Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/8c1e49-7dd1-448d-8815-a09266bb4d8c/1/knkWf-fbjTf4zgzKy1AppaZPT08.roa
File:                     knkWf-fbjTf4zgzKy1AppaZPT08.roa (raw, json)
Hash identifier:          S3oeOh+AmL3z+HK7s4l2LyCpUlSMrkxr1YSTJohxRRI=
Subject key identifier:   92:79:16:7F:E7:DB:8D:37:F8:CE:0C:CA:CB:50:29:A5:A6:4F:4F:4F
Certificate issuer:       /CN=959efe6ef97728a4282ae2c7b05a240506571f1c
Certificate serial:       019669D37FD1DC270EB65518DA4508CA16C2
Authority key identifier: 95:9E:FE:6E:F9:77:28:A4:28:2A:E2:C7:B0:5A:24:05:06:57:1F:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lZ7-bvl3KKQoKuLHsFokBQZXHxw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/8c1e49-7dd1-448d-8815-a09266bb4d8c/1/knkWf-fbjTf4zgzKy1AppaZPT08.roa
Signing time:             Thu 24 Apr 2025 22:03:10 +0000
ROA not before:           Thu 24 Apr 2025 22:03:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212889
IP address blocks:        185.164.25.0/24 maxlen: 24
                          185.164.30.0/24 maxlen: 24
                          185.203.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/8c1e49-7dd1-448d-8815-a09266bb4d8c/1/lZ7-bvl3KKQoKuLHsFokBQZXHxw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/8c1e49-7dd1-448d-8815-a09266bb4d8c/1/lZ7-bvl3KKQoKuLHsFokBQZXHxw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lZ7-bvl3KKQoKuLHsFokBQZXHxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 29 Apr 2025 15:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:69:d3:7f:d1:dc:27:0e:b6:55:18:da:45:08:ca:16:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=959efe6ef97728a4282ae2c7b05a240506571f1c
        Validity
            Not Before: Apr 24 22:03:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9279167fe7db8d37f8ce0ccacb5029a5a64f4f4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:1b:a3:0f:b1:19:bb:4e:25:20:eb:09:f6:2d:
                    70:29:59:e4:3b:34:a4:a0:74:92:4c:bf:2c:7c:48:
                    26:78:73:e5:75:16:88:4c:72:78:61:ec:ae:7a:98:
                    9b:9f:06:67:aa:ef:fb:76:32:7b:96:4d:93:cf:16:
                    23:10:1d:cc:c5:d7:c0:aa:62:65:bc:a8:92:94:97:
                    b8:80:98:95:c6:11:7c:d1:1c:2d:16:28:85:95:47:
                    74:51:a1:68:cd:87:01:f2:f8:8e:47:a9:45:08:ee:
                    24:f1:0c:43:53:eb:c1:cd:48:65:0a:52:69:8e:af:
                    6c:e4:12:ce:79:33:14:6c:6f:e0:ee:bc:52:2d:8e:
                    81:91:a4:13:68:f5:57:af:fe:7b:ac:a4:7d:27:31:
                    e6:9d:dc:8e:54:d0:b2:76:d5:bd:d6:53:32:bc:4f:
                    08:3c:4c:40:af:27:58:64:6a:c6:ed:5e:a2:7f:ec:
                    0d:1b:68:97:00:45:61:f0:21:bb:de:aa:ff:a0:1e:
                    93:b8:8b:5b:d2:3e:32:32:ec:87:52:4f:a3:4a:2c:
                    e5:21:4c:0c:93:a9:12:94:34:cc:41:ec:74:de:73:
                    e6:da:82:5e:cb:23:92:10:ef:d8:34:99:4d:7e:bd:
                    42:9b:b4:a2:25:e5:fb:ea:49:81:41:69:77:f9:71:
                    9b:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:79:16:7F:E7:DB:8D:37:F8:CE:0C:CA:CB:50:29:A5:A6:4F:4F:4F
            X509v3 Authority Key Identifier:
