Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/ba9674-e571-4e35-ab20-e5d507a826bf/1/kbF58umfOAdBtIYcGYzLP1M0THQ.roa
File:                     kbF58umfOAdBtIYcGYzLP1M0THQ.roa (raw, json)
Hash identifier:          yOTBG23MZMkfBQCZJEYn1qCc0xRSjBYNZHJvnVk7GVU=
Subject key identifier:   91:B1:79:F2:E9:9F:38:07:41:B4:86:1C:19:8C:CB:3F:53:34:4C:74
Certificate issuer:       /CN=99a2c2ecf58c44b35a0da2957ff4dca2e60b686a
Certificate serial:       0194266B718DB3BDAB26539009913759F7B5
Authority key identifier: 99:A2:C2:EC:F5:8C:44:B3:5A:0D:A2:95:7F:F4:DC:A2:E6:0B:68:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/maLC7PWMRLNaDaKVf_TcouYLaGo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/ba9674-e571-4e35-ab20-e5d507a826bf/1/kbF58umfOAdBtIYcGYzLP1M0THQ.roa
Signing time:             Thu 02 Jan 2025 09:49:23 +0000
ROA not before:           Thu 02 Jan 2025 09:49:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19994
IP address blocks:        185.194.86.0/24 maxlen: 24
                          185.194.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/ba9674-e571-4e35-ab20-e5d507a826bf/1/maLC7PWMRLNaDaKVf_TcouYLaGo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/ba9674-e571-4e35-ab20-e5d507a826bf/1/maLC7PWMRLNaDaKVf_TcouYLaGo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/maLC7PWMRLNaDaKVf_TcouYLaGo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:71:8d:b3:bd:ab:26:53:90:09:91:37:59:f7:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99a2c2ecf58c44b35a0da2957ff4dca2e60b686a
        Validity
            Not Before: Jan  2 09:49:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=91b179f2e99f380741b4861c198ccb3f53344c74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:10:17:c8:89:9e:1a:cf:cd:b9:4f:4b:38:39:
                    f3:23:e2:b7:bc:d6:c1:1e:23:f3:11:6c:f9:3b:35:
                    f7:b4:60:52:d6:cf:84:7e:ec:0a:00:4b:b1:92:5a:
                    4a:08:dc:f6:52:03:b3:4a:85:37:33:3d:6e:d9:38:
                    6b:da:67:25:fa:0f:8a:09:bd:8c:35:5e:4a:31:a3:
                    a4:40:ad:0c:fb:dc:af:01:2b:5b:8d:87:c1:d1:18:
                    80:2d:70:9d:73:42:4a:bd:97:a8:a8:a1:67:4c:1a:
                    dc:4d:70:f7:3a:a9:0d:fd:f6:73:c5:ce:f2:6e:f6:
                    7d:f4:41:80:f3:12:36:9b:47:91:85:ad:34:d6:01:
                    07:bb:4a:da:97:c9:2f:6a:75:f0:37:e4:5a:c5:c8:
                    30:cd:00:15:1e:e7:f6:1e:ed:2f:bd:88:fb:08:4a:
                    f1:89:3b:bc:7b:12:0b:69:9d:fd:0a:c3:75:4f:36:
                    a4:20:30:c0:e3:7a:b9:de:ac:fc:f6:76:df:72:63:
                    de:6c:38:7c:17:00:4d:07:11:12:55:5b:c5:00:32:
                    00:77:19:58:1c:06:4c:de:34:70:d9:17:1e:af:f1:
                    9f:b4:bd:63:cf:f4:2d:b1:eb:df:28:b8:a7:26:8b:
                    20:ad:b2:15:49:26:a9:fa:ef:78:52:f4:e3:5a:09:
                    95:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:B1:79:F2:E9:9F:38:07:41:B4:86:1C:19:8C:CB:3F:53:34:4C:74
            X509v3 Authority Key Identifier:
