Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/b75d64-9a55-490c-8c58-3fe17481f608/1/KWwJmTARHeAHpXQEJKYr4FNXsos.roa
File:                     KWwJmTARHeAHpXQEJKYr4FNXsos.roa (raw, json)
Hash identifier:          1063ws7p1tPR9qPGeDgdtnc+pragLeBe3JdEiKbe844=
Subject key identifier:   29:6C:09:99:30:11:1D:E0:07:A5:74:04:24:A6:2B:E0:53:57:B2:8B
Certificate issuer:       /CN=d6f807660bf2cd92aee391442a5343af718c18c7
Certificate serial:       0194266C4497C1E5447AB0D7BD46A8477520
Authority key identifier: D6:F8:07:66:0B:F2:CD:92:AE:E3:91:44:2A:53:43:AF:71:8C:18:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1vgHZgvyzZKu45FEKlNDr3GMGMc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/b75d64-9a55-490c-8c58-3fe17481f608/1/KWwJmTARHeAHpXQEJKYr4FNXsos.roa
Signing time:             Thu 02 Jan 2025 09:50:17 +0000
ROA not before:           Thu 02 Jan 2025 09:50:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44574
IP address blocks:        193.9.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/b75d64-9a55-490c-8c58-3fe17481f608/1/1vgHZgvyzZKu45FEKlNDr3GMGMc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/b75d64-9a55-490c-8c58-3fe17481f608/1/1vgHZgvyzZKu45FEKlNDr3GMGMc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1vgHZgvyzZKu45FEKlNDr3GMGMc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:44:97:c1:e5:44:7a:b0:d7:bd:46:a8:47:75:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6f807660bf2cd92aee391442a5343af718c18c7
        Validity
            Not Before: Jan  2 09:50:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=296c099930111de007a5740424a62be05357b28b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:c7:cc:38:a8:d1:42:60:cc:b0:68:88:c2:5b:
                    a0:06:30:b5:40:07:9d:df:29:e4:91:f6:87:fd:ee:
                    84:3e:f1:23:f4:cf:22:48:2b:1d:85:d3:48:2b:37:
                    2c:91:cd:1e:9f:a6:36:bb:32:a9:39:31:4a:86:3e:
                    ee:e8:14:53:9e:b2:77:54:c3:66:5f:c1:f6:14:8f:
                    81:85:2f:d3:a6:69:0e:d2:05:d3:6d:31:35:76:28:
                    71:d6:1e:7c:91:53:6f:5f:23:cf:3a:3f:22:e9:f4:
                    3e:a6:b4:a5:8a:7a:f3:52:dc:e8:18:82:35:b2:6f:
                    af:b7:99:4d:f7:ed:bb:79:bd:30:8c:f2:ee:e6:3b:
                    5c:83:34:98:7b:85:f1:4c:98:0a:5c:6d:ae:df:30:
                    7c:e2:e3:29:9c:aa:52:1e:e4:6d:63:b9:71:45:d1:
                    a4:27:eb:35:8f:26:a2:d9:3d:2c:8a:24:de:cf:5d:
                    1e:fe:5b:a2:63:48:d5:eb:a7:3a:95:24:df:52:be:
                    9e:52:41:18:25:84:71:37:e8:f6:49:37:de:9b:64:
                    57:43:67:8a:60:e9:26:17:72:2d:34:c5:ac:db:82:
                    c3:79:c8:fc:27:ea:0e:48:be:c2:3f:2d:aa:24:bf:
                    92:76:97:ec:17:8b:b6:b1:12:eb:ec:4e:78:c9:8d:
                    c8:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:6C:09:99:30:11:1D:E0:07:A5:74:04:24:A6:2B:E0:53:57:B2:8B
            X509v3 Authority Key Identifier:
