Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/f053cd-1d79-43a1-9aab-0e72416b4dc7/1/KWzqOLtIWSWtWkByhLp85FW_7rM.roa
File:                     KWzqOLtIWSWtWkByhLp85FW_7rM.roa (raw, json)
Hash identifier:          +yMm4K7E6517qc0jJ3daW8uChLhsqKi3MVBCXwIyDXI=
Subject key identifier:   29:6C:EA:38:BB:48:59:25:AD:5A:40:72:84:BA:7C:E4:55:BF:EE:B3
Certificate issuer:       /CN=a389e7035b08e181a341f37eda7343d23f1cafa4
Certificate serial:       0194258F03EDE51E841E370DAD2CB0361DFE
Authority key identifier: A3:89:E7:03:5B:08:E1:81:A3:41:F3:7E:DA:73:43:D2:3F:1C:AF:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o4nnA1sI4YGjQfN-2nND0j8cr6Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/f053cd-1d79-43a1-9aab-0e72416b4dc7/1/KWzqOLtIWSWtWkByhLp85FW_7rM.roa
Signing time:             Thu 02 Jan 2025 05:48:36 +0000
ROA not before:           Thu 02 Jan 2025 05:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     32323
IP address blocks:        176.121.92.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/f053cd-1d79-43a1-9aab-0e72416b4dc7/1/o4nnA1sI4YGjQfN-2nND0j8cr6Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/f053cd-1d79-43a1-9aab-0e72416b4dc7/1/o4nnA1sI4YGjQfN-2nND0j8cr6Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o4nnA1sI4YGjQfN-2nND0j8cr6Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:03:ed:e5:1e:84:1e:37:0d:ad:2c:b0:36:1d:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a389e7035b08e181a341f37eda7343d23f1cafa4
        Validity
            Not Before: Jan  2 05:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=296cea38bb485925ad5a407284ba7ce455bfeeb3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:d3:ec:06:e9:fd:eb:6f:cc:38:aa:ec:ba:06:
                    a5:d8:5d:25:c5:ed:49:b8:cd:c8:4f:7d:7b:38:46:
                    b3:67:15:ba:d3:b7:aa:50:f5:82:68:73:e7:48:cf:
                    8a:ae:5e:50:37:c7:ad:96:ea:b0:5b:47:de:e7:8d:
                    28:2d:8e:30:77:b0:96:e0:db:e8:0c:0a:e6:39:e2:
                    94:99:f7:cf:93:6a:41:0a:70:d8:80:99:72:c6:96:
                    b9:90:4f:3d:e1:0c:c0:8c:79:97:fd:6e:3f:68:b8:
                    d6:14:70:b4:88:4d:d0:fb:3b:c2:ca:82:56:2d:30:
                    6c:5b:fd:88:bb:b1:8e:97:fc:69:cd:5e:5c:4c:ef:
                    17:4c:62:9d:10:6a:da:9b:22:9f:ca:11:e7:9b:0a:
                    54:85:d4:37:7b:37:25:eb:37:d2:be:ec:45:58:04:
                    42:1f:76:14:4f:52:1c:08:be:cd:8e:dc:4d:2d:69:
                    6d:b1:ae:8d:d6:92:62:b4:17:ed:39:4b:f3:77:a9:
                    f9:57:57:cf:5a:7b:13:e4:4a:3c:1f:00:cd:af:6b:
                    c4:c6:26:57:d7:fc:2c:45:fa:e5:02:6b:c9:7a:2e:
                    3f:61:94:cd:e8:19:66:10:e7:c2:09:cb:b9:c4:db:
                    2d:44:06:24:92:e1:04:4a:42:f5:e7:e1:cd:ab:00:
                    cc:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:6C:EA:38:BB:48:59:25:AD:5A:40:72:84:BA:7C:E4:55:BF:EE:B3
            X509v3 Authority Key Identifier:
                keyid:A3:89:E7:03:5B:08:E1:81:A3:41:F3:7E:DA:73:43:D2:3F:1C:AF:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o4nnA1sI4YGjQfN-2nND0j8cr6Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/f053cd-1d79-43a1-9aab-0e72416b4dc7/1/KWzqOLtIWSWtWkByhLp85FW_7rM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/f053cd-1d79-43a1-9aab-0e72416b4dc7/1/o4nnA1sI4YGjQfN-2nND0j8cr6Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.121.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:7f:94:2d:53:29:66:ae:31:a9:0d:24:67:71:b0:1b:b2:6f:
         0e:6e:8d:2a:df:a8:84:46:1d:5f:e4:e2:e2:8b:8c:fb:f9:b9:
         88:ac:c6:65:47:db:75:a3:48:ef:60:37:31:e8:89:f3:72:45:
         7a:87:dd:73:d3:18:16:07:56:8d:ae:ef:33:c0:85:ff:f1:47:
         9e:16:cd:23:f8:62:3c:21:17:26:de:ae:07:fd:b8:72:df:a8:
         b6:19:57:76:42:08:b5:a4:7b:d5:68:ad:ef:63:46:7a:79:aa:
         da:e2:5f:98:8f:5e:97:ba:fe:5a:d9:84:f0:5e:69:09:7f:3f:
         cf:5a:19:8f:da:48:e1:bd:33:40:43:5b:19:f3:94:53:d3:f4:
         21:49:d6:24:2d:11:49:a6:b9:c5:8f:a9:8e:29:1a:8b:ff:20:
         e0:55:2b:d1:c0:b9:b0:c5:66:e5:77:c9:32:59:e6:16:b9:38:
         e9:2b:ad:e3:f1:10:75:6d:cd:08:37:4b:4e:7e:9d:25:b0:14:
         69:66:ea:a0:e6:ed:57:3f:fe:ba:14:2f:b8:b1:c8:85:01:49:
         be:f2:a5:0f:60:88:8d:bd:be:11:71:5d:4e:0f:09:a9:76:a3:
         5d:f8:85:8f:6c:e5:f6:59:a6:91:b0:3d:be:0d:11:ba:a8:66:
         f4:46:c6:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljwPt5R6EHjcNrSywNh3+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzODllNzAzNWIwOGUxODFhMzQxZjM3ZWRhNzM0M2QyM2Yx
Y2FmYTQwHhcNMjUwMTAyMDU0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTZjZWEzOGJiNDg1OTI1YWQ1YTQwNzI4NGJhN2NlNDU1YmZlZWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApNPsBun962/MOKrsugal2F0lxe1J
uM3IT317OEazZxW607eqUPWCaHPnSM+Krl5QN8etluqwW0fe540oLY4wd7CW4Nvo
DArmOeKUmffPk2pBCnDYgJlyxpa5kE894QzAjHmX/W4/aLjWFHC0iE3Q+zvCyoJW
LTBsW/2Iu7GOl/xpzV5cTO8XTGKdEGramyKfyhHnmwpUhdQ3ezcl6zfSvuxFWARC
H3YUT1IcCL7NjtxNLWltsa6N1pJitBftOUvzd6n5V1fPWnsT5Eo8HwDNr2vExiZX
1/wsRfrlAmvJei4/YZTN6BlmEOfCCcu5xNstRAYkkuEESkL15+HNqwDMAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCls6ji7SFklrVpAcoS6fORVv+6zMB8GA1UdIwQY
MBaAFKOJ5wNbCOGBo0HzftpzQ9I/HK+kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzRubkExc0k0WUdqUWZOLTJuTkQwajhjcjZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9mMDUzY2QtMWQ3OS00M2ExLTlhYWIt
MGU3MjQxNmI0ZGM3LzEvS1d6cU9MdElXU1d0V2tCeWhMcDg1RldfN3JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9mMDUzY2QtMWQ3OS00M2ExLTlhYWItMGU3MjQxNmI0ZGM3
LzEvbzRubkExc0k0WUdqUWZOLTJuTkQwajhjcjZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHlcMA0G
CSqGSIb3DQEBCwUAA4IBAQBsf5QtUylmrjGpDSRncbAbsm8Obo0q36iERh1f5OLi
i4z7+bmIrMZlR9t1o0jvYDcx6InzckV6h91z0xgWB1aNru8zwIX/8UeeFs0j+GI8
IRcm3q4H/bhy36i2GVd2Qgi1pHvVaK3vY0Z6eara4l+Yj16Xuv5a2YTwXmkJfz/P
WhmP2kjhvTNAQ1sZ85RT0/QhSdYkLRFJprnFj6mOKRqL/yDgVSvRwLmwxWbld8ky
WeYWuTjpK63j8RB1bc0IN0tOfp0lsBRpZuqg5u1XP/66FC+4sciFAUm+8qUPYIiN
vb4RcV1ODwmpdqNd+IWPbOX2WaaRsD2+DRG6qGb0RsaA
-----END CERTIFICATE-----