Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/c4210e-90de-4eca-8206-5537d85d2bd0/1/kIIfJ-bgIB8FEHmlLuoBBuJNtKA.roa
File:                     kIIfJ-bgIB8FEHmlLuoBBuJNtKA.roa (raw, json)
Hash identifier:          d5x0f5Yxm3xcFQXy2bPoyZU9c7+8Vyq9PQskQziwEEU=
Subject key identifier:   90:82:1F:27:E6:E0:20:1F:05:10:79:A5:2E:EA:01:06:E2:4D:B4:A0
Certificate issuer:       /CN=a0bb1718963ddd9128b76fd3d8213a1565ef856d
Certificate serial:       0194282660F7382B6E56597AD53880CB0702
Authority key identifier: A0:BB:17:18:96:3D:DD:91:28:B7:6F:D3:D8:21:3A:15:65:EF:85:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oLsXGJY93ZEot2_T2CE6FWXvhW0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/c4210e-90de-4eca-8206-5537d85d2bd0/1/kIIfJ-bgIB8FEHmlLuoBBuJNtKA.roa
Signing time:             Thu 02 Jan 2025 17:53:11 +0000
ROA not before:           Thu 02 Jan 2025 17:53:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1764
IP address blocks:        193.201.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/c4210e-90de-4eca-8206-5537d85d2bd0/1/oLsXGJY93ZEot2_T2CE6FWXvhW0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/c4210e-90de-4eca-8206-5537d85d2bd0/1/oLsXGJY93ZEot2_T2CE6FWXvhW0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oLsXGJY93ZEot2_T2CE6FWXvhW0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:60:f7:38:2b:6e:56:59:7a:d5:38:80:cb:07:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0bb1718963ddd9128b76fd3d8213a1565ef856d
        Validity
            Not Before: Jan  2 17:53:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=90821f27e6e0201f051079a52eea0106e24db4a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:89:56:dd:d1:ae:0f:a3:9b:ef:80:a1:57:d7:
                    e8:aa:76:60:f3:46:f8:3e:8a:57:79:7f:83:77:ca:
                    aa:77:9a:c9:e7:95:41:2c:55:40:b5:c1:90:20:89:
                    7d:a7:bc:f6:1c:c2:75:62:f2:66:31:6e:ae:fb:88:
                    ae:b0:2c:a1:31:be:56:13:f2:f9:af:fb:2e:63:5e:
                    55:57:9d:9c:50:a5:48:74:0c:a7:cd:39:8b:61:20:
                    66:ba:c0:d1:b0:ab:77:00:41:f6:6e:dd:bb:ae:f4:
                    f5:1f:1b:69:5c:de:d2:0d:aa:8e:14:1b:cd:07:f6:
                    f4:d7:b4:bd:c0:23:88:ae:4a:3e:e7:12:52:a8:0d:
                    84:7d:ec:bc:1a:dc:4a:bb:e0:fc:25:3c:fe:9f:7c:
                    3c:99:aa:e7:85:0b:1a:0d:f3:89:42:68:68:ab:c0:
                    ab:cd:a1:73:71:27:0d:c9:a0:50:11:2b:61:50:b1:
                    46:87:94:cb:81:60:37:58:26:d1:11:a0:7e:97:7e:
                    9f:06:a4:f2:84:72:b7:2c:be:b2:93:5b:51:c3:49:
                    35:60:61:5d:6e:ab:ae:d9:3e:8c:2a:ca:2e:00:2f:
                    c3:e2:38:b8:82:f2:89:59:a1:97:98:33:96:f1:82:
                    37:b0:bf:98:90:3d:ef:bb:86:7e:73:2c:4e:da:5a:
                    6b:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:82:1F:27:E6:E0:20:1F:05:10:79:A5:2E:EA:01:06:E2:4D:B4:A0
            X509v3 Authority Key Identifier:
