Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/a7ce03-1f15-4dbc-9a8d-a81544ea5b67/1/kJgRBYW8FH_KB9BmG0zuAtDHIt4.roa
File:                     kJgRBYW8FH_KB9BmG0zuAtDHIt4.roa (raw, json)
Hash identifier:          bRkMoYbDThsAekovmWN3M4u7dfA1wfKmJ7fIKIUCTN4=
Subject key identifier:   90:98:11:05:85:BC:14:7F:CA:07:D0:66:1B:4C:EE:02:D0:C7:22:DE
Certificate issuer:       /CN=62e5ec9df4dd03b9f500a6a0947d147b6ed21666
Certificate serial:       019420D5D79D5C73529FA3524FD6703BD08C
Authority key identifier: 62:E5:EC:9D:F4:DD:03:B9:F5:00:A6:A0:94:7D:14:7B:6E:D2:16:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YuXsnfTdA7n1AKaglH0Ue27SFmY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/a7ce03-1f15-4dbc-9a8d-a81544ea5b67/1/kJgRBYW8FH_KB9BmG0zuAtDHIt4.roa
Signing time:             Wed 01 Jan 2025 07:47:52 +0000
ROA not before:           Wed 01 Jan 2025 07:47:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396982
IP address blocks:        185.188.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/a7ce03-1f15-4dbc-9a8d-a81544ea5b67/1/YuXsnfTdA7n1AKaglH0Ue27SFmY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/a7ce03-1f15-4dbc-9a8d-a81544ea5b67/1/YuXsnfTdA7n1AKaglH0Ue27SFmY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YuXsnfTdA7n1AKaglH0Ue27SFmY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:d7:9d:5c:73:52:9f:a3:52:4f:d6:70:3b:d0:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62e5ec9df4dd03b9f500a6a0947d147b6ed21666
        Validity
            Not Before: Jan  1 07:47:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9098110585bc147fca07d0661b4cee02d0c722de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:5d:f8:f1:c5:79:7c:bf:47:b9:06:05:0b:f3:
                    4f:a7:ce:55:0f:f3:df:14:3d:23:e8:b9:a5:2b:55:
                    7c:d2:a0:15:41:5e:2d:09:ea:db:7a:7f:a4:3d:68:
                    55:29:d7:d3:64:47:d8:ed:f7:48:a3:a3:9b:8b:d9:
                    e9:43:4f:fa:7c:16:82:e9:d9:e5:1c:ae:7c:24:90:
                    82:f2:05:0a:d3:42:02:27:71:9f:73:0d:cb:94:94:
                    8d:f4:2e:3f:f2:29:0f:0d:a4:92:ff:18:c2:a2:69:
                    f9:a1:fb:95:48:f7:3f:c6:dc:8b:7c:49:e6:a4:15:
                    59:fe:c1:f4:33:40:5a:ad:68:1d:cb:2d:87:f7:ba:
                    8c:37:13:75:bd:32:52:41:e5:0b:98:b4:50:b1:ee:
                    17:15:70:bf:ad:63:1c:60:7f:0e:5e:c5:10:66:2c:
                    39:a4:8d:de:14:46:6f:49:5a:ee:5d:ba:79:a4:6f:
                    df:b2:ac:0e:a0:a9:c7:9d:e1:11:1f:3d:51:80:bd:
                    5b:0d:c4:a9:61:45:24:da:90:5c:0b:aa:5e:7e:69:
                    ca:50:e2:89:c2:a0:5d:25:1e:e5:08:5d:27:eb:59:
                    70:0a:e0:19:46:45:07:4f:8a:c9:b7:98:19:ae:30:
                    f0:53:76:cc:ee:d9:68:9f:42:55:7a:24:8e:44:23:
                    d6:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:98:11:05:85:BC:14:7F:CA:07:D0:66:1B:4C:EE:02:D0:C7:22:DE
            X509v3 Authority Key Identifier:
