Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/e62e0c-25eb-4c95-8002-87f1cf73a43a/1/kRaJhPTv6AA3evpLDRDPj-DpMRE.roa
File:                     kRaJhPTv6AA3evpLDRDPj-DpMRE.roa (raw, json)
Hash identifier:          7JRuwVtlOrNDlLTW+rHW8uN2fSnzcu7/YmU6Ma1CHpE=
Subject key identifier:   91:16:89:84:F4:EF:E8:00:37:7A:FA:4B:0D:10:CF:8F:E0:E9:31:11
Certificate issuer:       /CN=e67c1145d18554698edd99d7cd199cd3c02b2a15
Certificate serial:       019420D5CABF83B8BD533CF5DB775215AA4A
Authority key identifier: E6:7C:11:45:D1:85:54:69:8E:DD:99:D7:CD:19:9C:D3:C0:2B:2A:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5nwRRdGFVGmO3ZnXzRmc08ArKhU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/e62e0c-25eb-4c95-8002-87f1cf73a43a/1/kRaJhPTv6AA3evpLDRDPj-DpMRE.roa
Signing time:             Wed 01 Jan 2025 07:47:49 +0000
ROA not before:           Wed 01 Jan 2025 07:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34564
IP address blocks:        194.126.228.0/24 maxlen: 24
                          2001:67c:2310::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/e62e0c-25eb-4c95-8002-87f1cf73a43a/1/5nwRRdGFVGmO3ZnXzRmc08ArKhU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/e62e0c-25eb-4c95-8002-87f1cf73a43a/1/5nwRRdGFVGmO3ZnXzRmc08ArKhU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5nwRRdGFVGmO3ZnXzRmc08ArKhU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 04:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:ca:bf:83:b8:bd:53:3c:f5:db:77:52:15:aa:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e67c1145d18554698edd99d7cd199cd3c02b2a15
        Validity
            Not Before: Jan  1 07:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=91168984f4efe800377afa4b0d10cf8fe0e93111
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:f1:c2:2a:f1:af:c2:54:63:3a:f4:34:48:4b:
                    cc:fb:82:b2:a2:53:ff:02:e3:0b:56:bf:08:64:af:
                    e2:1f:cb:12:cd:f0:b5:35:46:f6:36:8f:fb:c4:1f:
                    ed:72:58:dd:95:09:92:61:53:b3:b7:6f:f2:99:54:
                    19:1b:10:7a:a5:29:8f:36:2f:f1:b3:de:36:1f:1a:
                    ae:76:98:a7:85:d5:0d:f7:72:9d:92:c9:53:95:70:
                    35:08:7f:11:fa:ea:8e:83:c9:f6:be:44:40:46:b1:
                    cd:1a:a0:c5:3c:43:64:81:9e:f2:d9:74:ab:e8:2d:
                    bb:d3:25:f2:ff:56:1d:a8:03:8e:16:94:53:67:8f:
                    c6:e1:6b:77:6f:53:b8:cf:7e:e0:e2:18:05:ee:b8:
                    2a:3d:37:06:a1:68:52:08:d8:85:65:ce:6a:35:c2:
                    60:a3:ef:f6:10:05:7d:08:12:b9:51:9d:d0:9b:04:
                    99:db:34:06:45:30:73:96:d3:f6:e9:5c:fa:8b:02:
                    8a:bd:9f:48:90:b1:70:c8:4d:54:1a:1f:5f:76:4c:
                    41:57:6c:93:9b:2c:87:ae:1a:ed:6e:2d:ac:95:6c:
                    35:0a:85:0e:44:cf:f9:a0:5c:72:13:e3:64:0d:e0:
                    31:f3:80:c9:ce:31:32:14:cb:87:b3:ec:e8:c7:1b:
                    9f:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:16:89:84:F4:EF:E8:00:37:7A:FA:4B:0D:10:CF:8F:E0:E9:31:11
            X509v3 Authority Key Identifier:
