Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/1a031b-a71f-4bee-91e2-d4bd53c94b66/1/ktIncahrfLa4AKcR1V4yol-a_BI.roa
File:                     ktIncahrfLa4AKcR1V4yol-a_BI.roa (raw, json)
Hash identifier:          Mx4NBM7kiKGaNo0WSweTZJBXr6mw6+aPoRI2jYSEHVk=
Subject key identifier:   92:D2:27:71:A8:6B:7C:B6:B8:00:A7:11:D5:5E:32:A2:5F:9A:FC:12
Certificate issuer:       /CN=44def5a77dcc9aac99c34e2d719b8ba0d04e03d1
Certificate serial:       0194228D0C07134B19E84D08906107177279
Authority key identifier: 44:DE:F5:A7:7D:CC:9A:AC:99:C3:4E:2D:71:9B:8B:A0:D0:4E:03:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RN71p33MmqyZw04tcZuLoNBOA9E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/1a031b-a71f-4bee-91e2-d4bd53c94b66/1/ktIncahrfLa4AKcR1V4yol-a_BI.roa
Signing time:             Wed 01 Jan 2025 15:47:36 +0000
ROA not before:           Wed 01 Jan 2025 15:47:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57329
IP address blocks:        31.31.40.0/21 maxlen: 21
                          185.151.92.0/22 maxlen: 22
                          2a06:d440::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/1a031b-a71f-4bee-91e2-d4bd53c94b66/1/RN71p33MmqyZw04tcZuLoNBOA9E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/1a031b-a71f-4bee-91e2-d4bd53c94b66/1/RN71p33MmqyZw04tcZuLoNBOA9E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RN71p33MmqyZw04tcZuLoNBOA9E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 08:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:0c:07:13:4b:19:e8:4d:08:90:61:07:17:72:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44def5a77dcc9aac99c34e2d719b8ba0d04e03d1
        Validity
            Not Before: Jan  1 15:47:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=92d22771a86b7cb6b800a711d55e32a25f9afc12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:fb:dc:f0:f6:7c:c6:31:41:a4:27:ed:42:6d:
                    4f:f4:09:0b:48:65:c6:0b:f3:a5:38:95:bc:08:9a:
                    2d:e4:25:95:24:63:0d:1f:ed:6a:b5:4d:8e:4a:ec:
                    fa:d7:29:92:b3:c8:df:ec:e0:76:aa:3f:89:fe:64:
                    74:b3:8f:bf:95:a2:27:e6:28:90:9e:da:ba:f2:6a:
                    81:34:c0:82:b4:5f:83:07:08:96:97:fc:51:0d:17:
                    03:57:e8:fb:23:ea:d7:75:a4:1c:36:fc:b8:47:22:
                    4a:ea:99:c8:8e:26:62:c7:b7:68:1c:79:50:34:50:
                    a2:41:e1:94:ce:69:6a:13:01:dc:04:2b:f4:04:ab:
                    e8:48:c6:70:13:6f:47:db:81:5b:5d:d3:30:72:e2:
                    2d:5e:f5:be:3f:13:61:98:63:97:29:34:b1:1b:cc:
                    1e:11:49:7b:d0:a2:93:ee:36:d3:36:57:e9:5d:8a:
                    98:0c:cb:6f:38:40:a7:08:0d:72:f4:f2:2a:9c:5f:
                    dc:d1:69:b3:c0:bc:7a:18:71:ac:1a:5b:05:4b:90:
                    d7:e2:f4:ce:15:85:d3:4c:6f:6b:47:e6:d4:fe:c9:
                    c6:dc:8c:89:e4:aa:c4:7e:83:ae:ca:9c:9c:20:78:
                    4c:9f:73:80:b1:ff:50:69:22:07:5a:02:bd:00:16:
                    a0:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:D2:27:71:A8:6B:7C:B6:B8:00:A7:11:D5:5E:32:A2:5F:9A:FC:12
            X509v3 Authority Key Identifier:
