Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/069eab-f80d-4953-abc1-31aec07e945a/1/kMy_Ytqu-62SnckodYKnIddoAV4.roa
File:                     kMy_Ytqu-62SnckodYKnIddoAV4.roa (raw, json)
Hash identifier:          DNh5a1DbxWEI9P2LYvBxRTY+TTerG2Ce0TBwgUaWhng=
Subject key identifier:   90:CC:BF:62:DA:AE:FB:AD:92:9D:C9:28:75:82:A7:21:D7:68:01:5E
Certificate issuer:       /CN=0a48c04816aa61f935e14a64c3ebba910ba651f4
Certificate serial:       0196009B7387CE2E78EE92ED61B318C2711A
Authority key identifier: 0A:48:C0:48:16:AA:61:F9:35:E1:4A:64:C3:EB:BA:91:0B:A6:51:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CkjASBaqYfk14Upkw-u6kQumUfQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/069eab-f80d-4953-abc1-31aec07e945a/1/kMy_Ytqu-62SnckodYKnIddoAV4.roa
Signing time:             Fri 04 Apr 2025 11:41:49 +0000
ROA not before:           Fri 04 Apr 2025 11:41:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214743
IP address blocks:        91.198.23.0/24 maxlen: 24
                          193.105.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/069eab-f80d-4953-abc1-31aec07e945a/1/CkjASBaqYfk14Upkw-u6kQumUfQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/069eab-f80d-4953-abc1-31aec07e945a/1/CkjASBaqYfk14Upkw-u6kQumUfQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CkjASBaqYfk14Upkw-u6kQumUfQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:00:9b:73:87:ce:2e:78:ee:92:ed:61:b3:18:c2:71:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a48c04816aa61f935e14a64c3ebba910ba651f4
        Validity
            Not Before: Apr  4 11:41:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=90ccbf62daaefbad929dc9287582a721d768015e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:bf:d7:f1:79:36:c7:90:98:65:52:75:3b:3e:
                    75:0a:c0:07:19:ed:be:72:54:fa:5e:58:51:28:30:
                    86:6f:c0:a3:23:87:15:4c:9a:e3:d4:5f:6f:a8:8b:
                    25:05:15:cf:48:6a:c2:ce:73:31:0d:25:21:e1:db:
                    84:79:1c:cb:f1:c3:09:48:57:a5:6a:b8:47:4f:84:
                    66:f3:5c:aa:53:47:9c:61:b5:a3:c8:36:cb:0a:a0:
                    6f:26:6c:cb:b6:d2:9b:5d:6d:f4:e6:fd:eb:ec:9e:
                    fa:f3:49:7d:af:60:e8:f8:5b:35:16:8d:22:12:cc:
                    2f:cc:dc:0f:ac:53:9f:53:3b:ac:14:d3:aa:9d:1f:
                    55:df:88:da:a3:02:d3:0e:cc:f8:53:25:98:76:f8:
                    18:1a:e4:39:34:fd:50:f3:6e:c3:bb:94:6c:59:a7:
                    f1:70:05:97:cf:b1:ec:3d:17:81:b2:71:6a:ff:4c:
                    ff:13:18:81:c7:ce:ee:43:86:dd:a8:42:a1:f5:8e:
                    2d:94:1f:26:11:20:e4:db:06:6f:cd:52:f3:36:22:
                    f5:bd:24:18:2d:fd:de:31:28:9e:db:71:cc:50:73:
                    90:16:b8:73:4d:2a:35:57:4a:7d:a5:6b:63:93:61:
                    ff:de:93:f6:58:ea:28:ee:47:75:3a:ed:0a:de:48:
                    71:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:CC:BF:62:DA:AE:FB:AD:92:9D:C9:28:75:82:A7:21:D7:68:01:5E
            X509v3 Authority Key Identifier:
