Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/KUbX0VcDxa-Iyxzf4X9iZxn8Eig.roa
File:                     KUbX0VcDxa-Iyxzf4X9iZxn8Eig.roa (raw, json)
Hash identifier:          bb9xUuRWwAY6FOOdBD4YOtWtJhp7uGNnKhs67QdqaKM=
Subject key identifier:   29:46:D7:D1:57:03:C5:AF:88:CB:1C:DF:E1:7F:62:67:19:FC:12:28
Certificate issuer:       /CN=2e82963ff1aa70ab10d1d33e86b1d6d494d6ce51
Certificate serial:       019421B2161F822EC4E11B033BF53478C2ED
Authority key identifier: 2E:82:96:3F:F1:AA:70:AB:10:D1:D3:3E:86:B1:D6:D4:94:D6:CE:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/KUbX0VcDxa-Iyxzf4X9iZxn8Eig.roa
Signing time:             Wed 01 Jan 2025 11:48:26 +0000
ROA not before:           Wed 01 Jan 2025 11:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211432
IP address blocks:        195.95.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 23:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:16:1f:82:2e:c4:e1:1b:03:3b:f5:34:78:c2:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e82963ff1aa70ab10d1d33e86b1d6d494d6ce51
        Validity
            Not Before: Jan  1 11:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2946d7d15703c5af88cb1cdfe17f626719fc1228
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:9e:c8:c5:9b:63:36:91:f9:88:12:30:9a:d6:
                    95:3f:74:cc:44:58:66:9a:d6:e9:22:5b:6c:32:82:
                    07:bb:5b:6c:1d:55:07:a4:fe:0d:54:c8:e2:f6:43:
                    b6:d7:45:33:68:d0:0b:59:2e:83:dc:a4:0b:9b:65:
                    1d:e7:c7:54:a5:26:4f:af:f9:e5:92:b6:94:bc:a8:
                    80:d1:e9:93:fd:ca:d9:86:3c:c1:8d:ba:72:92:eb:
                    e8:75:26:64:cc:8f:62:6c:e7:1b:e8:88:b9:54:39:
                    d3:d1:05:b2:84:7c:9f:0a:e4:54:19:7a:53:61:5a:
                    03:9c:3a:25:45:98:5f:8a:71:a8:b7:5a:36:44:5d:
                    7a:f7:14:8f:81:69:1c:2d:45:78:f8:c4:91:c7:c3:
                    db:19:53:ec:8e:f8:87:ab:12:f3:3d:45:5c:52:c6:
                    1d:d3:6b:4e:ee:7f:65:60:41:91:9f:bd:37:91:f5:
                    0b:06:9e:2e:3e:56:fc:5e:7a:4a:98:a1:4b:f4:7c:
                    30:fd:09:81:b0:db:c6:79:7f:d6:c1:85:8b:7e:28:
                    d7:8a:1f:ee:65:c4:be:67:50:7e:cb:27:ce:ec:53:
                    e6:2d:e8:64:8c:2f:8a:d9:ae:11:e2:eb:57:df:ee:
                    05:8a:cf:ea:26:cb:97:ce:dd:67:b4:46:2f:9d:5b:
                    e7:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:46:D7:D1:57:03:C5:AF:88:CB:1C:DF:E1:7F:62:67:19:FC:12:28
            X509v3 Authority Key Identifier:
