Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/f4863a-aeae-42f7-ba14-ed4a138c4113/1/KpbjIIUZw0-XxCl1KqQDZ_EUKkY.roa
File:                     KpbjIIUZw0-XxCl1KqQDZ_EUKkY.roa (raw, json)
Hash identifier:          KJWoFU4L0w8L8ZUG5csCrTHWK3udD7xALiAnkocVeD0=
Subject key identifier:   2A:96:E3:20:85:19:C3:4F:97:C4:29:75:2A:A4:03:67:F1:14:2A:46
Certificate issuer:       /CN=9d8ada352982a319b54d5e483d34426346733ea4
Certificate serial:       019422FB53E8F3C47FC7C64347EA9DEC4614
Authority key identifier: 9D:8A:DA:35:29:82:A3:19:B5:4D:5E:48:3D:34:42:63:46:73:3E:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nYraNSmCoxm1TV5IPTRCY0ZzPqQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/f4863a-aeae-42f7-ba14-ed4a138c4113/1/KpbjIIUZw0-XxCl1KqQDZ_EUKkY.roa
Signing time:             Wed 01 Jan 2025 17:48:03 +0000
ROA not before:           Wed 01 Jan 2025 17:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202862
IP address blocks:        194.146.88.0/22 maxlen: 22
                          194.146.88.0/23 maxlen: 23
                          194.146.90.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/f4863a-aeae-42f7-ba14-ed4a138c4113/1/nYraNSmCoxm1TV5IPTRCY0ZzPqQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/f4863a-aeae-42f7-ba14-ed4a138c4113/1/nYraNSmCoxm1TV5IPTRCY0ZzPqQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nYraNSmCoxm1TV5IPTRCY0ZzPqQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 20:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:53:e8:f3:c4:7f:c7:c6:43:47:ea:9d:ec:46:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d8ada352982a319b54d5e483d34426346733ea4
        Validity
            Not Before: Jan  1 17:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2a96e3208519c34f97c429752aa40367f1142a46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:42:5a:b6:d6:d4:ae:d0:b0:40:c1:e2:25:ae:
                    be:da:1e:e9:d2:8c:41:e5:2d:da:ab:39:b1:90:b1:
                    d6:47:1b:dd:5f:c6:9b:92:ef:4d:d0:c7:7a:20:3d:
                    88:2c:7d:b1:7c:d1:b1:d7:ff:8e:32:05:c9:68:21:
                    74:0f:f4:b5:a3:02:21:9a:ed:9c:c3:4f:15:13:9f:
                    ce:e8:9a:26:fb:78:5e:0e:ae:56:8d:fb:d1:d4:36:
                    cc:73:9c:27:14:3f:91:8d:da:3c:77:65:e5:e9:e5:
                    7b:02:cb:3f:10:b7:50:81:8f:33:49:12:79:69:46:
                    99:9a:39:28:c5:69:d7:3c:6c:5d:69:4b:45:6b:20:
                    6e:c6:8c:a6:49:7f:32:bf:4f:d5:04:6b:2e:5a:c9:
                    e9:26:4e:28:0c:32:a2:03:ff:fb:e4:a9:b6:e2:85:
                    11:fc:3a:5c:de:be:84:a6:1f:c0:1a:75:8e:be:bf:
                    77:c6:cc:5a:4c:d7:3b:fb:f3:c3:0d:7e:7d:48:15:
                    e7:e6:a5:a8:bf:36:11:96:c5:b8:5b:dc:1d:f9:04:
                    e0:26:cf:e2:d4:ac:0b:6c:3d:17:6c:a3:b9:53:48:
                    f9:65:12:26:3c:31:7a:a4:db:f0:66:8e:0f:d0:f9:
                    ef:77:81:80:a1:36:6a:8a:1c:43:b1:e3:5b:45:d7:
                    5d:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:96:E3:20:85:19:C3:4F:97:C4:29:75:2A:A4:03:67:F1:14:2A:46
