Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/2cf2c1-1962-4b70-9e5b-fe855dabb75e/1/KhZxCrijEh6I5tUjdOiH08SDAlU.roa
File:                     KhZxCrijEh6I5tUjdOiH08SDAlU.roa (raw, json)
Hash identifier:          d7J/i0PvapKbq1ZXNQfO7tB9y3eyZqeGbgRInR/S46w=
Subject key identifier:   2A:16:71:0A:B8:A3:12:1E:88:E6:D5:23:74:E8:87:D3:C4:83:02:55
Certificate issuer:       /CN=43fad79548afc5c83e59bbfe388c64492cb55013
Certificate serial:       01970CC918E167D10867DFABADDF1DD1BE68
Authority key identifier: 43:FA:D7:95:48:AF:C5:C8:3E:59:BB:FE:38:8C:64:49:2C:B5:50:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q_rXlUivxcg-Wbv-OIxkSSy1UBM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/2cf2c1-1962-4b70-9e5b-fe855dabb75e/1/KhZxCrijEh6I5tUjdOiH08SDAlU.roa
Signing time:             Mon 26 May 2025 13:29:55 +0000
ROA not before:           Mon 26 May 2025 13:29:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44407
IP address blocks:        188.73.0.0/18 maxlen: 24
                          188.231.0.0/17 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/2cf2c1-1962-4b70-9e5b-fe855dabb75e/1/Q_rXlUivxcg-Wbv-OIxkSSy1UBM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/2cf2c1-1962-4b70-9e5b-fe855dabb75e/1/Q_rXlUivxcg-Wbv-OIxkSSy1UBM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q_rXlUivxcg-Wbv-OIxkSSy1UBM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Jun 2025 04:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:0c:c9:18:e1:67:d1:08:67:df:ab:ad:df:1d:d1:be:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43fad79548afc5c83e59bbfe388c64492cb55013
        Validity
            Not Before: May 26 13:29:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2a16710ab8a3121e88e6d52374e887d3c4830255
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:98:03:cc:30:ec:67:62:b0:4b:e2:69:6b:15:
                    7e:2b:0b:ed:a4:44:ae:28:36:bb:59:71:81:9f:9f:
                    41:53:0d:9a:dc:5e:89:79:7d:bb:46:a5:b9:87:1e:
                    d7:7e:a3:87:2a:e5:b2:3f:4f:a5:3e:e5:f3:6a:3f:
                    6f:9f:dc:10:56:72:bc:22:ab:bd:5c:80:ad:55:b2:
                    5c:43:b0:35:b0:91:7c:47:c3:a2:18:25:c0:63:90:
                    b9:b5:fb:fb:54:c9:59:65:8c:86:7f:55:52:1b:7e:
                    b7:ed:17:f0:0c:ec:77:b1:0d:01:75:59:03:5c:b7:
                    2f:9a:e9:f6:ed:16:2c:ed:9d:98:3a:c5:5f:25:25:
                    07:f3:7a:96:cb:18:55:98:af:a3:a8:3e:08:b1:21:
                    d1:35:a1:e7:53:89:fb:68:48:70:37:67:3a:43:e3:
                    ca:95:a8:bc:d1:e9:0e:08:f3:f1:78:ed:a5:cf:4c:
                    c9:49:03:5f:bc:f3:5a:37:5e:4f:10:12:91:d0:28:
                    eb:4f:70:9f:a7:8b:56:8a:a4:d5:b2:4d:7f:2a:b0:
                    ff:54:8b:18:36:50:eb:97:d1:4a:4d:62:16:80:9b:
                    ec:5f:b3:d2:e9:fb:86:f1:79:52:4f:ef:0f:8a:2f:
                    71:74:ac:3b:ac:d8:3a:7d:06:24:81:5b:8d:a9:d2:
                    58:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:16:71:0A:B8:A3:12:1E:88:E6:D5:23:74:E8:87:D3:C4:83:02:55
            X509v3 Authority Key Identifier:
                keyid:43:FA:D7:95:48:AF:C5:C8:3E:59:BB:FE:38:8C:64:49:2C:B5:50:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q_rXlUivxcg-Wbv-OIxkSSy1UBM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/2cf2c1-1962-4b70-9e5b-fe855dabb75e/1/KhZxCrijEh6I5tUjdOiH08SDAlU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/2cf2c1-1962-4b70-9e5b-fe855dabb75e/1/Q_rXlUivxcg-Wbv-OIxkSSy1UBM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.73.0.0/18
                  188.231.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         c3:fa:d6:01:8b:4c:ab:d9:f1:52:b6:b0:1a:14:c7:0b:26:da:
         2f:ec:e6:70:b0:70:11:9a:77:ff:ae:c0:f8:44:46:57:fb:b5:
         87:a3:38:85:a9:d8:2e:87:50:37:3f:52:4b:5c:36:c8:4e:ba:
         87:27:8e:7c:ee:99:4f:c3:7a:03:2d:54:92:e7:02:c7:19:c6:
         f5:a9:9d:36:8d:aa:f3:e0:aa:e0:d3:cc:5b:bb:7a:70:93:52:
         64:79:bf:ce:65:90:dd:86:6c:39:6c:7b:3b:42:7e:a3:64:f7:
         f4:6f:41:e8:4f:36:dd:6c:e7:97:82:87:56:79:3f:35:35:9f:
         f0:bf:c9:4f:ef:78:e7:95:88:3d:40:fa:ca:bd:b5:8d:5a:2e:
         fc:b6:4f:75:94:80:5e:78:62:f1:7c:d2:a1:7b:b4:68:10:d7:
         2e:d9:93:15:af:6b:8c:c8:a1:06:19:eb:25:15:51:0d:68:06:
         06:d7:4a:43:43:1c:c9:74:8b:f6:67:73:b6:c2:18:27:53:32:
         e2:8d:dd:4a:22:7b:8f:17:cf:0d:8e:8d:56:aa:12:aa:23:b0:
         f5:39:ff:bf:6b:e0:d0:13:a4:62:ff:fb:e6:d0:51:67:bc:f1:
         72:29:e8:54:4e:6e:f9:e3:5e:7f:8a:01:a9:78:2e:11:ba:66:
         71:96:47:30
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZcMyRjhZ9EIZ9+rrd8d0b5oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzZmFkNzk1NDhhZmM1YzgzZTU5YmJmZTM4OGM2NDQ5MmNi
NTUwMTMwHhcNMjUwNTI2MTMyOTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTE2NzEwYWI4YTMxMjFlODhlNmQ1MjM3NGU4ODdkM2M0ODMwMjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiZgDzDDsZ2KwS+JpaxV+KwvtpESu
KDa7WXGBn59BUw2a3F6JeX27RqW5hx7XfqOHKuWyP0+lPuXzaj9vn9wQVnK8Iqu9
XICtVbJcQ7A1sJF8R8OiGCXAY5C5tfv7VMlZZYyGf1VSG3637RfwDOx3sQ0BdVkD
XLcvmun27RYs7Z2YOsVfJSUH83qWyxhVmK+jqD4IsSHRNaHnU4n7aEhwN2c6Q+PK
lai80ekOCPPxeO2lz0zJSQNfvPNaN15PEBKR0CjrT3Cfp4tWiqTVsk1/KrD/VIsY
NlDrl9FKTWIWgJvsX7PS6fuG8XlST+8Pii9xdKw7rNg6fQYkgVuNqdJYPQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCoWcQq4oxIeiObVI3Toh9PEgwJVMB8GA1UdIwQY
MBaAFEP615VIr8XIPlm7/jiMZEkstVATMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUV9yWGxVaXZ4Y2ctV2J2LU9JeGtTU3kxVUJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC8yY2YyYzEtMTk2Mi00YjcwLTllNWIt
ZmU4NTVkYWJiNzVlLzEvS2haeENyaWpFaDZJNXRVamRPaUgwOFNEQWxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC8yY2YyYzEtMTk2Mi00YjcwLTllNWItZmU4NTVkYWJiNzVl
LzEvUV9yWGxVaXZ4Y2ctV2J2LU9JeGtTU3kxVUJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQGvEkAAwQH
vOcAMA0GCSqGSIb3DQEBCwUAA4IBAQDD+tYBi0yr2fFStrAaFMcLJtov7OZwsHAR
mnf/rsD4REZX+7WHoziFqdguh1A3P1JLXDbITrqHJ4587plPw3oDLVSS5wLHGcb1
qZ02jarz4Krg08xbu3pwk1Jkeb/OZZDdhmw5bHs7Qn6jZPf0b0HoTzbdbOeXgodW
eT81NZ/wv8lP73jnlYg9QPrKvbWNWi78tk91lIBeeGLxfNKhe7RoENcu2ZMVr2uM
yKEGGeslFVENaAYG10pDQxzJdIv2Z3O2whgnUzLijd1KInuPF88Njo1WqhKqI7D1
Of+/a+DQE6Ri//vm0FFnvPFyKehUTm75415/igGpeC4RumZxlkcw
-----END CERTIFICATE-----