Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/b8097a-4eed-463b-b65a-0ec7ecb25030/1/KPjydIOJaGq7MrGDIyks0pG8OMc.roa
File:                     KPjydIOJaGq7MrGDIyks0pG8OMc.roa (raw, json)
Hash identifier:          EbMrbtdHkpWfjQpY4PIBNTo9mg3b+j3TofouOP6XhE4=
Subject key identifier:   28:F8:F2:74:83:89:68:6A:BB:32:B1:83:23:29:2C:D2:91:BC:38:C7
Certificate issuer:       /CN=f53353f368dd801cd6102232dfa1cea69dd8cb6c
Certificate serial:       019427B472496C40DDE817CF14EBBC2FEAA2
Authority key identifier: F5:33:53:F3:68:DD:80:1C:D6:10:22:32:DF:A1:CE:A6:9D:D8:CB:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9TNT82jdgBzWECIy36HOpp3Yy2w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/b8097a-4eed-463b-b65a-0ec7ecb25030/1/KPjydIOJaGq7MrGDIyks0pG8OMc.roa
Signing time:             Thu 02 Jan 2025 15:48:44 +0000
ROA not before:           Thu 02 Jan 2025 15:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201534
IP address blocks:        185.71.216.0/24 maxlen: 24
                          185.71.217.0/24 maxlen: 24
                          185.71.218.0/24 maxlen: 24
                          185.71.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/b8097a-4eed-463b-b65a-0ec7ecb25030/1/9TNT82jdgBzWECIy36HOpp3Yy2w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/b8097a-4eed-463b-b65a-0ec7ecb25030/1/9TNT82jdgBzWECIy36HOpp3Yy2w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9TNT82jdgBzWECIy36HOpp3Yy2w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 11:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b4:72:49:6c:40:dd:e8:17:cf:14:eb:bc:2f:ea:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f53353f368dd801cd6102232dfa1cea69dd8cb6c
        Validity
            Not Before: Jan  2 15:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=28f8f2748389686abb32b18323292cd291bc38c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:2a:cc:d4:56:85:39:6c:2a:d8:37:8c:54:35:
                    9f:64:42:08:a3:06:3e:cd:17:b4:00:63:b7:39:9a:
                    b9:0c:01:fb:76:5f:92:c5:a6:54:cc:a9:3e:01:18:
                    dc:f3:4d:56:df:de:f3:e6:96:47:af:77:a7:7c:72:
                    78:38:1c:b4:af:c8:35:39:ed:11:54:64:55:00:c7:
                    33:80:54:0e:22:46:6a:ac:d3:77:28:c6:7d:6d:cb:
                    cf:17:72:60:11:d5:74:ab:0b:3f:09:36:a9:50:01:
                    69:7a:6b:96:0c:ee:91:9b:b9:ca:ed:e5:26:8d:24:
                    68:37:64:25:d0:8a:b0:10:0f:5f:cf:dd:e1:55:95:
                    c6:d2:7d:6b:36:f3:70:c8:9f:c8:13:eb:a8:cb:57:
                    03:33:9f:94:ed:8a:11:5c:ad:60:7e:91:65:86:fd:
                    fe:95:82:df:c2:03:40:4d:64:bb:3f:aa:d0:1c:9a:
                    95:1c:b1:ae:fa:80:12:52:fc:e1:e2:31:8f:7f:30:
                    b5:27:87:1a:97:6a:45:97:92:d1:b9:0e:f6:e7:7d:
                    b7:a4:cd:48:65:99:d3:ba:0e:a5:12:41:ea:53:c4:
                    88:03:ff:36:e5:87:45:d7:4c:73:23:57:56:fe:36:
                    eb:a6:9f:f7:3f:5c:88:2e:bd:c6:f4:26:a0:89:4e:
                    ef:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:F8:F2:74:83:89:68:6A:BB:32:B1:83:23:29:2C:D2:91:BC:38:C7
