Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/kPSNnw4_4qELTdWvaGuzZV1m1HA.roa
File:                     kPSNnw4_4qELTdWvaGuzZV1m1HA.roa (raw, json)
Hash identifier:          4wdK73NzeZ3ZvPINCQjy0JUV5WCBpYsSrh/XOjnZGIg=
Subject key identifier:   90:F4:8D:9F:0E:3F:E2:A1:0B:4D:D5:AF:68:6B:B3:65:5D:66:D4:70
Certificate issuer:       /CN=e760126dce78bc16e66c2e6e7635848ac46846af
Certificate serial:       019423D7F67AF8E8E91755D8CE9F8C89F961
Authority key identifier: E7:60:12:6D:CE:78:BC:16:E6:6C:2E:6E:76:35:84:8A:C4:68:46:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/52ASbc54vBbmbC5udjWEisRoRq8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/kPSNnw4_4qELTdWvaGuzZV1m1HA.roa
Signing time:             Wed 01 Jan 2025 21:49:03 +0000
ROA not before:           Wed 01 Jan 2025 21:49:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31715
IP address blocks:        146.247.101.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/52ASbc54vBbmbC5udjWEisRoRq8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/52ASbc54vBbmbC5udjWEisRoRq8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/52ASbc54vBbmbC5udjWEisRoRq8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:f6:7a:f8:e8:e9:17:55:d8:ce:9f:8c:89:f9:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e760126dce78bc16e66c2e6e7635848ac46846af
        Validity
            Not Before: Jan  1 21:49:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=90f48d9f0e3fe2a10b4dd5af686bb3655d66d470
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:55:ed:bb:12:6f:ec:a5:91:4b:09:50:f0:bc:
                    6d:46:1f:02:1d:f3:22:d1:ca:a7:6d:44:3d:70:67:
                    9e:2f:a0:31:9f:6f:26:cf:f6:5a:b2:57:f2:e3:13:
                    b0:9d:c3:8f:42:c9:ba:d5:12:77:1d:2d:1a:64:9d:
                    a1:62:f1:17:ee:b5:38:81:e3:fe:ba:5c:b0:9f:8a:
                    2f:2e:ca:2b:b4:f7:be:85:7c:e8:db:94:fa:d1:cb:
                    a7:2a:6b:dc:e6:a9:46:ca:34:a9:1a:89:79:de:0b:
                    c8:4f:2e:39:47:a5:0d:d3:45:0c:75:c7:75:52:6b:
                    18:8a:95:a1:9e:ae:26:b9:8c:0d:83:b4:e9:42:8a:
                    6c:e2:b8:34:11:8e:96:3e:55:ec:70:26:99:e1:e5:
                    48:ab:94:98:8c:0f:e9:ee:5b:c8:99:58:ce:07:e1:
                    f4:a0:53:7e:4a:1e:83:9b:e2:ff:e3:50:e5:3d:4a:
                    36:fa:9c:17:7d:d6:ed:81:25:c8:73:a8:70:5a:18:
                    10:fa:e8:1c:92:74:4e:1a:28:ce:13:26:95:67:72:
                    21:15:d5:40:0c:5d:c4:f6:99:7a:0a:df:1f:45:4c:
                    0d:90:73:d3:0b:d1:67:10:88:6f:43:8e:79:f5:4d:
                    02:bc:c9:88:09:c3:00:a0:ff:c2:a1:c8:be:6d:e5:
                    26:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:F4:8D:9F:0E:3F:E2:A1:0B:4D:D5:AF:68:6B:B3:65:5D:66:D4:70
            X509v3 Authority Key Identifier:
