Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/d5d846-9ac8-41f5-8604-eae600a52c01/1/KIJNA59uDb5jeuperkH1ytHHaXY.roa
File:                     KIJNA59uDb5jeuperkH1ytHHaXY.roa (raw, json)
Hash identifier:          FNj6mHvJhlFniaYHRv1Jg0zqnMbw0aJyG3OHR4imABM=
Subject key identifier:   28:82:4D:03:9F:6E:0D:BE:63:7A:EA:5E:AE:41:F5:CA:D1:C7:69:76
Certificate issuer:       /CN=dac2845c61dac2ea50cacb83fd09311a30e3a90e
Certificate serial:       01975EF842A93E3C9585A5B0B96AB87969D9
Authority key identifier: DA:C2:84:5C:61:DA:C2:EA:50:CA:CB:83:FD:09:31:1A:30:E3:A9:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2sKEXGHawupQysuD_QkxGjDjqQ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/d5d846-9ac8-41f5-8604-eae600a52c01/1/KIJNA59uDb5jeuperkH1ytHHaXY.roa
Signing time:             Wed 11 Jun 2025 12:30:17 +0000
ROA not before:           Wed 11 Jun 2025 12:30:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197764
IP address blocks:        193.8.61.0/24 maxlen: 24
                          193.8.182.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/d5d846-9ac8-41f5-8604-eae600a52c01/1/2sKEXGHawupQysuD_QkxGjDjqQ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/d5d846-9ac8-41f5-8604-eae600a52c01/1/2sKEXGHawupQysuD_QkxGjDjqQ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2sKEXGHawupQysuD_QkxGjDjqQ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Jun 2025 06:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:5e:f8:42:a9:3e:3c:95:85:a5:b0:b9:6a:b8:79:69:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dac2845c61dac2ea50cacb83fd09311a30e3a90e
        Validity
            Not Before: Jun 11 12:30:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=28824d039f6e0dbe637aea5eae41f5cad1c76976
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:0c:19:b1:a3:54:49:e1:fd:e9:04:d1:02:17:
                    c8:82:23:6c:7d:7b:a0:ea:c0:91:24:bb:2b:22:46:
                    cd:76:ef:d1:1a:e7:6a:79:15:0a:ce:b6:b5:12:f2:
                    03:3c:bf:e3:fd:28:d6:f6:cb:da:81:73:68:82:c3:
                    cc:5a:f3:14:ad:78:fa:cc:35:07:d1:5d:d5:59:b3:
                    58:9b:30:a0:a4:ac:94:52:6c:13:5e:2f:b6:cf:fa:
                    fd:fa:86:a8:41:c7:37:bc:39:20:db:dd:9a:d4:02:
                    bc:6d:00:26:5e:64:14:22:04:df:49:7a:f2:61:e3:
                    d3:23:21:a1:b8:46:fc:2c:ba:22:70:49:4e:55:a3:
                    f3:1d:90:8d:cc:61:3f:8b:3f:0a:15:d9:34:4a:36:
                    23:3b:99:dc:6d:55:71:24:3c:48:d0:45:69:d9:d7:
                    c1:71:43:27:62:e0:92:1e:66:7e:d8:cb:27:c9:df:
                    01:1d:6b:d8:6a:c2:86:eb:52:dd:c9:b6:39:df:e3:
                    5c:ee:e8:23:78:2c:05:7a:f8:bf:10:a7:5d:37:11:
                    6f:68:78:99:85:53:ba:c8:5c:e9:c6:c7:11:95:d0:
                    b5:23:41:19:a6:39:44:1f:f7:7c:a3:9d:82:0e:9b:
                    05:d4:cc:89:0b:33:bc:55:44:73:6a:63:54:a3:65:
                    c8:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:82:4D:03:9F:6E:0D:BE:63:7A:EA:5E:AE:41:F5:CA:D1:C7:69:76
            X509v3 Authority Key Identifier:
                keyid:DA:C2:84:5C:61:DA:C2:EA:50:CA:CB:83:FD:09:31:1A:30:E3:A9:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2sKEXGHawupQysuD_QkxGjDjqQ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/d5d846-9ac8-41f5-8604-eae600a52c01/1/KIJNA59uDb5jeuperkH1ytHHaXY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/d5d846-9ac8-41f5-8604-eae600a52c01/1/2sKEXGHawupQysuD_QkxGjDjqQ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.61.0/24
                  193.8.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         03:9a:05:65:8e:77:7c:84:6a:97:93:46:3b:1f:46:ab:40:62:
         98:29:e1:3b:cf:70:e8:67:ed:14:27:ae:91:a7:ba:c8:d5:2f:
         6b:1c:1b:f8:eb:e9:76:cb:51:b9:d2:80:d2:63:4d:9b:23:bc:
         54:c4:9c:57:2e:b0:78:aa:c8:13:3b:4e:b4:93:e3:a0:ac:bd:
         22:ef:28:cb:67:5a:96:c0:80:34:01:c8:f3:98:ab:15:a8:fc:
         a7:5c:89:2e:72:b3:33:2f:20:c9:a0:ea:98:81:25:c7:b3:e4:
         34:6d:bf:52:c2:8d:b0:a4:72:9d:5e:c1:cb:29:44:42:c7:bf:
         9f:9c:42:82:72:c1:31:4c:25:49:30:26:0f:a1:e8:ef:d0:2b:
         7e:76:c0:f3:fc:43:35:34:50:07:63:c6:b6:09:70:21:7d:ec:
         bd:fb:8b:74:e4:3c:74:6d:71:f0:b1:73:d3:c7:73:6b:4f:ac:
         6d:2a:fe:4d:39:39:23:b8:fd:2f:37:bb:84:e1:c4:71:06:29:
         6b:da:d7:d0:68:e7:18:dc:8b:98:8f:f5:47:7c:81:eb:98:40:
         d3:b6:45:26:a8:27:6a:70:a4:3c:57:c1:e6:b6:9b:ac:95:a0:
         fd:a0:84:86:db:72:dd:8a:eb:91:5b:38:b6:b6:64:be:84:9e:
         14:a3:25:6c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZde+EKpPjyVhaWwuWq4eWnZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYzI4NDVjNjFkYWMyZWE1MGNhY2I4M2ZkMDkzMTFhMzBl
M2E5MGUwHhcNMjUwNjExMTIzMDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODgyNGQwMzlmNmUwZGJlNjM3YWVhNWVhZTQxZjVjYWQxYzc2OTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxwwZsaNUSeH96QTRAhfIgiNsfXug
6sCRJLsrIkbNdu/RGudqeRUKzra1EvIDPL/j/SjW9svagXNogsPMWvMUrXj6zDUH
0V3VWbNYmzCgpKyUUmwTXi+2z/r9+oaoQcc3vDkg292a1AK8bQAmXmQUIgTfSXry
YePTIyGhuEb8LLoicElOVaPzHZCNzGE/iz8KFdk0SjYjO5ncbVVxJDxI0EVp2dfB
cUMnYuCSHmZ+2Msnyd8BHWvYasKG61LdybY53+Nc7ugjeCwFevi/EKddNxFvaHiZ
hVO6yFzpxscRldC1I0EZpjlEH/d8o52CDpsF1MyJCzO8VURzamNUo2XIIwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCiCTQOfbg2+Y3rqXq5B9crRx2l2MB8GA1UdIwQY
MBaAFNrChFxh2sLqUMrLg/0JMRow46kOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnNLRVhHSGF3dXBReXN1RF9Ra3hHakRqcVE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9kNWQ4NDYtOWFjOC00MWY1LTg2MDQt
ZWFlNjAwYTUyYzAxLzEvS0lKTkE1OXVEYjVqZXVwZXJrSDF5dEhIYVhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9kNWQ4NDYtOWFjOC00MWY1LTg2MDQtZWFlNjAwYTUyYzAx
LzEvMnNLRVhHSGF3dXBReXN1RF9Ra3hHakRqcVE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwQg9AwQB
wQi2MA0GCSqGSIb3DQEBCwUAA4IBAQADmgVljnd8hGqXk0Y7H0arQGKYKeE7z3Do
Z+0UJ66Rp7rI1S9rHBv46+l2y1G50oDSY02bI7xUxJxXLrB4qsgTO060k+OgrL0i
7yjLZ1qWwIA0AcjzmKsVqPynXIkucrMzLyDJoOqYgSXHs+Q0bb9Swo2wpHKdXsHL
KURCx7+fnEKCcsExTCVJMCYPoejv0Ct+dsDz/EM1NFAHY8a2CXAhfey9+4t05Dx0
bXHwsXPTx3NrT6xtKv5NOTkjuP0vN7uE4cRxBilr2tfQaOcY3IuYj/VHfIHrmEDT
tkUmqCdqcKQ8V8HmtpuslaD9oISG23LdiuuRWzi2tmS+hJ4UoyVs
-----END CERTIFICATE-----