Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/kKoWp4Lx502DAZ2dTiIEcojnfao.roa
File:                     kKoWp4Lx502DAZ2dTiIEcojnfao.roa (raw, json)
Hash identifier:          wbMVZciEXcbsx0EhcS9t8+gUwRDnIiXLOoH2KSH13m8=
Subject key identifier:   90:AA:16:A7:82:F1:E7:4D:83:01:9D:9D:4E:22:04:72:88:E7:7D:AA
Certificate issuer:       /CN=4776afb74fad5baf0a6180b49510d8b8497df8d3
Certificate serial:       0194221FF23D4C5B976FD27B6D891929CDA3
Authority key identifier: 47:76:AF:B7:4F:AD:5B:AF:0A:61:80:B4:95:10:D8:B8:49:7D:F8:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R3avt0-tW68KYYC0lRDYuEl9-NM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/kKoWp4Lx502DAZ2dTiIEcojnfao.roa
Signing time:             Wed 01 Jan 2025 13:48:26 +0000
ROA not before:           Wed 01 Jan 2025 13:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204055
IP address blocks:        212.18.251.0/24 maxlen: 24
                          2a04:2b00:14bb::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/R3avt0-tW68KYYC0lRDYuEl9-NM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/R3avt0-tW68KYYC0lRDYuEl9-NM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R3avt0-tW68KYYC0lRDYuEl9-NM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:f2:3d:4c:5b:97:6f:d2:7b:6d:89:19:29:cd:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4776afb74fad5baf0a6180b49510d8b8497df8d3
        Validity
            Not Before: Jan  1 13:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=90aa16a782f1e74d83019d9d4e22047288e77daa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:18:04:23:72:49:e7:13:be:36:5a:30:b8:c3:
                    62:3c:1b:76:65:67:60:9e:fb:3d:97:30:ea:05:56:
                    0f:77:3a:ef:16:d0:3b:91:d8:36:a0:88:ff:5f:8d:
                    d3:2f:00:d6:71:fe:55:81:ba:31:a8:0a:31:7d:d4:
                    46:e4:dd:79:7d:8f:fd:4d:9c:ff:36:63:7f:7c:1c:
                    0e:e1:d1:83:69:29:a5:aa:ee:77:28:9d:23:b6:1d:
                    a7:49:bf:82:54:d6:a0:18:86:54:4e:ef:ed:5b:9e:
                    86:80:76:8c:29:b8:45:b1:0c:d7:14:9d:46:cb:cb:
                    18:b8:fd:80:4e:e4:46:73:0b:f4:4e:5d:0a:b4:b0:
                    24:95:1d:52:43:09:81:21:86:f3:7c:5d:41:fb:c9:
                    89:50:41:a2:18:4a:5a:1c:5c:df:d9:10:a2:58:00:
                    d3:e7:c8:ea:f2:9b:47:0e:95:a2:42:72:bb:a9:94:
                    d6:94:ee:f5:d6:e6:02:d5:8f:13:ea:c8:47:a7:09:
                    c5:6e:f0:db:70:6d:e9:e9:a8:c7:2f:9f:a4:9a:4a:
                    92:a4:f9:f4:a5:5a:9c:7d:7e:e7:96:0b:2a:39:ce:
                    a1:a8:2a:9b:73:cc:bc:59:61:5e:a9:c8:2a:8c:d6:
                    ed:8a:06:56:5a:3d:8d:91:d8:1d:67:e2:1e:95:f1:
                    7a:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:AA:16:A7:82:F1:E7:4D:83:01:9D:9D:4E:22:04:72:88:E7:7D:AA
            X509v3 Authority Key Identifier:
                keyid:47:76:AF:B7:4F:AD:5B:AF:0A:61:80:B4:95:10:D8:B8:49:7D:F8:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R3avt0-tW68KYYC0lRDYuEl9-NM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/kKoWp4Lx502DAZ2dTiIEcojnfao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/R3avt0-tW68KYYC0lRDYuEl9-NM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.18.251.0/24
                IPv6:
                  2a04:2b00:14bb::/48

    Signature Algorithm: sha256WithRSAEncryption
         46:56:d3:4f:ed:15:b0:be:4e:21:59:a5:a6:8f:90:8a:0e:3f:
         66:9d:d5:c8:99:72:ab:66:fb:69:d1:43:ff:27:3d:a3:f3:9e:
         ec:a5:c8:06:68:11:fe:3d:65:1f:00:52:ce:8e:6e:d0:0b:14:
         bd:87:ec:ff:71:03:56:4e:2c:1e:d9:4e:4a:5a:3d:e4:46:be:
         33:6c:e8:77:82:71:33:6a:00:82:b8:8d:1a:8e:91:26:e1:5e:
         1d:6d:3f:49:e0:22:9b:1d:f7:70:b4:a1:aa:b2:22:77:4f:ef:
         09:be:90:3a:e5:29:3d:f8:4c:93:90:78:40:c7:64:63:89:07:
         52:f0:ac:0d:03:14:9e:90:18:e0:18:a6:bd:aa:2a:0f:43:2a:
         cc:a7:28:3f:19:a9:6e:93:44:13:9d:7e:d6:50:68:23:3e:f6:
         cd:b4:c1:24:b6:d7:aa:a1:c8:66:89:d4:d6:a5:fb:fc:75:1f:
         aa:5d:02:bc:a5:86:f9:1b:65:3d:a6:c0:ed:93:fb:de:f7:07:
         6a:0d:f4:42:95:30:32:3b:a9:c6:8a:09:7d:8c:13:03:37:66:
         9b:1e:7c:fe:0a:04:df:2c:0d:90:fa:d3:d0:08:cb:4c:8a:cd:
         d0:dd:bc:cd:d2:ff:24:d8:ef:33:d0:4f:2c:47:c8:d8:da:e3:
         0f:1c:0a:31
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQiH/I9TFuXb9J7bYkZKc2jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3NzZhZmI3NGZhZDViYWYwYTYxODBiNDk1MTBkOGI4NDk3
ZGY4ZDMwHhcNMjUwMTAxMTM0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGFhMTZhNzgyZjFlNzRkODMwMTlkOWQ0ZTIyMDQ3Mjg4ZTc3ZGFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5hgEI3JJ5xO+NlowuMNiPBt2ZWdg
nvs9lzDqBVYPdzrvFtA7kdg2oIj/X43TLwDWcf5VgboxqAoxfdRG5N15fY/9TZz/
NmN/fBwO4dGDaSmlqu53KJ0jth2nSb+CVNagGIZUTu/tW56GgHaMKbhFsQzXFJ1G
y8sYuP2ATuRGcwv0Tl0KtLAklR1SQwmBIYbzfF1B+8mJUEGiGEpaHFzf2RCiWADT
58jq8ptHDpWiQnK7qZTWlO711uYC1Y8T6shHpwnFbvDbcG3p6ajHL5+kmkqSpPn0
pVqcfX7nlgsqOc6hqCqbc8y8WWFeqcgqjNbtigZWWj2NkdgdZ+IelfF6KwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJCqFqeC8edNgwGdnU4iBHKI532qMB8GA1UdIwQY
MBaAFEd2r7dPrVuvCmGAtJUQ2LhJffjTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjNhdnQwLXRXNjhLWVlDMGxSRFl1RWw5LU5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9mNzFjYzItYjcxZC00NjY4LTg2NjEt
MDUzOGU5NWYzZjEyLzEva0tvV3A0THg1MDJEQVoyZFRpSUVjb2puZmFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9mNzFjYzItYjcxZC00NjY4LTg2NjEtMDUzOGU5NWYzZjEy
LzEvUjNhdnQwLXRXNjhLWVlDMGxSRFl1RWw5LU5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQA1BL7MA8E
AgACMAkDBwAqBCsAFLswDQYJKoZIhvcNAQELBQADggEBAEZW00/tFbC+TiFZpaaP
kIoOP2ad1ciZcqtm+2nRQ/8nPaPznuylyAZoEf49ZR8AUs6ObtALFL2H7P9xA1ZO
LB7ZTkpaPeRGvjNs6HeCcTNqAIK4jRqOkSbhXh1tP0ngIpsd93C0oaqyIndP7wm+
kDrlKT34TJOQeEDHZGOJB1LwrA0DFJ6QGOAYpr2qKg9DKsynKD8ZqW6TRBOdftZQ
aCM+9s20wSS216qhyGaJ1Nal+/x1H6pdArylhvkbZT2mwO2T+973B2oN9EKVMDI7
qcaKCX2MEwM3ZpsefP4KBN8sDZD609AIy0yKzdDdvM3S/yTY7zPQTyxHyNja4w8c
CjE=
-----END CERTIFICATE-----