Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/30f5e0-a04f-4993-983c-715f09817341/1/A_KgM3k4qAAXzoVtcLMaFcFNNK4.roa
File:                     A_KgM3k4qAAXzoVtcLMaFcFNNK4.roa (raw, json)
Hash identifier:          VJ7GutYO65TbDd04dxHRMtfL/mkpQAyG9g/RbTdBVFk=
Subject key identifier:   03:F2:A0:33:79:38:A8:00:17:CE:85:6D:70:B3:1A:15:C1:4D:34:AE
Certificate issuer:       /CN=bf5db811b5d5d05bec37ee9d09a4ec52eeed1ad5
Certificate serial:       019427B5B13BBDFDB2516C219D8916050390
Authority key identifier: BF:5D:B8:11:B5:D5:D0:5B:EC:37:EE:9D:09:A4:EC:52:EE:ED:1A:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v124EbXV0FvsN-6dCaTsUu7tGtU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/30f5e0-a04f-4993-983c-715f09817341/1/A_KgM3k4qAAXzoVtcLMaFcFNNK4.roa
Signing time:             Thu 02 Jan 2025 15:50:06 +0000
ROA not before:           Thu 02 Jan 2025 15:50:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212939
IP address blocks:        185.66.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/30f5e0-a04f-4993-983c-715f09817341/1/v124EbXV0FvsN-6dCaTsUu7tGtU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/30f5e0-a04f-4993-983c-715f09817341/1/v124EbXV0FvsN-6dCaTsUu7tGtU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v124EbXV0FvsN-6dCaTsUu7tGtU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:b1:3b:bd:fd:b2:51:6c:21:9d:89:16:05:03:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf5db811b5d5d05bec37ee9d09a4ec52eeed1ad5
        Validity
            Not Before: Jan  2 15:50:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=03f2a0337938a80017ce856d70b31a15c14d34ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:7f:4d:8b:23:2a:56:23:4f:e9:f3:b2:ea:cc:
                    10:a4:f1:1f:ef:bc:94:1f:39:50:d9:22:ff:95:b2:
                    85:5c:0f:3d:06:9b:2f:3b:52:e6:20:bf:9d:da:2c:
                    9c:d4:7e:91:8a:93:c8:2c:b7:e5:b6:33:c1:ae:e0:
                    6f:24:44:04:35:54:6d:ff:78:ba:31:3d:23:05:a8:
                    87:aa:a6:8d:bb:05:ba:f1:21:25:96:51:89:e6:22:
                    ae:46:e9:98:8f:b7:43:1b:e5:dc:4b:22:88:a3:e6:
                    08:4e:60:ce:df:2b:7e:06:19:ec:a1:77:e0:38:6d:
                    e0:b4:e7:c1:2e:c5:41:fd:b8:53:ba:8f:24:6d:8c:
                    90:d0:13:84:23:a3:11:b4:fe:07:92:67:1b:67:88:
                    e6:b2:5f:98:56:53:2b:90:a0:28:45:37:d8:5e:b9:
                    0e:07:14:1a:02:84:73:8e:99:5a:48:a2:8d:7b:73:
                    02:6d:58:41:f2:8f:c8:3b:a6:31:37:91:11:ee:e7:
                    93:b1:68:27:08:71:0b:93:d3:60:c4:b7:18:a8:97:
                    7a:d8:7e:3d:3c:57:fc:ac:f3:60:64:43:df:be:f7:
                    16:8b:b2:c5:e0:c5:8a:9b:a8:87:79:c5:15:b1:91:
                    8e:9d:e5:a1:5c:1f:fa:a0:4a:66:f8:74:35:42:ce:
                    67:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:F2:A0:33:79:38:A8:00:17:CE:85:6D:70:B3:1A:15:C1:4D:34:AE
            X509v3 Authority Key Identifier:
