Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/6744ac-9a1c-4013-be00-26a0b8def0c3/1/KG6jzdyZvsoXu639b6uxjJ94LA0.roa
File:                     KG6jzdyZvsoXu639b6uxjJ94LA0.roa (raw, json)
Hash identifier:          zuHbXITXPWpIjm5UWYo1gnuNJcxQg0P5glow8hcHCUc=
Subject key identifier:   28:6E:A3:CD:DC:99:BE:CA:17:BB:AD:FD:6F:AB:B1:8C:9F:78:2C:0D
Certificate issuer:       /CN=85b871d69395610465779323b91b34e69bfcf5b5
Certificate serial:       019716D20FAF6EC8D63C16F5422893404E4B
Authority key identifier: 85:B8:71:D6:93:95:61:04:65:77:93:23:B9:1B:34:E6:9B:FC:F5:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hbhx1pOVYQRld5MjuRs05pv89bU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/6744ac-9a1c-4013-be00-26a0b8def0c3/1/KG6jzdyZvsoXu639b6uxjJ94LA0.roa
Signing time:             Wed 28 May 2025 12:15:54 +0000
ROA not before:           Wed 28 May 2025 12:15:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203263
IP address blocks:        185.168.124.0/23 maxlen: 23
                          185.168.126.0/24 maxlen: 24
                          217.65.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/6744ac-9a1c-4013-be00-26a0b8def0c3/1/hbhx1pOVYQRld5MjuRs05pv89bU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/6744ac-9a1c-4013-be00-26a0b8def0c3/1/hbhx1pOVYQRld5MjuRs05pv89bU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hbhx1pOVYQRld5MjuRs05pv89bU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 09:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:16:d2:0f:af:6e:c8:d6:3c:16:f5:42:28:93:40:4e:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85b871d69395610465779323b91b34e69bfcf5b5
        Validity
            Not Before: May 28 12:15:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=286ea3cddc99beca17bbadfd6fabb18c9f782c0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:c0:2b:d4:51:d5:8e:f4:32:4a:07:b5:1f:e2:
                    2a:bf:fa:dd:0a:d6:d7:7a:4e:b3:78:2b:af:b5:f7:
                    8d:3b:a9:c7:c4:58:75:b0:27:57:e2:48:e1:66:38:
                    19:35:bb:ae:d8:31:c9:63:9d:d8:68:33:22:af:af:
                    0d:9b:87:6d:54:4c:ca:25:9b:08:a5:b3:c9:ca:1b:
                    dc:33:c3:e0:e0:64:7a:59:4e:44:03:c5:e1:54:22:
                    39:44:f0:cb:6b:53:4f:3f:72:d4:72:c2:25:32:ca:
                    f8:7d:91:4a:a4:b8:f1:c4:b4:1b:c5:03:1a:46:b3:
                    19:c9:9d:b0:52:c4:76:18:50:54:ea:19:b6:96:35:
                    9d:e3:14:09:d5:c2:77:2e:59:c7:32:fa:93:39:10:
                    54:f9:a2:72:c4:24:49:8d:9e:ab:1d:f8:75:47:be:
                    fa:42:78:b8:a4:92:31:fd:a7:a5:7f:55:9d:8f:88:
                    1e:0c:c6:b4:1f:3f:b8:3c:d1:9c:8a:9c:f0:11:84:
                    12:49:8a:3a:7b:a0:19:a9:ac:98:16:e0:51:fe:4a:
                    89:04:e9:1f:d8:47:fd:54:c6:ed:59:1b:6b:05:fb:
                    96:22:33:dc:40:ed:9d:9c:33:b0:b0:16:e8:0b:70:
                    8c:94:aa:02:e9:a7:13:8b:0b:e0:a5:45:91:52:8b:
                    0e:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:6E:A3:CD:DC:99:BE:CA:17:BB:AD:FD:6F:AB:B1:8C:9F:78:2C:0D
            X509v3 Authority Key Identifier:
                keyid:85:B8:71:D6:93:95:61:04:65:77:93:23:B9:1B:34:E6:9B:FC:F5:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hbhx1pOVYQRld5MjuRs05pv89bU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/6744ac-9a1c-4013-be00-26a0b8def0c3/1/KG6jzdyZvsoXu639b6uxjJ94LA0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/6744ac-9a1c-4013-be00-26a0b8def0c3/1/hbhx1pOVYQRld5MjuRs05pv89bU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.168.124.0-185.168.126.255
                  217.65.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:b5:0b:d5:e3:05:6c:10:fa:7a:f8:22:65:9e:60:fd:14:cd:
         c4:da:40:70:fd:8c:73:34:c9:ca:d9:dd:8c:7a:d2:a2:5b:c0:
         da:e2:4e:df:d1:79:35:ae:3f:d2:07:66:d7:95:b9:36:6e:fe:
         cb:ba:a7:18:6c:85:14:8a:26:ab:ce:c5:70:79:49:5d:79:1e:
         e0:aa:e6:eb:6a:7c:c4:a0:b3:22:db:5f:32:92:dd:18:90:69:
         11:25:df:a4:cf:b9:65:66:93:66:b4:ff:67:09:3f:37:9b:ed:
         70:f0:a7:0a:0f:c2:fb:42:d6:7b:5e:e8:76:e1:3f:28:fa:5e:
         b9:d1:1c:a2:a7:27:01:75:3f:16:97:00:c2:99:41:de:cd:e1:
         6a:6c:f8:49:12:32:24:76:40:a3:e2:22:fc:17:e3:64:0c:7a:
         4d:30:66:84:e4:d5:6a:a9:81:52:98:fa:3d:d5:c3:e1:0a:2a:
         43:44:ea:d1:e3:31:66:fc:28:1f:3f:19:a0:cf:70:03:f9:33:
         2c:c8:df:b2:72:9e:41:82:4c:a0:07:50:a6:0c:e7:2e:7c:2a:
         fb:dd:c9:bb:ec:c6:e9:8b:35:ea:59:36:77:05:2b:4a:77:64:
         16:40:87:48:5b:c7:87:61:d8:4f:49:d4:c9:b2:e3:f0:cc:78:
         8d:7a:8b:29
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZcW0g+vbsjWPBb1QiiTQE5LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1Yjg3MWQ2OTM5NTYxMDQ2NTc3OTMyM2I5MWIzNGU2OWJm
Y2Y1YjUwHhcNMjUwNTI4MTIxNTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODZlYTNjZGRjOTliZWNhMTdiYmFkZmQ2ZmFiYjE4YzlmNzgyYzBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt8Ar1FHVjvQySge1H+Iqv/rdCtbX
ek6zeCuvtfeNO6nHxFh1sCdX4kjhZjgZNbuu2DHJY53YaDMir68Nm4dtVEzKJZsI
pbPJyhvcM8Pg4GR6WU5EA8XhVCI5RPDLa1NPP3LUcsIlMsr4fZFKpLjxxLQbxQMa
RrMZyZ2wUsR2GFBU6hm2ljWd4xQJ1cJ3LlnHMvqTORBU+aJyxCRJjZ6rHfh1R776
Qni4pJIx/aelf1Wdj4geDMa0Hz+4PNGcipzwEYQSSYo6e6AZqayYFuBR/kqJBOkf
2Ef9VMbtWRtrBfuWIjPcQO2dnDOwsBboC3CMlKoC6acTiwvgpUWRUosOLQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFChuo83cmb7KF7ut/W+rsYyfeCwNMB8GA1UdIwQY
MBaAFIW4cdaTlWEEZXeTI7kbNOab/PW1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGJoeDFwT1ZZUVJsZDVNanVSczA1cHY4OWJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS82NzQ0YWMtOWExYy00MDEzLWJlMDAt
MjZhMGI4ZGVmMGMzLzEvS0c2anpkeVp2c29YdTYzOWI2dXhqSjk0TEEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS82NzQ0YWMtOWExYy00MDEzLWJlMDAtMjZhMGI4ZGVmMGMz
LzEvaGJoeDFwT1ZZUVJsZDVNanVSczA1cHY4OWJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAK5qHwD
BAC5qH4DBADZQUcwDQYJKoZIhvcNAQELBQADggEBABi1C9XjBWwQ+nr4ImWeYP0U
zcTaQHD9jHM0ycrZ3Yx60qJbwNriTt/ReTWuP9IHZteVuTZu/su6pxhshRSKJqvO
xXB5SV15HuCq5utqfMSgsyLbXzKS3RiQaREl36TPuWVmk2a0/2cJPzeb7XDwpwoP
wvtC1nte6HbhPyj6XrnRHKKnJwF1PxaXAMKZQd7N4Wps+EkSMiR2QKPiIvwX42QM
ek0wZoTk1WqpgVKY+j3Vw+EKKkNE6tHjMWb8KB8/GaDPcAP5MyzI37JynkGCTKAH
UKYM5y58KvvdybvsxumLNepZNncFK0p3ZBZAh0hbx4dh2E9J1Mmy4/DMeI16iyk=
-----END CERTIFICATE-----