Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/7db80c-5113-4e83-b2c8-f2664d1921d3/1/KaCCbIDfk6xPLr8lzeQM2ayQkYY.roa
File:                     KaCCbIDfk6xPLr8lzeQM2ayQkYY.roa (raw, json)
Hash identifier:          stYyC3DZ280ukMQVQAStdzjvt9KMG36guiRh8dH8BRQ=
Subject key identifier:   29:A0:82:6C:80:DF:93:AC:4F:2E:BF:25:CD:E4:0C:D9:AC:90:91:86
Certificate issuer:       /CN=f394a464728b82856dc2b955ccae9ab5ba6539c8
Certificate serial:       01941FFA54276A367C112FAC260F57C97A6A
Authority key identifier: F3:94:A4:64:72:8B:82:85:6D:C2:B9:55:CC:AE:9A:B5:BA:65:39:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/85SkZHKLgoVtwrlVzK6atbplOcg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/7db80c-5113-4e83-b2c8-f2664d1921d3/1/KaCCbIDfk6xPLr8lzeQM2ayQkYY.roa
Signing time:             Wed 01 Jan 2025 03:48:06 +0000
ROA not before:           Wed 01 Jan 2025 03:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8218
IP address blocks:        164.138.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/7db80c-5113-4e83-b2c8-f2664d1921d3/1/85SkZHKLgoVtwrlVzK6atbplOcg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/7db80c-5113-4e83-b2c8-f2664d1921d3/1/85SkZHKLgoVtwrlVzK6atbplOcg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/85SkZHKLgoVtwrlVzK6atbplOcg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 09:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:54:27:6a:36:7c:11:2f:ac:26:0f:57:c9:7a:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f394a464728b82856dc2b955ccae9ab5ba6539c8
        Validity
            Not Before: Jan  1 03:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=29a0826c80df93ac4f2ebf25cde40cd9ac909186
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ae:49:67:8d:95:fc:53:42:ce:66:c6:5a:c3:
                    b1:bb:22:db:ea:d8:24:a0:9f:df:37:af:cd:9a:a2:
                    3b:12:99:2a:53:47:e9:f2:48:ec:b4:aa:55:4c:1d:
                    fb:3f:8e:31:26:ad:87:df:fe:5f:75:e2:78:b8:de:
                    4a:9e:7d:a9:6f:8d:82:7b:15:0c:f8:55:4b:59:dd:
                    7f:b4:00:b9:e2:1b:18:d5:54:30:0b:dd:f2:aa:9f:
                    63:f5:d1:05:9a:6a:3e:f4:38:0e:60:4c:3e:e9:c4:
                    1b:56:4b:f3:48:0d:22:f2:bd:09:3d:e5:1e:f9:a5:
                    29:aa:7e:dd:8e:1e:b1:f7:0c:6c:d6:b8:1c:8d:b1:
                    20:2a:51:79:4b:75:84:d7:08:84:3a:e0:b9:00:78:
                    a6:5f:9d:4a:9d:da:13:98:aa:da:cd:f9:ee:55:7e:
                    a6:4b:5a:33:c3:af:a6:c8:b6:5d:40:9a:71:3d:07:
                    51:21:85:1d:be:82:75:20:c5:bc:81:d1:12:27:8b:
                    00:aa:be:85:8c:99:bf:43:20:80:1a:42:af:0d:79:
                    b6:8b:e3:0a:94:f8:91:73:df:ce:7f:46:a3:55:31:
                    2c:1e:94:f1:9e:6e:49:d6:a0:77:5c:d0:53:66:ea:
                    de:e8:cb:75:18:8a:a8:a4:cd:79:d1:64:be:3f:eb:
                    f2:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:A0:82:6C:80:DF:93:AC:4F:2E:BF:25:CD:E4:0C:D9:AC:90:91:86
            X509v3 Authority Key Identifier:
                keyid:F3:94:A4:64:72:8B:82:85:6D:C2:B9:55:CC:AE:9A:B5:BA:65:39:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/85SkZHKLgoVtwrlVzK6atbplOcg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/7db80c-5113-4e83-b2c8-f2664d1921d3/1/KaCCbIDfk6xPLr8lzeQM2ayQkYY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/7db80c-5113-4e83-b2c8-f2664d1921d3/1/85SkZHKLgoVtwrlVzK6atbplOcg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.138.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:37:48:34:6e:29:ee:be:6c:90:29:d8:ab:8b:e3:3a:ec:fd:
         4b:21:4e:03:91:79:93:63:c7:b0:f9:83:0d:a6:96:3a:1e:2a:
         7f:b0:7f:d7:68:db:f6:55:8b:f8:4c:cc:64:21:42:3f:80:a9:
         50:ef:31:5c:21:e1:51:32:af:ae:42:0d:62:77:3a:22:09:62:
         b5:55:33:9a:71:44:f0:23:2c:c6:23:60:7f:8b:5d:28:9c:46:
         46:28:09:b3:04:49:0d:56:96:55:3e:fd:b7:88:f2:4c:43:8e:
         b1:44:06:65:50:65:21:d5:ef:fa:b0:4a:b4:21:b2:6b:bd:3b:
         97:be:3f:0a:06:12:03:63:98:11:9c:44:59:56:e2:88:01:a4:
         db:93:17:d1:a4:8b:79:41:2c:b8:5e:46:b5:e8:bc:ce:dd:0e:
         83:05:35:69:78:4b:12:fd:44:84:1e:f4:a9:df:54:e1:80:f6:
         e4:9c:c0:ec:e0:47:c8:75:aa:3a:8e:a7:39:e6:da:4c:4d:11:
         e9:54:c8:8f:da:61:65:fe:40:0e:a6:14:b9:bb:c2:7f:a0:2c:
         b8:61:71:cb:4c:bc:58:02:8d:46:84:15:53:fb:c5:a2:eb:a1:
         30:6d:21:19:fa:aa:bc:dd:6c:32:c3:55:ec:f3:3b:5f:8c:26:
         35:30:43:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+lQnajZ8ES+sJg9XyXpqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzOTRhNDY0NzI4YjgyODU2ZGMyYjk1NWNjYWU5YWI1YmE2
NTM5YzgwHhcNMjUwMTAxMDM0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWEwODI2YzgwZGY5M2FjNGYyZWJmMjVjZGU0MGNkOWFjOTA5MTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqq5JZ42V/FNCzmbGWsOxuyLb6tgk
oJ/fN6/NmqI7EpkqU0fp8kjstKpVTB37P44xJq2H3/5fdeJ4uN5Knn2pb42CexUM
+FVLWd1/tAC54hsY1VQwC93yqp9j9dEFmmo+9DgOYEw+6cQbVkvzSA0i8r0JPeUe
+aUpqn7djh6x9wxs1rgcjbEgKlF5S3WE1wiEOuC5AHimX51KndoTmKrazfnuVX6m
S1ozw6+myLZdQJpxPQdRIYUdvoJ1IMW8gdESJ4sAqr6FjJm/QyCAGkKvDXm2i+MK
lPiRc9/Of0ajVTEsHpTxnm5J1qB3XNBTZure6Mt1GIqopM150WS+P+vyIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCmggmyA35OsTy6/Jc3kDNmskJGGMB8GA1UdIwQY
MBaAFPOUpGRyi4KFbcK5VcyumrW6ZTnIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODVTa1pIS0xnb1Z0d3JsVnpLNmF0YnBsT2NnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi83ZGI4MGMtNTExMy00ZTgzLWIyYzgt
ZjI2NjRkMTkyMWQzLzEvS2FDQ2JJRGZrNnhQTHI4bHplUU0yYXlRa1lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi83ZGI4MGMtNTExMy00ZTgzLWIyYzgtZjI2NjRkMTkyMWQz
LzEvODVTa1pIS0xnb1Z0d3JsVnpLNmF0YnBsT2NnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQApIr2MA0G
CSqGSIb3DQEBCwUAA4IBAQA4N0g0binuvmyQKdiri+M67P1LIU4DkXmTY8ew+YMN
ppY6Hip/sH/XaNv2VYv4TMxkIUI/gKlQ7zFcIeFRMq+uQg1idzoiCWK1VTOacUTw
IyzGI2B/i10onEZGKAmzBEkNVpZVPv23iPJMQ46xRAZlUGUh1e/6sEq0IbJrvTuX
vj8KBhIDY5gRnERZVuKIAaTbkxfRpIt5QSy4Xka16LzO3Q6DBTVpeEsS/USEHvSp
31ThgPbknMDs4EfIdao6jqc55tpMTRHpVMiP2mFl/kAOphS5u8J/oCy4YXHLTLxY
Ao1GhBVT+8Wi66EwbSEZ+qq83Wwyw1Xs8ztfjCY1MEOg
-----END CERTIFICATE-----