            X509v3 Authority Key Identifier:
                keyid:F5:33:53:F3:68:DD:80:1C:D6:10:22:32:DF:A1:CE:A6:9D:D8:CB:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9TNT82jdgBzWECIy36HOpp3Yy2w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/b8097a-4eed-463b-b65a-0ec7ecb25030/1/KPjydIOJaGq7MrGDIyks0pG8OMc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/b8097a-4eed-463b-b65a-0ec7ecb25030/1/9TNT82jdgBzWECIy36HOpp3Yy2w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.71.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         80:36:f5:01:7f:aa:36:91:b7:e0:52:d1:9a:dd:64:4e:b2:44:
         c2:6f:f5:f3:99:15:a9:a0:3e:42:69:df:11:f3:0a:84:3f:41:
         81:e2:ee:77:55:04:19:49:a4:71:14:9c:8b:1d:3d:a7:23:e7:
         d2:45:4b:4e:c6:96:9f:a0:31:54:62:89:8e:20:2b:b7:d5:b8:
         54:e8:a5:60:c4:85:54:44:0e:53:b7:f4:9c:44:08:b0:54:6a:
         a9:a8:46:33:b6:c7:da:e1:7a:ef:1f:be:82:6a:01:1c:b3:58:
         9e:45:b6:54:18:d9:df:3b:7a:24:33:02:a7:2d:14:9b:ea:c0:
         d6:37:5f:48:b1:53:1c:b9:fc:8f:15:52:5f:46:15:a4:76:ff:
         d4:de:ee:55:68:d8:72:c3:bc:f3:eb:09:92:95:a9:30:c8:7b:
         27:45:a8:cd:29:8a:1e:db:95:4e:5d:08:5f:fd:bf:4c:4d:de:
         78:d2:b0:02:e0:3a:26:b5:b8:8a:bb:4a:68:44:67:78:40:7d:
         d9:1b:87:26:77:f7:b7:44:77:64:45:8f:5c:42:ff:1e:ce:26:
         d3:7e:bb:09:ec:9f:d7:a6:94:51:9e:12:8d:24:cb:e6:fd:19:
         fc:3f:51:57:7d:84:a4:63:92:13:c7:4e:4d:9e:e7:68:60:6d:
         17:57:48:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntHJJbEDd6BfPFOu8L+qiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1MzM1M2YzNjhkZDgwMWNkNjEwMjIzMmRmYTFjZWE2OWRk
OGNiNmMwHhcNMjUwMTAyMTU0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGY4ZjI3NDgzODk2ODZhYmIzMmIxODMyMzI5MmNkMjkxYmMzOGM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqCrM1FaFOWwq2DeMVDWfZEIIowY+
zRe0AGO3OZq5DAH7dl+SxaZUzKk+ARjc801W397z5pZHr3enfHJ4OBy0r8g1Oe0R
VGRVAMczgFQOIkZqrNN3KMZ9bcvPF3JgEdV0qws/CTapUAFpemuWDO6Rm7nK7eUm
jSRoN2Ql0IqwEA9fz93hVZXG0n1rNvNwyJ/IE+uoy1cDM5+U7YoRXK1gfpFlhv3+
lYLfwgNATWS7P6rQHJqVHLGu+oASUvzh4jGPfzC1J4cal2pFl5LRuQ725323pM1I
ZZnTug6lEkHqU8SIA/825YdF10xzI1dW/jbrpp/3P1yILr3G9CagiU7vzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCj48nSDiWhquzKxgyMpLNKRvDjHMB8GA1UdIwQY
MBaAFPUzU/No3YAc1hAiMt+hzqad2MtsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVROVDgyamRnQnpXRUNJeTM2SE9wcDNZeTJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9iODA5N2EtNGVlZC00NjNiLWI2NWEt
MGVjN2VjYjI1MDMwLzEvS1BqeWRJT0phR3E3TXJHREl5a3MwcEc4T01jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9iODA5N2EtNGVlZC00NjNiLWI2NWEtMGVjN2VjYjI1MDMw
LzEvOVROVDgyamRnQnpXRUNJeTM2SE9wcDNZeTJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUfYMA0G
CSqGSIb3DQEBCwUAA4IBAQCANvUBf6o2kbfgUtGa3WROskTCb/XzmRWpoD5Cad8R
8wqEP0GB4u53VQQZSaRxFJyLHT2nI+fSRUtOxpafoDFUYomOICu31bhU6KVgxIVU
RA5Tt/ScRAiwVGqpqEYztsfa4XrvH76CagEcs1ieRbZUGNnfO3okMwKnLRSb6sDW
N19IsVMcufyPFVJfRhWkdv/U3u5VaNhyw7zz6wmSlakwyHsnRajNKYoe25VOXQhf
/b9MTd540rAC4DomtbiKu0poRGd4QH3ZG4cmd/e3RHdkRY9cQv8ezibTfrsJ7J/X
ppRRnhKNJMvm/Rn8P1FXfYSkY5ITx05NnudoYG0XV0iK
-----END CERTIFICATE-----