Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/d4e0db-18c1-4483-8803-966685ea40f9/1/KKovPP5k_vOQvmKc7t5x14I_gos.roa
File:                     KKovPP5k_vOQvmKc7t5x14I_gos.roa (raw, json)
Hash identifier:          xTSJVhmS95WWwOtUsvBgdC5iNk4sqmcitObjOn9r3l4=
Subject key identifier:   28:AA:2F:3C:FE:64:FE:F3:90:BE:62:9C:EE:DE:71:D7:82:3F:82:8B
Certificate issuer:       /CN=1925e6387b33e94069a89a5d1be68904e4090613
Certificate serial:       019421443F72064D95700F9A8414D8490945
Authority key identifier: 19:25:E6:38:7B:33:E9:40:69:A8:9A:5D:1B:E6:89:04:E4:09:06:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GSXmOHsz6UBpqJpdG-aJBOQJBhM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/d4e0db-18c1-4483-8803-966685ea40f9/1/KKovPP5k_vOQvmKc7t5x14I_gos.roa
Signing time:             Wed 01 Jan 2025 09:48:28 +0000
ROA not before:           Wed 01 Jan 2025 09:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214523
IP address blocks:        194.62.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/d4e0db-18c1-4483-8803-966685ea40f9/1/GSXmOHsz6UBpqJpdG-aJBOQJBhM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/d4e0db-18c1-4483-8803-966685ea40f9/1/GSXmOHsz6UBpqJpdG-aJBOQJBhM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GSXmOHsz6UBpqJpdG-aJBOQJBhM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 09:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:3f:72:06:4d:95:70:0f:9a:84:14:d8:49:09:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1925e6387b33e94069a89a5d1be68904e4090613
        Validity
            Not Before: Jan  1 09:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=28aa2f3cfe64fef390be629ceede71d7823f828b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:42:38:85:f0:f3:b3:5f:aa:13:fd:35:6f:a0:
                    8a:15:68:01:e6:c7:d6:d6:aa:8e:e2:6b:90:bd:3c:
                    85:54:6a:b4:9d:15:b1:0f:57:fa:0f:79:b5:1f:32:
                    a5:95:11:1c:0d:e0:8d:74:ed:6a:76:36:d3:88:2b:
                    9f:39:c9:f2:11:41:03:27:02:8e:92:ad:67:5a:be:
                    9a:32:b1:64:61:ff:d7:c5:17:f4:79:8c:d3:39:fe:
                    95:89:99:fb:c2:dd:0c:8a:f1:7a:7c:f4:dd:50:c1:
                    46:64:e2:70:e3:ce:9b:e7:42:b4:8a:9e:61:54:55:
                    6d:db:7f:dc:3b:66:82:3a:dc:9a:dd:c4:9f:55:fc:
                    b4:fe:ac:83:24:71:70:95:e3:5b:0b:59:4e:e9:dc:
                    bd:5b:7f:84:e5:ad:ae:85:4c:90:77:b6:92:54:8d:
                    cb:00:b2:cf:aa:6b:98:aa:95:61:24:f5:71:60:94:
                    b8:1a:d9:4c:1b:df:e8:5f:63:fd:e0:5d:85:65:a0:
                    4a:29:85:11:1a:43:84:bf:48:53:4e:f7:ba:e5:25:
                    bd:c2:07:61:44:9c:2d:59:20:9b:04:e3:9e:a5:ff:
                    d2:36:9d:f8:f0:10:17:bb:85:b1:46:7f:39:ee:5b:
                    43:42:f4:11:c9:ba:f0:bd:0a:5e:1f:b6:0f:55:65:
                    8f:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:AA:2F:3C:FE:64:FE:F3:90:BE:62:9C:EE:DE:71:D7:82:3F:82:8B
            X509v3 Authority Key Identifier:
                keyid:19:25:E6:38:7B:33:E9:40:69:A8:9A:5D:1B:E6:89:04:E4:09:06:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GSXmOHsz6UBpqJpdG-aJBOQJBhM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/d4e0db-18c1-4483-8803-966685ea40f9/1/KKovPP5k_vOQvmKc7t5x14I_gos.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/d4e0db-18c1-4483-8803-966685ea40f9/1/GSXmOHsz6UBpqJpdG-aJBOQJBhM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.62.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:a3:5b:01:4a:7b:ad:45:eb:d2:bd:21:62:ff:57:17:48:18:
         3c:12:32:d3:6c:64:7d:8a:14:54:89:b1:27:9f:9a:8f:15:10:
         23:6f:ac:59:21:ec:ae:e7:27:5f:87:f2:fc:3a:d2:4c:cf:80:
         d5:16:b5:47:9b:e2:ea:f0:bd:f5:07:36:48:05:43:da:2f:79:
         ec:e7:72:9f:7d:47:a0:a6:22:45:52:b7:53:ae:ed:34:79:e4:
         85:2f:17:89:4b:e6:87:3c:f0:db:3a:0f:80:2c:eb:56:1d:82:
         b0:8d:43:67:a8:72:8b:b3:47:52:77:c1:f0:53:88:d7:cf:ba:
         03:2a:96:15:20:28:45:6f:96:6e:dd:73:9e:ab:a4:b1:e8:f3:
         41:1e:32:1c:0a:f1:d4:5d:df:62:df:e0:6a:e0:5c:63:e9:75:
         16:d2:60:51:bb:b9:2c:f6:c1:fc:ac:d4:74:82:31:68:4b:f2:
         9f:f0:de:dd:ff:41:14:23:47:27:a4:95:9d:b1:d0:f1:03:fc:
         84:d0:e8:0c:3e:a3:11:ad:f8:1c:77:50:84:01:10:b8:d1:a6:
         07:2e:d2:20:9e:3b:e4:0c:ff:44:ef:82:a9:6f:b9:b2:50:34:
         a1:75:b3:5a:ad:66:b7:db:8e:63:42:5d:85:f4:69:18:14:f7:
         3d:37:fd:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRD9yBk2VcA+ahBTYSQlFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5MjVlNjM4N2IzM2U5NDA2OWE4OWE1ZDFiZTY4OTA0ZTQw
OTA2MTMwHhcNMjUwMTAxMDk0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGFhMmYzY2ZlNjRmZWYzOTBiZTYyOWNlZWRlNzFkNzgyM2Y4MjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx0I4hfDzs1+qE/01b6CKFWgB5sfW
1qqO4muQvTyFVGq0nRWxD1f6D3m1HzKllREcDeCNdO1qdjbTiCufOcnyEUEDJwKO
kq1nWr6aMrFkYf/XxRf0eYzTOf6ViZn7wt0MivF6fPTdUMFGZOJw486b50K0ip5h
VFVt23/cO2aCOtya3cSfVfy0/qyDJHFwleNbC1lO6dy9W3+E5a2uhUyQd7aSVI3L
ALLPqmuYqpVhJPVxYJS4GtlMG9/oX2P94F2FZaBKKYURGkOEv0hTTve65SW9wgdh
RJwtWSCbBOOepf/SNp348BAXu4WxRn857ltDQvQRybrwvQpeH7YPVWWPawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCiqLzz+ZP7zkL5inO7ecdeCP4KLMB8GA1UdIwQY
MBaAFBkl5jh7M+lAaaiaXRvmiQTkCQYTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1NYbU9Ic3o2VUJwcUpwZEctYUpCT1FKQmhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9kNGUwZGItMThjMS00NDgzLTg4MDMt
OTY2Njg1ZWE0MGY5LzEvS0tvdlBQNWtfdk9Rdm1LYzd0NXgxNElfZ29zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9kNGUwZGItMThjMS00NDgzLTg4MDMtOTY2Njg1ZWE0MGY5
LzEvR1NYbU9Ic3o2VUJwcUpwZEctYUpCT1FKQmhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwj4uMA0G
CSqGSIb3DQEBCwUAA4IBAQAAo1sBSnutRevSvSFi/1cXSBg8EjLTbGR9ihRUibEn
n5qPFRAjb6xZIeyu5ydfh/L8OtJMz4DVFrVHm+Lq8L31BzZIBUPaL3ns53KffUeg
piJFUrdTru00eeSFLxeJS+aHPPDbOg+ALOtWHYKwjUNnqHKLs0dSd8HwU4jXz7oD
KpYVIChFb5Zu3XOeq6Sx6PNBHjIcCvHUXd9i3+Bq4Fxj6XUW0mBRu7ks9sH8rNR0
gjFoS/Kf8N7d/0EUI0cnpJWdsdDxA/yE0OgMPqMRrfgcd1CEARC40aYHLtIgnjvk
DP9E74Kpb7myUDShdbNarWa3245jQl2F9GkYFPc9N/2/
-----END CERTIFICATE-----