Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/a97926-410c-466b-8bf4-ab16b69e6ad5/1/kPZ8ETM6lNG0lavwYwIQDcxYl1g.roa
File:                     kPZ8ETM6lNG0lavwYwIQDcxYl1g.roa (raw, json)
Hash identifier:          SlFNEFoyK1DX28n0FPr3kQ7LoACCcNAT7qXaupdbmVY=
Subject key identifier:   90:F6:7C:11:33:3A:94:D1:B4:95:AB:F0:63:02:10:0D:CC:58:97:58
Certificate issuer:       /CN=6b6e969fe8fb7b2a6b6e464426a4a703d37eb554
Certificate serial:       0194221F5DFC9F68B5F730A24C4B63AD4E86
Authority key identifier: 6B:6E:96:9F:E8:FB:7B:2A:6B:6E:46:44:26:A4:A7:03:D3:7E:B5:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a26Wn-j7eyprbkZEJqSnA9N-tVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/a97926-410c-466b-8bf4-ab16b69e6ad5/1/kPZ8ETM6lNG0lavwYwIQDcxYl1g.roa
Signing time:             Wed 01 Jan 2025 13:47:48 +0000
ROA not before:           Wed 01 Jan 2025 13:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42831
IP address blocks:        185.54.84.0/22 maxlen: 22
                          2a04:d180::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/a97926-410c-466b-8bf4-ab16b69e6ad5/1/a26Wn-j7eyprbkZEJqSnA9N-tVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/a97926-410c-466b-8bf4-ab16b69e6ad5/1/a26Wn-j7eyprbkZEJqSnA9N-tVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a26Wn-j7eyprbkZEJqSnA9N-tVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:5d:fc:9f:68:b5:f7:30:a2:4c:4b:63:ad:4e:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b6e969fe8fb7b2a6b6e464426a4a703d37eb554
        Validity
            Not Before: Jan  1 13:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=90f67c11333a94d1b495abf06302100dcc589758
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:b9:f4:a1:89:9a:f3:09:81:8a:6e:93:43:d9:
                    3e:45:12:4a:60:87:00:7c:c6:d8:61:6b:f5:c5:82:
                    72:74:32:83:8e:e7:e2:9e:06:d0:54:92:36:46:04:
                    c4:90:98:b3:42:0b:8f:03:60:74:9c:06:67:df:e2:
                    8d:d4:04:ac:50:08:e4:8a:9e:c1:da:22:e1:12:45:
                    df:ec:32:16:e7:66:c0:99:44:4b:3f:09:6e:f7:d6:
                    d8:d2:8b:c3:40:06:6f:f4:7b:d2:5a:27:31:c2:0a:
                    59:d5:1c:f4:21:c6:d5:b6:e2:f1:f5:bd:aa:06:bf:
                    47:7c:91:d5:54:a1:8d:17:0f:25:7f:ee:80:d1:84:
                    ae:d3:08:c7:59:58:17:29:8b:2e:22:0e:b7:ec:50:
                    c6:79:8d:05:25:3e:8a:48:00:3e:0f:1e:6f:7a:ee:
                    0b:4d:dc:3a:73:c0:4a:e9:1c:b5:59:83:8a:64:5e:
                    4a:98:39:94:c3:6d:bd:78:f4:60:9f:94:42:c7:64:
                    4d:d8:17:d0:58:44:08:ce:1f:32:c3:b3:f4:76:16:
                    a2:5e:4d:8f:e6:5d:e9:25:82:82:b0:c0:33:7e:62:
                    8d:62:f4:f1:f1:8b:7c:04:2a:50:5c:74:06:3b:e7:
                    17:5a:9e:53:d9:06:61:77:b3:8e:ef:49:2b:e6:57:
                    f0:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:F6:7C:11:33:3A:94:D1:B4:95:AB:F0:63:02:10:0D:CC:58:97:58
            X509v3 Authority Key Identifier:
                keyid:6B:6E:96:9F:E8:FB:7B:2A:6B:6E:46:44:26:A4:A7:03:D3:7E:B5:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a26Wn-j7eyprbkZEJqSnA9N-tVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/a97926-410c-466b-8bf4-ab16b69e6ad5/1/kPZ8ETM6lNG0lavwYwIQDcxYl1g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/a97926-410c-466b-8bf4-ab16b69e6ad5/1/a26Wn-j7eyprbkZEJqSnA9N-tVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.54.84.0/22
                IPv6:
                  2a04:d180::/29

    Signature Algorithm: sha256WithRSAEncryption
         18:4c:f7:df:47:bd:5d:39:9b:76:3b:2b:32:fd:04:74:85:40:
         4d:cb:c5:de:d5:b8:4b:20:25:99:1c:9c:d1:ec:41:dd:f4:ef:
         c3:72:23:53:31:32:e1:9f:70:7a:b6:82:eb:c0:34:b7:db:01:
         44:60:ff:76:27:4b:ea:c2:2e:a7:fd:12:71:29:6b:f4:ff:7f:
         21:7d:2a:fc:5a:b8:25:de:fd:b2:6b:57:dd:a0:65:f8:c3:c8:
         14:89:3b:d8:b4:f9:7f:c4:62:e5:87:25:b1:53:59:08:7d:1d:
         4c:16:ac:36:9d:b4:9e:ce:06:de:cb:56:85:ef:b3:e5:5e:3c:
         eb:69:f7:e2:c0:39:8d:b8:e0:27:7b:6f:2c:58:9b:12:8a:01:
         bd:bb:80:05:ea:d8:a1:5a:a8:f3:a8:0b:b2:34:e2:75:36:b5:
         4b:ca:72:79:fa:5a:8d:c1:87:8b:ce:e1:69:87:ff:d3:a0:f3:
         b1:8b:f7:6b:17:5e:14:56:cd:23:4b:57:b6:00:9d:45:68:e7:
         49:06:b7:1c:e9:df:41:97:50:a5:8d:93:11:68:21:4b:75:1a:
         86:e3:25:20:0e:4a:8f:82:c5:e4:88:54:f6:d6:47:bb:63:cb:
         db:54:b4:f7:c1:3d:f1:09:28:49:86:a2:73:a8:3c:88:57:c5:
         36:89:c1:a8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQiH138n2i19zCiTEtjrU6GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNmU5NjlmZThmYjdiMmE2YjZlNDY0NDI2YTRhNzAzZDM3
ZWI1NTQwHhcNMjUwMTAxMTM0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGY2N2MxMTMzM2E5NGQxYjQ5NWFiZjA2MzAyMTAwZGNjNTg5NzU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi7n0oYma8wmBim6TQ9k+RRJKYIcA
fMbYYWv1xYJydDKDjufingbQVJI2RgTEkJizQguPA2B0nAZn3+KN1ASsUAjkip7B
2iLhEkXf7DIW52bAmURLPwlu99bY0ovDQAZv9HvSWicxwgpZ1Rz0IcbVtuLx9b2q
Br9HfJHVVKGNFw8lf+6A0YSu0wjHWVgXKYsuIg637FDGeY0FJT6KSAA+Dx5veu4L
Tdw6c8BK6Ry1WYOKZF5KmDmUw229ePRgn5RCx2RN2BfQWEQIzh8yw7P0dhaiXk2P
5l3pJYKCsMAzfmKNYvTx8Yt8BCpQXHQGO+cXWp5T2QZhd7OO70kr5lfw+QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJD2fBEzOpTRtJWr8GMCEA3MWJdYMB8GA1UdIwQY
MBaAFGtulp/o+3sqa25GRCakpwPTfrVUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTI2V24tajdleXByYmtaRUpxU25BOU4tdFZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9hOTc5MjYtNDEwYy00NjZiLThiZjQt
YWIxNmI2OWU2YWQ1LzEva1BaOEVUTTZsTkcwbGF2d1l3SVFEY3hZbDFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9hOTc5MjYtNDEwYy00NjZiLThiZjQtYWIxNmI2OWU2YWQ1
LzEvYTI2V24tajdleXByYmtaRUpxU25BOU4tdFZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuTZUMA0E
AgACMAcDBQMqBNGAMA0GCSqGSIb3DQEBCwUAA4IBAQAYTPffR71dOZt2Oysy/QR0
hUBNy8Xe1bhLICWZHJzR7EHd9O/DciNTMTLhn3B6toLrwDS32wFEYP92J0vqwi6n
/RJxKWv0/38hfSr8Wrgl3v2ya1fdoGX4w8gUiTvYtPl/xGLlhyWxU1kIfR1MFqw2
nbSezgbey1aF77PlXjzraffiwDmNuOAne28sWJsSigG9u4AF6tihWqjzqAuyNOJ1
NrVLynJ5+lqNwYeLzuFph//ToPOxi/drF14UVs0jS1e2AJ1FaOdJBrcc6d9Bl1Cl
jZMRaCFLdRqG4yUgDkqPgsXkiFT21ke7Y8vbVLT3wT3xCShJhqJzqDyIV8U2icGo
-----END CERTIFICATE-----