                keyid:0A:48:C0:48:16:AA:61:F9:35:E1:4A:64:C3:EB:BA:91:0B:A6:51:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CkjASBaqYfk14Upkw-u6kQumUfQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/069eab-f80d-4953-abc1-31aec07e945a/1/kMy_Ytqu-62SnckodYKnIddoAV4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/069eab-f80d-4953-abc1-31aec07e945a/1/CkjASBaqYfk14Upkw-u6kQumUfQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.23.0/24
                  193.105.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:30:5f:40:33:c3:cd:c2:0d:d8:ea:ec:d8:18:ee:55:d7:40:
         73:c7:1d:8b:28:f7:a1:49:8a:9d:c7:e0:12:1e:cf:dc:25:8e:
         07:05:79:0d:c5:e2:2e:75:b3:63:17:34:27:c1:fe:0f:f0:e6:
         95:cc:ce:39:a0:e0:4c:c4:2b:a3:62:fd:ae:06:51:b5:94:9f:
         dc:f9:33:08:71:bd:e5:1f:5d:19:fe:d4:97:5b:c3:35:fb:78:
         65:ef:7d:15:4c:7c:dd:74:91:b3:2a:e2:22:9a:dd:b9:32:56:
         a1:9f:55:02:bd:44:b1:62:bb:06:1a:4d:63:32:8b:b0:02:50:
         2d:da:7e:84:ae:0b:fb:3a:5e:93:ac:7d:5d:12:43:fc:85:62:
         60:16:1d:8c:e2:28:b0:c6:e5:4a:1b:80:50:59:2b:40:ae:fc:
         34:52:1f:81:1c:0a:a5:a3:8b:ba:e9:79:b6:3e:34:33:c7:87:
         a8:15:16:c5:4d:69:96:64:77:2f:ac:39:3f:5b:a3:94:4b:f6:
         4a:12:2c:84:4b:42:3b:cf:dc:91:22:6b:a8:79:5f:d7:e8:25:
         d0:10:c8:4f:a1:43:60:30:bb:8a:ed:ef:89:13:ad:82:d3:7d:
         69:f4:b1:c2:ad:9d:3e:07:c9:5d:01:a5:7b:29:fa:7d:db:11:
         71:61:40:1f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZYAm3OHzi547pLtYbMYwnEaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhNDhjMDQ4MTZhYTYxZjkzNWUxNGE2NGMzZWJiYTkxMGJh
NjUxZjQwHhcNMjUwNDA0MTE0MTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGNjYmY2MmRhYWVmYmFkOTI5ZGM5Mjg3NTgyYTcyMWQ3NjgwMTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAob/X8Xk2x5CYZVJ1Oz51CsAHGe2+
clT6XlhRKDCGb8CjI4cVTJrj1F9vqIslBRXPSGrCznMxDSUh4duEeRzL8cMJSFel
arhHT4Rm81yqU0ecYbWjyDbLCqBvJmzLttKbXW305v3r7J7680l9r2Do+Fs1Fo0i
EswvzNwPrFOfUzusFNOqnR9V34jaowLTDsz4UyWYdvgYGuQ5NP1Q827Du5RsWafx
cAWXz7HsPReBsnFq/0z/ExiBx87uQ4bdqEKh9Y4tlB8mESDk2wZvzVLzNiL1vSQY
Lf3eMSie23HMUHOQFrhzTSo1V0p9pWtjk2H/3pP2WOoo7kd1Ou0K3khxCwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJDMv2Larvutkp3JKHWCpyHXaAFeMB8GA1UdIwQY
MBaAFApIwEgWqmH5NeFKZMPrupELplH0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2tqQVNCYXFZZmsxNFVwa3ctdTZrUXVtVWZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8wNjllYWItZjgwZC00OTUzLWFiYzEt
MzFhZWMwN2U5NDVhLzEva015X1l0cXUtNjJTbmNrb2RZS25JZGRvQVY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8wNjllYWItZjgwZC00OTUzLWFiYzEtMzFhZWMwN2U5NDVh
LzEvQ2tqQVNCYXFZZmsxNFVwa3ctdTZrUXVtVWZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW8YXAwQA
wWnxMA0GCSqGSIb3DQEBCwUAA4IBAQAdMF9AM8PNwg3Y6uzYGO5V10Bzxx2LKPeh
SYqdx+ASHs/cJY4HBXkNxeIudbNjFzQnwf4P8OaVzM45oOBMxCujYv2uBlG1lJ/c
+TMIcb3lH10Z/tSXW8M1+3hl730VTHzddJGzKuIimt25Mlahn1UCvUSxYrsGGk1j
MouwAlAt2n6Ergv7Ol6TrH1dEkP8hWJgFh2M4iiwxuVKG4BQWStArvw0Uh+BHAql
o4u66Xm2PjQzx4eoFRbFTWmWZHcvrDk/W6OUS/ZKEiyES0I7z9yRImuoeV/X6CXQ
EMhPoUNgMLuK7e+JE62C031p9LHCrZ0+B8ldAaV7Kfp92xFxYUAf
-----END CERTIFICATE-----