Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/e29dce-a174-4b77-89aa-236e92fc6a59/1/kgbZgs6-Yl9779KCqxnYBmplLhc.roa
File:                     kgbZgs6-Yl9779KCqxnYBmplLhc.roa (raw, json)
Hash identifier:          qc6AvzGUC9pOX7uyW0pISf+jcmwsR8CrVQA4q8kjZA8=
Subject key identifier:   92:06:D9:82:CE:BE:62:5F:7B:EF:D2:82:AB:19:D8:06:6A:65:2E:17
Certificate issuer:       /CN=a86580e18ad6ff8dc942be883c16de8b731f9605
Certificate serial:       019421B18B1929E0718EFC874EFA600993A7
Authority key identifier: A8:65:80:E1:8A:D6:FF:8D:C9:42:BE:88:3C:16:DE:8B:73:1F:96:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qGWA4YrW_43JQr6IPBbei3MflgU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/e29dce-a174-4b77-89aa-236e92fc6a59/1/kgbZgs6-Yl9779KCqxnYBmplLhc.roa
Signing time:             Wed 01 Jan 2025 11:47:51 +0000
ROA not before:           Wed 01 Jan 2025 11:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41887
IP address blocks:        90.145.56.0/24 maxlen: 24
                          2a02:120:2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/e29dce-a174-4b77-89aa-236e92fc6a59/1/qGWA4YrW_43JQr6IPBbei3MflgU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/e29dce-a174-4b77-89aa-236e92fc6a59/1/qGWA4YrW_43JQr6IPBbei3MflgU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qGWA4YrW_43JQr6IPBbei3MflgU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:8b:19:29:e0:71:8e:fc:87:4e:fa:60:09:93:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a86580e18ad6ff8dc942be883c16de8b731f9605
        Validity
            Not Before: Jan  1 11:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9206d982cebe625f7befd282ab19d8066a652e17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:32:8f:b6:9b:9c:80:39:1a:a7:d4:05:2b:89:
                    6c:d1:8a:da:85:bb:2d:53:b0:d3:0e:08:57:c6:f7:
                    1d:96:a0:76:d3:a4:99:af:68:7d:ec:e0:8f:c9:83:
                    fb:c7:c7:b5:60:bc:7e:63:06:b5:d3:7d:58:d7:3a:
                    e4:5e:fb:ed:f1:82:dd:18:34:5e:c3:9e:93:45:8e:
                    32:36:9a:5e:05:0b:94:4e:3a:a8:c0:0c:21:04:a0:
                    28:85:67:fe:55:c5:83:46:24:64:b8:cb:75:09:1f:
                    d6:0e:10:0b:8b:27:5d:3f:9c:a8:29:7d:0e:2c:20:
                    e2:59:b4:b6:18:fe:cd:78:d2:c4:11:f8:46:5a:85:
                    4e:b3:e4:7a:9a:48:75:6a:ff:23:60:bf:66:06:a9:
                    00:f4:44:c6:8e:1e:ff:a3:08:d5:e5:d1:0e:a7:9e:
                    d0:8f:1b:8b:64:b8:5b:bf:7d:a3:23:ba:cb:85:21:
                    b6:c0:66:ae:2a:b6:e4:f6:06:bb:e5:61:0a:ca:91:
                    a7:06:65:5a:97:88:88:02:9e:9c:67:2b:f6:6b:bb:
                    2e:2e:a7:0a:4f:4b:b9:09:25:97:57:09:63:a0:22:
                    0d:45:da:79:a5:0e:07:e4:c6:63:d0:0a:30:e1:71:
                    71:f2:d5:a4:ae:95:23:9f:de:82:0b:74:d0:ad:8d:
                    86:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:06:D9:82:CE:BE:62:5F:7B:EF:D2:82:AB:19:D8:06:6A:65:2E:17
            X509v3 Authority Key Identifier:
                keyid:A8:65:80:E1:8A:D6:FF:8D:C9:42:BE:88:3C:16:DE:8B:73:1F:96:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qGWA4YrW_43JQr6IPBbei3MflgU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/e29dce-a174-4b77-89aa-236e92fc6a59/1/kgbZgs6-Yl9779KCqxnYBmplLhc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/e29dce-a174-4b77-89aa-236e92fc6a59/1/qGWA4YrW_43JQr6IPBbei3MflgU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  90.145.56.0/24
                IPv6:
                  2a02:120:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         60:49:63:5d:ec:8b:a3:31:e8:6a:12:87:eb:60:27:0a:f1:0a:
         24:1d:4b:9c:1b:90:dc:dd:cf:8a:fe:f1:47:1e:6d:62:4b:9f:
         bd:06:0a:1c:4c:54:65:94:f0:f2:a1:68:1a:e7:12:b3:87:65:
         c6:e0:38:8f:ab:ec:3c:ca:d7:dc:79:1e:bc:82:1d:d3:e8:65:
         c5:c6:5d:8f:98:14:66:25:b3:aa:66:72:33:ec:b4:52:5e:0e:
         a8:29:b7:e8:22:c5:5c:53:88:20:cf:14:bd:c6:ba:55:2d:bf:
         73:b2:56:8e:51:dc:1a:c8:43:50:b9:33:a1:ef:3f:89:e1:d8:
         65:8b:cf:7f:4f:46:de:fd:c2:db:2d:aa:be:5e:aa:27:7f:da:
         4d:d0:ae:a5:c7:db:ad:e3:f0:5b:d3:8c:f5:6a:79:90:d3:26:
         7c:5a:88:43:f6:e9:b5:d5:c8:4b:bf:05:02:5a:a4:98:e1:cc:
         14:30:75:7e:ed:7a:3d:63:a7:a3:8e:66:97:11:82:af:91:56:
         7c:15:32:99:ca:b9:00:1f:b7:0c:ad:54:2f:52:fb:2f:d8:86:
         22:c2:44:07:ff:59:d3:60:39:22:96:d1:2b:0b:11:c8:33:70:
         ef:b5:8a:9b:da:e1:ee:e6:33:c6:d0:14:91:36:37:3c:d9:58:
         56:07:d1:76
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQhsYsZKeBxjvyHTvpgCZOnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NjU4MGUxOGFkNmZmOGRjOTQyYmU4ODNjMTZkZThiNzMx
Zjk2MDUwHhcNMjUwMTAxMTE0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjA2ZDk4MmNlYmU2MjVmN2JlZmQyODJhYjE5ZDgwNjZhNjUyZTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzDKPtpucgDkap9QFK4ls0Yrahbst
U7DTDghXxvcdlqB206SZr2h97OCPyYP7x8e1YLx+Ywa1031Y1zrkXvvt8YLdGDRe
w56TRY4yNppeBQuUTjqowAwhBKAohWf+VcWDRiRkuMt1CR/WDhALiyddP5yoKX0O
LCDiWbS2GP7NeNLEEfhGWoVOs+R6mkh1av8jYL9mBqkA9ETGjh7/owjV5dEOp57Q
jxuLZLhbv32jI7rLhSG2wGauKrbk9ga75WEKypGnBmVal4iIAp6cZyv2a7suLqcK
T0u5CSWXVwljoCINRdp5pQ4H5MZj0Aow4XFx8tWkrpUjn96CC3TQrY2GnwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJIG2YLOvmJfe+/SgqsZ2AZqZS4XMB8GA1UdIwQY
MBaAFKhlgOGK1v+NyUK+iDwW3otzH5YFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUdXQTRZcldfNDNKUXI2SVBCYmVpM01mbGdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS9lMjlkY2UtYTE3NC00Yjc3LTg5YWEt
MjM2ZTkyZmM2YTU5LzEva2diWmdzNi1ZbDk3NzlLQ3F4bllCbXBsTGhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS9lMjlkY2UtYTE3NC00Yjc3LTg5YWEtMjM2ZTkyZmM2YTU5
LzEvcUdXQTRZcldfNDNKUXI2SVBCYmVpM01mbGdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAWpE4MA8E
AgACMAkDBwAqAgEgAAIwDQYJKoZIhvcNAQELBQADggEBAGBJY13si6Mx6GoSh+tg
JwrxCiQdS5wbkNzdz4r+8UcebWJLn70GChxMVGWU8PKhaBrnErOHZcbgOI+r7DzK
19x5HryCHdPoZcXGXY+YFGYls6pmcjPstFJeDqgpt+gixVxTiCDPFL3GulUtv3Oy
Vo5R3BrIQ1C5M6HvP4nh2GWLz39PRt79wtstqr5eqid/2k3QrqXH263j8FvTjPVq
eZDTJnxaiEP26bXVyEu/BQJapJjhzBQwdX7tej1jp6OOZpcRgq+RVnwVMpnKuQAf
twytVC9S+y/YhiLCRAf/WdNgOSKW0SsLEcgzcO+1ipva4e7mM8bQFJE2NzzZWFYH
0XY=
-----END CERTIFICATE-----