Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/koZdUg9eyaaGc1g9ur5UXBYavrc.roa
File:                     koZdUg9eyaaGc1g9ur5UXBYavrc.roa (raw, json)
Hash identifier:          GaEJ7CaaD7TlL7BrSl+zzHjmdcf3ad/46vcHTxYsYGE=
Subject key identifier:   92:86:5D:52:0F:5E:C9:A6:86:73:58:3D:BA:BE:54:5C:16:1A:BE:B7
Certificate issuer:       /CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Certificate serial:       0194221F5B90D6139B77DF4B74C27CC7464B
Authority key identifier: FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/koZdUg9eyaaGc1g9ur5UXBYavrc.roa
Signing time:             Wed 01 Jan 2025 13:47:47 +0000
ROA not before:           Wed 01 Jan 2025 13:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1018
IP address blocks:        209.16.140.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:5b:90:d6:13:9b:77:df:4b:74:c2:7c:c7:46:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe779e56238b6f2ea068ede4e20aef00c904132b
        Validity
            Not Before: Jan  1 13:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=92865d520f5ec9a68673583dbabe545c161abeb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:0a:c3:f2:4e:9b:00:a1:2a:6e:ab:64:20:ce:
                    7e:3a:d2:df:58:f0:e7:71:7b:29:49:fd:53:06:3e:
                    45:00:21:52:3e:68:55:cf:cf:68:1f:ee:ec:16:19:
                    1b:c5:43:f0:75:c4:ec:d3:2a:39:1a:a1:f9:4f:47:
                    db:ff:09:b2:eb:8e:0a:7d:bb:7c:6e:6c:37:5e:7b:
                    51:89:02:63:f2:97:d2:22:be:8f:de:b8:1e:01:73:
                    19:a1:7e:89:6a:b0:41:d1:84:36:c0:5a:3d:8d:b1:
                    99:e0:c4:2d:f2:48:d1:12:2e:42:58:e2:0f:d8:69:
                    17:b6:a4:db:0a:ea:c1:ed:9e:0e:dc:aa:2d:f3:75:
                    85:dc:fd:cd:92:65:b1:8a:1e:94:a1:88:d8:bc:36:
                    43:5c:91:60:70:fe:29:cd:2b:0a:d9:c8:ce:0e:18:
                    8c:d6:f2:24:f6:04:3e:e6:10:d7:de:c1:9b:ca:03:
                    6f:1a:6c:08:d0:9d:ff:a0:82:40:32:a7:01:5f:0e:
                    34:d6:79:7d:a3:5d:20:e0:72:f0:63:aa:db:a3:75:
                    cf:7e:3c:fe:72:4d:cb:d4:7d:fa:2e:67:7d:13:bd:
                    10:8d:76:1f:21:50:b8:60:ac:51:ef:e3:89:c1:fc:
                    2f:d5:37:8d:a6:dd:db:32:3d:2d:7c:ad:3a:af:00:
                    8e:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:86:5D:52:0F:5E:C9:A6:86:73:58:3D:BA:BE:54:5C:16:1A:BE:B7
            X509v3 Authority Key Identifier:
                keyid:FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/koZdUg9eyaaGc1g9ur5UXBYavrc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.16.140.0/23

    Signature Algorithm: sha256WithRSAEncryption
         80:02:ad:f6:c2:60:95:48:68:46:f6:91:99:72:75:ad:4b:7e:
         ac:01:c5:79:41:68:fc:75:4e:22:d8:65:c3:cb:a0:58:c6:0a:
         f7:05:3f:fc:7d:a7:1d:fc:d4:08:1c:8c:f0:4f:ea:dc:e2:96:
         67:f0:c0:e8:41:36:a6:df:a2:9f:b2:25:44:0c:b6:26:b8:04:
         2f:f7:15:40:78:db:a2:c6:ae:aa:ca:83:26:70:ac:2b:17:d5:
         0a:93:ae:06:c7:50:91:99:0f:19:b3:37:5e:9d:a8:d6:52:9a:
         d0:e7:16:36:73:ef:ef:23:16:23:b7:12:d9:38:3f:6d:ab:1c:
         88:25:29:cf:61:7f:75:78:13:50:7e:45:0a:ba:db:92:f5:fd:
         39:90:7d:b4:56:6d:0a:ae:26:60:ef:5b:ad:fb:7e:45:be:c7:
         73:c8:cc:ce:50:2b:2f:3d:03:da:ba:cc:13:02:0e:d3:e1:96:
         7d:d8:70:9d:aa:f0:d3:e2:0d:f3:1b:7d:1d:b7:7a:d0:60:8d:
         57:1c:64:b1:d1:95:76:b5:8e:3d:8f:a9:5b:80:82:81:77:fb:
         ac:5d:b8:4c:0c:29:b3:da:18:0d:11:a6:a1:28:18:b7:0d:76:
         4e:99:83:5c:3b:b9:9d:6f:cd:9e:43:24:05:08:63:46:5c:c5:
         2d:59:63:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH1uQ1hObd99LdMJ8x0ZLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNzc5ZTU2MjM4YjZmMmVhMDY4ZWRlNGUyMGFlZjAwYzkw
NDEzMmIwHhcNMjUwMTAxMTM0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Mjg2NWQ1MjBmNWVjOWE2ODY3MzU4M2RiYWJlNTQ1YzE2MWFiZWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlgrD8k6bAKEqbqtkIM5+OtLfWPDn
cXspSf1TBj5FACFSPmhVz89oH+7sFhkbxUPwdcTs0yo5GqH5T0fb/wmy644Kfbt8
bmw3XntRiQJj8pfSIr6P3rgeAXMZoX6JarBB0YQ2wFo9jbGZ4MQt8kjREi5CWOIP
2GkXtqTbCurB7Z4O3Kot83WF3P3NkmWxih6UoYjYvDZDXJFgcP4pzSsK2cjODhiM
1vIk9gQ+5hDX3sGbygNvGmwI0J3/oIJAMqcBXw401nl9o10g4HLwY6rbo3XPfjz+
ck3L1H36Lmd9E70QjXYfIVC4YKxR7+OJwfwv1TeNpt3bMj0tfK06rwCOhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJKGXVIPXsmmhnNYPbq+VFwWGr63MB8GA1UdIwQY
MBaAFP53nlYji28uoGjt5OIK7wDJBBMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQt
MzM4OTQ5MTNkY2I3LzEva29aZFVnOWV5YWFHYzFnOXVyNVVYQllhdnJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQtMzM4OTQ5MTNkY2I3
LzEvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB0RCMMA0G
CSqGSIb3DQEBCwUAA4IBAQCAAq32wmCVSGhG9pGZcnWtS36sAcV5QWj8dU4i2GXD
y6BYxgr3BT/8facd/NQIHIzwT+rc4pZn8MDoQTam36KfsiVEDLYmuAQv9xVAeNui
xq6qyoMmcKwrF9UKk64Gx1CRmQ8ZszdenajWUprQ5xY2c+/vIxYjtxLZOD9tqxyI
JSnPYX91eBNQfkUKutuS9f05kH20Vm0KriZg71ut+35FvsdzyMzOUCsvPQPauswT
Ag7T4ZZ92HCdqvDT4g3zG30dt3rQYI1XHGSx0ZV2tY49j6lbgIKBd/usXbhMDCmz
2hgNEaahKBi3DXZOmYNcO7mdb82eQyQFCGNGXMUtWWMd
-----END CERTIFICATE-----