                keyid:D6:F8:07:66:0B:F2:CD:92:AE:E3:91:44:2A:53:43:AF:71:8C:18:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1vgHZgvyzZKu45FEKlNDr3GMGMc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/b75d64-9a55-490c-8c58-3fe17481f608/1/KWwJmTARHeAHpXQEJKYr4FNXsos.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/b75d64-9a55-490c-8c58-3fe17481f608/1/1vgHZgvyzZKu45FEKlNDr3GMGMc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.9.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:a2:84:0e:9e:ff:83:31:51:73:74:53:13:66:f5:c3:a1:f7:
         ed:7a:ca:d2:ef:3d:28:94:7b:0b:e0:bc:a8:29:f5:8b:91:ef:
         f2:98:5f:7e:28:04:0c:28:e6:28:cb:02:02:1e:ab:b9:87:4e:
         3b:53:e4:b3:25:aa:da:80:86:8c:46:1c:cc:e8:57:27:99:3e:
         a8:e7:99:6b:93:5a:95:9a:76:2c:a3:c2:ae:a9:97:06:12:31:
         fd:4f:a9:57:c0:1e:58:08:62:c2:72:b9:ab:ed:ba:3f:a8:86:
         ce:c4:77:41:57:fd:9b:a6:1d:49:46:a2:d2:2d:ed:e5:53:4d:
         32:df:bd:29:b6:f0:71:68:8b:6d:a7:bb:1c:f0:ac:ad:37:2b:
         3b:58:9b:8b:d7:85:f2:e7:00:dd:2b:60:46:8a:53:8f:8b:52:
         dc:2c:51:91:74:f3:90:8b:65:9b:c8:ca:bd:ea:f1:e0:a3:85:
         9a:0a:cc:74:39:97:5b:f1:63:a7:ff:33:b7:6f:cb:af:9f:08:
         34:c8:4b:3c:71:02:b2:6d:45:88:2c:13:ce:1d:fa:05:57:1e:
         e5:43:bf:0a:eb:be:26:32:c6:83:78:7a:36:72:5c:cb:ea:ff:
         0d:f8:89:50:53:e4:d0:d7:ba:f0:ef:ad:4b:b4:7c:ab:1f:bf:
         18:dc:22:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbESXweVEerDXvUaoR3UgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2ZjgwNzY2MGJmMmNkOTJhZWUzOTE0NDJhNTM0M2FmNzE4
YzE4YzcwHhcNMjUwMTAyMDk1MDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTZjMDk5OTMwMTExZGUwMDdhNTc0MDQyNGE2MmJlMDUzNTdiMjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqcfMOKjRQmDMsGiIwlugBjC1QAed
3ynkkfaH/e6EPvEj9M8iSCsdhdNIKzcskc0en6Y2uzKpOTFKhj7u6BRTnrJ3VMNm
X8H2FI+BhS/TpmkO0gXTbTE1dihx1h58kVNvXyPPOj8i6fQ+prSlinrzUtzoGII1
sm+vt5lN9+27eb0wjPLu5jtcgzSYe4XxTJgKXG2u3zB84uMpnKpSHuRtY7lxRdGk
J+s1jyai2T0siiTez10e/luiY0jV66c6lSTfUr6eUkEYJYRxN+j2STfem2RXQ2eK
YOkmF3ItNMWs24LDecj8J+oOSL7CPy2qJL+SdpfsF4u2sRLr7E54yY3ICwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFClsCZkwER3gB6V0BCSmK+BTV7KLMB8GA1UdIwQY
MBaAFNb4B2YL8s2SruORRCpTQ69xjBjHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXZnSFpndnl6Wkt1NDVGRUtsTkRyM0dNR01jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy9iNzVkNjQtOWE1NS00OTBjLThjNTgt
M2ZlMTc0ODFmNjA4LzEvS1d3Sm1UQVJIZUFIcFhRRUpLWXI0Rk5Yc29zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy9iNzVkNjQtOWE1NS00OTBjLThjNTgtM2ZlMTc0ODFmNjA4
LzEvMXZnSFpndnl6Wkt1NDVGRUtsTkRyM0dNR01jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQn4MA0G
CSqGSIb3DQEBCwUAA4IBAQACooQOnv+DMVFzdFMTZvXDofftesrS7z0olHsL4Lyo
KfWLke/ymF9+KAQMKOYoywICHqu5h047U+SzJaragIaMRhzM6FcnmT6o55lrk1qV
mnYso8KuqZcGEjH9T6lXwB5YCGLCcrmr7bo/qIbOxHdBV/2bph1JRqLSLe3lU00y
370ptvBxaIttp7sc8KytNys7WJuL14Xy5wDdK2BGilOPi1LcLFGRdPOQi2WbyMq9
6vHgo4WaCsx0OZdb8WOn/zO3b8uvnwg0yEs8cQKybUWILBPOHfoFVx7lQ78K674m
MsaDeHo2clzL6v8N+IlQU+TQ17rw761LtHyrH78Y3CLQ
-----END CERTIFICATE-----