Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/985efa-8bee-4f73-88b7-be3bb6cd2d51/1/KSNAER4Mydp8HyU9sU8i1lEowuM.roa
File:                     KSNAER4Mydp8HyU9sU8i1lEowuM.roa (raw, json)
Hash identifier:          k7Cs9APUIR/QxVIdcXpLwc8DXRZq1n3B8dEj7Z0wTKs=
Subject key identifier:   29:23:40:11:1E:0C:C9:DA:7C:1F:25:3D:B1:4F:22:D6:51:28:C2:E3
Certificate issuer:       /CN=48a4693b1dccc49ee6605a7d339e1d847ef0ad8b
Certificate serial:       01941F8C55733CFC8B00A8F1753F5D8B0130
Authority key identifier: 48:A4:69:3B:1D:CC:C4:9E:E6:60:5A:7D:33:9E:1D:84:7E:F0:AD:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SKRpOx3MxJ7mYFp9M54dhH7wrYs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/985efa-8bee-4f73-88b7-be3bb6cd2d51/1/KSNAER4Mydp8HyU9sU8i1lEowuM.roa
Signing time:             Wed 01 Jan 2025 01:47:58 +0000
ROA not before:           Wed 01 Jan 2025 01:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15681
IP address blocks:        83.150.208.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/985efa-8bee-4f73-88b7-be3bb6cd2d51/1/SKRpOx3MxJ7mYFp9M54dhH7wrYs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/985efa-8bee-4f73-88b7-be3bb6cd2d51/1/SKRpOx3MxJ7mYFp9M54dhH7wrYs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SKRpOx3MxJ7mYFp9M54dhH7wrYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 10:02:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:55:73:3c:fc:8b:00:a8:f1:75:3f:5d:8b:01:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=48a4693b1dccc49ee6605a7d339e1d847ef0ad8b
        Validity
            Not Before: Jan  1 01:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=292340111e0cc9da7c1f253db14f22d65128c2e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:65:6e:3d:97:bd:5d:45:4a:f8:72:b4:43:0b:
                    44:28:6a:19:3e:51:27:4b:c7:0e:d3:55:62:e3:8b:
                    77:94:6d:e7:1d:71:c2:30:ea:d5:82:ff:1e:50:20:
                    ca:82:ac:41:80:3e:ec:a1:07:c1:b1:06:1f:cf:87:
                    e5:1d:2e:eb:0a:84:df:99:27:77:9f:6f:b1:9d:d6:
                    a0:23:e3:36:1d:da:be:4f:c1:94:8b:9a:e2:60:61:
                    f5:50:d4:ca:52:97:dd:ba:24:5a:c6:17:a2:9b:5d:
                    dd:1f:2b:f9:35:9e:b6:0d:22:91:f4:f3:24:37:4c:
                    f9:ef:91:c1:4f:22:3b:3c:5c:40:b7:92:b2:ed:a1:
                    70:05:c8:b3:79:ed:5a:e0:31:f0:fa:ca:7b:b2:d2:
                    46:9a:e6:8c:eb:d7:c6:38:05:c5:d6:fb:51:34:7f:
                    f7:c3:26:b0:86:d4:9d:b2:89:9d:89:b3:80:b3:40:
                    ce:de:49:b1:06:aa:7f:c3:0e:66:2a:31:57:4b:a9:
                    dc:0f:5b:42:8d:cd:19:8a:e5:8d:af:30:13:01:ba:
                    ed:ea:17:cc:50:11:84:19:25:8b:03:03:ea:f7:ac:
                    fb:64:06:78:90:ea:d0:b5:34:72:d7:f2:2f:d7:5a:
                    32:6d:3e:96:9f:94:72:37:65:39:c5:4c:e9:a9:43:
                    53:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:23:40:11:1E:0C:C9:DA:7C:1F:25:3D:B1:4F:22:D6:51:28:C2:E3
            X509v3 Authority Key Identifier:
                keyid:48:A4:69:3B:1D:CC:C4:9E:E6:60:5A:7D:33:9E:1D:84:7E:F0:AD:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SKRpOx3MxJ7mYFp9M54dhH7wrYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/985efa-8bee-4f73-88b7-be3bb6cd2d51/1/KSNAER4Mydp8HyU9sU8i1lEowuM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/985efa-8bee-4f73-88b7-be3bb6cd2d51/1/SKRpOx3MxJ7mYFp9M54dhH7wrYs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.150.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         92:00:40:d6:81:c4:eb:07:9c:ea:fe:68:7b:f1:09:99:fd:cb:
         21:a8:76:66:eb:cd:2d:3c:d4:46:66:0a:2f:f3:4b:d9:0d:20:
         b2:60:c1:17:c1:28:34:21:7e:ae:38:28:a9:fa:d3:5c:48:eb:
         1c:5b:a1:4e:43:bd:5c:d3:47:4f:5d:de:2d:eb:51:18:d3:e1:
         11:03:90:11:d0:1b:90:36:91:57:aa:38:04:2d:04:90:85:09:
         d4:26:77:d3:9b:35:a0:ac:74:8f:ff:58:37:65:19:77:72:96:
         54:9e:0f:29:9b:08:86:db:ff:bc:fd:ea:72:e3:36:b4:6f:48:
         41:e5:43:f4:32:16:da:c7:1b:b5:9f:19:43:e5:e2:0e:f2:a8:
         a2:a6:60:c4:39:52:cf:6b:d7:0f:72:7c:f5:2e:04:4c:d6:d5:
         31:6a:23:65:45:e8:f2:62:f7:da:9e:13:d4:94:d6:b9:62:fb:
         29:b0:0a:e1:59:66:25:1a:42:6a:8b:37:b1:b4:a4:0e:17:79:
         91:f7:d5:51:df:de:ee:89:b1:d6:d7:aa:48:64:f2:1a:e1:92:
         ba:be:24:65:c0:61:e5:17:b9:9d:c8:96:5f:03:88:29:b0:38:
         30:00:da:15:76:ec:42:a2:54:c9:a5:b3:a7:73:48:5a:da:31:
         54:36:d8:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjFVzPPyLAKjxdT9diwEwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4YTQ2OTNiMWRjY2M0OWVlNjYwNWE3ZDMzOWUxZDg0N2Vm
MGFkOGIwHhcNMjUwMTAxMDE0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTIzNDAxMTFlMGNjOWRhN2MxZjI1M2RiMTRmMjJkNjUxMjhjMmUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2VuPZe9XUVK+HK0QwtEKGoZPlEn
S8cO01Vi44t3lG3nHXHCMOrVgv8eUCDKgqxBgD7soQfBsQYfz4flHS7rCoTfmSd3
n2+xndagI+M2Hdq+T8GUi5riYGH1UNTKUpfduiRaxheim13dHyv5NZ62DSKR9PMk
N0z575HBTyI7PFxAt5Ky7aFwBcizee1a4DHw+sp7stJGmuaM69fGOAXF1vtRNH/3
wyawhtSdsomdibOAs0DO3kmxBqp/ww5mKjFXS6ncD1tCjc0ZiuWNrzATAbrt6hfM
UBGEGSWLAwPq96z7ZAZ4kOrQtTRy1/Iv11oybT6Wn5RyN2U5xUzpqUNThwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCkjQBEeDMnafB8lPbFPItZRKMLjMB8GA1UdIwQY
MBaAFEikaTsdzMSe5mBafTOeHYR+8K2LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0tScE94M014SjdtWUZwOU01NGRoSDd3cllzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC85ODVlZmEtOGJlZS00ZjczLTg4Yjct
YmUzYmI2Y2QyZDUxLzEvS1NOQUVSNE15ZHA4SHlVOXNVOGkxbEVvd3VNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC85ODVlZmEtOGJlZS00ZjczLTg4YjctYmUzYmI2Y2QyZDUx
LzEvU0tScE94M014SjdtWUZwOU01NGRoSDd3cllzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCU5bQMA0G
CSqGSIb3DQEBCwUAA4IBAQCSAEDWgcTrB5zq/mh78QmZ/cshqHZm680tPNRGZgov
80vZDSCyYMEXwSg0IX6uOCip+tNcSOscW6FOQ71c00dPXd4t61EY0+ERA5AR0BuQ
NpFXqjgELQSQhQnUJnfTmzWgrHSP/1g3ZRl3cpZUng8pmwiG2/+8/epy4za0b0hB
5UP0Mhbaxxu1nxlD5eIO8qiipmDEOVLPa9cPcnz1LgRM1tUxaiNlRejyYvfanhPU
lNa5YvspsArhWWYlGkJqizextKQOF3mR99VR397uibHW16pIZPIa4ZK6viRlwGHl
F7mdyJZfA4gpsDgwANoVduxColTJpbOnc0ha2jFUNtgG
-----END CERTIFICATE-----