Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/e1e2a7-fd96-4cf1-82c3-ba2b90d49547/1/KB39bYqIMJokJ-KK1JHEqLNlJ44.roa
File:                     KB39bYqIMJokJ-KK1JHEqLNlJ44.roa (raw, json)
Hash identifier:          phEsVyJYnJtq6yuZEFal91oSzWP2tqwsWq5VAN0UDT0=
Subject key identifier:   28:1D:FD:6D:8A:88:30:9A:24:27:E2:8A:D4:91:C4:A8:B3:65:27:8E
Certificate issuer:       /CN=66bd82ba1881ad64f524e33ece12ada4b3b5d57f
Certificate serial:       01942067FF64082497CEB693E6A513559239
Authority key identifier: 66:BD:82:BA:18:81:AD:64:F5:24:E3:3E:CE:12:AD:A4:B3:B5:D5:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zr2CuhiBrWT1JOM-zhKtpLO11X8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/e1e2a7-fd96-4cf1-82c3-ba2b90d49547/1/KB39bYqIMJokJ-KK1JHEqLNlJ44.roa
Signing time:             Wed 01 Jan 2025 05:47:54 +0000
ROA not before:           Wed 01 Jan 2025 05:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     680
IP address blocks:        132.199.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/e1e2a7-fd96-4cf1-82c3-ba2b90d49547/1/Zr2CuhiBrWT1JOM-zhKtpLO11X8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/e1e2a7-fd96-4cf1-82c3-ba2b90d49547/1/Zr2CuhiBrWT1JOM-zhKtpLO11X8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zr2CuhiBrWT1JOM-zhKtpLO11X8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:ff:64:08:24:97:ce:b6:93:e6:a5:13:55:92:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66bd82ba1881ad64f524e33ece12ada4b3b5d57f
        Validity
            Not Before: Jan  1 05:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=281dfd6d8a88309a2427e28ad491c4a8b365278e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:69:50:da:4d:9e:d1:06:33:ea:a9:3e:e9:a0:
                    e4:e7:7b:2d:59:d0:b1:40:f6:a4:83:8b:d2:06:63:
                    60:ae:31:62:99:69:47:7d:e0:1b:26:e7:c2:f1:51:
                    3c:c2:43:6d:0a:71:72:c9:86:05:c8:85:8b:35:bf:
                    a2:f0:31:4a:5a:8f:72:34:b0:04:04:27:8c:3e:fe:
                    ed:18:46:98:2b:2d:df:08:56:0a:1a:29:65:44:28:
                    a0:d5:b4:b1:42:ad:f4:62:bb:48:36:44:74:e0:09:
                    ec:ee:50:25:8c:92:68:c0:0a:9d:27:c7:fb:3c:a9:
                    0e:7d:f3:1b:82:0d:7a:56:03:2f:78:e5:b2:aa:55:
                    3e:b6:2e:98:7e:22:42:fb:7e:c5:34:bc:29:f9:57:
                    1d:cf:c8:fa:d5:74:68:54:e4:06:62:0b:e2:bf:fd:
                    21:66:11:fa:21:94:f5:90:3a:f0:7b:87:17:41:70:
                    6f:1c:c8:18:a2:5f:9f:b9:8d:46:75:40:c5:0d:31:
                    40:78:8b:00:f7:af:c1:72:67:a8:8e:e0:70:09:59:
                    9e:ac:4a:5a:b8:61:b1:f1:45:3a:20:df:ac:50:81:
                    11:c2:fa:f1:f1:79:28:f7:8d:34:0a:10:b5:21:c9:
                    4e:73:b5:f5:25:65:f4:80:1d:37:1d:68:56:25:a8:
                    fe:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:1D:FD:6D:8A:88:30:9A:24:27:E2:8A:D4:91:C4:A8:B3:65:27:8E
            X509v3 Authority Key Identifier:
                keyid:66:BD:82:BA:18:81:AD:64:F5:24:E3:3E:CE:12:AD:A4:B3:B5:D5:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zr2CuhiBrWT1JOM-zhKtpLO11X8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/e1e2a7-fd96-4cf1-82c3-ba2b90d49547/1/KB39bYqIMJokJ-KK1JHEqLNlJ44.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/e1e2a7-fd96-4cf1-82c3-ba2b90d49547/1/Zr2CuhiBrWT1JOM-zhKtpLO11X8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.199.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         08:a0:ab:08:b5:f2:71:e8:91:a6:6d:4a:2f:92:0a:ce:ee:e2:
         2f:e3:4b:d8:52:08:aa:e8:83:02:a3:49:cf:4f:ce:df:bd:3a:
         47:7c:4c:2e:92:63:68:1c:21:36:3c:83:be:1e:74:67:aa:82:
         24:87:05:58:6d:86:cd:94:68:db:c3:92:28:03:1d:a1:03:52:
         5e:0c:ab:26:14:d2:d4:f5:68:bf:59:89:bc:5b:7f:d5:c2:f1:
         8f:5e:60:57:c1:62:94:ad:c4:3e:5f:b5:bb:93:da:c5:77:b5:
         5b:cd:41:09:44:7a:53:b4:4b:2a:68:14:5c:a6:b2:ab:c2:61:
         60:63:f1:6b:83:d8:30:0a:0c:b5:0c:83:e5:92:18:8b:a5:92:
         54:b3:13:c4:5d:1f:98:90:18:dd:f8:82:cb:12:47:d3:45:7f:
         de:32:af:94:b2:29:c6:fd:19:f7:e2:e3:8c:aa:5e:de:44:b4:
         41:54:f3:1d:01:d1:fc:e2:7d:ef:88:e1:74:94:84:41:37:5e:
         12:75:73:7c:b0:d2:93:c5:d1:33:9d:7e:39:a7:33:f9:02:42:
         93:3c:2a:ae:94:2e:23:4f:1b:0b:10:16:6c:94:c3:11:23:65:
         5d:24:f9:ec:ee:9e:6f:36:c8:f0:e2:2e:d8:fd:ce:5a:49:03:
         52:c2:5e:24
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQgZ/9kCCSXzraT5qUTVZI5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2YmQ4MmJhMTg4MWFkNjRmNTI0ZTMzZWNlMTJhZGE0YjNi
NWQ1N2YwHhcNMjUwMTAxMDU0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODFkZmQ2ZDhhODgzMDlhMjQyN2UyOGFkNDkxYzRhOGIzNjUyNzhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl2lQ2k2e0QYz6qk+6aDk53stWdCx
QPakg4vSBmNgrjFimWlHfeAbJufC8VE8wkNtCnFyyYYFyIWLNb+i8DFKWo9yNLAE
BCeMPv7tGEaYKy3fCFYKGillRCig1bSxQq30YrtINkR04Ans7lAljJJowAqdJ8f7
PKkOffMbgg16VgMveOWyqlU+ti6YfiJC+37FNLwp+Vcdz8j61XRoVOQGYgviv/0h
ZhH6IZT1kDrwe4cXQXBvHMgYol+fuY1GdUDFDTFAeIsA96/BcmeojuBwCVmerEpa
uGGx8UU6IN+sUIERwvrx8Xko9400ChC1IclOc7X1JWX0gB03HWhWJaj+ywIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFCgd/W2KiDCaJCfiitSRxKizZSeOMB8GA1UdIwQY
MBaAFGa9groYga1k9STjPs4SraSztdV/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnIyQ3VoaUJyV1QxSk9NLXpoS3RwTE8xMVg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9lMWUyYTctZmQ5Ni00Y2YxLTgyYzMt
YmEyYjkwZDQ5NTQ3LzEvS0IzOWJZcUlNSm9rSi1LSzFKSEVxTE5sSjQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9lMWUyYTctZmQ5Ni00Y2YxLTgyYzMtYmEyYjkwZDQ5NTQ3
LzEvWnIyQ3VoaUJyV1QxSk9NLXpoS3RwTE8xMVg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAhMcwDQYJ
KoZIhvcNAQELBQADggEBAAigqwi18nHokaZtSi+SCs7u4i/jS9hSCKrogwKjSc9P
zt+9Okd8TC6SY2gcITY8g74edGeqgiSHBVhths2UaNvDkigDHaEDUl4MqyYU0tT1
aL9Zibxbf9XC8Y9eYFfBYpStxD5ftbuT2sV3tVvNQQlEelO0SypoFFymsqvCYWBj
8WuD2DAKDLUMg+WSGIulklSzE8RdH5iQGN34gssSR9NFf94yr5SyKcb9Gffi44yq
Xt5EtEFU8x0B0fzife+I4XSUhEE3XhJ1c3yw0pPF0TOdfjmnM/kCQpM8Kq6ULiNP
GwsQFmyUwxEjZV0k+ezunm82yPDiLtj9zlpJA1LCXiQ=
-----END CERTIFICATE-----