Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/031047-8c74-4aee-b065-482862de730e/1/knggMszGXslbbJ2_Oh2Jaifz1gc.roa
File:                     knggMszGXslbbJ2_Oh2Jaifz1gc.roa (raw, json)
Hash identifier:          1NY+pqUYlKwDvhTu3JTqY8SDs7jlakZ17fJjnTdwI9Y=
Subject key identifier:   92:78:20:32:CC:C6:5E:C9:5B:6C:9D:BF:3A:1D:89:6A:27:F3:D6:07
Certificate issuer:       /CN=ca41fdb7e016d960efe29c0b4894b873aa4d21e2
Certificate serial:       0194FA3BFC9D63F6E26E84CF563687EC890D
Authority key identifier: CA:41:FD:B7:E0:16:D9:60:EF:E2:9C:0B:48:94:B8:73:AA:4D:21:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ykH9t-AW2WDv4pwLSJS4c6pNIeI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/031047-8c74-4aee-b065-482862de730e/1/knggMszGXslbbJ2_Oh2Jaifz1gc.roa
Signing time:             Wed 12 Feb 2025 12:57:02 +0000
ROA not before:           Wed 12 Feb 2025 12:57:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201424
IP address blocks:        185.61.196.0/22 maxlen: 22
                          185.61.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/031047-8c74-4aee-b065-482862de730e/1/ykH9t-AW2WDv4pwLSJS4c6pNIeI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/031047-8c74-4aee-b065-482862de730e/1/ykH9t-AW2WDv4pwLSJS4c6pNIeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ykH9t-AW2WDv4pwLSJS4c6pNIeI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:fa:3b:fc:9d:63:f6:e2:6e:84:cf:56:36:87:ec:89:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca41fdb7e016d960efe29c0b4894b873aa4d21e2
        Validity
            Not Before: Feb 12 12:57:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=92782032ccc65ec95b6c9dbf3a1d896a27f3d607
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:25:82:f2:ee:b5:8c:ab:8c:1a:48:07:2a:a5:
                    3a:62:c2:af:0f:46:60:a8:c3:dd:9a:3e:73:6c:00:
                    c4:6a:93:5b:85:9c:28:13:60:e6:f0:4d:a4:51:40:
                    b2:28:a9:21:f5:05:67:ac:4c:cd:2e:23:3b:b0:21:
                    1e:03:4d:50:0b:61:06:d3:a7:53:9f:d4:02:68:6a:
                    52:b0:91:62:3d:c0:e5:a8:92:ce:c6:4e:1c:d8:19:
                    8a:96:09:98:71:44:b6:03:73:f4:ed:67:3a:69:f4:
                    da:23:e5:f7:bb:88:42:81:4c:26:a3:5f:3c:6d:e8:
                    44:f5:4c:ab:d5:9f:96:69:d6:c3:c1:32:a5:8f:f3:
                    2b:17:b8:f5:67:9d:13:38:ea:d5:0a:dc:61:d7:20:
                    70:2e:8f:3d:e1:b0:51:fb:de:f4:bf:e8:88:32:fc:
                    cc:7e:86:ed:cc:c6:0d:3b:c1:d3:0d:ba:05:06:8e:
                    bb:3b:90:f4:13:c7:d3:6b:9d:da:72:4d:af:cc:b1:
                    36:e5:ac:0d:b0:9b:1c:f6:99:4e:ed:ac:f3:92:01:
                    57:4c:de:87:86:7a:17:28:da:c3:d6:01:da:5c:de:
                    5d:75:3f:8d:66:b9:ad:85:53:f6:0c:23:5c:4d:b1:
                    0c:e8:a5:05:bb:59:7d:dc:11:b0:be:c4:74:08:4a:
                    d7:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:78:20:32:CC:C6:5E:C9:5B:6C:9D:BF:3A:1D:89:6A:27:F3:D6:07
            X509v3 Authority Key Identifier:
