Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/34b48f-70c0-4004-ba0f-de3c8d953ec5/1/KG9HkmRGaF_sHhDWjx3vp73PeIA.roa
File:                     KG9HkmRGaF_sHhDWjx3vp73PeIA.roa (raw, json)
Hash identifier:          xtQ/Bf0q+zKX28vYl4yuK/JzcH8nDzNW75ipUDIj1iY=
Subject key identifier:   28:6F:47:92:64:46:68:5F:EC:1E:10:D6:8F:1D:EF:A7:BD:CF:78:80
Certificate issuer:       /CN=c00a88d7e5a565ea719cfc40d8bb63ee1671856a
Certificate serial:       01948FC95EE28BDBB35911D388610DAB10D5
Authority key identifier: C0:0A:88:D7:E5:A5:65:EA:71:9C:FC:40:D8:BB:63:EE:16:71:85:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wAqI1-WlZepxnPxA2Ltj7hZxhWo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/34b48f-70c0-4004-ba0f-de3c8d953ec5/1/KG9HkmRGaF_sHhDWjx3vp73PeIA.roa
Signing time:             Wed 22 Jan 2025 20:52:06 +0000
ROA not before:           Wed 22 Jan 2025 20:52:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202515
IP address blocks:        193.57.28.0/23 maxlen: 23
                          193.57.28.0/24 maxlen: 24
                          193.57.29.0/24 maxlen: 24
                          193.57.30.0/24 maxlen: 24
                          193.57.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/34b48f-70c0-4004-ba0f-de3c8d953ec5/1/wAqI1-WlZepxnPxA2Ltj7hZxhWo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/34b48f-70c0-4004-ba0f-de3c8d953ec5/1/wAqI1-WlZepxnPxA2Ltj7hZxhWo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wAqI1-WlZepxnPxA2Ltj7hZxhWo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 23:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:8f:c9:5e:e2:8b:db:b3:59:11:d3:88:61:0d:ab:10:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c00a88d7e5a565ea719cfc40d8bb63ee1671856a
        Validity
            Not Before: Jan 22 20:52:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=286f47926446685fec1e10d68f1defa7bdcf7880
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:9f:29:fc:8b:0d:47:a5:21:6f:71:6f:36:30:
                    53:c2:8e:9b:2b:87:45:d9:f7:85:a7:50:78:d6:4b:
                    3a:25:65:f3:fc:7e:f9:9a:86:85:8d:4d:29:c0:35:
                    56:b7:b0:a9:a9:aa:e7:56:92:f5:a8:80:c4:3b:a0:
                    b6:23:93:68:89:c5:25:bd:9c:0f:ab:dd:5b:b6:f9:
                    86:e6:dd:9b:b3:0a:1f:3c:f8:62:37:e9:a1:1c:61:
                    bc:27:96:01:8b:48:3f:19:aa:47:a3:7e:0d:66:cc:
                    00:de:9b:69:30:3b:31:60:49:95:65:3b:a7:38:8f:
                    b5:de:6e:ac:dd:9a:4d:f2:54:d0:3f:b0:6f:62:f4:
                    d0:19:01:e9:7b:c7:08:1f:53:64:cb:36:df:eb:df:
                    eb:03:d6:41:53:a9:f9:69:a1:ac:dc:14:8c:fb:63:
                    d3:b4:a5:a8:5f:c9:e5:50:49:9e:89:de:ee:e7:39:
                    ac:42:c9:3a:d3:97:8f:96:b7:39:3d:83:45:de:47:
                    ef:ef:07:84:42:b0:7e:2f:0e:7c:04:62:4c:c8:a0:
                    1e:f9:6e:04:d5:cd:ca:de:4a:4e:37:34:cb:38:00:
                    18:53:5a:88:4b:a6:31:03:2d:47:b2:6a:f2:8b:50:
                    b8:46:b2:0f:5c:a1:e0:64:f7:cd:dc:7a:24:fc:a4:
                    6e:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:6F:47:92:64:46:68:5F:EC:1E:10:D6:8F:1D:EF:A7:BD:CF:78:80
