Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/a537c0-fd4b-43b6-8891-d57373bf5162/1/KSjUnukZG8WOY9QNez7ybTNOls4.roa
File:                     KSjUnukZG8WOY9QNez7ybTNOls4.roa (raw, json)
Hash identifier:          swbthPAwvXge6wDssbFVck74lGidoJQL+o3507ng0tk=
Subject key identifier:   29:28:D4:9E:E9:19:1B:C5:8E:63:D4:0D:7B:3E:F2:6D:33:4E:96:CE
Certificate issuer:       /CN=96351c473a16ba38fab4d517059225e0f133c8bf
Certificate serial:       019421444F81E91951F3903DDE7C29879826
Authority key identifier: 96:35:1C:47:3A:16:BA:38:FA:B4:D5:17:05:92:25:E0:F1:33:C8:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ljUcRzoWujj6tNUXBZIl4PEzyL8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/a537c0-fd4b-43b6-8891-d57373bf5162/1/KSjUnukZG8WOY9QNez7ybTNOls4.roa
Signing time:             Wed 01 Jan 2025 09:48:32 +0000
ROA not before:           Wed 01 Jan 2025 09:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3302
IP address blocks:        91.225.180.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/a537c0-fd4b-43b6-8891-d57373bf5162/1/ljUcRzoWujj6tNUXBZIl4PEzyL8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/a537c0-fd4b-43b6-8891-d57373bf5162/1/ljUcRzoWujj6tNUXBZIl4PEzyL8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ljUcRzoWujj6tNUXBZIl4PEzyL8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:4f:81:e9:19:51:f3:90:3d:de:7c:29:87:98:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96351c473a16ba38fab4d517059225e0f133c8bf
        Validity
            Not Before: Jan  1 09:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2928d49ee9191bc58e63d40d7b3ef26d334e96ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:2c:5d:02:bb:36:7a:08:18:49:5a:8b:60:03:
                    13:36:54:c9:4f:64:2d:8c:87:82:11:bf:f2:0b:77:
                    8d:72:ef:a1:33:1c:6b:9e:64:b5:2a:62:6b:06:f8:
                    75:01:6c:86:91:96:ba:b5:87:cd:d2:b8:ee:2e:ff:
                    27:e7:ac:af:8d:5b:e8:ad:7b:6c:43:50:bb:98:79:
                    87:33:25:a4:64:5b:43:c6:86:98:c6:d7:9e:31:c2:
                    18:c7:e5:8e:93:7b:0f:52:e6:1d:54:69:6a:57:e1:
                    b0:47:25:b6:05:cc:46:1e:6c:b6:f9:37:9f:20:e5:
                    5f:c1:14:d7:27:af:ab:c0:e1:15:ee:3d:7b:fb:35:
                    8d:7f:6e:9d:13:31:37:02:db:a8:ac:c9:a9:f3:00:
                    f8:a2:8b:70:88:05:58:4d:37:c7:3b:d2:af:df:54:
                    e7:c9:88:1b:7c:23:87:8f:eb:97:9b:47:ad:04:6f:
                    65:3d:0a:67:3d:1e:6d:1b:fc:2b:12:17:f7:3b:1a:
                    44:fc:9e:db:15:22:e5:8c:7d:36:39:2d:ee:fc:f7:
                    7d:2b:20:d0:19:07:74:71:69:94:76:1b:fa:de:36:
                    0c:b7:f0:a0:ac:a7:cd:13:91:da:68:47:6f:3b:e6:
                    8a:bf:fd:fc:df:7a:1f:57:a8:7e:07:16:e9:07:46:
                    16:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:28:D4:9E:E9:19:1B:C5:8E:63:D4:0D:7B:3E:F2:6D:33:4E:96:CE
            X509v3 Authority Key Identifier:
                keyid:96:35:1C:47:3A:16:BA:38:FA:B4:D5:17:05:92:25:E0:F1:33:C8:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ljUcRzoWujj6tNUXBZIl4PEzyL8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/a537c0-fd4b-43b6-8891-d57373bf5162/1/KSjUnukZG8WOY9QNez7ybTNOls4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/a537c0-fd4b-43b6-8891-d57373bf5162/1/ljUcRzoWujj6tNUXBZIl4PEzyL8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.225.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7f:f4:85:d5:04:f1:e5:67:a1:ec:5b:f0:ac:3c:d9:5e:a9:61:
         a9:38:b7:e6:f2:97:6a:f0:55:2f:3b:72:99:e3:ac:2c:a6:6b:
         8e:3f:f1:01:71:c3:56:be:16:36:36:5d:a9:16:4f:68:94:06:
         94:05:26:4f:b8:52:71:9f:a2:42:14:d3:a6:8d:5d:e0:0e:0d:
         f7:d8:71:25:83:e6:9d:6a:d9:c2:f0:c7:5f:7e:53:6a:c0:ea:
         43:10:e8:95:4d:e3:22:c6:ce:72:20:f9:58:e0:0e:f0:d3:1c:
         b2:2e:ac:41:aa:25:b1:c7:00:82:cc:40:80:4f:a0:b9:35:ea:
         a6:7e:99:8d:36:72:1b:2e:8c:47:da:b1:18:35:dc:1d:8e:84:
         47:a7:60:38:69:86:aa:83:1a:32:a3:3f:9f:62:6e:66:b0:8b:
         11:91:3b:8f:4e:50:5f:58:13:6f:d7:e6:0f:41:df:e2:37:29:
         9c:01:bb:f3:6f:ab:6c:e6:8e:52:68:f9:44:95:e3:e5:42:9e:
         e3:77:82:3d:ea:1a:29:a0:82:ac:00:77:1d:e8:f5:99:3c:ec:
         da:ea:1e:48:9d:b8:f5:aa:16:5a:c5:d5:0b:c3:f3:34:30:35:
         d3:d2:bd:d4:57:54:36:51:12:82:76:40:37:d5:b8:4d:8a:9f:
         2d:10:5c:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRE+B6RlR85A93nwph5gmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2MzUxYzQ3M2ExNmJhMzhmYWI0ZDUxNzA1OTIyNWUwZjEz
M2M4YmYwHhcNMjUwMTAxMDk0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTI4ZDQ5ZWU5MTkxYmM1OGU2M2Q0MGQ3YjNlZjI2ZDMzNGU5NmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuSxdArs2eggYSVqLYAMTNlTJT2Qt
jIeCEb/yC3eNcu+hMxxrnmS1KmJrBvh1AWyGkZa6tYfN0rjuLv8n56yvjVvorXts
Q1C7mHmHMyWkZFtDxoaYxteeMcIYx+WOk3sPUuYdVGlqV+GwRyW2BcxGHmy2+Tef
IOVfwRTXJ6+rwOEV7j17+zWNf26dEzE3AtuorMmp8wD4ootwiAVYTTfHO9Kv31Tn
yYgbfCOHj+uXm0etBG9lPQpnPR5tG/wrEhf3OxpE/J7bFSLljH02OS3u/Pd9KyDQ
GQd0cWmUdhv63jYMt/CgrKfNE5HaaEdvO+aKv/3833ofV6h+BxbpB0YWkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCko1J7pGRvFjmPUDXs+8m0zTpbOMB8GA1UdIwQY
MBaAFJY1HEc6Fro4+rTVFwWSJeDxM8i/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGpVY1J6b1d1amo2dE5VWEJaSWw0UEV6eUw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9hNTM3YzAtZmQ0Yi00M2I2LTg4OTEt
ZDU3MzczYmY1MTYyLzEvS1NqVW51a1pHOFdPWTlRTmV6N3liVE5PbHM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9hNTM3YzAtZmQ0Yi00M2I2LTg4OTEtZDU3MzczYmY1MTYy
LzEvbGpVY1J6b1d1amo2dE5VWEJaSWw0UEV6eUw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW+G0MA0G
CSqGSIb3DQEBCwUAA4IBAQB/9IXVBPHlZ6HsW/CsPNleqWGpOLfm8pdq8FUvO3KZ
46wspmuOP/EBccNWvhY2Nl2pFk9olAaUBSZPuFJxn6JCFNOmjV3gDg332HElg+ad
atnC8MdfflNqwOpDEOiVTeMixs5yIPlY4A7w0xyyLqxBqiWxxwCCzECAT6C5Neqm
fpmNNnIbLoxH2rEYNdwdjoRHp2A4aYaqgxoyoz+fYm5msIsRkTuPTlBfWBNv1+YP
Qd/iNymcAbvzb6ts5o5SaPlElePlQp7jd4I96hopoIKsAHcd6PWZPOza6h5Inbj1
qhZaxdULw/M0MDXT0r3UV1Q2URKCdkA31bhNip8tEFys
-----END CERTIFICATE-----