                keyid:CA:41:FD:B7:E0:16:D9:60:EF:E2:9C:0B:48:94:B8:73:AA:4D:21:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ykH9t-AW2WDv4pwLSJS4c6pNIeI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/031047-8c74-4aee-b065-482862de730e/1/knggMszGXslbbJ2_Oh2Jaifz1gc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/031047-8c74-4aee-b065-482862de730e/1/ykH9t-AW2WDv4pwLSJS4c6pNIeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.61.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         40:52:86:72:ea:9c:ac:b2:48:bf:59:37:b7:3b:ca:fc:52:8e:
         04:7b:7f:1d:34:d5:79:46:a4:2b:c0:eb:44:b2:cb:67:5c:74:
         a8:e9:45:68:2f:60:11:f1:6a:65:b6:d7:90:dc:4e:dd:ce:77:
         ce:9a:9d:a4:d9:86:de:d7:e8:d3:75:0a:c4:f1:32:d1:e2:53:
         af:29:f7:58:32:4a:0b:07:ba:ed:89:17:6f:9e:f7:dd:b2:58:
         bf:d3:67:58:55:86:20:fd:1d:17:8b:b9:3f:3a:a5:03:53:18:
         a5:30:d2:13:6e:87:38:6d:b9:b0:46:3d:ce:9a:03:e6:5e:7a:
         89:fe:a0:0e:69:6c:26:59:ec:f4:d6:ca:e5:38:ed:86:bb:e2:
         f8:b4:4a:ad:08:a3:28:6c:f2:83:2f:88:96:5f:a8:d0:45:20:
         14:ca:d2:ed:45:af:38:73:fb:66:02:44:4a:0b:2b:43:fc:7a:
         88:e1:64:4f:3a:b0:89:74:79:ab:67:cb:54:77:7b:7f:91:86:
         13:7e:b4:f7:32:b0:89:82:c1:22:1d:b7:73:cb:0f:a2:61:c9:
         3a:e9:18:5f:ff:68:04:0e:c7:20:ae:c4:64:60:90:2e:b0:1d:
         75:f7:98:b4:c1:21:52:f9:88:4e:df:83:b5:10:c1:d3:dd:bf:
         1e:9a:bb:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZT6O/ydY/biboTPVjaH7IkNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNDFmZGI3ZTAxNmQ5NjBlZmUyOWMwYjQ4OTRiODczYWE0
ZDIxZTIwHhcNMjUwMjEyMTI1NzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Mjc4MjAzMmNjYzY1ZWM5NWI2YzlkYmYzYTFkODk2YTI3ZjNkNjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkyWC8u61jKuMGkgHKqU6YsKvD0Zg
qMPdmj5zbADEapNbhZwoE2Dm8E2kUUCyKKkh9QVnrEzNLiM7sCEeA01QC2EG06dT
n9QCaGpSsJFiPcDlqJLOxk4c2BmKlgmYcUS2A3P07Wc6afTaI+X3u4hCgUwmo188
behE9Uyr1Z+WadbDwTKlj/MrF7j1Z50TOOrVCtxh1yBwLo894bBR+970v+iIMvzM
fobtzMYNO8HTDboFBo67O5D0E8fTa53ack2vzLE25awNsJsc9plO7azzkgFXTN6H
hnoXKNrD1gHaXN5ddT+NZrmthVP2DCNcTbEM6KUFu1l93BGwvsR0CErXyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJJ4IDLMxl7JW2ydvzodiWon89YHMB8GA1UdIwQY
MBaAFMpB/bfgFtlg7+KcC0iUuHOqTSHiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWtIOXQtQVcyV0R2NHB3TFNKUzRjNnBOSWVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi8wMzEwNDctOGM3NC00YWVlLWIwNjUt
NDgyODYyZGU3MzBlLzEva25nZ01zekdYc2xiYkoyX09oMkphaWZ6MWdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi8wMzEwNDctOGM3NC00YWVlLWIwNjUtNDgyODYyZGU3MzBl
LzEveWtIOXQtQVcyV0R2NHB3TFNKUzRjNnBOSWVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuT3EMA0G
CSqGSIb3DQEBCwUAA4IBAQBAUoZy6pysski/WTe3O8r8Uo4Ee38dNNV5RqQrwOtE
sstnXHSo6UVoL2AR8WpltteQ3E7dznfOmp2k2Ybe1+jTdQrE8TLR4lOvKfdYMkoL
B7rtiRdvnvfdsli/02dYVYYg/R0Xi7k/OqUDUxilMNITboc4bbmwRj3OmgPmXnqJ
/qAOaWwmWez01srlOO2Gu+L4tEqtCKMobPKDL4iWX6jQRSAUytLtRa84c/tmAkRK
CytD/HqI4WRPOrCJdHmrZ8tUd3t/kYYTfrT3MrCJgsEiHbdzyw+iYck66Rhf/2gE
DscgrsRkYJAusB1195i0wSFS+YhO34O1EMHT3b8emrtA
-----END CERTIFICATE-----