Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/b228d9-7ff3-4c40-95a6-8a36a6facd50/1/knkqtZcmX5gSTiCaXxHQZfriQgw.roa
File:                     knkqtZcmX5gSTiCaXxHQZfriQgw.roa (raw, json)
Hash identifier:          E9ZLKfrMdp8ZIK1kQ0GbAJkgNgAmhxZR6M5lJ1uXi1w=
Subject key identifier:   92:79:2A:B5:97:26:5F:98:12:4E:20:9A:5F:11:D0:65:FA:E2:42:0C
Certificate issuer:       /CN=4092c47db8a21931154605d576c3b7341d06b4b4
Certificate serial:       019423D6D5D06A2E13088874D5070E49674E
Authority key identifier: 40:92:C4:7D:B8:A2:19:31:15:46:05:D5:76:C3:B7:34:1D:06:B4:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QJLEfbiiGTEVRgXVdsO3NB0GtLQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/b228d9-7ff3-4c40-95a6-8a36a6facd50/1/knkqtZcmX5gSTiCaXxHQZfriQgw.roa
Signing time:             Wed 01 Jan 2025 21:47:49 +0000
ROA not before:           Wed 01 Jan 2025 21:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206238
IP address blocks:        185.93.175.0/24 maxlen: 24
                          2a10:3780::/29 maxlen: 29
                          2a10:3780:2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/b228d9-7ff3-4c40-95a6-8a36a6facd50/1/QJLEfbiiGTEVRgXVdsO3NB0GtLQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/b228d9-7ff3-4c40-95a6-8a36a6facd50/1/QJLEfbiiGTEVRgXVdsO3NB0GtLQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QJLEfbiiGTEVRgXVdsO3NB0GtLQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:d5:d0:6a:2e:13:08:88:74:d5:07:0e:49:67:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4092c47db8a21931154605d576c3b7341d06b4b4
        Validity
            Not Before: Jan  1 21:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=92792ab597265f98124e209a5f11d065fae2420c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:ee:7c:82:32:8b:6a:6f:4a:e4:c3:62:26:80:
                    76:a0:cd:08:e4:b1:6e:2b:6b:6f:ad:ed:d4:47:3d:
                    f6:b0:12:69:0c:63:e7:4d:99:ef:0c:4b:15:52:d8:
                    2a:56:44:0a:f3:e2:31:30:38:5b:7b:e9:3e:2a:08:
                    bc:86:5f:1b:e4:db:46:cd:0b:b8:ca:a3:90:68:b8:
                    21:cf:e3:a6:cb:a5:4f:7b:7a:80:97:96:e8:83:46:
                    f8:d3:e3:48:19:40:c7:1b:93:9b:4f:f1:48:14:06:
                    07:fc:42:c7:b2:b9:0d:35:5e:51:9a:87:69:d6:f6:
                    fc:e0:cf:be:e3:0d:0b:d9:fb:1c:11:47:7f:1e:6d:
                    6b:17:03:00:15:86:95:3a:3b:3c:63:f0:94:ca:e9:
                    33:33:95:2e:16:9d:17:af:1f:d7:e1:37:b5:33:f9:
                    20:7d:c7:34:59:fc:c7:84:52:9f:70:30:fa:ab:6a:
                    2f:f1:cc:8a:c1:65:32:18:aa:e7:d7:18:d2:83:84:
                    7f:ed:90:3a:1f:12:2c:3d:b5:35:0b:d2:c7:10:cd:
                    2e:02:ed:15:8f:72:d4:b0:61:87:e1:2c:f1:dc:72:
                    87:48:16:f9:66:2e:55:b2:a9:28:90:01:b8:b5:85:
                    32:e5:61:eb:37:8a:99:6b:92:40:78:9b:09:ce:9a:
                    2f:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:79:2A:B5:97:26:5F:98:12:4E:20:9A:5F:11:D0:65:FA:E2:42:0C
            X509v3 Authority Key Identifier:
                keyid:40:92:C4:7D:B8:A2:19:31:15:46:05:D5:76:C3:B7:34:1D:06:B4:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QJLEfbiiGTEVRgXVdsO3NB0GtLQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/b228d9-7ff3-4c40-95a6-8a36a6facd50/1/knkqtZcmX5gSTiCaXxHQZfriQgw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/b228d9-7ff3-4c40-95a6-8a36a6facd50/1/QJLEfbiiGTEVRgXVdsO3NB0GtLQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.93.175.0/24
                IPv6:
                  2a10:3780::/29

    Signature Algorithm: sha256WithRSAEncryption
         54:0b:af:fd:25:e6:bb:72:dd:75:ad:af:26:a0:b7:04:9d:13:
         39:9d:3d:66:3c:2e:5e:50:44:6b:3f:b6:0a:47:df:c0:c2:fc:
         f9:76:14:47:5d:e2:f6:4d:bf:67:85:d6:b8:67:b1:57:df:61:
         79:cf:ec:db:dc:9a:02:22:27:fb:5d:02:b3:5b:95:d1:97:94:
         94:4b:a3:09:69:f1:7a:3b:97:fd:1b:05:06:aa:79:ae:50:13:
         39:0f:26:d7:ea:8b:5a:bd:94:18:8d:a8:03:12:b8:e3:63:ab:
         f7:96:59:43:0d:7c:58:ad:17:b4:5e:36:d6:44:99:20:3b:cc:
         c2:ac:07:ca:0f:cf:8f:87:0d:82:94:4b:fe:49:89:4a:81:db:
         36:9a:dc:3b:a5:8a:93:87:a0:1e:db:36:ba:6c:ae:7b:76:49:
         81:89:27:7a:28:60:db:3c:7b:41:53:6a:e6:1c:d0:e6:72:fb:
         9b:de:ed:8f:0c:fa:4d:d8:0e:ac:58:62:98:78:75:9d:4d:1b:
         04:3a:18:8a:a9:18:4b:2f:7a:0b:64:7a:02:ae:cd:43:3c:e4:
         fd:32:61:fc:3d:d9:3f:60:1a:78:34:2d:0f:4e:dc:13:9f:25:
         7c:d8:55:af:b2:24:3e:95:a4:52:50:c4:fc:e1:1b:d2:25:50:
         e2:3b:d1:ef
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQj1tXQai4TCIh01QcOSWdOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwOTJjNDdkYjhhMjE5MzExNTQ2MDVkNTc2YzNiNzM0MWQw
NmI0YjQwHhcNMjUwMTAxMjE0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Mjc5MmFiNTk3MjY1Zjk4MTI0ZTIwOWE1ZjExZDA2NWZhZTI0MjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2O58gjKLam9K5MNiJoB2oM0I5LFu
K2tvre3URz32sBJpDGPnTZnvDEsVUtgqVkQK8+IxMDhbe+k+Kgi8hl8b5NtGzQu4
yqOQaLghz+Omy6VPe3qAl5bog0b40+NIGUDHG5ObT/FIFAYH/ELHsrkNNV5Rmodp
1vb84M++4w0L2fscEUd/Hm1rFwMAFYaVOjs8Y/CUyukzM5UuFp0Xrx/X4Te1M/kg
fcc0WfzHhFKfcDD6q2ov8cyKwWUyGKrn1xjSg4R/7ZA6HxIsPbU1C9LHEM0uAu0V
j3LUsGGH4Szx3HKHSBb5Zi5VsqkokAG4tYUy5WHrN4qZa5JAeJsJzpov6wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJJ5KrWXJl+YEk4gml8R0GX64kIMMB8GA1UdIwQY
MBaAFECSxH24ohkxFUYF1XbDtzQdBrS0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUpMRWZiaWlHVEVWUmdYVmRzTzNOQjBHdExRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9iMjI4ZDktN2ZmMy00YzQwLTk1YTYt
OGEzNmE2ZmFjZDUwLzEva25rcXRaY21YNWdTVGlDYVh4SFFaZnJpUWd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9iMjI4ZDktN2ZmMy00YzQwLTk1YTYtOGEzNmE2ZmFjZDUw
LzEvUUpMRWZiaWlHVEVWUmdYVmRzTzNOQjBHdExRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuV2vMA0E
AgACMAcDBQMqEDeAMA0GCSqGSIb3DQEBCwUAA4IBAQBUC6/9Jea7ct11ra8moLcE
nRM5nT1mPC5eUERrP7YKR9/Awvz5dhRHXeL2Tb9nhda4Z7FX32F5z+zb3JoCIif7
XQKzW5XRl5SUS6MJafF6O5f9GwUGqnmuUBM5DybX6otavZQYjagDErjjY6v3lllD
DXxYrRe0XjbWRJkgO8zCrAfKD8+Phw2ClEv+SYlKgds2mtw7pYqTh6Ae2za6bK57
dkmBiSd6KGDbPHtBU2rmHNDmcvub3u2PDPpN2A6sWGKYeHWdTRsEOhiKqRhLL3oL
ZHoCrs1DPOT9MmH8Pdk/YBp4NC0PTtwTnyV82FWvsiQ+laRSUMT84RvSJVDiO9Hv
-----END CERTIFICATE-----