Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/9d62d4-d033-46e9-bfd3-32ee458a6348/1/KOrDBbgrMD7iK_AbDkuUd14i-HA.roa
File:                     KOrDBbgrMD7iK_AbDkuUd14i-HA.roa (raw, json)
Hash identifier:          FXqigEdmtvEuf8DccU3894vg470lLWEEJoDQY0LvmbY=
Subject key identifier:   28:EA:C3:05:B8:2B:30:3E:E2:2B:F0:1B:0E:4B:94:77:5E:22:F8:70
Certificate issuer:       /CN=c576ba0c098dc472186223c91e7def5216e239f1
Certificate serial:       0192E26CEA2795A18B855DB522DAFCA3846F
Authority key identifier: C5:76:BA:0C:09:8D:C4:72:18:62:23:C9:1E:7D:EF:52:16:E2:39:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xXa6DAmNxHIYYiPJHn3vUhbiOfE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/9d62d4-d033-46e9-bfd3-32ee458a6348/1/KOrDBbgrMD7iK_AbDkuUd14i-HA.roa
Signing time:             Thu 31 Oct 2024 11:54:01 +0000
ROA not before:           Thu 31 Oct 2024 11:54:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15682
IP address blocks:        212.74.232.0/24 maxlen: 24
                          212.74.234.0/24 maxlen: 24
                          212.74.235.0/24 maxlen: 24
                          212.74.236.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/9d62d4-d033-46e9-bfd3-32ee458a6348/1/xXa6DAmNxHIYYiPJHn3vUhbiOfE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/9d62d4-d033-46e9-bfd3-32ee458a6348/1/xXa6DAmNxHIYYiPJHn3vUhbiOfE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xXa6DAmNxHIYYiPJHn3vUhbiOfE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Dec 2024 06:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:e2:6c:ea:27:95:a1:8b:85:5d:b5:22:da:fc:a3:84:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c576ba0c098dc472186223c91e7def5216e239f1
        Validity
            Not Before: Oct 31 11:54:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=28eac305b82b303ee22bf01b0e4b94775e22f870
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:f2:32:4a:1a:7a:96:76:b8:fb:6d:69:58:46:
                    e5:16:53:58:94:13:27:12:eb:68:59:60:10:f1:4c:
                    df:8c:83:79:c9:d9:7c:6e:df:95:ca:3a:c3:14:74:
                    b8:77:d0:14:29:0d:f0:f4:51:07:5c:9a:ed:55:fb:
                    7d:ae:71:5b:02:d2:04:3d:b2:18:e8:6e:a0:b3:7c:
                    c6:18:f5:84:7c:87:bf:2f:48:2f:fc:b5:54:6c:3f:
                    76:f7:41:2f:74:a6:e0:31:22:48:9c:f6:cd:c4:b4:
                    b2:1b:3a:e1:05:17:5d:a5:0b:9c:c7:91:11:9d:5f:
                    28:00:f0:07:83:69:b1:eb:11:9d:26:61:3c:3d:74:
                    48:26:bf:48:ab:95:3e:e5:b8:db:e3:11:50:00:ec:
                    c4:49:ea:c5:ca:c5:4d:a5:ba:20:89:51:33:26:80:
                    1e:97:b1:09:f3:0c:6f:38:70:98:24:96:6b:28:b6:
                    a8:2d:ef:2a:07:18:e6:64:2b:58:a2:0e:68:bd:f4:
                    dd:cd:cb:83:9e:f7:23:32:db:67:16:bc:59:d1:49:
                    bb:c1:d2:df:76:c5:83:e9:80:82:fd:ee:f6:e5:3a:
                    60:09:35:4c:9e:e5:0a:1c:eb:e4:66:26:a2:4e:99:
                    f5:87:b7:58:15:35:2c:03:7e:72:ec:ee:55:3a:23:
                    20:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:EA:C3:05:B8:2B:30:3E:E2:2B:F0:1B:0E:4B:94:77:5E:22:F8:70
            X509v3 Authority Key Identifier:
                keyid:C5:76:BA:0C:09:8D:C4:72:18:62:23:C9:1E:7D:EF:52:16:E2:39:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xXa6DAmNxHIYYiPJHn3vUhbiOfE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/9d62d4-d033-46e9-bfd3-32ee458a6348/1/KOrDBbgrMD7iK_AbDkuUd14i-HA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/9d62d4-d033-46e9-bfd3-32ee458a6348/1/xXa6DAmNxHIYYiPJHn3vUhbiOfE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.74.232.0/24
                  212.74.234.0-212.74.236.255

    Signature Algorithm: sha256WithRSAEncryption
         00:ed:b4:81:49:44:69:cc:42:a7:ed:d5:84:16:7e:a6:02:41:
         56:13:98:ea:7a:11:c4:3e:e8:f9:9e:74:1a:3f:f0:a1:bf:4a:
         48:0e:1a:f2:8b:a6:cc:19:11:21:48:bd:cb:1c:e2:5a:8d:fd:
         97:4d:6c:60:83:06:8f:29:34:c4:88:41:c4:08:5d:82:b6:fb:
         ab:ba:59:92:43:cd:85:9c:d4:d1:f0:4c:af:2b:c9:40:1e:2b:
         17:b3:ab:37:52:e5:89:77:27:7e:fe:98:b1:4c:5f:79:9e:15:
         06:43:0f:42:57:bf:cd:62:5f:6d:8f:5a:7c:89:50:5c:69:72:
         dc:9c:fb:a3:0d:2b:ad:b0:9b:17:56:f5:c4:97:0b:bc:90:fd:
         41:bf:5e:65:96:3d:75:83:6e:5b:36:70:db:eb:4d:92:86:e3:
         a5:78:ad:8b:35:73:1a:53:7d:1f:80:71:5c:f8:af:1f:f6:d7:
         07:c9:b7:54:4d:42:62:25:cb:1d:66:af:3b:29:7c:6f:4d:c9:
         2e:16:44:1b:ce:cb:c5:f2:6a:4e:63:2a:85:9b:16:09:cd:80:
         1a:2a:a3:5a:e1:99:ee:66:d6:43:12:3e:29:0d:89:48:01:9f:
         73:b3:60:b6:6a:11:8c:17:81:dc:e9:5b:61:24:53:80:e0:81:
         98:11:af:7a
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZLibOonlaGLhV21Itr8o4RvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1NzZiYTBjMDk4ZGM0NzIxODYyMjNjOTFlN2RlZjUyMTZl
MjM5ZjEwHhcNMjQxMDMxMTE1NDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGVhYzMwNWI4MmIzMDNlZTIyYmYwMWIwZTRiOTQ3NzVlMjJmODcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjvIyShp6lna4+21pWEblFlNYlBMn
EutoWWAQ8UzfjIN5ydl8bt+VyjrDFHS4d9AUKQ3w9FEHXJrtVft9rnFbAtIEPbIY
6G6gs3zGGPWEfIe/L0gv/LVUbD9290EvdKbgMSJInPbNxLSyGzrhBRddpQucx5ER
nV8oAPAHg2mx6xGdJmE8PXRIJr9Iq5U+5bjb4xFQAOzESerFysVNpbogiVEzJoAe
l7EJ8wxvOHCYJJZrKLaoLe8qBxjmZCtYog5ovfTdzcuDnvcjMttnFrxZ0Um7wdLf
dsWD6YCC/e725TpgCTVMnuUKHOvkZiaiTpn1h7dYFTUsA35y7O5VOiMgGwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFCjqwwW4KzA+4ivwGw5LlHdeIvhwMB8GA1UdIwQY
MBaAFMV2ugwJjcRyGGIjyR5971IW4jnxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFhhNkRBbU54SElZWWlQSkhuM3ZVaGJpT2ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi85ZDYyZDQtZDAzMy00NmU5LWJmZDMt
MzJlZTQ1OGE2MzQ4LzEvS09yREJiZ3JNRDdpS19BYkRrdVVkMTRpLUhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi85ZDYyZDQtZDAzMy00NmU5LWJmZDMtMzJlZTQ1OGE2MzQ4
LzEveFhhNkRBbU54SElZWWlQSkhuM3ZVaGJpT2ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQA1EroMAwD
BAHUSuoDBADUSuwwDQYJKoZIhvcNAQELBQADggEBAADttIFJRGnMQqft1YQWfqYC
QVYTmOp6EcQ+6PmedBo/8KG/SkgOGvKLpswZESFIvcsc4lqN/ZdNbGCDBo8pNMSI
QcQIXYK2+6u6WZJDzYWc1NHwTK8ryUAeKxezqzdS5Yl3J37+mLFMX3meFQZDD0JX
v81iX22PWnyJUFxpctyc+6MNK62wmxdW9cSXC7yQ/UG/XmWWPXWDbls2cNvrTZKG
46V4rYs1cxpTfR+AcVz4rx/21wfJt1RNQmIlyx1mrzspfG9NyS4WRBvOy8Xyak5j
KoWbFgnNgBoqo1rhme5m1kMSPikNiUgBn3OzYLZqEYwXgdzpW2EkU4DggZgRr3o=
-----END CERTIFICATE-----