Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/KNlAoqyQzi7-1u-gk423fXd-fqk.roa
File:                     KNlAoqyQzi7-1u-gk423fXd-fqk.roa (raw, json)
Hash identifier:          d0CymcnZWf6Tqsq8jUmID0nMStCCIzwj424+Qb4S5/Q=
Subject key identifier:   28:D9:40:A2:AC:90:CE:2E:FE:D6:EF:A0:93:8D:B7:7D:77:7E:7E:A9
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       01963EB327BD4E5AA0515DC94D33743371B0
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/KNlAoqyQzi7-1u-gk423fXd-fqk.roa
Signing time:             Wed 16 Apr 2025 13:04:10 +0000
ROA not before:           Wed 16 Apr 2025 13:04:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5511
IP address blocks:        212.69.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 16:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:3e:b3:27:bd:4e:5a:a0:51:5d:c9:4d:33:74:33:71:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Apr 16 13:04:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=28d940a2ac90ce2efed6efa0938db77d777e7ea9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:6f:94:6c:b2:d6:07:5d:ba:fe:87:17:85:73:
                    a5:82:4f:49:83:64:14:83:fb:2f:a7:be:b7:38:5c:
                    e3:5b:c0:7b:ad:9c:ce:f3:37:45:d1:a2:7b:4b:3f:
                    16:a5:6f:ca:00:92:a6:b6:d1:97:1c:ab:d5:ee:b4:
                    2b:cb:1f:d1:7c:70:cf:9f:d3:56:25:47:d8:10:e5:
                    32:91:51:6a:a7:1f:1a:70:fe:47:61:84:e4:35:1f:
                    fb:09:75:48:a5:cc:9e:01:9b:d3:c6:a3:d5:15:4d:
                    23:1a:cd:47:1c:35:d6:ac:67:e4:d8:c4:a6:51:a8:
                    76:26:1c:ac:6d:12:1b:07:de:98:f3:15:04:71:4d:
                    df:ac:cd:21:55:12:44:f9:71:6a:dd:aa:9f:e5:d9:
                    6a:d8:b2:c9:a6:07:46:01:fe:89:b3:61:d1:46:a9:
                    b2:2c:d1:b4:3e:e7:cf:0f:91:30:9c:01:65:15:20:
                    c2:f5:f1:08:aa:8a:1c:d5:e9:a1:a9:57:9d:57:f6:
                    d0:1b:45:48:c6:c4:70:91:fa:f7:d7:d3:84:ab:a9:
                    b7:3f:58:46:00:63:29:73:c8:2e:6a:31:63:21:e8:
                    7d:62:38:77:56:43:fa:a9:57:0a:c9:9c:45:95:eb:
                    17:ed:d6:74:4b:20:22:72:85:6e:9c:1f:29:d7:70:
                    fc:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:D9:40:A2:AC:90:CE:2E:FE:D6:EF:A0:93:8D:B7:7D:77:7E:7E:A9
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/KNlAoqyQzi7-1u-gk423fXd-fqk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.69.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:47:48:94:1b:f8:ba:86:c8:e2:e4:78:af:9f:b5:6e:b6:c9:
         21:9a:fc:cb:31:3c:53:f7:be:6c:22:99:ca:fa:6d:7f:a8:bd:
         f4:97:6b:0e:6e:86:d8:85:c5:82:c7:56:d3:e0:ab:8d:6a:26:
         8f:81:f4:f0:61:1c:be:20:df:cd:7f:1f:02:f5:60:95:b0:d9:
         8a:73:86:8f:2e:b2:63:16:07:68:0c:0f:c9:08:fd:c6:84:ac:
         3b:19:c7:48:85:4e:24:83:9a:6d:c9:64:c3:35:aa:1c:ba:7d:
         3c:06:36:d1:08:60:a9:37:66:41:e5:29:8b:07:cc:a1:cb:e6:
         fa:80:0e:66:fe:d0:fe:59:3d:87:d8:ed:8f:17:b1:92:71:71:
         eb:cf:40:c9:3f:e6:ed:9b:c1:94:2a:5f:bb:74:d7:bf:02:fc:
         34:8c:3d:88:db:41:32:dd:f3:95:95:ef:d0:99:14:52:b6:af:
         7d:18:7d:3e:55:d6:15:60:c5:49:71:60:93:66:3d:2c:4b:a9:
         2c:66:8d:a2:2f:82:96:c7:a8:fb:08:74:9a:27:f3:73:b1:1f:
         36:99:5f:f3:6f:93:12:0c:a5:81:ea:7a:ee:20:db:f5:a0:31:
         36:d3:31:25:71:d7:88:14:9d:6e:c4:63:9d:b3:e3:69:6f:ae:
         c4:28:16:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZY+sye9TlqgUV3JTTN0M3GwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjUwNDE2MTMwNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGQ5NDBhMmFjOTBjZTJlZmVkNmVmYTA5MzhkYjc3ZDc3N2U3ZWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxG+UbLLWB126/ocXhXOlgk9Jg2QU
g/svp763OFzjW8B7rZzO8zdF0aJ7Sz8WpW/KAJKmttGXHKvV7rQryx/RfHDPn9NW
JUfYEOUykVFqpx8acP5HYYTkNR/7CXVIpcyeAZvTxqPVFU0jGs1HHDXWrGfk2MSm
Uah2JhysbRIbB96Y8xUEcU3frM0hVRJE+XFq3aqf5dlq2LLJpgdGAf6Js2HRRqmy
LNG0PufPD5EwnAFlFSDC9fEIqooc1emhqVedV/bQG0VIxsRwkfr319OEq6m3P1hG
AGMpc8guajFjIeh9Yjh3VkP6qVcKyZxFlesX7dZ0SyAicoVunB8p13D8DQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCjZQKKskM4u/tbvoJONt313fn6pMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvS05sQW9xeVF6aTctMXUtZ2s0MjNmWGQtZnFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1EUBMA0G
CSqGSIb3DQEBCwUAA4IBAQCfR0iUG/i6hsji5Hivn7VutskhmvzLMTxT975sIpnK
+m1/qL30l2sObobYhcWCx1bT4KuNaiaPgfTwYRy+IN/Nfx8C9WCVsNmKc4aPLrJj
FgdoDA/JCP3GhKw7GcdIhU4kg5ptyWTDNaocun08BjbRCGCpN2ZB5SmLB8yhy+b6
gA5m/tD+WT2H2O2PF7GScXHrz0DJP+btm8GUKl+7dNe/Avw0jD2I20Ey3fOVle/Q
mRRStq99GH0+VdYVYMVJcWCTZj0sS6ksZo2iL4KWx6j7CHSaJ/NzsR82mV/zb5MS
DKWB6nruINv1oDE20zElcdeIFJ1uxGOds+Npb67EKBa4
-----END CERTIFICATE-----