                keyid:62:E5:EC:9D:F4:DD:03:B9:F5:00:A6:A0:94:7D:14:7B:6E:D2:16:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YuXsnfTdA7n1AKaglH0Ue27SFmY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/a7ce03-1f15-4dbc-9a8d-a81544ea5b67/1/kJgRBYW8FH_KB9BmG0zuAtDHIt4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/a7ce03-1f15-4dbc-9a8d-a81544ea5b67/1/YuXsnfTdA7n1AKaglH0Ue27SFmY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.188.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:a9:66:b1:11:61:1b:52:41:6a:b5:7b:50:21:03:be:d6:cc:
         2f:3a:6d:35:d8:34:1b:4c:9b:ec:a7:ad:39:85:d6:a9:7e:8b:
         5f:6d:17:b8:f1:58:d5:f7:b5:9e:ca:df:70:48:a5:a1:76:43:
         97:b3:6a:7b:ce:d0:cd:08:e8:5f:87:ab:4c:b0:bc:2b:29:33:
         6e:03:3d:4c:59:71:db:f4:8d:f5:cc:a6:7b:8f:83:c9:dc:32:
         47:25:21:7e:9a:6e:c4:17:60:24:d9:70:c5:06:0e:55:2c:cb:
         7b:bd:bd:07:94:f1:8c:b0:a2:80:5c:6f:54:50:8f:dd:8d:c9:
         6e:9c:29:de:3e:a5:14:98:f1:fd:f4:ff:05:c1:fc:b1:62:23:
         46:6f:6b:cf:d7:a2:ec:a3:9a:12:70:f5:03:b5:1b:5d:59:4d:
         88:31:ab:31:76:be:71:ec:36:66:7c:9c:d4:0d:6a:61:35:39:
         3d:88:11:e2:88:7f:c9:99:97:eb:9f:e7:0c:5a:ef:30:ba:b8:
         2b:da:e7:a2:43:7f:30:33:2a:ef:c2:a2:48:20:a1:ea:80:b5:
         48:17:66:f6:7d:a4:51:e3:13:e8:4f:16:2a:ee:f7:0d:4e:ea:
         48:1b:00:21:40:e4:c5:2c:bb:0d:bc:ad:a8:f9:ef:3e:35:fb:
         cf:4d:74:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1dedXHNSn6NST9ZwO9CMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZTVlYzlkZjRkZDAzYjlmNTAwYTZhMDk0N2QxNDdiNmVk
MjE2NjYwHhcNMjUwMTAxMDc0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDk4MTEwNTg1YmMxNDdmY2EwN2QwNjYxYjRjZWUwMmQwYzcyMmRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvl348cV5fL9HuQYFC/NPp85VD/Pf
FD0j6LmlK1V80qAVQV4tCerben+kPWhVKdfTZEfY7fdIo6Obi9npQ0/6fBaC6dnl
HK58JJCC8gUK00ICJ3Gfcw3LlJSN9C4/8ikPDaSS/xjComn5ofuVSPc/xtyLfEnm
pBVZ/sH0M0BarWgdyy2H97qMNxN1vTJSQeULmLRQse4XFXC/rWMcYH8OXsUQZiw5
pI3eFEZvSVruXbp5pG/fsqwOoKnHneERHz1RgL1bDcSpYUUk2pBcC6pefmnKUOKJ
wqBdJR7lCF0n61lwCuAZRkUHT4rJt5gZrjDwU3bM7tlon0JVeiSORCPWFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJCYEQWFvBR/ygfQZhtM7gLQxyLeMB8GA1UdIwQY
MBaAFGLl7J303QO59QCmoJR9FHtu0hZmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXVYc25mVGRBN24xQUthZ2xIMFVlMjdTRm1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC9hN2NlMDMtMWYxNS00ZGJjLTlhOGQt
YTgxNTQ0ZWE1YjY3LzEva0pnUkJZVzhGSF9LQjlCbUcwenVBdERISXQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC9hN2NlMDMtMWYxNS00ZGJjLTlhOGQtYTgxNTQ0ZWE1YjY3
LzEvWXVYc25mVGRBN24xQUthZ2xIMFVlMjdTRm1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubxdMA0G
CSqGSIb3DQEBCwUAA4IBAQAOqWaxEWEbUkFqtXtQIQO+1swvOm012DQbTJvsp605
hdapfotfbRe48VjV97Weyt9wSKWhdkOXs2p7ztDNCOhfh6tMsLwrKTNuAz1MWXHb
9I31zKZ7j4PJ3DJHJSF+mm7EF2Ak2XDFBg5VLMt7vb0HlPGMsKKAXG9UUI/djclu
nCnePqUUmPH99P8FwfyxYiNGb2vP16Lso5oScPUDtRtdWU2IMasxdr5x7DZmfJzU
DWphNTk9iBHiiH/JmZfrn+cMWu8wurgr2ueiQ38wMyrvwqJIIKHqgLVIF2b2faRR
4xPoTxYq7vcNTupIGwAhQOTFLLsNvK2o+e8+NfvPTXSG
-----END CERTIFICATE-----