                keyid:2E:82:96:3F:F1:AA:70:AB:10:D1:D3:3E:86:B1:D6:D4:94:D6:CE:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/KUbX0VcDxa-Iyxzf4X9iZxn8Eig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.95.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cd:26:f3:c2:20:15:f7:26:4a:2d:03:fe:9b:ac:ce:4d:44:f6:
         45:93:99:bf:23:cf:5c:8d:39:ad:ae:4c:bd:19:65:a5:d0:38:
         0d:93:83:14:fe:d0:18:b7:dc:d4:74:71:3a:e0:00:1d:73:cd:
         ab:d0:ab:2d:18:5f:d9:a0:2c:b2:a7:a1:b6:38:09:8d:90:ac:
         bb:40:a0:4b:ed:87:4b:97:f5:ab:bb:e9:40:64:4c:b9:ba:f3:
         69:c2:d9:3a:e8:ca:4b:41:b2:28:99:3d:2e:d4:1b:96:fe:85:
         98:1d:76:db:7b:f1:6f:e3:11:b2:50:8b:f8:37:a1:d4:b6:e8:
         3f:cb:6a:f4:b6:13:24:86:06:3f:38:8b:ec:6f:83:b2:22:03:
         00:73:4f:d1:25:41:41:c1:05:dc:0d:cc:36:65:7f:65:c7:b0:
         d5:c6:d3:ac:4e:cb:c7:e7:9d:51:bb:bd:84:17:35:2d:07:71:
         a0:9d:22:21:d8:55:7d:c0:8a:51:65:4c:2d:71:1f:94:b1:b4:
         b9:2b:65:81:ed:d9:5c:8b:ff:1c:33:ba:e6:1a:3c:23:5f:a1:
         3a:95:6e:af:6e:ab:d3:0c:4c:47:dc:d3:d8:78:a8:9f:c6:69:
         86:dd:3c:56:d3:0b:b4:5c:98:67:dc:d7:fc:aa:9d:5f:9d:52:
         32:46:a7:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhshYfgi7E4RsDO/U0eMLtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlODI5NjNmZjFhYTcwYWIxMGQxZDMzZTg2YjFkNmQ0OTRk
NmNlNTEwHhcNMjUwMTAxMTE0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTQ2ZDdkMTU3MDNjNWFmODhjYjFjZGZlMTdmNjI2NzE5ZmMxMjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkp7IxZtjNpH5iBIwmtaVP3TMRFhm
mtbpIltsMoIHu1tsHVUHpP4NVMji9kO210UzaNALWS6D3KQLm2Ud58dUpSZPr/nl
kraUvKiA0emT/crZhjzBjbpykuvodSZkzI9ibOcb6Ii5VDnT0QWyhHyfCuRUGXpT
YVoDnDolRZhfinGot1o2RF169xSPgWkcLUV4+MSRx8PbGVPsjviHqxLzPUVcUsYd
02tO7n9lYEGRn703kfULBp4uPlb8XnpKmKFL9Hww/QmBsNvGeX/WwYWLfijXih/u
ZcS+Z1B+yyfO7FPmLehkjC+K2a4R4utX3+4Fis/qJsuXzt1ntEYvnVvnpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFClG19FXA8WviMsc3+F/YmcZ/BIoMB8GA1UdIwQY
MBaAFC6Clj/xqnCrENHTPoax1tSU1s5RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG9LV1BfR3FjS3NRMGRNLWhySFcxSlRXemxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi85NTdjNjgtNmYyNy00MGVkLWFiZWQt
ZGY2NGYwZTgyMzYwLzEvS1ViWDBWY0R4YS1JeXh6ZjRYOWlaeG44RWlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi85NTdjNjgtNmYyNy00MGVkLWFiZWQtZGY2NGYwZTgyMzYw
LzEvTG9LV1BfR3FjS3NRMGRNLWhySFcxSlRXemxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1/NMA0G
CSqGSIb3DQEBCwUAA4IBAQDNJvPCIBX3JkotA/6brM5NRPZFk5m/I89cjTmtrky9
GWWl0DgNk4MU/tAYt9zUdHE64AAdc82r0KstGF/ZoCyyp6G2OAmNkKy7QKBL7YdL
l/Wru+lAZEy5uvNpwtk66MpLQbIomT0u1BuW/oWYHXbbe/Fv4xGyUIv4N6HUtug/
y2r0thMkhgY/OIvsb4OyIgMAc0/RJUFBwQXcDcw2ZX9lx7DVxtOsTsvH551Ru72E
FzUtB3GgnSIh2FV9wIpRZUwtcR+UsbS5K2WB7dlci/8cM7rmGjwjX6E6lW6vbqvT
DExH3NPYeKifxmmG3TxW0wu0XJhn3Nf8qp1fnVIyRqfh
-----END CERTIFICATE-----