                keyid:95:9E:FE:6E:F9:77:28:A4:28:2A:E2:C7:B0:5A:24:05:06:57:1F:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lZ7-bvl3KKQoKuLHsFokBQZXHxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8c1e49-7dd1-448d-8815-a09266bb4d8c/1/knkWf-fbjTf4zgzKy1AppaZPT08.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8c1e49-7dd1-448d-8815-a09266bb4d8c/1/lZ7-bvl3KKQoKuLHsFokBQZXHxw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.164.25.0/24
                  185.164.30.0/24
                  185.203.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:05:6a:25:61:b2:56:b5:b3:d4:f9:56:69:ad:6b:5a:b7:da:
         cf:ba:c9:ab:e9:20:e5:45:bb:4f:26:88:ec:1f:c2:17:9d:2a:
         d6:20:b6:f0:44:aa:82:cd:b0:4b:82:f3:69:3a:ae:ca:76:18:
         58:ef:0e:dd:8c:40:6d:b8:49:5a:b3:98:05:d8:be:39:6d:33:
         57:c6:e4:e9:f0:b4:04:46:1f:1d:36:b5:3b:f8:0a:81:eb:13:
         4b:31:b8:97:5a:e0:97:6d:e9:14:bf:5c:a3:3c:7c:3f:44:4c:
         1c:28:2a:d3:60:c1:65:b4:9b:1b:c9:e8:e8:f2:11:02:dc:1e:
         84:33:7f:c8:84:1f:1e:8b:24:55:e2:27:22:72:52:92:a0:77:
         55:cb:af:cd:67:ac:5d:f8:4b:19:89:69:00:8f:a4:89:39:ea:
         fa:80:58:64:44:51:50:07:7e:49:62:48:ec:f2:9a:fb:7c:3c:
         e9:2a:e7:17:21:28:c8:e8:c2:3c:59:4f:e4:c6:06:71:94:b5:
         a6:08:33:d2:ca:7f:1e:82:96:37:cc:a8:10:61:5a:9d:2a:d9:
         46:14:7d:f3:2e:84:8f:e4:c9:04:ab:4b:17:bf:85:0b:78:f4:
         de:00:da:5b:fe:99:ff:29:50:d7:b2:e4:7a:95:bf:b7:a9:c4:
         49:5f:04:de
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZZp03/R3CcOtlUY2kUIyhbCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1OWVmZTZlZjk3NzI4YTQyODJhZTJjN2IwNWEyNDA1MDY1
NzFmMWMwHhcNMjUwNDI0MjIwMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Mjc5MTY3ZmU3ZGI4ZDM3ZjhjZTBjY2FjYjUwMjlhNWE2NGY0ZjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzhujD7EZu04lIOsJ9i1wKVnkOzSk
oHSSTL8sfEgmeHPldRaITHJ4YeyuepibnwZnqu/7djJ7lk2TzxYjEB3MxdfAqmJl
vKiSlJe4gJiVxhF80RwtFiiFlUd0UaFozYcB8viOR6lFCO4k8QxDU+vBzUhlClJp
jq9s5BLOeTMUbG/g7rxSLY6BkaQTaPVXr/57rKR9JzHmndyOVNCydtW91lMyvE8I
PExArydYZGrG7V6if+wNG2iXAEVh8CG73qr/oB6TuItb0j4yMuyHUk+jSizlIUwM
k6kSlDTMQex03nPm2oJeyyOSEO/YNJlNfr1Cm7SiJeX76kmBQWl3+XGbHwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJJ5Fn/n2403+M4MystQKaWmT09PMB8GA1UdIwQY
MBaAFJWe/m75dyikKCrix7BaJAUGVx8cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFo3LWJ2bDNLS1FvS3VMSHNGb2tCUVpYSHh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS84YzFlNDktN2RkMS00NDhkLTg4MTUt
YTA5MjY2YmI0ZDhjLzEva25rV2YtZmJqVGY0emd6S3kxQXBwYVpQVDA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS84YzFlNDktN2RkMS00NDhkLTg4MTUtYTA5MjY2YmI0ZDhj
LzEvbFo3LWJ2bDNLS1FvS3VMSHNGb2tCUVpYSHh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAuaQZAwQA
uaQeAwQAuctvMA0GCSqGSIb3DQEBCwUAA4IBAQApBWolYbJWtbPU+VZprWtat9rP
usmr6SDlRbtPJojsH8IXnSrWILbwRKqCzbBLgvNpOq7KdhhY7w7djEBtuElas5gF
2L45bTNXxuTp8LQERh8dNrU7+AqB6xNLMbiXWuCXbekUv1yjPHw/REwcKCrTYMFl
tJsbyejo8hEC3B6EM3/IhB8eiyRV4iciclKSoHdVy6/NZ6xd+EsZiWkAj6SJOer6
gFhkRFFQB35JYkjs8pr7fDzpKucXISjI6MI8WU/kxgZxlLWmCDPSyn8egpY3zKgQ
YVqdKtlGFH3zLoSP5MkEq0sXv4ULePTeANpb/pn/KVDXsuR6lb+3qcRJXwTe
-----END CERTIFICATE-----