Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/582695-61a1-48e7-b6ac-7bc45340dd28/1/KL5bIat3Yk7dpaHmhHBN9ywSikg.roa
File:                     KL5bIat3Yk7dpaHmhHBN9ywSikg.roa (raw, json)
Hash identifier:          2Dm1yDCv5S4uhPon+c/p0fcUA41+SmoP2uLFsPOLfB0=
Subject key identifier:   28:BE:5B:21:AB:77:62:4E:DD:A5:A1:E6:84:70:4D:F7:2C:12:8A:48
Certificate issuer:       /CN=4398b577b223b5a76351219a74fda446704890f7
Certificate serial:       01942220067F5E9329AE5A973752D994D089
Authority key identifier: 43:98:B5:77:B2:23:B5:A7:63:51:21:9A:74:FD:A4:46:70:48:90:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q5i1d7IjtadjUSGadP2kRnBIkPc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/582695-61a1-48e7-b6ac-7bc45340dd28/1/KL5bIat3Yk7dpaHmhHBN9ywSikg.roa
Signing time:             Wed 01 Jan 2025 13:48:31 +0000
ROA not before:           Wed 01 Jan 2025 13:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212323
IP address blocks:        185.209.12.0/24 maxlen: 24
                          2a10:d200::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/582695-61a1-48e7-b6ac-7bc45340dd28/1/Q5i1d7IjtadjUSGadP2kRnBIkPc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/582695-61a1-48e7-b6ac-7bc45340dd28/1/Q5i1d7IjtadjUSGadP2kRnBIkPc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q5i1d7IjtadjUSGadP2kRnBIkPc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:06:7f:5e:93:29:ae:5a:97:37:52:d9:94:d0:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4398b577b223b5a76351219a74fda446704890f7
        Validity
            Not Before: Jan  1 13:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=28be5b21ab77624edda5a1e684704df72c128a48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:fd:7d:1f:70:77:0e:ed:0f:a3:4e:7d:ae:61:
                    0e:65:75:f1:76:78:3e:06:60:4d:72:87:94:72:a0:
                    52:ec:3f:26:ed:11:52:ba:b1:3a:ce:4d:59:a4:15:
                    93:d9:f7:ed:3c:04:e1:12:89:ac:fa:20:39:2d:5b:
                    2a:6c:79:32:b7:54:fe:01:aa:16:5f:a6:28:b3:7c:
                    c0:93:5c:d6:d4:be:58:67:bd:b9:a2:e2:4c:1e:f5:
                    19:7d:53:9a:9a:d2:74:1d:00:69:8b:28:85:57:b2:
                    7a:0d:0e:47:f3:f2:91:32:d8:cb:17:13:93:da:11:
                    cf:3d:b5:40:52:49:cf:3f:a1:a1:8a:86:20:ad:1f:
                    1c:60:3f:fa:52:1c:c1:61:44:1e:88:4c:73:e7:a6:
                    60:8d:b1:e3:7c:f1:ee:42:f5:4a:50:37:de:a1:a0:
                    62:1e:44:5d:d2:48:71:89:85:8b:4c:e6:3b:54:cf:
                    55:54:2f:9c:58:58:e6:16:d3:0a:d0:1a:15:d8:f2:
                    3d:0f:d1:26:90:98:88:2f:96:cd:96:2c:cf:c5:5b:
                    b8:d3:41:bb:7b:06:8b:4a:cb:b5:4e:5b:a4:0a:16:
                    35:6b:14:71:f9:af:39:02:ab:52:19:fc:22:11:0e:
                    3c:ec:d2:da:22:f5:5b:6e:4b:21:7d:63:f2:5d:28:
                    04:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:BE:5B:21:AB:77:62:4E:DD:A5:A1:E6:84:70:4D:F7:2C:12:8A:48
            X509v3 Authority Key Identifier:
                keyid:43:98:B5:77:B2:23:B5:A7:63:51:21:9A:74:FD:A4:46:70:48:90:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q5i1d7IjtadjUSGadP2kRnBIkPc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/582695-61a1-48e7-b6ac-7bc45340dd28/1/KL5bIat3Yk7dpaHmhHBN9ywSikg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/582695-61a1-48e7-b6ac-7bc45340dd28/1/Q5i1d7IjtadjUSGadP2kRnBIkPc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.209.12.0/24
                IPv6:
                  2a10:d200::/29

    Signature Algorithm: sha256WithRSAEncryption
         9c:d0:75:44:a7:df:7d:cf:6c:55:a2:36:b0:cc:b3:5a:9a:90:
         82:23:48:7d:d2:b4:c4:fa:8f:b6:a9:88:60:f3:38:21:03:08:
         41:2a:3b:c6:d8:14:87:c1:c9:0d:b0:af:6b:3b:78:71:a8:39:
         4d:89:fd:3a:02:8d:09:0d:02:92:ee:d3:9e:59:6a:c0:e7:f2:
         46:06:94:5f:01:17:91:60:e5:29:e1:85:8a:ca:d9:d4:d2:22:
         2e:a1:ef:4a:6a:2a:47:56:d9:f4:8e:3c:c6:57:b9:1c:1d:a3:
         14:ea:00:ea:67:8f:0c:ae:78:18:c7:18:0a:1f:86:0b:d4:e8:
         c1:77:85:6a:69:6b:44:6d:0d:84:9e:6f:37:4f:62:1a:6c:16:
         21:8a:23:68:c4:e6:d9:34:e1:6f:b0:10:19:96:fb:95:1d:b0:
         c4:c5:19:87:24:aa:cd:12:39:9f:59:67:50:07:61:23:f0:a5:
         a4:c7:43:61:d8:38:23:b6:70:89:47:a1:dc:7e:46:04:af:c3:
         32:cb:97:16:f9:61:9e:ec:8f:15:82:66:4c:39:d9:41:4c:6e:
         7f:41:5f:fd:a4:3e:a1:75:2e:e2:66:52:01:d9:ca:89:35:3d:
         88:6c:31:f9:82:c5:c1:fd:de:f9:e0:3e:70:a9:e7:f7:47:a2:
         30:b4:75:2e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQiIAZ/XpMprlqXN1LZlNCJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzOThiNTc3YjIyM2I1YTc2MzUxMjE5YTc0ZmRhNDQ2NzA0
ODkwZjcwHhcNMjUwMTAxMTM0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGJlNWIyMWFiNzc2MjRlZGRhNWExZTY4NDcwNGRmNzJjMTI4YTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArv19H3B3Du0Po059rmEOZXXxdng+
BmBNcoeUcqBS7D8m7RFSurE6zk1ZpBWT2fftPAThEoms+iA5LVsqbHkyt1T+AaoW
X6Yos3zAk1zW1L5YZ725ouJMHvUZfVOamtJ0HQBpiyiFV7J6DQ5H8/KRMtjLFxOT
2hHPPbVAUknPP6GhioYgrR8cYD/6UhzBYUQeiExz56ZgjbHjfPHuQvVKUDfeoaBi
HkRd0khxiYWLTOY7VM9VVC+cWFjmFtMK0BoV2PI9D9EmkJiIL5bNlizPxVu400G7
ewaLSsu1TlukChY1axRx+a85AqtSGfwiEQ487NLaIvVbbkshfWPyXSgECwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCi+WyGrd2JO3aWh5oRwTfcsEopIMB8GA1UdIwQY
MBaAFEOYtXeyI7WnY1EhmnT9pEZwSJD3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTVpMWQ3SWp0YWRqVVNHYWRQMmtSbkJJa1BjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS81ODI2OTUtNjFhMS00OGU3LWI2YWMt
N2JjNDUzNDBkZDI4LzEvS0w1YklhdDNZazdkcGFIbWhIQk45eXdTaWtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS81ODI2OTUtNjFhMS00OGU3LWI2YWMtN2JjNDUzNDBkZDI4
LzEvUTVpMWQ3SWp0YWRqVVNHYWRQMmtSbkJJa1BjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAudEMMA0E
AgACMAcDBQMqENIAMA0GCSqGSIb3DQEBCwUAA4IBAQCc0HVEp999z2xVojawzLNa
mpCCI0h90rTE+o+2qYhg8zghAwhBKjvG2BSHwckNsK9rO3hxqDlNif06Ao0JDQKS
7tOeWWrA5/JGBpRfAReRYOUp4YWKytnU0iIuoe9KaipHVtn0jjzGV7kcHaMU6gDq
Z48MrngYxxgKH4YL1OjBd4VqaWtEbQ2Enm83T2IabBYhiiNoxObZNOFvsBAZlvuV
HbDExRmHJKrNEjmfWWdQB2Ej8KWkx0Nh2DgjtnCJR6HcfkYEr8Myy5cW+WGe7I8V
gmZMOdlBTG5/QV/9pD6hdS7iZlIB2cqJNT2IbDH5gsXB/d754D5wqef3R6IwtHUu
-----END CERTIFICATE-----