Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/fba28c-6b17-4626-963c-058cc953e803/1/kh50C_NbBjs1xffmc65N3htJRDA.roa
File:                     kh50C_NbBjs1xffmc65N3htJRDA.roa (raw, json)
Hash identifier:          zegMkFf00MvL1ZefKCFbf5kmHagYnvltoauO7HXIkok=
Subject key identifier:   92:1E:74:0B:F3:5B:06:3B:35:C5:F7:E6:73:AE:4D:DE:1B:49:44:30
Certificate issuer:       /CN=34e83f41e5d24254c90a86e3b2bb7a80af039721
Certificate serial:       019420D643B3CDFA8265C38104DC788E7DCF
Authority key identifier: 34:E8:3F:41:E5:D2:42:54:C9:0A:86:E3:B2:BB:7A:80:AF:03:97:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NOg_QeXSQlTJCobjsrt6gK8DlyE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/fba28c-6b17-4626-963c-058cc953e803/1/kh50C_NbBjs1xffmc65N3htJRDA.roa
Signing time:             Wed 01 Jan 2025 07:48:20 +0000
ROA not before:           Wed 01 Jan 2025 07:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13249
IP address blocks:        193.109.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/fba28c-6b17-4626-963c-058cc953e803/1/NOg_QeXSQlTJCobjsrt6gK8DlyE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/fba28c-6b17-4626-963c-058cc953e803/1/NOg_QeXSQlTJCobjsrt6gK8DlyE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NOg_QeXSQlTJCobjsrt6gK8DlyE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 09:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:43:b3:cd:fa:82:65:c3:81:04:dc:78:8e:7d:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34e83f41e5d24254c90a86e3b2bb7a80af039721
        Validity
            Not Before: Jan  1 07:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=921e740bf35b063b35c5f7e673ae4dde1b494430
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:40:de:c8:f8:ff:6d:d3:22:48:b9:18:06:9e:
                    f2:ca:c3:c6:cb:81:04:80:ee:64:6b:93:ed:7a:1c:
                    06:ac:87:9b:cf:72:40:0e:a3:82:db:b4:62:31:37:
                    10:65:1a:df:0d:9d:f6:16:12:8e:6c:13:ab:37:01:
                    c7:2a:c2:36:2e:03:70:93:62:29:54:61:3a:0b:33:
                    7f:27:27:7f:40:7f:75:41:15:69:50:88:ef:37:f1:
                    4a:7b:8b:f5:29:68:63:ea:7b:be:a1:6c:88:70:08:
                    d6:43:1b:a5:62:53:7b:e4:59:9e:eb:5e:be:85:59:
                    d1:7e:a6:fc:61:c5:01:f4:3f:fa:bb:88:a2:86:01:
                    a3:51:67:17:e7:73:0a:21:60:ea:0f:30:22:dd:b5:
                    21:2c:c9:35:4a:10:ca:4d:8e:e3:8b:79:45:3e:54:
                    b8:a9:25:f8:85:b6:43:08:54:a4:d5:42:44:69:55:
                    42:d7:0d:bb:38:88:98:82:0b:5f:48:9a:09:37:fb:
                    5d:3d:06:79:aa:ce:c2:31:ed:c3:5a:35:f1:8b:c2:
                    95:4e:7e:e4:f2:4b:a2:09:4b:80:72:44:cf:a4:aa:
                    80:da:31:54:65:e3:b8:ce:8d:08:61:e0:26:4b:74:
                    bf:8b:08:f4:66:3e:c1:71:02:7a:2d:4d:21:75:2f:
                    94:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:1E:74:0B:F3:5B:06:3B:35:C5:F7:E6:73:AE:4D:DE:1B:49:44:30
            X509v3 Authority Key Identifier:
                keyid:34:E8:3F:41:E5:D2:42:54:C9:0A:86:E3:B2:BB:7A:80:AF:03:97:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NOg_QeXSQlTJCobjsrt6gK8DlyE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/fba28c-6b17-4626-963c-058cc953e803/1/kh50C_NbBjs1xffmc65N3htJRDA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/fba28c-6b17-4626-963c-058cc953e803/1/NOg_QeXSQlTJCobjsrt6gK8DlyE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.109.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:70:82:34:d9:a0:12:53:10:d4:5e:a7:7d:22:5d:8b:54:54:
         13:3b:2a:01:9d:ee:ba:eb:3d:41:10:2d:7c:0a:9f:af:ca:c2:
         60:25:5c:1c:e4:55:82:29:eb:ca:64:23:a8:6a:50:93:fa:48:
         2d:1f:9e:7e:5f:ba:79:27:31:da:b8:22:c1:26:03:bd:fa:e9:
         40:f3:72:7a:b9:ec:af:8b:b1:38:1a:5f:8c:de:05:e9:db:60:
         44:67:f9:a4:17:55:ff:dd:15:b6:72:b4:64:26:28:7b:80:5b:
         85:d8:30:20:e2:2d:7f:d6:d4:48:df:5c:f5:bc:cd:45:e7:b4:
         d1:ec:0d:b1:fe:d3:dc:39:58:52:58:a6:13:be:61:55:62:5d:
         31:c6:39:c9:68:ca:f8:3d:4c:34:6f:03:57:2e:73:ba:85:7d:
         87:a8:7f:0c:2c:57:15:88:84:90:9f:28:ed:53:5b:97:c3:b6:
         bb:9d:b4:54:df:98:6c:11:30:7c:32:1f:98:51:2a:99:27:b9:
         10:03:dd:14:72:44:b1:dd:b6:ab:f7:4c:7f:50:23:3e:c3:ed:
         28:25:31:a8:3d:ac:f1:fb:05:9d:ab:c0:1b:c0:e6:6f:b4:69:
         19:d1:7f:17:20:3a:b2:12:98:30:ae:fd:e4:b7:f8:a7:f8:96:
         b4:c5:da:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1kOzzfqCZcOBBNx4jn3PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0ZTgzZjQxZTVkMjQyNTRjOTBhODZlM2IyYmI3YTgwYWYw
Mzk3MjEwHhcNMjUwMTAxMDc0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjFlNzQwYmYzNWIwNjNiMzVjNWY3ZTY3M2FlNGRkZTFiNDk0NDMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArkDeyPj/bdMiSLkYBp7yysPGy4EE
gO5ka5PtehwGrIebz3JADqOC27RiMTcQZRrfDZ32FhKObBOrNwHHKsI2LgNwk2Ip
VGE6CzN/Jyd/QH91QRVpUIjvN/FKe4v1KWhj6nu+oWyIcAjWQxulYlN75Fme616+
hVnRfqb8YcUB9D/6u4iihgGjUWcX53MKIWDqDzAi3bUhLMk1ShDKTY7ji3lFPlS4
qSX4hbZDCFSk1UJEaVVC1w27OIiYggtfSJoJN/tdPQZ5qs7CMe3DWjXxi8KVTn7k
8kuiCUuAckTPpKqA2jFUZeO4zo0IYeAmS3S/iwj0Zj7BcQJ6LU0hdS+UeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJIedAvzWwY7NcX35nOuTd4bSUQwMB8GA1UdIwQY
MBaAFDToP0Hl0kJUyQqG47K7eoCvA5chMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTk9nX1FlWFNRbFRKQ29ianNydDZnSzhEbHlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9mYmEyOGMtNmIxNy00NjI2LTk2M2Mt
MDU4Y2M5NTNlODAzLzEva2g1MENfTmJCanMxeGZmbWM2NU4zaHRKUkRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9mYmEyOGMtNmIxNy00NjI2LTk2M2MtMDU4Y2M5NTNlODAz
LzEvTk9nX1FlWFNRbFRKQ29ianNydDZnSzhEbHlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwW3xMA0G
CSqGSIb3DQEBCwUAA4IBAQCdcII02aASUxDUXqd9Il2LVFQTOyoBne666z1BEC18
Cp+vysJgJVwc5FWCKevKZCOoalCT+kgtH55+X7p5JzHauCLBJgO9+ulA83J6ueyv
i7E4Gl+M3gXp22BEZ/mkF1X/3RW2crRkJih7gFuF2DAg4i1/1tRI31z1vM1F57TR
7A2x/tPcOVhSWKYTvmFVYl0xxjnJaMr4PUw0bwNXLnO6hX2HqH8MLFcViISQnyjt
U1uXw7a7nbRU35hsETB8Mh+YUSqZJ7kQA90UckSx3bar90x/UCM+w+0oJTGoPazx
+wWdq8AbwOZvtGkZ0X8XIDqyEpgwrv3kt/in+Ja0xdop
-----END CERTIFICATE-----