Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/3ae56e-bf96-4896-a68d-9cff8496e334/1/kOwiiAs2eR9pLFxLIBL1AOIYN3E.roa
File:                     kOwiiAs2eR9pLFxLIBL1AOIYN3E.roa (raw, json)
Hash identifier:          3SQNAvfGJwEZLUa1WsSC2ImeHyAv94EKwUzIAUYUAnM=
Subject key identifier:   90:EC:22:88:0B:36:79:1F:69:2C:5C:4B:20:12:F5:00:E2:18:37:71
Certificate issuer:       /CN=4bbbc1069775a804806b50baed7ece848abde8a7
Certificate serial:       019420D6002FD2DEF8B398D91EF01723F4AD
Authority key identifier: 4B:BB:C1:06:97:75:A8:04:80:6B:50:BA:ED:7E:CE:84:8A:BD:E8:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S7vBBpd1qASAa1C67X7OhIq96Kc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/3ae56e-bf96-4896-a68d-9cff8496e334/1/kOwiiAs2eR9pLFxLIBL1AOIYN3E.roa
Signing time:             Wed 01 Jan 2025 07:48:03 +0000
ROA not before:           Wed 01 Jan 2025 07:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206169
IP address blocks:        185.194.152.0/24 maxlen: 24
                          185.194.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/3ae56e-bf96-4896-a68d-9cff8496e334/1/S7vBBpd1qASAa1C67X7OhIq96Kc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/3ae56e-bf96-4896-a68d-9cff8496e334/1/S7vBBpd1qASAa1C67X7OhIq96Kc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S7vBBpd1qASAa1C67X7OhIq96Kc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:00:2f:d2:de:f8:b3:98:d9:1e:f0:17:23:f4:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4bbbc1069775a804806b50baed7ece848abde8a7
        Validity
            Not Before: Jan  1 07:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=90ec22880b36791f692c5c4b2012f500e2183771
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:f3:07:b1:90:03:1c:77:ed:0d:a4:fb:98:c0:
                    fa:26:8d:a6:a1:91:9f:8a:aa:3b:94:66:b2:27:3d:
                    1f:8f:d4:dc:3c:51:11:cb:09:19:87:b5:26:05:b2:
                    01:1c:50:b0:ae:e9:fc:21:6c:36:7b:71:cc:87:fc:
                    5b:3d:0c:cf:6a:7f:8b:58:53:d6:55:e7:b1:08:16:
                    51:3c:c1:4d:a3:90:4f:be:85:f9:07:16:c0:e5:f6:
                    a6:4c:91:b3:4d:6e:4d:23:5f:5c:a3:c0:10:92:1d:
                    95:78:ef:5b:7e:49:f3:a6:7c:73:74:58:e7:e1:72:
                    22:28:ce:a5:cf:fa:c4:58:74:bc:8c:dc:a8:c9:1c:
                    c1:2b:b1:6e:2b:71:bc:27:56:e6:a9:c5:86:cb:29:
                    84:16:0a:56:ee:84:3f:46:ba:7a:f9:4d:87:a7:c7:
                    4a:17:87:3b:9b:6f:20:c5:d3:3d:44:78:51:30:29:
                    a8:75:09:b5:e9:4d:63:84:ab:b7:d5:0f:5d:98:c8:
                    e8:66:e5:98:fa:a8:92:b7:3a:ce:37:97:94:52:06:
                    5a:54:44:f5:6d:5c:f2:c7:ea:7d:23:2a:ec:ce:6c:
                    17:15:30:95:c1:43:1f:9a:84:66:d6:69:8b:4a:bf:
                    9b:86:a2:ad:52:d5:7a:9d:3e:28:ba:29:97:1e:b0:
                    73:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:EC:22:88:0B:36:79:1F:69:2C:5C:4B:20:12:F5:00:E2:18:37:71
            X509v3 Authority Key Identifier:
                keyid:4B:BB:C1:06:97:75:A8:04:80:6B:50:BA:ED:7E:CE:84:8A:BD:E8:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S7vBBpd1qASAa1C67X7OhIq96Kc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/3ae56e-bf96-4896-a68d-9cff8496e334/1/kOwiiAs2eR9pLFxLIBL1AOIYN3E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/3ae56e-bf96-4896-a68d-9cff8496e334/1/S7vBBpd1qASAa1C67X7OhIq96Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.194.152.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6b:05:a2:fd:f1:6e:8e:dc:78:cc:27:dc:dd:65:55:6b:d3:18:
         53:01:f1:1d:c8:ea:03:0b:bc:57:3e:9d:fe:47:99:1c:07:53:
         5c:21:03:97:a1:2b:6d:dc:96:21:fc:45:53:21:e7:79:5e:30:
         e6:d1:05:04:8b:eb:ea:7c:57:f5:fc:5f:0f:35:bf:1c:d0:74:
         6c:c3:db:65:eb:e3:d5:9c:5a:74:ae:d8:bf:4b:eb:4c:2f:8b:
         d2:81:82:f3:d1:af:49:45:88:64:ea:81:9c:c3:02:f4:fa:8c:
         31:23:0f:14:fd:30:ed:ac:af:36:54:6b:bd:a2:35:83:4a:8c:
         da:4a:e5:b9:46:c9:62:3e:79:1c:46:ad:8c:be:19:41:f8:29:
         48:84:ea:f4:9a:bb:ac:f1:4b:e3:d6:9e:54:0f:da:41:ab:a9:
         d3:2b:4f:e2:cf:bc:bf:47:89:5d:8f:67:a0:10:f7:94:b1:58:
         12:b9:d8:4d:f5:6c:09:30:17:f0:ef:9b:09:ce:6c:92:a4:2a:
         ff:02:59:e3:2c:0f:00:4e:13:7a:5d:82:61:0b:2f:ae:19:27:
         68:3f:ac:d4:04:90:34:36:4c:56:1d:03:6b:03:fd:e3:89:74:
         05:46:cb:f9:4b:b6:5b:ef:a9:5e:4a:65:99:26:10:d9:f1:9e:
         3e:4d:b8:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1gAv0t74s5jZHvAXI/StMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiYmJjMTA2OTc3NWE4MDQ4MDZiNTBiYWVkN2VjZTg0OGFi
ZGU4YTcwHhcNMjUwMTAxMDc0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGVjMjI4ODBiMzY3OTFmNjkyYzVjNGIyMDEyZjUwMGUyMTgzNzcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyvMHsZADHHftDaT7mMD6Jo2moZGf
iqo7lGayJz0fj9TcPFERywkZh7UmBbIBHFCwrun8IWw2e3HMh/xbPQzPan+LWFPW
VeexCBZRPMFNo5BPvoX5BxbA5famTJGzTW5NI19co8AQkh2VeO9bfknzpnxzdFjn
4XIiKM6lz/rEWHS8jNyoyRzBK7FuK3G8J1bmqcWGyymEFgpW7oQ/Rrp6+U2Hp8dK
F4c7m28gxdM9RHhRMCmodQm16U1jhKu31Q9dmMjoZuWY+qiStzrON5eUUgZaVET1
bVzyx+p9IyrszmwXFTCVwUMfmoRm1mmLSr+bhqKtUtV6nT4ouimXHrBzFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJDsIogLNnkfaSxcSyAS9QDiGDdxMB8GA1UdIwQY
MBaAFEu7wQaXdagEgGtQuu1+zoSKveinMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzd2QkJwZDFxQVNBYTFDNjdYN09oSXE5NktjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy8zYWU1NmUtYmY5Ni00ODk2LWE2OGQt
OWNmZjg0OTZlMzM0LzEva093aWlBczJlUjlwTEZ4TElCTDFBT0lZTjNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy8zYWU1NmUtYmY5Ni00ODk2LWE2OGQtOWNmZjg0OTZlMzM0
LzEvUzd2QkJwZDFxQVNBYTFDNjdYN09oSXE5NktjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBucKYMA0G
CSqGSIb3DQEBCwUAA4IBAQBrBaL98W6O3HjMJ9zdZVVr0xhTAfEdyOoDC7xXPp3+
R5kcB1NcIQOXoStt3JYh/EVTIed5XjDm0QUEi+vqfFf1/F8PNb8c0HRsw9tl6+PV
nFp0rti/S+tML4vSgYLz0a9JRYhk6oGcwwL0+owxIw8U/TDtrK82VGu9ojWDSoza
SuW5RsliPnkcRq2MvhlB+ClIhOr0mrus8Uvj1p5UD9pBq6nTK0/iz7y/R4ldj2eg
EPeUsVgSudhN9WwJMBfw75sJzmySpCr/AlnjLA8AThN6XYJhCy+uGSdoP6zUBJA0
NkxWHQNrA/3jiXQFRsv5S7Zb76leSmWZJhDZ8Z4+Tbj5
-----END CERTIFICATE-----