                keyid:99:A2:C2:EC:F5:8C:44:B3:5A:0D:A2:95:7F:F4:DC:A2:E6:0B:68:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/maLC7PWMRLNaDaKVf_TcouYLaGo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/ba9674-e571-4e35-ab20-e5d507a826bf/1/kbF58umfOAdBtIYcGYzLP1M0THQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/ba9674-e571-4e35-ab20-e5d507a826bf/1/maLC7PWMRLNaDaKVf_TcouYLaGo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.194.86.0/23

    Signature Algorithm: sha256WithRSAEncryption
         35:12:4a:4e:54:44:b2:9d:fc:60:b6:9a:bc:e1:4e:ff:9e:36:
         5d:48:e3:45:a6:a7:8d:6c:f1:e8:98:b3:62:bc:b3:af:71:73:
         fd:ff:d4:b7:61:da:96:11:24:11:d2:47:2f:0c:00:25:77:06:
         c7:ad:fb:bd:5d:09:a7:a4:3d:bd:59:2c:13:2a:e5:1c:e4:12:
         8d:dd:fb:59:16:a9:d2:04:71:b3:4d:b7:b7:fd:b0:6c:e1:73:
         89:44:99:33:b9:1d:64:cb:36:f9:c9:94:a9:14:e8:77:c5:e9:
         8b:5d:56:59:f1:71:47:37:4d:f8:e4:b7:84:c4:8b:35:c7:2e:
         85:38:e6:0a:b2:25:71:cf:f6:d3:9f:bc:3c:fd:c6:62:e1:01:
         19:25:ae:64:a6:86:8a:48:8a:d7:b8:20:9a:fe:47:89:66:04:
         6c:8d:71:7d:09:0f:f5:94:11:38:73:b3:25:7c:0b:05:b8:9a:
         d1:14:d7:03:4a:57:60:e1:4e:f9:77:18:89:b7:2f:e5:17:0c:
         ee:6a:cc:59:9f:13:f4:f1:e1:f5:eb:1e:5a:19:3d:d4:c5:41:
         5f:21:2b:cf:e4:29:b4:4c:ec:ba:20:e2:3b:14:72:2f:48:46:
         49:8c:d2:eb:04:3b:60:78:23:68:ae:06:3f:9f:a1:bb:7e:48:
         d1:c4:3b:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma3GNs72rJlOQCZE3Wfe1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5YTJjMmVjZjU4YzQ0YjM1YTBkYTI5NTdmZjRkY2EyZTYw
YjY4NmEwHhcNMjUwMTAyMDk0OTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWIxNzlmMmU5OWYzODA3NDFiNDg2MWMxOThjY2IzZjUzMzQ0Yzc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsBAXyImeGs/NuU9LODnzI+K3vNbB
HiPzEWz5OzX3tGBS1s+EfuwKAEuxklpKCNz2UgOzSoU3Mz1u2Thr2mcl+g+KCb2M
NV5KMaOkQK0M+9yvAStbjYfB0RiALXCdc0JKvZeoqKFnTBrcTXD3OqkN/fZzxc7y
bvZ99EGA8xI2m0eRha001gEHu0ral8kvanXwN+RaxcgwzQAVHuf2Hu0vvYj7CErx
iTu8exILaZ39CsN1TzakIDDA43q53qz89nbfcmPebDh8FwBNBxESVVvFADIAdxlY
HAZM3jRw2Rcer/GftL1jz/QtsevfKLinJosgrbIVSSap+u94UvTjWgmVvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJGxefLpnzgHQbSGHBmMyz9TNEx0MB8GA1UdIwQY
MBaAFJmiwuz1jESzWg2ilX/03KLmC2hqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWFMQzdQV01STE5hRGFLVmZfVGNvdVlMYUdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi9iYTk2NzQtZTU3MS00ZTM1LWFiMjAt
ZTVkNTA3YTgyNmJmLzEva2JGNTh1bWZPQWRCdElZY0dZekxQMU0wVEhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi9iYTk2NzQtZTU3MS00ZTM1LWFiMjAtZTVkNTA3YTgyNmJm
LzEvbWFMQzdQV01STE5hRGFLVmZfVGNvdVlMYUdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBucJWMA0G
CSqGSIb3DQEBCwUAA4IBAQA1EkpOVESynfxgtpq84U7/njZdSONFpqeNbPHomLNi
vLOvcXP9/9S3YdqWESQR0kcvDAAldwbHrfu9XQmnpD29WSwTKuUc5BKN3ftZFqnS
BHGzTbe3/bBs4XOJRJkzuR1kyzb5yZSpFOh3xemLXVZZ8XFHN0345LeExIs1xy6F
OOYKsiVxz/bTn7w8/cZi4QEZJa5kpoaKSIrXuCCa/keJZgRsjXF9CQ/1lBE4c7Ml
fAsFuJrRFNcDSldg4U75dxiJty/lFwzuasxZnxP08eH16x5aGT3UxUFfISvP5Cm0
TOy6IOI7FHIvSEZJjNLrBDtgeCNorgY/n6G7fkjRxDu+
-----END CERTIFICATE-----