd:c4:98:9e:
                    06:6b:e5:c9:a0:61:64:8d:69:9e:fd:6b:02:32:ec:
                    f1:97:04:d6:3e:20:34:81:d6:61:1d:73:0b:37:86:
                    4f:a7:62:ad:51:e3:07:62:20:e4:ef:5d:c2:64:71:
                    23:f1:a5:d9:a0:64:d1:c9:e2:ea:67:e4:f0:ff:31:
                    b7:b9:43:7d:a5:67:d2:89:cf:53:dc:33:75:df:b5:
                    ff:1c:8e:62:e4:1c:ce:ad:18:04:64:6b:ae:c2:fe:
                    dc:41:44:1a:d5:8d:8a:fd:32:ba:30:a0:32:4e:7d:
                    7c:30:04:fb:94:e4:f3:7e:d0:e5:9d:fc:b8:a5:e8:
                    65:78:71:74:a6:5d:d0:34:1f:10:e3:b0:2e:d3:0d:
                    a9:55:45:2c:40:96:7d:10:ec:2e:43:09:4f:31:fa:
                    bc:17:73:45:00:52:bb:05:80:39:c6:26:6a:f0:6e:
                    af:ad:8d:f9:28:6f:d4:c9:31:7b:83:af:0f:a6:46:
                    79:40:fc:41:35:45:c1:4f:5d:e1:73:c6:28:ee:c7:
                    95:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:5F:EC:4A:C9:C1:48:91:A0:09:C2:BB:CF:0D:95:F4:D9:98:29:F9
            X509v3 Authority Key Identifier:
                keyid:DB:B6:53:BB:D1:70:4C:47:BA:DA:62:AB:6C:E3:50:23:07:F2:44:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/27ZTu9FwTEe62mKrbONQIwfyRLY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/8060df-a6f7-4166-a929-a980bed33ab0/1/Kl_sSsnBSJGgCcK7zw2V9NmYKfk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/8060df-a6f7-4166-a929-a980bed33ab0/1/27ZTu9FwTEe62mKrbONQIwfyRLY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.186.86.0/23

    Signature Algorithm: sha256WithRSAEncryption
         07:ea:59:0d:05:7a:df:42:66:22:a9:dc:2c:e6:66:e5:4b:1c:
         b8:0d:e7:6a:5e:70:d2:73:78:aa:68:45:5e:e6:59:66:2b:c4:
         7f:7c:0f:bb:70:d3:42:be:29:c2:08:bb:b5:a3:62:a7:73:54:
         88:ad:fd:64:54:ff:ca:0a:35:bb:29:ee:d2:f4:25:8c:08:3c:
         92:08:ef:1f:0e:72:fa:11:6d:a2:53:cf:f2:a0:b7:c2:a2:27:
         82:18:9e:29:98:ac:20:35:1d:56:82:a6:59:69:03:bb:db:3b:
         10:fe:8a:df:c5:bc:bf:9a:4d:c9:4c:53:3b:14:f9:15:51:dc:
         ca:16:33:88:09:84:93:b6:08:a6:30:df:6d:90:cc:f7:5c:87:
         cb:cf:50:4f:f8:45:3f:09:02:78:2e:84:bd:ee:36:98:5b:12:
         24:6f:f3:ec:22:c9:36:a9:63:09:05:32:75:23:8c:08:13:34:
         7f:34:2d:56:14:9c:ea:9b:5b:71:b5:d8:ab:34:f6:f1:f2:90:
         3a:51:d9:8d:d9:44:71:5c:27:a7:2c:09:f1:af:f1:23:5e:7a:
         b4:82:95:8f:33:e0:37:e1:0f:5c:39:65:82:f9:db:2e:08:98:
         61:ad:0c:5e:7d:f2:ad:6d:58:4e:28:0e:d7:01:d7:72:44:81:
         bc:27:b8:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRCoE0UUCRCDhc/VAnWHOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYjY1M2JiZDE3MDRjNDdiYWRhNjJhYjZjZTM1MDIzMDdm
MjQ0YjYwHhcNMjUwMTAxMDk0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTVmZWM0YWM5YzE0ODkxYTAwOWMyYmJjZjBkOTVmNGQ5OTgyOWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnCUWUReJs4blBtS9bpmQeR1ZiDNh
x4p1jYa7Yu7MM90mHq/xnx96uBF+j+k8xTaizyKAS1NF+f3EmJ4Ga+XJoGFkjWme
/WsCMuzxlwTWPiA0gdZhHXMLN4ZPp2KtUeMHYiDk713CZHEj8aXZoGTRyeLqZ+Tw
/zG3uUN9pWfSic9T3DN137X/HI5i5BzOrRgEZGuuwv7cQUQa1Y2K/TK6MKAyTn18
MAT7lOTzftDlnfy4pehleHF0pl3QNB8Q47Au0w2pVUUsQJZ9EOwuQwlPMfq8F3NF
AFK7BYA5xiZq8G6vrY35KG/UyTF7g68PpkZ5QPxBNUXBT13hc8Yo7seV5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCpf7ErJwUiRoAnCu88NlfTZmCn5MB8GA1UdIwQY
MBaAFNu2U7vRcExHutpiq2zjUCMH8kS2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjdaVHU5RndURWU2Mm1LcmJPTlFJd2Z5UkxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC84MDYwZGYtYTZmNy00MTY2LWE5Mjkt
YTk4MGJlZDMzYWIwLzEvS2xfc1NzbkJTSkdnQ2NLN3p3MlY5Tm1ZS2ZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC84MDYwZGYtYTZmNy00MTY2LWE5MjktYTk4MGJlZDMzYWIw
LzEvMjdaVHU5RndURWU2Mm1LcmJPTlFJd2Z5UkxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwbpWMA0G
CSqGSIb3DQEBCwUAA4IBAQAH6lkNBXrfQmYiqdws5mblSxy4DedqXnDSc3iqaEVe
5llmK8R/fA+7cNNCvinCCLu1o2Knc1SIrf1kVP/KCjW7Ke7S9CWMCDySCO8fDnL6
EW2iU8/yoLfCoieCGJ4pmKwgNR1WgqZZaQO72zsQ/orfxby/mk3JTFM7FPkVUdzK
FjOICYSTtgimMN9tkMz3XIfLz1BP+EU/CQJ4LoS97jaYWxIkb/PsIsk2qWMJBTJ1
I4wIEzR/NC1WFJzqm1txtdirNPbx8pA6UdmN2URxXCenLAnxr/EjXnq0gpWPM+A3
4Q9cOWWC+dsuCJhhrQxeffKtbVhOKA7XAddyRIG8J7gR
-----END CERTIFICATE-----