Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/_Khf-n0vZfCAmh5Kz1BybwMWUtk.roa
File:                     _Khf-n0vZfCAmh5Kz1BybwMWUtk.roa (raw, json)
Hash identifier:          kt8gl4Nj76yRL5CdwZbXkVqwHK70gqMfG0Z0kpN+NYA=
Subject key identifier:   FC:A8:5F:FA:7D:2F:65:F0:80:9A:1E:4A:CF:50:72:6F:03:16:52:D9
Certificate issuer:       /CN=4b9331fa7be470dc179e16c306e98c6c731a575c
Certificate serial:       019425FD69F1A7B5E6FAE652D2F5CEF98943
Authority key identifier: 4B:93:31:FA:7B:E4:70:DC:17:9E:16:C3:06:E9:8C:6C:73:1A:57:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S5Mx-nvkcNwXnhbDBumMbHMaV1w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/_Khf-n0vZfCAmh5Kz1BybwMWUtk.roa
Signing time:             Thu 02 Jan 2025 07:49:12 +0000
ROA not before:           Thu 02 Jan 2025 07:49:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48503
IP address blocks:        140.150.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/S5Mx-nvkcNwXnhbDBumMbHMaV1w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/S5Mx-nvkcNwXnhbDBumMbHMaV1w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S5Mx-nvkcNwXnhbDBumMbHMaV1w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:69:f1:a7:b5:e6:fa:e6:52:d2:f5:ce:f9:89:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b9331fa7be470dc179e16c306e98c6c731a575c
        Validity
            Not Before: Jan  2 07:49:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fca85ffa7d2f65f0809a1e4acf50726f031652d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:b8:91:e6:9a:4b:73:b8:fc:51:be:17:af:4b:
                    9f:4e:71:9a:a2:74:82:3e:44:2c:27:c8:d7:02:42:
                    d9:51:cd:23:58:b7:40:c0:70:3b:8c:1c:77:01:76:
                    50:8d:4a:81:cd:ed:e9:cb:7b:1d:71:8d:30:b6:74:
                    16:96:48:b8:7e:9b:a6:d5:4d:b1:0f:58:68:a9:f9:
                    ef:b8:74:3e:9e:ff:c6:cd:81:e5:2e:c4:d3:4d:ca:
                    73:37:8d:28:4e:fe:ca:84:e1:ec:d5:32:f8:8e:72:
                    08:36:a6:64:dc:ed:eb:fe:6b:ba:3f:2f:f6:d6:f8:
                    8c:7b:44:f1:3a:27:ff:80:da:00:cf:e8:fe:78:81:
                    82:bb:15:14:18:a4:15:ac:a8:77:73:af:fb:fa:51:
                    d9:8f:46:9e:16:b3:5a:e2:ca:0c:91:0c:75:7a:58:
                    e5:fa:d8:ad:ed:fa:dc:3e:66:dd:72:f7:12:b8:91:
                    cd:df:24:92:dc:5e:ac:3d:15:cc:b0:d5:80:c2:3e:
                    91:f3:c2:d8:38:36:12:b2:46:b2:3e:62:41:7a:06:
                    62:a5:5c:b9:d9:f0:73:3c:59:16:fb:a2:ef:ad:bc:
                    51:c2:4b:10:ec:fd:af:be:55:f5:65:97:fd:50:96:
                    7c:7b:e9:84:02:da:5b:18:0a:3a:ad:2b:a7:a8:19:
                    c4:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:A8:5F:FA:7D:2F:65:F0:80:9A:1E:4A:CF:50:72:6F:03:16:52:D9
            X509v3 Authority Key Identifier:
                keyid:4B:93:31:FA:7B:E4:70:DC:17:9E:16:C3:06:E9:8C:6C:73:1A:57:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S5Mx-nvkcNwXnhbDBumMbHMaV1w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/_Khf-n0vZfCAmh5Kz1BybwMWUtk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/S5Mx-nvkcNwXnhbDBumMbHMaV1w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.150.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:b5:2c:48:94:e4:da:0a:64:cb:97:22:d9:33:fe:df:4f:37:
         73:22:93:53:da:0d:dc:42:d0:12:31:37:a1:d0:d0:c3:84:9b:
         32:a7:98:e7:12:4e:6c:09:45:5e:50:e6:04:b2:26:89:88:10:
         12:25:be:80:27:2a:3b:cf:fd:a6:e7:0b:40:5e:47:a8:36:cb:
         d5:a5:00:65:5f:6f:84:b2:8f:3f:d1:6c:f6:c9:da:d7:79:6e:
         b5:c1:68:52:c8:25:59:0f:29:da:26:c1:f1:bb:fc:3f:6f:18:
         d8:5e:47:51:2f:3b:d4:20:4f:d4:ca:ad:d9:c6:07:82:69:62:
         b8:4c:c7:bb:b0:ea:09:ae:a9:79:5e:60:fc:87:33:c0:c7:f9:
         34:1b:31:23:aa:53:9f:0d:03:ad:44:85:c1:e3:9a:da:cb:22:
         2f:57:34:93:af:e2:bd:6c:19:22:1e:a7:9d:08:a3:a0:4d:6a:
         88:40:a7:a8:73:31:39:bc:24:e0:48:4f:ba:9f:82:ac:27:c3:
         c5:76:6a:94:c1:65:90:17:2b:4f:c3:44:52:0f:d6:34:7e:86:
         16:9d:04:4d:66:d6:6b:93:3a:f6:53:51:9f:02:cd:83:be:37:
         0f:bf:d6:b0:88:18:34:e0:2b:e0:c8:25:eb:5e:17:68:11:59:
         e4:23:ca:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/Wnxp7Xm+uZS0vXO+YlDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiOTMzMWZhN2JlNDcwZGMxNzllMTZjMzA2ZTk4YzZjNzMx
YTU3NWMwHhcNMjUwMTAyMDc0OTEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2E4NWZmYTdkMmY2NWYwODA5YTFlNGFjZjUwNzI2ZjAzMTY1MmQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnLiR5ppLc7j8Ub4Xr0ufTnGaonSC
PkQsJ8jXAkLZUc0jWLdAwHA7jBx3AXZQjUqBze3py3sdcY0wtnQWlki4fpum1U2x
D1hoqfnvuHQ+nv/GzYHlLsTTTcpzN40oTv7KhOHs1TL4jnIINqZk3O3r/mu6Py/2
1viMe0TxOif/gNoAz+j+eIGCuxUUGKQVrKh3c6/7+lHZj0aeFrNa4soMkQx1eljl
+tit7frcPmbdcvcSuJHN3ySS3F6sPRXMsNWAwj6R88LYODYSskayPmJBegZipVy5
2fBzPFkW+6LvrbxRwksQ7P2vvlX1ZZf9UJZ8e+mEAtpbGAo6rSunqBnEoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPyoX/p9L2XwgJoeSs9Qcm8DFlLZMB8GA1UdIwQY
MBaAFEuTMfp75HDcF54WwwbpjGxzGldcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzVNeC1udmtjTndYbmhiREJ1bU1iSE1hVjF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC81YjQ4YTctYTBkNy00M2YyLWEzNjIt
OGIyYjQ3MzhiMWNjLzEvX0toZi1uMHZaZkNBbWg1S3oxQnlid01XVXRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC81YjQ4YTctYTBkNy00M2YyLWEzNjItOGIyYjQ3MzhiMWNj
LzEvUzVNeC1udmtjTndYbmhiREJ1bU1iSE1hVjF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjJYjMA0G
CSqGSIb3DQEBCwUAA4IBAQC5tSxIlOTaCmTLlyLZM/7fTzdzIpNT2g3cQtASMTeh
0NDDhJsyp5jnEk5sCUVeUOYEsiaJiBASJb6AJyo7z/2m5wtAXkeoNsvVpQBlX2+E
so8/0Wz2ydrXeW61wWhSyCVZDynaJsHxu/w/bxjYXkdRLzvUIE/Uyq3ZxgeCaWK4
TMe7sOoJrql5XmD8hzPAx/k0GzEjqlOfDQOtRIXB45rayyIvVzSTr+K9bBkiHqed
CKOgTWqIQKeoczE5vCTgSE+6n4KsJ8PFdmqUwWWQFytPw0RSD9Y0foYWnQRNZtZr
kzr2U1GfAs2DvjcPv9awiBg04CvgyCXrXhdoEVnkI8rN
-----END CERTIFICATE-----