            X509v3 Authority Key Identifier:
                keyid:C0:0A:88:D7:E5:A5:65:EA:71:9C:FC:40:D8:BB:63:EE:16:71:85:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wAqI1-WlZepxnPxA2Ltj7hZxhWo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/34b48f-70c0-4004-ba0f-de3c8d953ec5/1/KG9HkmRGaF_sHhDWjx3vp73PeIA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/34b48f-70c0-4004-ba0f-de3c8d953ec5/1/wAqI1-WlZepxnPxA2Ltj7hZxhWo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.57.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4e:ac:41:db:2a:63:a4:d8:60:f1:c3:66:6b:87:79:9c:97:78:
         92:a0:69:9b:ef:ce:c2:ba:ca:c5:56:16:6d:42:fd:87:2b:dc:
         98:06:aa:d0:96:c1:5a:d5:1e:6e:21:3a:ef:31:ba:a8:87:d4:
         cd:a5:05:f4:59:8d:2d:3a:fb:57:a6:12:e7:c0:ae:b5:b3:dc:
         60:a5:b7:1e:b3:9b:3f:68:4a:a3:bf:08:c0:2c:19:4d:b5:f1:
         09:7e:fa:ac:6d:d2:65:e6:40:06:0f:0e:01:57:f2:4d:12:0b:
         a2:8b:9a:65:75:b2:df:38:9f:fc:d0:37:03:9b:01:e2:47:c8:
         84:5b:26:47:c3:42:0a:1a:c5:4b:4f:e1:53:ac:5e:0a:17:07:
         4a:ac:5f:be:12:13:9f:d7:70:e7:35:b9:e3:57:36:38:ca:9d:
         49:15:23:de:08:ff:5f:b0:fb:5b:49:e4:c8:79:7b:2e:0d:dc:
         5d:6d:04:71:6b:e1:90:e1:fb:80:68:c9:7f:bd:84:81:ae:1b:
         f8:97:f0:07:07:94:a4:9d:be:d7:99:9d:08:a0:92:95:76:d4:
         d1:08:5a:20:99:73:31:fc:44:1c:e7:d2:7b:9e:e9:93:b0:37:
         6a:2b:ea:21:c0:2b:61:83:c9:b7:23:bb:45:88:9a:f4:0a:3a:
         39:82:b4:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSPyV7ii9uzWRHTiGENqxDVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwMGE4OGQ3ZTVhNTY1ZWE3MTljZmM0MGQ4YmI2M2VlMTY3
MTg1NmEwHhcNMjUwMTIyMjA1MjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODZmNDc5MjY0NDY2ODVmZWMxZTEwZDY4ZjFkZWZhN2JkY2Y3ODgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsp8p/IsNR6Uhb3FvNjBTwo6bK4dF
2feFp1B41ks6JWXz/H75moaFjU0pwDVWt7CpqarnVpL1qIDEO6C2I5NoicUlvZwP
q91btvmG5t2bswofPPhiN+mhHGG8J5YBi0g/GapHo34NZswA3ptpMDsxYEmVZTun
OI+13m6s3ZpN8lTQP7BvYvTQGQHpe8cIH1Nkyzbf69/rA9ZBU6n5aaGs3BSM+2PT
tKWoX8nlUEmeid7u5zmsQsk605ePlrc5PYNF3kfv7weEQrB+Lw58BGJMyKAe+W4E
1c3K3kpONzTLOAAYU1qIS6YxAy1Hsmryi1C4RrIPXKHgZPfN3Hok/KRunwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFChvR5JkRmhf7B4Q1o8d76e9z3iAMB8GA1UdIwQY
MBaAFMAKiNflpWXqcZz8QNi7Y+4WcYVqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0FxSTEtV2xaZXB4blB4QTJMdGo3aFp4aFdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy8zNGI0OGYtNzBjMC00MDA0LWJhMGYt
ZGUzYzhkOTUzZWM1LzEvS0c5SGttUkdhRl9zSGhEV2p4M3ZwNzNQZUlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy8zNGI0OGYtNzBjMC00MDA0LWJhMGYtZGUzYzhkOTUzZWM1
LzEvd0FxSTEtV2xaZXB4blB4QTJMdGo3aFp4aFdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwTkcMA0G
CSqGSIb3DQEBCwUAA4IBAQBOrEHbKmOk2GDxw2Zrh3mcl3iSoGmb787CusrFVhZt
Qv2HK9yYBqrQlsFa1R5uITrvMbqoh9TNpQX0WY0tOvtXphLnwK61s9xgpbces5s/
aEqjvwjALBlNtfEJfvqsbdJl5kAGDw4BV/JNEguii5pldbLfOJ/80DcDmwHiR8iE
WyZHw0IKGsVLT+FTrF4KFwdKrF++EhOf13DnNbnjVzY4yp1JFSPeCP9fsPtbSeTI
eXsuDdxdbQRxa+GQ4fuAaMl/vYSBrhv4l/AHB5Sknb7XmZ0IoJKVdtTRCFogmXMx
/EQc59J7numTsDdqK+ohwCthg8m3I7tFiJr0Cjo5grRv
-----END CERTIFICATE-----