Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/_KiSxOPdlZjyAMKBUu2shVHXjhI.roa
File:                     _KiSxOPdlZjyAMKBUu2shVHXjhI.roa (raw, json)
Hash identifier:          CeCeupQAOIztWol191+Mn81JbkZ17ESdQ65PUeIBGfE=
Subject key identifier:   FC:A8:92:C4:E3:DD:95:98:F2:00:C2:81:52:ED:AC:85:51:D7:8E:12
Certificate issuer:       /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial:       019420D663F1B4F865C1B4DBF3B89F05E2FF
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/_KiSxOPdlZjyAMKBUu2shVHXjhI.roa
Signing time:             Wed 01 Jan 2025 07:48:28 +0000
ROA not before:           Wed 01 Jan 2025 07:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400039
IP address blocks:        86.104.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 02:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:63:f1:b4:f8:65:c1:b4:db:f3:b8:9f:05:e2:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
        Validity
            Not Before: Jan  1 07:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fca892c4e3dd9598f200c28152edac8551d78e12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:38:10:6a:bc:b9:9a:f1:f9:d8:0f:59:2c:e8:
                    98:77:dd:71:1c:73:ed:0c:e5:2a:66:b4:9f:ca:60:
                    dc:bf:0d:5a:ec:4c:6c:3c:c7:1a:85:9c:b2:bb:1d:
                    52:c3:08:00:59:46:b4:e8:e7:c9:0d:1d:37:fc:61:
                    47:ee:4a:7f:54:8f:36:eb:18:f9:92:88:62:20:6c:
                    65:ac:16:67:10:9b:c0:75:da:d0:9a:9f:18:1a:25:
                    3b:89:0f:2e:54:d2:28:e6:d7:e5:c7:09:2f:9e:b9:
                    37:8e:d6:2d:57:8f:df:46:01:17:d3:d6:85:61:69:
                    83:07:a3:ee:15:14:0f:1b:60:6e:3b:17:53:72:cc:
                    70:b4:4e:0e:70:d4:2c:a1:f5:40:40:26:37:0c:79:
                    63:02:38:0d:d5:37:17:10:bb:92:0d:37:9e:82:40:
                    be:75:44:d5:d1:a4:ad:e5:13:ef:04:f8:90:64:2d:
                    c2:d1:f6:a2:87:ce:8f:7f:6c:11:95:c8:b7:ac:d7:
                    1d:20:22:b2:87:21:b2:b8:92:de:0b:9c:ed:78:f2:
                    9b:b8:fb:a4:cd:9c:73:7b:25:b3:55:0f:04:6c:1c:
                    da:fd:fe:68:26:6f:c6:d9:77:73:71:72:7a:5f:ab:
                    8c:e7:5b:2a:91:88:01:23:a8:b8:cd:20:fe:3f:b4:
                    de:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:A8:92:C4:E3:DD:95:98:F2:00:C2:81:52:ED:AC:85:51:D7:8E:12
            X509v3 Authority Key Identifier:
                keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/_KiSxOPdlZjyAMKBUu2shVHXjhI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.104.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:7f:3c:22:36:8c:cb:88:1c:cf:8e:07:80:41:ec:f1:af:54:
         8f:a2:9d:9e:da:1a:c1:b4:e1:69:20:43:bd:cf:55:a6:b4:2b:
         4f:92:1e:2c:74:13:64:55:c1:b9:f8:f5:44:73:78:f9:06:96:
         00:7c:2f:86:bb:71:ac:6a:5f:37:05:02:5a:cd:14:c4:db:38:
         38:b7:51:ec:e8:ae:84:47:ba:9c:da:b2:94:6d:d3:da:93:79:
         85:1e:99:25:7d:03:94:53:5a:d0:06:31:c2:ba:8c:3a:0e:5d:
         40:e7:a8:21:1b:91:36:9c:07:68:e7:e8:bf:2d:b9:41:21:ca:
         02:ec:9a:21:cb:42:68:b9:12:92:e8:7f:1f:60:79:42:7f:45:
         1f:31:32:78:4c:c3:2a:37:1f:29:91:4a:9c:39:9c:e7:bc:c3:
         39:98:8f:b1:d8:12:99:5d:c0:0d:56:a0:0a:3f:83:5a:8c:6c:
         38:04:a1:0a:64:cf:2a:58:31:0b:89:d0:fa:a5:df:05:ff:50:
         89:95:14:d6:2a:d3:25:2f:19:6b:1b:22:05:72:b5:c8:9d:a3:
         69:cf:ca:c5:a5:1a:65:85:f4:e5:4b:27:da:bd:3b:6a:5b:82:
         89:68:2f:01:6a:b0:eb:f1:8e:dd:de:8e:17:ec:42:d4:6f:59:
         8e:fa:13:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1mPxtPhlwbTb87ifBeL/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjUwMTAxMDc0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2E4OTJjNGUzZGQ5NTk4ZjIwMGMyODE1MmVkYWM4NTUxZDc4ZTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0TgQary5mvH52A9ZLOiYd91xHHPt
DOUqZrSfymDcvw1a7ExsPMcahZyyux1SwwgAWUa06OfJDR03/GFH7kp/VI826xj5
kohiIGxlrBZnEJvAddrQmp8YGiU7iQ8uVNIo5tflxwkvnrk3jtYtV4/fRgEX09aF
YWmDB6PuFRQPG2BuOxdTcsxwtE4OcNQsofVAQCY3DHljAjgN1TcXELuSDTeegkC+
dUTV0aSt5RPvBPiQZC3C0faih86Pf2wRlci3rNcdICKyhyGyuJLeC5ztePKbuPuk
zZxzeyWzVQ8EbBza/f5oJm/G2XdzcXJ6X6uM51sqkYgBI6i4zSD+P7TexwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPyoksTj3ZWY8gDCgVLtrIVR144SMB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvX0tpU3hPUGRsWmp5QU1LQlV1MnNoVkhYamhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVmjRMA0G
CSqGSIb3DQEBCwUAA4IBAQB/fzwiNozLiBzPjgeAQezxr1SPop2e2hrBtOFpIEO9
z1WmtCtPkh4sdBNkVcG5+PVEc3j5BpYAfC+Gu3Gsal83BQJazRTE2zg4t1Hs6K6E
R7qc2rKUbdPak3mFHpklfQOUU1rQBjHCuow6Dl1A56ghG5E2nAdo5+i/LblBIcoC
7Johy0JouRKS6H8fYHlCf0UfMTJ4TMMqNx8pkUqcOZznvMM5mI+x2BKZXcANVqAK
P4NajGw4BKEKZM8qWDELidD6pd8F/1CJlRTWKtMlLxlrGyIFcrXInaNpz8rFpRpl
hfTlSyfavTtqW4KJaC8BarDr8Y7d3o4X7ELUb1mO+hO/
-----END CERTIFICATE-----