            X509v3 Authority Key Identifier:
                keyid:9D:8A:DA:35:29:82:A3:19:B5:4D:5E:48:3D:34:42:63:46:73:3E:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nYraNSmCoxm1TV5IPTRCY0ZzPqQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/f4863a-aeae-42f7-ba14-ed4a138c4113/1/KpbjIIUZw0-XxCl1KqQDZ_EUKkY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/f4863a-aeae-42f7-ba14-ed4a138c4113/1/nYraNSmCoxm1TV5IPTRCY0ZzPqQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.146.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9d:2d:a5:90:44:96:34:07:35:ff:f1:4b:55:e9:63:fb:66:45:
         61:73:29:76:19:e9:82:a0:07:85:17:33:b9:2a:d5:9f:f9:34:
         2c:06:a2:c5:2a:64:9b:0c:c5:a1:6a:d4:86:a0:49:a3:1b:23:
         0f:9c:b2:f5:c2:91:8e:f9:66:89:36:b2:9b:92:20:3a:1a:b7:
         1f:72:64:28:f9:d5:39:ef:19:56:21:3a:e7:3f:8d:50:b6:c5:
         13:8e:d8:e5:e1:6d:d6:ea:92:58:f5:eb:aa:0a:ae:af:75:14:
         cb:6c:e4:0e:26:a8:7d:c3:25:b7:5e:b5:d0:48:91:0e:53:7d:
         19:bc:02:ea:c9:08:1d:dc:6a:c3:11:ff:1c:f6:22:e5:9d:74:
         65:ae:ad:18:26:7a:04:99:cb:1a:51:17:74:71:1f:5a:42:bb:
         75:21:c4:cc:35:e0:4c:c3:c2:a5:f0:c0:bd:01:bf:09:f8:e2:
         71:0a:94:32:67:81:7a:b3:da:99:8b:8b:95:2b:74:7a:8e:b9:
         58:49:04:a7:1c:e0:9d:d3:5a:27:f3:1d:7e:4b:b3:2a:be:e2:
         ac:8d:9f:ec:1a:15:42:d4:78:24:96:c3:f5:90:ed:9c:78:39:
         08:4b:2f:11:5f:a5:ee:c4:b1:70:4b:04:45:5a:8b:09:4a:61:
         2b:f3:fb:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+1Po88R/x8ZDR+qd7EYUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkOGFkYTM1Mjk4MmEzMTliNTRkNWU0ODNkMzQ0MjYzNDY3
MzNlYTQwHhcNMjUwMTAxMTc0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTk2ZTMyMDg1MTljMzRmOTdjNDI5NzUyYWE0MDM2N2YxMTQyYTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoUJattbUrtCwQMHiJa6+2h7p0oxB
5S3aqzmxkLHWRxvdX8abku9N0Md6ID2ILH2xfNGx1/+OMgXJaCF0D/S1owIhmu2c
w08VE5/O6Jom+3heDq5WjfvR1DbMc5wnFD+Rjdo8d2Xl6eV7Ass/ELdQgY8zSRJ5
aUaZmjkoxWnXPGxdaUtFayBuxoymSX8yv0/VBGsuWsnpJk4oDDKiA//75Km24oUR
/Dpc3r6Eph/AGnWOvr93xsxaTNc7+/PDDX59SBXn5qWovzYRlsW4W9wd+QTgJs/i
1KwLbD0XbKO5U0j5ZRImPDF6pNvwZo4P0Pnvd4GAoTZqihxDseNbRdddCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCqW4yCFGcNPl8QpdSqkA2fxFCpGMB8GA1UdIwQY
MBaAFJ2K2jUpgqMZtU1eSD00QmNGcz6kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbllyYU5TbUNveG0xVFY1SVBUUkNZMFp6UHFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi9mNDg2M2EtYWVhZS00MmY3LWJhMTQt
ZWQ0YTEzOGM0MTEzLzEvS3BiaklJVVp3MC1YeENsMUtxUURaX0VVS2tZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi9mNDg2M2EtYWVhZS00MmY3LWJhMTQtZWQ0YTEzOGM0MTEz
LzEvbllyYU5TbUNveG0xVFY1SVBUUkNZMFp6UHFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwpJYMA0G
CSqGSIb3DQEBCwUAA4IBAQCdLaWQRJY0BzX/8UtV6WP7ZkVhcyl2GemCoAeFFzO5
KtWf+TQsBqLFKmSbDMWhatSGoEmjGyMPnLL1wpGO+WaJNrKbkiA6GrcfcmQo+dU5
7xlWITrnP41QtsUTjtjl4W3W6pJY9euqCq6vdRTLbOQOJqh9wyW3XrXQSJEOU30Z
vALqyQgd3GrDEf8c9iLlnXRlrq0YJnoEmcsaURd0cR9aQrt1IcTMNeBMw8Kl8MC9
Ab8J+OJxCpQyZ4F6s9qZi4uVK3R6jrlYSQSnHOCd01on8x1+S7MqvuKsjZ/sGhVC
1HgklsP1kO2ceDkISy8RX6XuxLFwSwRFWosJSmEr8/uL
-----END CERTIFICATE-----