Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/6a3069-ad3c-4388-b1e8-0c27adb75cdf/1/kuduuaUOyGakCO9Tn5rzfY0i8Hk.roa
File:                     kuduuaUOyGakCO9Tn5rzfY0i8Hk.roa (raw, json)
Hash identifier:          Q9PoN1sRWuaTY4KshxWn50PXqDpvKrsvU7VleCWrxSA=
Subject key identifier:   92:E7:6E:B9:A5:0E:C8:66:A4:08:EF:53:9F:9A:F3:7D:8D:22:F0:79
Certificate issuer:       /CN=76d44d97653a06d846b2443535b83e8cbc39d928
Certificate serial:       019421B1C078621C9F1FF93938500D9158FB
Authority key identifier: 76:D4:4D:97:65:3A:06:D8:46:B2:44:35:35:B8:3E:8C:BC:39:D9:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dtRNl2U6BthGskQ1Nbg-jLw52Sg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/6a3069-ad3c-4388-b1e8-0c27adb75cdf/1/kuduuaUOyGakCO9Tn5rzfY0i8Hk.roa
Signing time:             Wed 01 Jan 2025 11:48:04 +0000
ROA not before:           Wed 01 Jan 2025 11:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        194.15.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/6a3069-ad3c-4388-b1e8-0c27adb75cdf/1/dtRNl2U6BthGskQ1Nbg-jLw52Sg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/6a3069-ad3c-4388-b1e8-0c27adb75cdf/1/dtRNl2U6BthGskQ1Nbg-jLw52Sg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dtRNl2U6BthGskQ1Nbg-jLw52Sg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 23:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:c0:78:62:1c:9f:1f:f9:39:38:50:0d:91:58:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76d44d97653a06d846b2443535b83e8cbc39d928
        Validity
            Not Before: Jan  1 11:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=92e76eb9a50ec866a408ef539f9af37d8d22f079
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:74:96:8c:76:1f:62:64:df:5a:a1:d0:b9:8c:
                    30:5e:04:3c:c6:47:ee:a6:13:26:c3:67:dd:2a:ce:
                    46:d6:9e:2a:4c:f7:5a:99:a1:4f:69:64:a1:c6:79:
                    43:22:2b:d2:66:12:9c:90:7c:a0:64:bd:39:92:70:
                    16:42:17:92:12:bb:85:ba:cf:58:4d:49:44:61:6c:
                    e4:98:99:2a:0f:2f:1f:ed:e6:21:2d:88:94:9f:a5:
                    d6:84:de:f9:23:14:39:1c:c2:5f:f5:f4:cb:7a:1e:
                    3e:14:de:2a:4c:7a:54:0e:e8:3a:67:50:d2:a5:98:
                    13:a7:e5:95:43:f4:45:e0:27:74:0b:db:64:72:1c:
                    05:bb:af:f7:b5:8c:f8:8b:40:49:30:36:0d:1f:73:
                    1a:41:78:41:da:38:e8:2b:99:ad:ef:4d:e6:83:26:
                    ee:1e:7a:5f:fc:d7:73:6e:a4:97:64:bb:db:1b:31:
                    70:d7:17:d2:1d:20:d7:25:0e:b0:f6:02:6a:3b:35:
                    28:2b:ce:bc:d5:4f:75:11:7d:1d:5f:70:2a:3c:e9:
                    cf:23:bb:33:2c:41:c6:20:96:5f:fd:6d:32:fc:c2:
                    e5:d4:9c:a8:a8:51:7e:28:7f:f1:2b:e1:81:31:0e:
                    f7:86:d7:bb:c6:65:29:c9:87:7b:e7:73:d4:0d:3a:
                    a0:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:E7:6E:B9:A5:0E:C8:66:A4:08:EF:53:9F:9A:F3:7D:8D:22:F0:79
            X509v3 Authority Key Identifier:
                keyid:76:D4:4D:97:65:3A:06:D8:46:B2:44:35:35:B8:3E:8C:BC:39:D9:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dtRNl2U6BthGskQ1Nbg-jLw52Sg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/6a3069-ad3c-4388-b1e8-0c27adb75cdf/1/kuduuaUOyGakCO9Tn5rzfY0i8Hk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/6a3069-ad3c-4388-b1e8-0c27adb75cdf/1/dtRNl2U6BthGskQ1Nbg-jLw52Sg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.15.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:05:c8:6c:3d:95:16:fa:b4:b9:d8:de:28:43:5e:63:eb:5c:
         34:e2:6c:63:4b:d5:00:89:50:18:56:86:c8:cd:fc:52:0f:f6:
         7f:21:80:b7:9c:13:53:e5:f3:26:a8:59:e5:bb:dc:46:78:7f:
         3e:aa:e5:25:22:19:b9:85:1c:24:83:38:08:c4:c7:83:6f:21:
         bb:07:08:5e:1c:1d:81:04:04:e4:3a:c5:64:01:71:aa:20:ee:
         d6:17:9c:5d:db:69:29:a1:06:7d:1b:e0:7f:10:cb:35:6a:5d:
         43:44:1a:1a:82:e6:ce:86:76:2a:a8:be:9b:d8:70:bf:5c:cc:
         36:77:52:b8:d0:df:b2:c4:e1:14:64:5b:f9:24:3a:06:5d:19:
         bf:2a:4a:c5:d5:d3:dc:93:6e:38:cb:4d:6a:e0:08:43:9e:bc:
         a1:3c:ff:56:a5:bc:15:b1:2e:00:fc:49:0d:43:7c:d9:ff:03:
         2d:0e:bf:e5:2f:98:d4:18:24:b4:d6:7a:2c:24:40:c1:e7:ee:
         5e:13:94:64:af:1e:c9:b8:04:93:25:82:0d:a6:e1:17:a9:92:
         bf:21:9b:fb:88:ae:03:30:62:0a:9b:2c:b9:f6:25:09:ca:46:
         3f:77:fb:a1:c9:fa:1b:ab:ba:24:bd:0b:05:29:b0:1a:e8:c4:
         09:70:42:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhscB4YhyfH/k5OFANkVj7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2ZDQ0ZDk3NjUzYTA2ZDg0NmIyNDQzNTM1YjgzZThjYmMz
OWQ5MjgwHhcNMjUwMTAxMTE0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmU3NmViOWE1MGVjODY2YTQwOGVmNTM5ZjlhZjM3ZDhkMjJmMDc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm3SWjHYfYmTfWqHQuYwwXgQ8xkfu
phMmw2fdKs5G1p4qTPdamaFPaWShxnlDIivSZhKckHygZL05knAWQheSEruFus9Y
TUlEYWzkmJkqDy8f7eYhLYiUn6XWhN75IxQ5HMJf9fTLeh4+FN4qTHpUDug6Z1DS
pZgTp+WVQ/RF4Cd0C9tkchwFu6/3tYz4i0BJMDYNH3MaQXhB2jjoK5mt703mgybu
Hnpf/NdzbqSXZLvbGzFw1xfSHSDXJQ6w9gJqOzUoK8681U91EX0dX3AqPOnPI7sz
LEHGIJZf/W0y/MLl1JyoqFF+KH/xK+GBMQ73hte7xmUpyYd753PUDTqgcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJLnbrmlDshmpAjvU5+a832NIvB5MB8GA1UdIwQY
MBaAFHbUTZdlOgbYRrJENTW4Poy8OdkoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHRSTmwyVTZCdGhHc2tRMU5iZy1qTHc1MlNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi82YTMwNjktYWQzYy00Mzg4LWIxZTgt
MGMyN2FkYjc1Y2RmLzEva3VkdXVhVU95R2FrQ085VG41cnpmWTBpOEhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi82YTMwNjktYWQzYy00Mzg4LWIxZTgtMGMyN2FkYjc1Y2Rm
LzEvZHRSTmwyVTZCdGhHc2tRMU5iZy1qTHc1MlNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwg/RMA0G
CSqGSIb3DQEBCwUAA4IBAQCyBchsPZUW+rS52N4oQ15j61w04mxjS9UAiVAYVobI
zfxSD/Z/IYC3nBNT5fMmqFnlu9xGeH8+quUlIhm5hRwkgzgIxMeDbyG7BwheHB2B
BATkOsVkAXGqIO7WF5xd22kpoQZ9G+B/EMs1al1DRBoagubOhnYqqL6b2HC/XMw2
d1K40N+yxOEUZFv5JDoGXRm/KkrF1dPck244y01q4AhDnryhPP9WpbwVsS4A/EkN
Q3zZ/wMtDr/lL5jUGCS01nosJEDB5+5eE5Rkrx7JuASTJYINpuEXqZK/IZv7iK4D
MGIKmyy59iUJykY/d/uhyfobq7okvQsFKbAa6MQJcELA
-----END CERTIFICATE-----