Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/668437-97c2-48c2-b7c8-cc7746719406/1/KX5-b8tfIxZ9QaObI34wusMJAu8.roa
File:                     KX5-b8tfIxZ9QaObI34wusMJAu8.roa (raw, json)
Hash identifier:          E8pkGADzxdyLbNBpzexYq9jUYKSiA426sagviGcATi8=
Subject key identifier:   29:7E:7E:6F:CB:5F:23:16:7D:41:A3:9B:23:7E:30:BA:C3:09:02:EF
Certificate issuer:       /CN=43af2e987d2b63addaa5adc178f31e90d876aaa7
Certificate serial:       0194282794B50936C155DBB763CCAF88A891
Authority key identifier: 43:AF:2E:98:7D:2B:63:AD:DA:A5:AD:C1:78:F3:1E:90:D8:76:AA:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q68umH0rY63apa3BePMekNh2qqc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/668437-97c2-48c2-b7c8-cc7746719406/1/KX5-b8tfIxZ9QaObI34wusMJAu8.roa
Signing time:             Thu 02 Jan 2025 17:54:30 +0000
ROA not before:           Thu 02 Jan 2025 17:54:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        185.2.244.0/22 maxlen: 22
                          185.2.244.0/24 maxlen: 24
                          185.2.245.0/24 maxlen: 24
                          185.2.246.0/24 maxlen: 24
                          185.2.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/668437-97c2-48c2-b7c8-cc7746719406/1/Q68umH0rY63apa3BePMekNh2qqc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/668437-97c2-48c2-b7c8-cc7746719406/1/Q68umH0rY63apa3BePMekNh2qqc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q68umH0rY63apa3BePMekNh2qqc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:94:b5:09:36:c1:55:db:b7:63:cc:af:88:a8:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43af2e987d2b63addaa5adc178f31e90d876aaa7
        Validity
            Not Before: Jan  2 17:54:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=297e7e6fcb5f23167d41a39b237e30bac30902ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:f3:af:42:a6:2f:6e:e4:cf:3b:1e:1e:30:a6:
                    36:2c:c4:1b:32:b7:30:39:9b:db:b3:3e:bc:56:e4:
                    86:02:5a:7a:88:80:d6:bd:5d:8a:27:22:89:c5:3c:
                    af:3b:53:70:e3:39:e3:8f:26:5c:6e:6f:66:10:2b:
                    09:08:e0:df:19:94:3a:37:4e:e9:4f:15:e9:ae:c5:
                    b8:9a:76:36:35:12:5a:18:d1:d6:49:6e:e2:37:6f:
                    d6:7c:84:d3:30:08:ba:18:e6:08:1c:cb:55:a9:bd:
                    21:50:56:86:8b:b4:04:2e:bf:76:f5:d4:18:62:72:
                    23:91:36:7e:9c:fd:f6:f7:a0:5a:20:b9:4d:a2:8a:
                    c2:9d:ec:9c:f9:60:c7:fd:4c:fd:da:b9:45:6f:17:
                    52:77:5a:9e:57:ef:13:0b:40:69:ae:29:2f:08:fb:
                    88:0e:ce:77:c4:47:a1:99:7a:36:e1:e1:20:f7:c5:
                    c2:67:f1:44:5a:d3:5f:7e:2e:ed:f4:6a:d3:74:ac:
                    8b:8f:85:bb:bb:15:0f:5a:24:2d:e8:67:98:c2:50:
                    6b:dc:b5:b9:72:c6:7f:2a:d2:d0:e5:3e:97:30:9f:
                    10:e4:83:06:0f:57:a2:19:46:2d:fa:fa:08:67:c1:
                    87:13:32:fb:d7:af:be:9a:02:a4:e4:77:03:74:69:
                    ad:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:7E:7E:6F:CB:5F:23:16:7D:41:A3:9B:23:7E:30:BA:C3:09:02:EF
