Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/41b40c-f3b6-40b8-840c-19a3c5649b57/1/KkLe_YT5Uk0GdABl6GPnDWFGMNQ.roa
File:                     KkLe_YT5Uk0GdABl6GPnDWFGMNQ.roa (raw, json)
Hash identifier:          aAELh0L1Pt+xus/0OHPywPbhavPNQTpi8tpROW9r5vw=
Subject key identifier:   2A:42:DE:FD:84:F9:52:4D:06:74:00:65:E8:63:E7:0D:61:46:30:D4
Certificate issuer:       /CN=a9ec57bc8464fec2e9a1b098ffce34c21aaf9ca6
Certificate serial:       01942746501A1A7D3114C75CDFBC1F0FEC83
Authority key identifier: A9:EC:57:BC:84:64:FE:C2:E9:A1:B0:98:FF:CE:34:C2:1A:AF:9C:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qexXvIRk_sLpobCY_840whqvnKY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/41b40c-f3b6-40b8-840c-19a3c5649b57/1/KkLe_YT5Uk0GdABl6GPnDWFGMNQ.roa
Signing time:             Thu 02 Jan 2025 13:48:26 +0000
ROA not before:           Thu 02 Jan 2025 13:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208943
IP address blocks:        213.108.131.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/41b40c-f3b6-40b8-840c-19a3c5649b57/1/qexXvIRk_sLpobCY_840whqvnKY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/41b40c-f3b6-40b8-840c-19a3c5649b57/1/qexXvIRk_sLpobCY_840whqvnKY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qexXvIRk_sLpobCY_840whqvnKY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 19:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:46:50:1a:1a:7d:31:14:c7:5c:df:bc:1f:0f:ec:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9ec57bc8464fec2e9a1b098ffce34c21aaf9ca6
        Validity
            Not Before: Jan  2 13:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2a42defd84f9524d06740065e863e70d614630d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:9b:95:a8:cb:00:16:2f:b8:20:5c:1a:fe:ee:
                    8f:13:68:66:6d:85:17:e6:98:e5:59:a1:a2:27:05:
                    b1:6b:b8:e3:8a:8a:a6:e6:88:a1:18:b4:f8:3e:80:
                    48:27:0f:de:52:78:35:ac:b2:0e:9a:f8:47:bd:23:
                    e1:50:2a:90:dd:ec:be:7e:0b:e2:70:b5:f6:d9:91:
                    a9:dc:e2:5d:37:eb:84:b7:67:47:3f:2d:75:3a:a1:
                    e5:f9:7a:ee:2d:83:7e:e2:72:f6:1b:31:0f:83:b4:
                    60:77:48:e4:fb:14:4b:c7:58:43:db:dd:7b:f8:f3:
                    12:52:08:8f:32:f6:32:0f:c0:12:a3:74:86:45:05:
                    0d:49:b2:50:50:f7:5b:36:e4:98:4d:d4:88:1c:4e:
                    e1:98:7c:f8:52:ed:30:02:00:f7:40:75:f6:a5:02:
                    ff:95:52:fd:38:87:ae:16:2f:8c:ac:70:9d:4f:a9:
                    14:df:e5:df:48:94:7f:45:df:ec:e1:a9:2b:46:d2:
                    a6:aa:36:7b:ea:fb:b3:f0:c3:b5:e7:0c:47:dd:48:
                    71:1c:20:38:2a:3d:d1:fb:12:47:da:75:c1:72:42:
                    2f:77:cf:f7:5d:db:8f:12:30:da:46:cb:54:d3:74:
                    d4:c4:a5:48:71:18:b8:08:2b:71:fb:3f:93:89:86:
                    2a:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:42:DE:FD:84:F9:52:4D:06:74:00:65:E8:63:E7:0D:61:46:30:D4
            X509v3 Authority Key Identifier:
                keyid:A9:EC:57:BC:84:64:FE:C2:E9:A1:B0:98:FF:CE:34:C2:1A:AF:9C:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qexXvIRk_sLpobCY_840whqvnKY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/41b40c-f3b6-40b8-840c-19a3c5649b57/1/KkLe_YT5Uk0GdABl6GPnDWFGMNQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/41b40c-f3b6-40b8-840c-19a3c5649b57/1/qexXvIRk_sLpobCY_840whqvnKY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.108.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:3d:8d:01:e1:30:64:bd:2f:1d:c3:f1:1b:dd:7e:a0:55:27:
         2d:19:e2:5d:28:f0:8c:f3:9f:88:71:6f:3b:ba:fe:07:e0:cb:
         1b:b8:92:7e:56:bd:05:3c:5a:29:cb:67:70:ed:30:9a:8d:67:
         fa:35:ab:d7:3d:02:55:45:e0:1b:de:06:38:4b:2e:c5:b7:85:
         d2:19:ea:e4:f0:b0:8e:02:f2:ff:2e:b8:0a:bc:eb:33:cd:b8:
         ec:35:70:ab:55:e2:f5:f2:ba:4e:b9:1a:6d:5b:a3:5b:a6:f3:
         f0:3f:c6:28:48:b0:e4:18:1a:97:d1:01:06:e1:81:a6:a4:9d:
         5d:1a:ab:d5:8c:79:ea:62:7a:e8:00:5d:04:50:0b:bd:d6:db:
         3a:b0:bc:2b:3f:b9:ce:47:db:f9:ff:73:cd:3a:b2:98:8e:15:
         d8:87:24:c3:3f:a5:40:1a:e0:90:6e:f8:b3:57:ec:24:89:d1:
         02:cb:20:cf:34:bf:f5:6a:c3:53:89:fd:f5:a5:85:d6:bd:4c:
         b0:25:5a:6b:05:16:e7:d2:d4:b7:64:6c:37:42:e5:2a:c4:38:
         66:af:fc:d8:08:b5:bc:2d:e8:6b:01:14:43:d5:28:63:d1:f3:
         d5:9a:87:95:b2:d8:a3:70:86:e7:ac:2b:00:c2:08:27:16:49:
         c8:33:bd:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnRlAaGn0xFMdc37wfD+yDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5ZWM1N2JjODQ2NGZlYzJlOWExYjA5OGZmY2UzNGMyMWFh
ZjljYTYwHhcNMjUwMTAyMTM0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTQyZGVmZDg0Zjk1MjRkMDY3NDAwNjVlODYzZTcwZDYxNDYzMGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7puVqMsAFi+4IFwa/u6PE2hmbYUX
5pjlWaGiJwWxa7jjioqm5oihGLT4PoBIJw/eUng1rLIOmvhHvSPhUCqQ3ey+fgvi
cLX22ZGp3OJdN+uEt2dHPy11OqHl+XruLYN+4nL2GzEPg7Rgd0jk+xRLx1hD2917
+PMSUgiPMvYyD8ASo3SGRQUNSbJQUPdbNuSYTdSIHE7hmHz4Uu0wAgD3QHX2pQL/
lVL9OIeuFi+MrHCdT6kU3+XfSJR/Rd/s4akrRtKmqjZ76vuz8MO15wxH3UhxHCA4
Kj3R+xJH2nXBckIvd8/3XduPEjDaRstU03TUxKVIcRi4CCtx+z+TiYYqoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCpC3v2E+VJNBnQAZehj5w1hRjDUMB8GA1UdIwQY
MBaAFKnsV7yEZP7C6aGwmP/ONMIar5ymMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWV4WHZJUmtfc0xwb2JDWV84NDB3aHF2bktZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy80MWI0MGMtZjNiNi00MGI4LTg0MGMt
MTlhM2M1NjQ5YjU3LzEvS2tMZV9ZVDVVazBHZEFCbDZHUG5EV0ZHTU5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy80MWI0MGMtZjNiNi00MGI4LTg0MGMtMTlhM2M1NjQ5YjU3
LzEvcWV4WHZJUmtfc0xwb2JDWV84NDB3aHF2bktZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1WyDMA0G
CSqGSIb3DQEBCwUAA4IBAQBJPY0B4TBkvS8dw/Eb3X6gVSctGeJdKPCM85+IcW87
uv4H4MsbuJJ+Vr0FPFopy2dw7TCajWf6NavXPQJVReAb3gY4Sy7Ft4XSGerk8LCO
AvL/LrgKvOszzbjsNXCrVeL18rpOuRptW6NbpvPwP8YoSLDkGBqX0QEG4YGmpJ1d
GqvVjHnqYnroAF0EUAu91ts6sLwrP7nOR9v5/3PNOrKYjhXYhyTDP6VAGuCQbviz
V+wkidECyyDPNL/1asNTif31pYXWvUywJVprBRbn0tS3ZGw3QuUqxDhmr/zYCLW8
LehrARRD1Shj0fPVmoeVstijcIbnrCsAwggnFknIM71M
-----END CERTIFICATE-----