                keyid:44:DE:F5:A7:7D:CC:9A:AC:99:C3:4E:2D:71:9B:8B:A0:D0:4E:03:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RN71p33MmqyZw04tcZuLoNBOA9E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/1a031b-a71f-4bee-91e2-d4bd53c94b66/1/ktIncahrfLa4AKcR1V4yol-a_BI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/1a031b-a71f-4bee-91e2-d4bd53c94b66/1/RN71p33MmqyZw04tcZuLoNBOA9E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.31.40.0/21
                  185.151.92.0/22
                IPv6:
                  2a06:d440::/29

    Signature Algorithm: sha256WithRSAEncryption
         8c:b9:9a:be:f7:38:85:07:d6:d3:40:5b:34:37:e0:70:0a:b5:
         94:a5:0f:f2:fb:b2:3e:85:56:e7:03:df:2b:75:d6:8a:5f:1c:
         78:a2:e7:1d:c6:64:b4:60:40:e5:1a:ee:45:56:71:1a:5e:df:
         56:d0:73:48:0a:1b:b8:ca:0c:8b:f1:49:0e:66:47:94:f4:79:
         bf:a7:cb:ff:db:f0:54:e1:39:36:4f:53:2c:9a:2a:3b:21:40:
         48:2a:83:70:b6:b8:f5:9f:95:cc:75:67:eb:64:e9:77:ee:5f:
         b8:59:2c:1b:00:e6:a4:f6:1b:c9:9b:70:c6:ea:2d:aa:0b:72:
         83:00:4a:c7:de:bf:8f:66:9a:7b:1c:58:9c:47:1b:78:20:02:
         18:d7:64:71:89:92:ce:f8:af:ee:8f:be:fe:d4:e6:62:1b:18:
         d6:21:b4:dc:c9:22:00:05:ef:89:49:6f:66:29:86:cc:f1:66:
         c0:ac:3e:e3:23:30:31:1f:08:10:a6:83:c2:6c:e4:f4:c1:bc:
         9d:e6:12:c3:a2:00:93:b1:6e:ca:09:cd:8e:dd:a7:91:41:56:
         e8:43:61:14:ac:87:73:a0:e8:d1:20:07:9d:e3:bb:45:a0:33:
         c4:19:02:a2:b3:7e:01:5d:fc:fd:df:e0:e1:f0:2b:7d:76:ec:
         73:49:3f:ad
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQijQwHE0sZ6E0IkGEHF3J5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0ZGVmNWE3N2RjYzlhYWM5OWMzNGUyZDcxOWI4YmEwZDA0
ZTAzZDEwHhcNMjUwMTAxMTU0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmQyMjc3MWE4NmI3Y2I2YjgwMGE3MTFkNTVlMzJhMjVmOWFmYzEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvfvc8PZ8xjFBpCftQm1P9AkLSGXG
C/OlOJW8CJot5CWVJGMNH+1qtU2OSuz61ymSs8jf7OB2qj+J/mR0s4+/laIn5iiQ
ntq68mqBNMCCtF+DBwiWl/xRDRcDV+j7I+rXdaQcNvy4RyJK6pnIjiZix7doHHlQ
NFCiQeGUzmlqEwHcBCv0BKvoSMZwE29H24FbXdMwcuItXvW+PxNhmGOXKTSxG8we
EUl70KKT7jbTNlfpXYqYDMtvOECnCA1y9PIqnF/c0WmzwLx6GHGsGlsFS5DX4vTO
FYXTTG9rR+bU/snG3IyJ5KrEfoOuypycIHhMn3OAsf9QaSIHWgK9ABagHwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJLSJ3Goa3y2uACnEdVeMqJfmvwSMB8GA1UdIwQY
MBaAFETe9ad9zJqsmcNOLXGbi6DQTgPRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUk43MXAzM01tcXladzA0dGNadUxvTkJPQTlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS8xYTAzMWItYTcxZi00YmVlLTkxZTIt
ZDRiZDUzYzk0YjY2LzEva3RJbmNhaHJmTGE0QUtjUjFWNHlvbC1hX0JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS8xYTAzMWItYTcxZi00YmVlLTkxZTItZDRiZDUzYzk0YjY2
LzEvUk43MXAzM01tcXladzA0dGNadUxvTkJPQTlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDHx8oAwQC
uZdcMA0EAgACMAcDBQMqBtRAMA0GCSqGSIb3DQEBCwUAA4IBAQCMuZq+9ziFB9bT
QFs0N+BwCrWUpQ/y+7I+hVbnA98rddaKXxx4oucdxmS0YEDlGu5FVnEaXt9W0HNI
Chu4ygyL8UkOZkeU9Hm/p8v/2/BU4Tk2T1Msmio7IUBIKoNwtrj1n5XMdWfrZOl3
7l+4WSwbAOak9hvJm3DG6i2qC3KDAErH3r+PZpp7HFicRxt4IAIY12RxiZLO+K/u
j77+1OZiGxjWIbTcySIABe+JSW9mKYbM8WbArD7jIzAxHwgQpoPCbOT0wbyd5hLD
ogCTsW7KCc2O3aeRQVboQ2EUrIdzoOjRIAed47tFoDPEGQKis34BXfz93+Dh8Ct9
duxzST+t
-----END CERTIFICATE-----