                keyid:BF:5D:B8:11:B5:D5:D0:5B:EC:37:EE:9D:09:A4:EC:52:EE:ED:1A:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v124EbXV0FvsN-6dCaTsUu7tGtU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/30f5e0-a04f-4993-983c-715f09817341/1/A_KgM3k4qAAXzoVtcLMaFcFNNK4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/30f5e0-a04f-4993-983c-715f09817341/1/v124EbXV0FvsN-6dCaTsUu7tGtU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.66.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:00:0d:68:c2:99:e0:02:9a:88:7a:45:57:c6:0e:51:3b:2a:
         52:64:86:75:bd:62:0e:0a:01:f5:bd:e5:66:ce:e7:00:e6:57:
         bc:8f:75:17:3c:96:82:21:b2:b6:b7:4c:63:8b:2d:9a:fd:a4:
         b7:51:78:52:d2:0b:56:b0:72:e0:5f:23:46:cb:41:ba:45:5c:
         f5:7a:43:f8:6c:e9:da:b6:23:63:5c:a8:0d:92:8a:4b:8e:d3:
         84:87:df:c7:e4:6e:73:e2:60:47:22:5d:93:60:9b:bf:d8:d5:
         ed:f5:7c:5a:95:83:48:ce:bf:a9:10:1c:e2:ed:5c:1a:97:c5:
         4d:9f:6d:c9:9e:bf:2b:75:ba:da:84:cd:60:37:34:80:ec:fa:
         9c:2c:0f:f9:6a:1f:ef:aa:22:98:9f:8c:e0:92:bd:9e:0a:e6:
         b1:bb:21:d0:5a:d5:a3:26:ad:ab:5a:1d:1b:20:12:fe:86:d3:
         ee:ec:85:46:5a:1a:5a:76:86:e7:54:3a:46:5c:4f:14:c2:57:
         9e:02:b7:b5:90:b1:6e:67:b9:db:db:15:f5:42:46:8c:d7:1a:
         65:f5:97:1d:66:c7:3f:d9:7f:a4:0a:53:a2:77:41:91:15:9d:
         3a:6a:d7:ec:2a:16:77:85:92:85:f3:89:e4:67:25:d4:8a:70:
         13:cc:43:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntbE7vf2yUWwhnYkWBQOQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmNWRiODExYjVkNWQwNWJlYzM3ZWU5ZDA5YTRlYzUyZWVl
ZDFhZDUwHhcNMjUwMTAyMTU1MDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2YyYTAzMzc5MzhhODAwMTdjZTg1NmQ3MGIzMWExNWMxNGQzNGFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz39NiyMqViNP6fOy6swQpPEf77yU
HzlQ2SL/lbKFXA89BpsvO1LmIL+d2iyc1H6RipPILLfltjPBruBvJEQENVRt/3i6
MT0jBaiHqqaNuwW68SElllGJ5iKuRumYj7dDG+XcSyKIo+YITmDO3yt+BhnsoXfg
OG3gtOfBLsVB/bhTuo8kbYyQ0BOEI6MRtP4HkmcbZ4jmsl+YVlMrkKAoRTfYXrkO
BxQaAoRzjplaSKKNe3MCbVhB8o/IO6YxN5ER7ueTsWgnCHELk9NgxLcYqJd62H49
PFf8rPNgZEPfvvcWi7LF4MWKm6iHecUVsZGOneWhXB/6oEpm+HQ1Qs5nJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAPyoDN5OKgAF86FbXCzGhXBTTSuMB8GA1UdIwQY
MBaAFL9duBG11dBb7DfunQmk7FLu7RrVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjEyNEViWFYwRnZzTi02ZENhVHNVdTd0R3RVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC8zMGY1ZTAtYTA0Zi00OTkzLTk4M2Mt
NzE1ZjA5ODE3MzQxLzEvQV9LZ00zazRxQUFYem9WdGNMTWFGY0ZOTks0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC8zMGY1ZTAtYTA0Zi00OTkzLTk4M2MtNzE1ZjA5ODE3MzQx
LzEvdjEyNEViWFYwRnZzTi02ZENhVHNVdTd0R3RVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuULmMA0G
CSqGSIb3DQEBCwUAA4IBAQBxAA1owpngApqIekVXxg5ROypSZIZ1vWIOCgH1veVm
zucA5le8j3UXPJaCIbK2t0xjiy2a/aS3UXhS0gtWsHLgXyNGy0G6RVz1ekP4bOna
tiNjXKgNkopLjtOEh9/H5G5z4mBHIl2TYJu/2NXt9XxalYNIzr+pEBzi7Vwal8VN
n23Jnr8rdbrahM1gNzSA7PqcLA/5ah/vqiKYn4zgkr2eCuaxuyHQWtWjJq2rWh0b
IBL+htPu7IVGWhpadobnVDpGXE8UwleeAre1kLFuZ7nb2xX1QkaM1xpl9ZcdZsc/
2X+kClOid0GRFZ06atfsKhZ3hZKF84nkZyXUinATzEN9
-----END CERTIFICATE-----