Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/b8ed2d-3545-4599-97e5-1523803fadaf/1/KNUQ7DDU2baaPPVNDmRvLm-9Uqw.roa
File:                     KNUQ7DDU2baaPPVNDmRvLm-9Uqw.roa (raw, json)
Hash identifier:          y7ygx++W/kXlD3JbB4xfsy1iAiffOMC9/nRL3EOds2U=
Subject key identifier:   28:D5:10:EC:30:D4:D9:B6:9A:3C:F5:4D:0E:64:6F:2E:6F:BD:52:AC
Certificate issuer:       /CN=a18164d9961a16d2eff773f5027821e9d2bd3740
Certificate serial:       019424B373EAE002456E1A5BCF2EEF04C895
Authority key identifier: A1:81:64:D9:96:1A:16:D2:EF:F7:73:F5:02:78:21:E9:D2:BD:37:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oYFk2ZYaFtLv93P1Angh6dK9N0A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/b8ed2d-3545-4599-97e5-1523803fadaf/1/KNUQ7DDU2baaPPVNDmRvLm-9Uqw.roa
Signing time:             Thu 02 Jan 2025 01:48:47 +0000
ROA not before:           Thu 02 Jan 2025 01:48:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60294
IP address blocks:        80.74.48.0/20 maxlen: 20
                          80.74.48.0/22 maxlen: 22
                          80.74.52.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/b8ed2d-3545-4599-97e5-1523803fadaf/1/oYFk2ZYaFtLv93P1Angh6dK9N0A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/b8ed2d-3545-4599-97e5-1523803fadaf/1/oYFk2ZYaFtLv93P1Angh6dK9N0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oYFk2ZYaFtLv93P1Angh6dK9N0A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:73:ea:e0:02:45:6e:1a:5b:cf:2e:ef:04:c8:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a18164d9961a16d2eff773f5027821e9d2bd3740
        Validity
            Not Before: Jan  2 01:48:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=28d510ec30d4d9b69a3cf54d0e646f2e6fbd52ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:3a:ae:cd:b5:32:8f:43:b3:9c:94:be:f4:63:
                    37:33:87:b6:c6:22:9f:64:81:83:21:39:82:62:f9:
                    81:d8:88:4c:01:17:eb:4a:73:23:6f:c8:f8:d7:7f:
                    60:77:80:f6:30:6b:09:7b:36:0e:01:0b:80:97:ec:
                    8e:e7:8e:5e:f5:e9:86:0a:a9:ad:66:a6:cf:9b:dd:
                    79:ba:9f:f1:2b:6b:cc:be:89:b1:1f:b6:8a:4d:ca:
                    98:91:7f:6e:2c:94:e3:d8:09:0e:1c:49:35:24:ae:
                    df:20:61:64:5f:bc:70:29:06:b9:5d:96:3d:c3:2e:
                    1d:cd:ad:44:5f:97:36:a3:b0:2d:b4:f4:61:c6:e7:
                    33:5c:95:bc:f9:02:3b:9a:cf:aa:3f:3b:78:56:ef:
                    e3:ca:8a:8c:85:1b:47:bd:67:ea:fb:29:34:87:5b:
                    43:ad:83:66:84:6b:22:95:a0:53:df:a9:ca:77:56:
                    e8:89:a8:87:fb:cb:16:be:1a:7f:13:4c:18:05:f1:
                    d7:04:7c:92:6f:83:62:e0:b0:4e:b1:36:76:b4:26:
                    3a:83:66:66:a5:58:6a:37:46:f3:df:a0:45:30:20:
                    d6:ce:24:ee:36:79:c0:9f:f2:0e:d0:db:8d:18:73:
                    23:c7:61:bb:5a:31:55:03:48:b2:df:57:6b:96:7e:
                    74:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:D5:10:EC:30:D4:D9:B6:9A:3C:F5:4D:0E:64:6F:2E:6F:BD:52:AC
            X509v3 Authority Key Identifier:
                keyid:A1:81:64:D9:96:1A:16:D2:EF:F7:73:F5:02:78:21:E9:D2:BD:37:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oYFk2ZYaFtLv93P1Angh6dK9N0A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/b8ed2d-3545-4599-97e5-1523803fadaf/1/KNUQ7DDU2baaPPVNDmRvLm-9Uqw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/b8ed2d-3545-4599-97e5-1523803fadaf/1/oYFk2ZYaFtLv93P1Angh6dK9N0A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.74.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         78:20:72:38:35:b8:75:70:0c:b1:fa:ba:5d:55:0e:25:c4:69:
         e7:d9:14:96:df:8c:ce:dd:d1:b2:fe:33:c8:79:c5:90:b4:53:
         0a:13:27:33:5d:57:a9:d8:ef:4a:4a:99:cd:a6:c5:70:be:26:
         44:ce:7a:79:e9:d2:70:0f:bb:f4:ef:df:26:30:f9:e2:2e:ee:
         cb:31:ac:f1:13:bd:eb:06:33:13:2b:ea:d0:0d:d8:48:de:fc:
         cc:8d:79:eb:a1:a7:f7:78:2d:37:d6:a5:86:18:e9:1a:60:8c:
         70:3c:38:e9:d1:50:0d:e5:85:24:70:15:6a:40:1b:7c:71:b0:
         97:f8:b6:2c:56:8e:1e:0c:a5:99:a5:c7:0a:5a:01:5f:19:ef:
         9f:25:d0:cb:9f:d7:5b:0f:e1:fc:e7:cc:ab:78:19:ee:13:9b:
         80:a0:24:72:42:ce:86:79:a5:34:ec:9a:ad:b8:77:28:e8:e9:
         44:b4:04:68:28:ed:eb:d3:b9:4d:fc:07:fe:75:c2:13:6a:ac:
         da:89:75:2c:f1:63:62:86:3c:d5:60:e4:4b:80:46:85:f2:3c:
         90:57:25:38:06:24:57:cd:1e:5c:03:28:11:05:18:8b:4c:2c:
         86:aa:50:65:ad:e6:1e:66:aa:36:50:2b:25:2b:27:ed:d2:bc:
         8b:a6:c7:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks3Pq4AJFbhpbzy7vBMiVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExODE2NGQ5OTYxYTE2ZDJlZmY3NzNmNTAyNzgyMWU5ZDJi
ZDM3NDAwHhcNMjUwMTAyMDE0ODQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGQ1MTBlYzMwZDRkOWI2OWEzY2Y1NGQwZTY0NmYyZTZmYmQ1MmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwDquzbUyj0OznJS+9GM3M4e2xiKf
ZIGDITmCYvmB2IhMARfrSnMjb8j4139gd4D2MGsJezYOAQuAl+yO545e9emGCqmt
ZqbPm915up/xK2vMvomxH7aKTcqYkX9uLJTj2AkOHEk1JK7fIGFkX7xwKQa5XZY9
wy4dza1EX5c2o7AttPRhxuczXJW8+QI7ms+qPzt4Vu/jyoqMhRtHvWfq+yk0h1tD
rYNmhGsilaBT36nKd1boiaiH+8sWvhp/E0wYBfHXBHySb4Ni4LBOsTZ2tCY6g2Zm
pVhqN0bz36BFMCDWziTuNnnAn/IO0NuNGHMjx2G7WjFVA0iy31drln50twIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCjVEOww1Nm2mjz1TQ5kby5vvVKsMB8GA1UdIwQY
MBaAFKGBZNmWGhbS7/dz9QJ4IenSvTdAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1lGazJaWWFGdEx2OTNQMUFuZ2g2ZEs5TjBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9iOGVkMmQtMzU0NS00NTk5LTk3ZTUt
MTUyMzgwM2ZhZGFmLzEvS05VUTdERFUyYmFhUFBWTkRtUnZMbS05VXF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9iOGVkMmQtMzU0NS00NTk5LTk3ZTUtMTUyMzgwM2ZhZGFm
LzEvb1lGazJaWWFGdEx2OTNQMUFuZ2g2ZEs5TjBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEUEowMA0G
CSqGSIb3DQEBCwUAA4IBAQB4IHI4Nbh1cAyx+rpdVQ4lxGnn2RSW34zO3dGy/jPI
ecWQtFMKEyczXVep2O9KSpnNpsVwviZEznp56dJwD7v0798mMPniLu7LMazxE73r
BjMTK+rQDdhI3vzMjXnroaf3eC031qWGGOkaYIxwPDjp0VAN5YUkcBVqQBt8cbCX
+LYsVo4eDKWZpccKWgFfGe+fJdDLn9dbD+H858yreBnuE5uAoCRyQs6GeaU07Jqt
uHco6OlEtARoKO3r07lN/Af+dcITaqzaiXUs8WNihjzVYORLgEaF8jyQVyU4BiRX
zR5cAygRBRiLTCyGqlBlreYeZqo2UCslKyft0ryLpseK
-----END CERTIFICATE-----