Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/kchMOU2kvdRl00fBh5qoenOEWgo.roa
File:                     kchMOU2kvdRl00fBh5qoenOEWgo.roa (raw, json)
Hash identifier:          rotwuwu8cuF62FGpHhcFZFCeWLWn+XwRCgl6FRfG/Oc=
Subject key identifier:   91:C8:4C:39:4D:A4:BD:D4:65:D3:47:C1:87:9A:A8:7A:73:84:5A:0A
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019422202E9DB7343C9C43ACF66F86514642
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/kchMOU2kvdRl00fBh5qoenOEWgo.roa
Signing time:             Wed 01 Jan 2025 13:48:41 +0000
ROA not before:           Wed 01 Jan 2025 13:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199614
IP address blocks:        94.176.110.0/24 maxlen: 24
                          185.241.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:2e:9d:b7:34:3c:9c:43:ac:f6:6f:86:51:46:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 13:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=91c84c394da4bdd465d347c1879aa87a73845a0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:23:81:c9:e7:54:64:c1:ec:60:3e:11:2f:5c:
                    5f:31:3e:13:62:4f:8c:a0:60:3d:b4:aa:06:1b:35:
                    b5:8d:97:83:39:15:6b:9d:6a:33:21:3f:f7:fc:b6:
                    e4:d5:09:c5:e7:14:37:44:1f:3e:67:45:1c:44:e5:
                    59:25:db:75:4f:0e:d7:40:c9:ab:c6:c1:a6:4d:d6:
                    55:3e:73:95:bc:be:c6:02:f0:cd:4c:ec:15:29:d3:
                    a6:75:0b:40:bd:21:4f:1b:f1:07:71:df:c3:45:45:
                    45:fa:52:41:2f:14:24:71:3c:9d:40:75:64:1b:d4:
                    a1:2f:14:0c:ee:16:30:a3:41:76:2d:b8:24:a3:3d:
                    1d:86:84:60:30:18:ba:df:40:3f:2c:a7:cf:96:7b:
                    2a:fe:a6:34:cd:b4:f8:89:47:c4:7c:0d:3d:59:e1:
                    ab:1d:e6:91:66:38:4a:a1:d2:75:51:55:eb:a9:6d:
                    b5:f1:6e:09:cc:73:4d:4c:df:f0:5a:7e:69:6b:ab:
                    06:7d:e4:b1:a1:57:88:c7:06:19:82:5d:cd:0a:65:
                    75:dc:ba:13:91:18:d0:51:68:97:e6:86:b2:27:b1:
                    b2:95:a3:e5:54:55:26:e7:b8:39:10:e8:5c:3d:0c:
                    d0:f8:62:53:8f:04:48:49:18:f9:9b:45:65:d1:7a:
                    01:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:C8:4C:39:4D:A4:BD:D4:65:D3:47:C1:87:9A:A8:7A:73:84:5A:0A
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/kchMOU2kvdRl00fBh5qoenOEWgo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.176.110.0/24
                  185.241.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:e0:fe:9d:1f:5d:dc:b6:5b:d3:38:66:72:f8:f5:19:10:4e:
         65:47:4e:63:b6:88:b5:0d:53:25:aa:32:09:ad:78:75:84:34:
         ef:52:a3:77:4c:d5:02:53:75:f8:57:dd:36:03:2d:7d:d6:76:
         e1:83:8d:f9:b9:84:bd:ac:c1:4f:bc:37:a3:63:da:0d:74:84:
         c6:bf:8d:33:5d:ac:77:55:58:95:2f:52:fd:74:d0:cd:e3:68:
         13:8c:ed:8a:7d:e8:93:21:f4:a0:40:c2:bf:ca:ba:02:59:97:
         f7:9d:6d:f3:4c:aa:93:2a:b0:ec:5d:1f:e5:9c:b5:5f:50:20:
         02:3e:3f:49:a4:c4:22:21:6b:4a:10:05:6a:1f:05:cd:2d:53:
         0f:84:95:28:ec:7d:8a:1c:37:4d:da:31:d8:21:ce:d5:d4:a1:
         cc:d2:32:c9:f5:6a:3d:08:24:f1:dc:95:41:04:86:fe:10:1b:
         8e:24:4e:38:c2:8e:e8:65:aa:93:4d:76:32:84:2f:a3:67:10:
         62:8c:a6:36:f0:a9:7b:7e:8a:d8:eb:cc:f4:8a:05:16:b2:f1:
         94:63:61:43:ef:16:bb:f8:5e:b9:ac:a2:90:86:54:1e:d5:f0:
         a1:43:11:72:ae:f2:62:1d:2f:71:63:dc:a4:e9:36:50:d8:81:
         82:7c:67:42
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiIC6dtzQ8nEOs9m+GUUZCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWM4NGMzOTRkYTRiZGQ0NjVkMzQ3YzE4NzlhYTg3YTczODQ1YTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmSOByedUZMHsYD4RL1xfMT4TYk+M
oGA9tKoGGzW1jZeDORVrnWozIT/3/Lbk1QnF5xQ3RB8+Z0UcROVZJdt1Tw7XQMmr
xsGmTdZVPnOVvL7GAvDNTOwVKdOmdQtAvSFPG/EHcd/DRUVF+lJBLxQkcTydQHVk
G9ShLxQM7hYwo0F2Lbgkoz0dhoRgMBi630A/LKfPlnsq/qY0zbT4iUfEfA09WeGr
HeaRZjhKodJ1UVXrqW218W4JzHNNTN/wWn5pa6sGfeSxoVeIxwYZgl3NCmV13LoT
kRjQUWiX5oayJ7GylaPlVFUm57g5EOhcPQzQ+GJTjwRISRj5m0Vl0XoBmwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJHITDlNpL3UZdNHwYeaqHpzhFoKMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEva2NoTU9VMmt2ZFJsMDBmQmg1cW9lbk9FV2dvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXrBuAwQA
ufHRMA0GCSqGSIb3DQEBCwUAA4IBAQCW4P6dH13ctlvTOGZy+PUZEE5lR05jtoi1
DVMlqjIJrXh1hDTvUqN3TNUCU3X4V902Ay191nbhg435uYS9rMFPvDejY9oNdITG
v40zXax3VViVL1L9dNDN42gTjO2KfeiTIfSgQMK/yroCWZf3nW3zTKqTKrDsXR/l
nLVfUCACPj9JpMQiIWtKEAVqHwXNLVMPhJUo7H2KHDdN2jHYIc7V1KHM0jLJ9Wo9
CCTx3JVBBIb+EBuOJE44wo7oZaqTTXYyhC+jZxBijKY28Kl7forY68z0igUWsvGU
Y2FD7xa7+F65rKKQhlQe1fChQxFyrvJiHS9xY9yk6TZQ2IGCfGdC
-----END CERTIFICATE-----