                keyid:A0:BB:17:18:96:3D:DD:91:28:B7:6F:D3:D8:21:3A:15:65:EF:85:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oLsXGJY93ZEot2_T2CE6FWXvhW0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/c4210e-90de-4eca-8206-5537d85d2bd0/1/kIIfJ-bgIB8FEHmlLuoBBuJNtKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/c4210e-90de-4eca-8206-5537d85d2bd0/1/oLsXGJY93ZEot2_T2CE6FWXvhW0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.201.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:d3:c3:48:5b:2e:5c:04:5e:06:47:41:57:d4:30:9b:86:d0:
         7e:ed:b5:e6:24:7b:f8:04:e0:68:51:64:76:37:b1:4f:a5:a0:
         f7:c4:f7:fd:0c:02:ef:43:a5:65:9f:c0:c9:93:81:21:ca:7f:
         fd:ec:cb:79:3a:20:20:ac:3d:ca:87:aa:98:ad:08:68:fd:d4:
         33:a3:8a:93:4d:e7:52:98:88:e5:72:0c:9f:42:6c:c5:8d:de:
         a4:37:dc:e1:03:cd:6b:b0:a9:9c:4d:d6:6b:5e:9e:14:5c:93:
         a3:b2:67:79:2f:88:27:61:7a:87:d3:48:af:80:94:ad:5c:77:
         53:73:77:2e:1f:ba:24:aa:d9:3b:88:d9:85:6c:17:71:b4:03:
         9f:6e:33:ea:a1:9e:59:fa:e8:e2:cb:4e:fb:7c:6d:4a:7a:bc:
         e5:a3:c0:e3:63:c1:c3:6a:e0:05:f8:3c:c4:9c:fc:27:6c:97:
         22:1b:d6:42:c8:1c:3b:86:b3:b2:0f:1f:03:70:c5:f9:e3:55:
         52:10:98:5a:bd:b0:2f:10:bd:be:22:99:02:2d:82:15:63:48:
         f0:81:cc:c4:9e:83:ae:23:1b:ac:ac:a8:7d:88:0b:f5:e7:31:
         82:c9:8e:a8:a3:38:51:53:08:b5:ba:bf:90:b3:25:37:e4:bb:
         31:61:13:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJmD3OCtuVll61TiAywcCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwYmIxNzE4OTYzZGRkOTEyOGI3NmZkM2Q4MjEzYTE1NjVl
Zjg1NmQwHhcNMjUwMTAyMTc1MzExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDgyMWYyN2U2ZTAyMDFmMDUxMDc5YTUyZWVhMDEwNmUyNGRiNGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz4lW3dGuD6Ob74ChV9foqnZg80b4
PopXeX+Dd8qqd5rJ55VBLFVAtcGQIIl9p7z2HMJ1YvJmMW6u+4iusCyhMb5WE/L5
r/suY15VV52cUKVIdAynzTmLYSBmusDRsKt3AEH2bt27rvT1HxtpXN7SDaqOFBvN
B/b017S9wCOIrko+5xJSqA2Efey8GtxKu+D8JTz+n3w8marnhQsaDfOJQmhoq8Cr
zaFzcScNyaBQESthULFGh5TLgWA3WCbREaB+l36fBqTyhHK3LL6yk1tRw0k1YGFd
bquu2T6MKsouAC/D4ji4gvKJWaGXmDOW8YI3sL+YkD3vu4Z+cyxO2lprgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJCCHyfm4CAfBRB5pS7qAQbiTbSgMB8GA1UdIwQY
MBaAFKC7FxiWPd2RKLdv09ghOhVl74VtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0xzWEdKWTkzWkVvdDJfVDJDRTZGV1h2aFcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni9jNDIxMGUtOTBkZS00ZWNhLTgyMDYt
NTUzN2Q4NWQyYmQwLzEva0lJZkotYmdJQjhGRUhtbEx1b0JCdUpOdEtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni9jNDIxMGUtOTBkZS00ZWNhLTgyMDYtNTUzN2Q4NWQyYmQw
LzEvb0xzWEdKWTkzWkVvdDJfVDJDRTZGV1h2aFcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwckpMA0G
CSqGSIb3DQEBCwUAA4IBAQB808NIWy5cBF4GR0FX1DCbhtB+7bXmJHv4BOBoUWR2
N7FPpaD3xPf9DALvQ6Vln8DJk4Ehyn/97Mt5OiAgrD3Kh6qYrQho/dQzo4qTTedS
mIjlcgyfQmzFjd6kN9zhA81rsKmcTdZrXp4UXJOjsmd5L4gnYXqH00ivgJStXHdT
c3cuH7okqtk7iNmFbBdxtAOfbjPqoZ5Z+ujiy077fG1Kerzlo8DjY8HDauAF+DzE
nPwnbJciG9ZCyBw7hrOyDx8DcMX541VSEJhavbAvEL2+IpkCLYIVY0jwgczEnoOu
IxusrKh9iAv15zGCyY6oozhRUwi1ur+QsyU35LsxYRMf
-----END CERTIFICATE-----