                keyid:E7:60:12:6D:CE:78:BC:16:E6:6C:2E:6E:76:35:84:8A:C4:68:46:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/52ASbc54vBbmbC5udjWEisRoRq8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/kPSNnw4_4qELTdWvaGuzZV1m1HA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/52ASbc54vBbmbC5udjWEisRoRq8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.247.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:9a:0a:eb:fd:a3:e6:c2:be:c5:ad:f8:4a:3a:c6:74:51:3b:
         2a:3a:25:e3:47:61:b9:2f:94:25:d8:51:e5:2c:45:f1:6f:cb:
         f3:7e:fb:c9:ac:f4:4a:1c:7b:ab:9f:b6:fd:77:6c:76:bd:20:
         49:2c:09:4c:85:d2:f0:ad:21:5e:a2:6d:02:a0:55:6a:42:49:
         ac:5b:51:07:6e:69:c3:2f:77:e4:10:94:42:f1:ea:71:91:51:
         eb:72:5c:70:96:eb:9d:77:c0:82:86:e9:1f:5e:3a:1e:a6:61:
         57:53:85:5b:9b:20:8a:54:5f:3d:1d:d2:78:8e:71:84:4f:6d:
         19:fc:17:97:40:01:75:05:6b:ea:45:c6:93:2b:1f:10:5b:89:
         17:18:f1:6f:7f:43:f6:61:40:72:5d:71:fa:6c:44:a4:cd:d1:
         37:61:00:96:46:a2:58:f6:31:14:63:44:f1:99:49:ba:f7:71:
         e6:4b:f4:57:d7:62:45:27:98:fc:29:14:fe:ca:98:31:16:a9:
         88:53:c5:4d:e2:29:1b:a9:d3:aa:69:e2:49:13:e5:95:ed:39:
         17:dd:3b:d1:1d:52:35:0a:fd:53:14:79:55:7e:24:3f:f2:e1:
         8d:ca:e0:82:40:14:34:aa:7a:62:df:86:b5:b2:49:4a:3c:d7:
         37:cb:7c:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1/Z6+OjpF1XYzp+MiflhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NjAxMjZkY2U3OGJjMTZlNjZjMmU2ZTc2MzU4NDhhYzQ2
ODQ2YWYwHhcNMjUwMTAxMjE0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGY0OGQ5ZjBlM2ZlMmExMGI0ZGQ1YWY2ODZiYjM2NTVkNjZkNDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAolXtuxJv7KWRSwlQ8LxtRh8CHfMi
0cqnbUQ9cGeeL6Axn28mz/Zaslfy4xOwncOPQsm61RJ3HS0aZJ2hYvEX7rU4geP+
ulywn4ovLsortPe+hXzo25T60cunKmvc5qlGyjSpGol53gvITy45R6UN00UMdcd1
UmsYipWhnq4muYwNg7TpQops4rg0EY6WPlXscCaZ4eVIq5SYjA/p7lvImVjOB+H0
oFN+Sh6Dm+L/41DlPUo2+pwXfdbtgSXIc6hwWhgQ+ugcknROGijOEyaVZ3IhFdVA
DF3E9pl6Ct8fRUwNkHPTC9FnEIhvQ4559U0CvMmICcMAoP/Coci+beUmGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJD0jZ8OP+KhC03Vr2hrs2VdZtRwMB8GA1UdIwQY
MBaAFOdgEm3OeLwW5mwubnY1hIrEaEavMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTJBU2JjNTR2QmJtYkM1dWRqV0Vpc1JvUnE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS80ODhmNjEtMmYwMC00NjM5LTk3Yjgt
ZDI0ZjU2MmRlZGQyLzEva1BTTm53NF80cUVMVGRXdmFHdXpaVjFtMUhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS80ODhmNjEtMmYwMC00NjM5LTk3YjgtZDI0ZjU2MmRlZGQy
LzEvNTJBU2JjNTR2QmJtYkM1dWRqV0Vpc1JvUnE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkvdlMA0G
CSqGSIb3DQEBCwUAA4IBAQBomgrr/aPmwr7FrfhKOsZ0UTsqOiXjR2G5L5Ql2FHl
LEXxb8vzfvvJrPRKHHurn7b9d2x2vSBJLAlMhdLwrSFeom0CoFVqQkmsW1EHbmnD
L3fkEJRC8epxkVHrclxwluudd8CChukfXjoepmFXU4VbmyCKVF89HdJ4jnGET20Z
/BeXQAF1BWvqRcaTKx8QW4kXGPFvf0P2YUByXXH6bESkzdE3YQCWRqJY9jEUY0Tx
mUm693HmS/RX12JFJ5j8KRT+ypgxFqmIU8VN4ikbqdOqaeJJE+WV7TkX3TvRHVI1
Cv1TFHlVfiQ/8uGNyuCCQBQ0qnpi34a1sklKPNc3y3wV
-----END CERTIFICATE-----