                keyid:E6:7C:11:45:D1:85:54:69:8E:DD:99:D7:CD:19:9C:D3:C0:2B:2A:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5nwRRdGFVGmO3ZnXzRmc08ArKhU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/e62e0c-25eb-4c95-8002-87f1cf73a43a/1/kRaJhPTv6AA3evpLDRDPj-DpMRE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/e62e0c-25eb-4c95-8002-87f1cf73a43a/1/5nwRRdGFVGmO3ZnXzRmc08ArKhU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.126.228.0/24
                IPv6:
                  2001:67c:2310::/48

    Signature Algorithm: sha256WithRSAEncryption
         a8:89:83:64:7e:73:48:53:9b:d3:7b:f3:65:93:31:15:31:8f:
         d7:25:a8:04:e1:1a:47:f1:26:48:65:20:87:83:13:d3:cd:55:
         61:49:af:5b:a9:b7:3a:72:f8:41:4e:73:77:13:6f:cd:af:89:
         eb:05:37:45:4f:21:40:07:0c:ee:fb:bf:07:a5:2c:7a:11:74:
         0c:8f:bc:4d:05:68:0c:6e:17:9f:49:b7:68:61:62:2f:dd:01:
         23:35:94:be:33:13:06:3f:72:9a:39:3d:90:d7:e2:fe:96:fc:
         88:6f:9a:21:59:b6:e8:9b:f5:cf:0b:21:41:12:00:b2:d5:9b:
         0e:01:59:4f:53:b3:bd:b9:cd:8d:49:3a:28:83:5a:29:42:b1:
         47:7b:cb:ed:eb:75:a5:31:2b:52:ff:ea:8b:76:a5:52:96:e7:
         38:1e:d1:50:fe:84:9c:c0:1e:c6:c4:de:4a:e2:78:94:dd:1b:
         98:e1:ab:ad:dc:c1:5f:1d:74:c6:ff:2b:1b:2e:c4:3f:a0:ea:
         78:5e:77:8f:b1:b9:87:8e:90:be:69:3d:cc:93:e1:dc:25:65:
         fc:2f:58:a2:de:fc:09:e3:c0:2e:35:0c:14:4f:58:51:f4:2a:
         e7:dd:90:39:3c:f5:1f:8a:5e:a2:27:8c:15:cf:ab:e4:de:18:
         b3:ac:7f:7b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQg1cq/g7i9Uzz123dSFapKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2N2MxMTQ1ZDE4NTU0Njk4ZWRkOTlkN2NkMTk5Y2QzYzAy
YjJhMTUwHhcNMjUwMTAxMDc0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTE2ODk4NGY0ZWZlODAwMzc3YWZhNGIwZDEwY2Y4ZmUwZTkzMTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7vHCKvGvwlRjOvQ0SEvM+4KyolP/
AuMLVr8IZK/iH8sSzfC1NUb2No/7xB/tcljdlQmSYVOzt2/ymVQZGxB6pSmPNi/x
s942HxqudpinhdUN93KdkslTlXA1CH8R+uqOg8n2vkRARrHNGqDFPENkgZ7y2XSr
6C270yXy/1YdqAOOFpRTZ4/G4Wt3b1O4z37g4hgF7rgqPTcGoWhSCNiFZc5qNcJg
o+/2EAV9CBK5UZ3QmwSZ2zQGRTBzltP26Vz6iwKKvZ9IkLFwyE1UGh9fdkxBV2yT
myyHrhrtbi2slWw1CoUORM/5oFxyE+NkDeAx84DJzjEyFMuHs+zoxxufVwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJEWiYT07+gAN3r6Sw0Qz4/g6TERMB8GA1UdIwQY
MBaAFOZ8EUXRhVRpjt2Z180ZnNPAKyoVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNW53UlJkR0ZWR21PM1puWHpSbWMwOEFyS2hVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9lNjJlMGMtMjVlYi00Yzk1LTgwMDIt
ODdmMWNmNzNhNDNhLzEva1JhSmhQVHY2QUEzZXZwTERSRFBqLURwTVJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi9lNjJlMGMtMjVlYi00Yzk1LTgwMDItODdmMWNmNzNhNDNh
LzEvNW53UlJkR0ZWR21PM1puWHpSbWMwOEFyS2hVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwn7kMA8E
AgACMAkDBwAgAQZ8IxAwDQYJKoZIhvcNAQELBQADggEBAKiJg2R+c0hTm9N782WT
MRUxj9clqAThGkfxJkhlIIeDE9PNVWFJr1uptzpy+EFOc3cTb82viesFN0VPIUAH
DO77vwelLHoRdAyPvE0FaAxuF59Jt2hhYi/dASM1lL4zEwY/cpo5PZDX4v6W/Ihv
miFZtuib9c8LIUESALLVmw4BWU9Ts725zY1JOiiDWilCsUd7y+3rdaUxK1L/6ot2
pVKW5zge0VD+hJzAHsbE3krieJTdG5jhq63cwV8ddMb/KxsuxD+g6nhed4+xuYeO
kL5pPcyT4dwlZfwvWKLe/AnjwC41DBRPWFH0KufdkDk89R+KXqInjBXPq+TeGLOs
f3s=
-----END CERTIFICATE-----