Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/KAFqKDk9BCiu0n2y7Q0oKN9OUbo.roa
File:                     KAFqKDk9BCiu0n2y7Q0oKN9OUbo.roa (raw, json)
Hash identifier:          iAsCXatV/rRYZjdzqnb2mrvtu4xhk01R8Z28UHFMbWk=
Subject key identifier:   28:01:6A:28:39:3D:04:28:AE:D2:7D:B2:ED:0D:28:28:DF:4E:51:BA
Certificate issuer:       /CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
Certificate serial:       0194266BCA55638E2857445F93354F61C195
Authority key identifier: A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/KAFqKDk9BCiu0n2y7Q0oKN9OUbo.roa
Signing time:             Thu 02 Jan 2025 09:49:45 +0000
ROA not before:           Thu 02 Jan 2025 09:49:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213365
IP address blocks:        5.133.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:ca:55:63:8e:28:57:44:5f:93:35:4f:61:c1:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
        Validity
            Not Before: Jan  2 09:49:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=28016a28393d0428aed27db2ed0d2828df4e51ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:b0:11:61:c2:8b:a5:81:3f:b1:27:ad:d6:8f:
                    a0:fe:61:1d:37:09:1b:e4:5c:34:80:45:80:8a:c0:
                    5b:f7:08:59:97:c5:01:c1:03:bf:04:2f:e1:1c:39:
                    a3:ea:fe:6e:2a:05:65:85:f5:d9:72:a3:82:1d:2b:
                    2b:62:06:c5:d6:c1:9c:8a:0c:b8:93:e0:5e:36:83:
                    52:7b:5f:46:4f:22:4f:86:01:ba:4e:b5:99:8d:05:
                    76:9e:d5:7c:2c:12:f1:76:e9:10:0d:fd:ee:fc:00:
                    48:03:56:fd:51:ed:44:85:1d:75:cc:e2:24:d6:05:
                    64:a3:2c:a0:04:72:f9:ee:91:6c:b3:64:3b:23:ae:
                    f5:aa:d2:88:dc:39:71:bd:b1:e5:6b:1c:92:27:2e:
                    86:69:f6:35:1f:fa:70:18:54:34:82:d0:f6:3a:a7:
                    4e:57:f2:49:76:65:c6:b0:12:e7:b5:41:1e:ac:8f:
                    9f:14:e8:54:12:e6:2e:42:f8:dc:dc:c9:38:85:c9:
                    08:47:d6:49:c3:d8:bb:21:de:c6:c0:6b:e4:74:79:
                    2a:fc:e6:02:45:c6:e8:07:fe:50:cc:ca:27:2d:06:
                    9c:75:8f:f1:e7:96:c9:e8:f9:fa:90:04:c4:09:57:
                    84:aa:08:be:f5:f0:27:9d:54:7c:0e:a4:3f:46:78:
                    87:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:01:6A:28:39:3D:04:28:AE:D2:7D:B2:ED:0D:28:28:DF:4E:51:BA
            X509v3 Authority Key Identifier:
                keyid:A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/KAFqKDk9BCiu0n2y7Q0oKN9OUbo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:77:17:7a:e0:1f:d4:1a:54:1d:7e:53:1b:8c:0d:4f:fc:38:
         50:09:09:39:b9:6d:72:04:ff:ce:1c:93:27:7d:40:88:1e:31:
         2e:0d:9d:f2:fd:41:2b:cc:1f:c2:c7:be:4f:72:4e:6d:e4:5c:
         6d:ce:be:40:11:c3:c0:51:25:77:5d:93:cd:cf:e7:ab:07:f8:
         51:71:ad:02:4f:61:fb:0c:e4:06:5c:a5:6f:a2:a3:54:da:0d:
         e0:3a:20:5a:d4:d8:3a:e0:44:80:76:42:e9:a8:bb:a4:f7:7a:
         44:b5:ea:43:04:17:b1:7a:6f:f1:98:74:fc:1c:35:91:1f:9c:
         91:6b:35:92:db:ed:a4:fe:cb:dc:47:bc:cb:4d:bf:36:7f:5e:
         de:d9:26:20:25:0d:6b:bd:4c:8c:de:15:27:7c:e4:5b:e0:2d:
         91:06:d4:c8:cd:52:ff:2b:58:95:15:1e:5d:c0:7a:88:af:80:
         de:03:cc:a0:da:9c:58:a1:d9:f5:75:81:33:76:ea:69:97:0d:
         9c:19:c5:ff:7e:c4:df:f6:41:56:2c:1c:02:54:2f:56:f1:2f:
         db:74:dd:46:ad:e5:69:eb:ee:e4:e4:14:b7:8d:a7:d9:2e:1f:
         8a:57:ec:44:65:08:20:00:33:e5:7a:45:1d:5c:07:6b:69:c4:
         90:5e:38:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma8pVY44oV0RfkzVPYcGVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyNTRhOWYzYTI2NjUxM2RkYzY5MzVkOGJlMDIyZTdlNTIz
MGVhMTAwHhcNMjUwMTAyMDk0OTQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODAxNmEyODM5M2QwNDI4YWVkMjdkYjJlZDBkMjgyOGRmNGU1MWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLARYcKLpYE/sSet1o+g/mEdNwkb
5Fw0gEWAisBb9whZl8UBwQO/BC/hHDmj6v5uKgVlhfXZcqOCHSsrYgbF1sGcigy4
k+BeNoNSe19GTyJPhgG6TrWZjQV2ntV8LBLxdukQDf3u/ABIA1b9Ue1EhR11zOIk
1gVkoyygBHL57pFss2Q7I671qtKI3DlxvbHlaxySJy6GafY1H/pwGFQ0gtD2OqdO
V/JJdmXGsBLntUEerI+fFOhUEuYuQvjc3Mk4hckIR9ZJw9i7Id7GwGvkdHkq/OYC
RcboB/5QzMonLQacdY/x55bJ6Pn6kATECVeEqgi+9fAnnVR8DqQ/RniHFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCgBaig5PQQortJ9su0NKCjfTlG6MB8GA1UdIwQY
MBaAFKJUqfOiZlE93Gk12L4CLn5SMOoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTkt
YWRkZjBlMTg0OWViLzEvS0FGcUtEazlCQ2l1MG4yeTdRMG9LTjlPVWJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTktYWRkZjBlMTg0OWVi
LzEvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABYVAMA0G
CSqGSIb3DQEBCwUAA4IBAQCSdxd64B/UGlQdflMbjA1P/DhQCQk5uW1yBP/OHJMn
fUCIHjEuDZ3y/UErzB/Cx75Pck5t5Fxtzr5AEcPAUSV3XZPNz+erB/hRca0CT2H7
DOQGXKVvoqNU2g3gOiBa1Ng64ESAdkLpqLuk93pEtepDBBexem/xmHT8HDWRH5yR
azWS2+2k/svcR7zLTb82f17e2SYgJQ1rvUyM3hUnfORb4C2RBtTIzVL/K1iVFR5d
wHqIr4DeA8yg2pxYodn1dYEzdupplw2cGcX/fsTf9kFWLBwCVC9W8S/bdN1GreVp
6+7k5BS3jafZLh+KV+xEZQggADPlekUdXAdracSQXjii
-----END CERTIFICATE-----