            X509v3 Authority Key Identifier:
                keyid:43:AF:2E:98:7D:2B:63:AD:DA:A5:AD:C1:78:F3:1E:90:D8:76:AA:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q68umH0rY63apa3BePMekNh2qqc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/668437-97c2-48c2-b7c8-cc7746719406/1/KX5-b8tfIxZ9QaObI34wusMJAu8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/668437-97c2-48c2-b7c8-cc7746719406/1/Q68umH0rY63apa3BePMekNh2qqc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.2.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         84:be:54:47:09:af:d9:c1:6e:b1:9f:6e:22:14:6f:28:e9:4b:
         78:ff:60:38:64:70:e9:71:25:72:21:78:5b:25:b0:2c:f4:9c:
         9f:73:9d:18:3e:54:af:f9:09:06:c3:a8:29:b0:be:9d:3f:c9:
         fc:e8:f4:d4:79:4e:89:d8:fe:a5:75:e1:35:42:3d:a0:3a:63:
         bb:ee:31:bb:2e:63:5f:14:60:3b:a0:87:83:4e:cd:c8:16:f2:
         4f:f0:f0:fa:25:0c:a5:f2:81:bb:3a:67:33:96:7e:21:f1:34:
         24:a8:35:2e:36:66:ab:9e:bf:22:75:bb:3f:6d:de:98:54:0b:
         40:24:3a:b5:00:66:d2:13:a0:b4:42:01:36:b5:73:83:b1:9b:
         a3:fb:c0:3e:30:74:7e:61:71:cd:1d:3d:b5:cc:73:92:90:bc:
         30:f4:4a:2a:f6:45:8f:28:ad:c0:b5:6e:37:91:09:df:5d:d0:
         87:d7:26:bb:e4:8f:01:f2:91:3e:9c:f9:0e:20:6f:29:03:87:
         1e:03:32:39:57:ad:d8:d3:6e:99:00:a1:12:a7:e3:1f:4d:2d:
         b9:91:f5:8b:cc:eb:b6:77:54:a0:a1:67:72:27:6b:32:62:56:
         dc:b7:85:0e:0b:4a:d9:42:72:85:22:7e:ba:cc:5d:92:93:4d:
         3c:ac:45:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJ5S1CTbBVdu3Y8yviKiRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzYWYyZTk4N2QyYjYzYWRkYWE1YWRjMTc4ZjMxZTkwZDg3
NmFhYTcwHhcNMjUwMTAyMTc1NDMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTdlN2U2ZmNiNWYyMzE2N2Q0MWEzOWIyMzdlMzBiYWMzMDkwMmVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsfOvQqYvbuTPOx4eMKY2LMQbMrcw
OZvbsz68VuSGAlp6iIDWvV2KJyKJxTyvO1Nw4znjjyZcbm9mECsJCODfGZQ6N07p
TxXprsW4mnY2NRJaGNHWSW7iN2/WfITTMAi6GOYIHMtVqb0hUFaGi7QELr929dQY
YnIjkTZ+nP3296BaILlNoorCneyc+WDH/Uz92rlFbxdSd1qeV+8TC0BprikvCPuI
Ds53xEehmXo24eEg98XCZ/FEWtNffi7t9GrTdKyLj4W7uxUPWiQt6GeYwlBr3LW5
csZ/KtLQ5T6XMJ8Q5IMGD1eiGUYt+voIZ8GHEzL716++mgKk5HcDdGmtYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCl+fm/LXyMWfUGjmyN+MLrDCQLvMB8GA1UdIwQY
MBaAFEOvLph9K2Ot2qWtwXjzHpDYdqqnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTY4dW1IMHJZNjNhcGEzQmVQTWVrTmgycXFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi82Njg0MzctOTdjMi00OGMyLWI3Yzgt
Y2M3NzQ2NzE5NDA2LzEvS1g1LWI4dGZJeFo5UWFPYkkzNHd1c01KQXU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi82Njg0MzctOTdjMi00OGMyLWI3YzgtY2M3NzQ2NzE5NDA2
LzEvUTY4dW1IMHJZNjNhcGEzQmVQTWVrTmgycXFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuQL0MA0G
CSqGSIb3DQEBCwUAA4IBAQCEvlRHCa/ZwW6xn24iFG8o6Ut4/2A4ZHDpcSVyIXhb
JbAs9Jyfc50YPlSv+QkGw6gpsL6dP8n86PTUeU6J2P6ldeE1Qj2gOmO77jG7LmNf
FGA7oIeDTs3IFvJP8PD6JQyl8oG7Omczln4h8TQkqDUuNmarnr8idbs/bd6YVAtA
JDq1AGbSE6C0QgE2tXODsZuj+8A+MHR+YXHNHT21zHOSkLww9Eoq9kWPKK3AtW43
kQnfXdCH1ya75I8B8pE+nPkOIG8pA4ceAzI5V63Y026ZAKESp+MfTS25kfWLzOu2
d1SgoWdyJ2syYlbct4UOC0rZQnKFIn66zF2Sk008rEW3
-----END CERTIFICATE-----