Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/d7ffed-6c1d-4131-950f-a49d1a006dc9/1/kJ_ZNbK3slQcy_TN55gyoHn1G0k.roa
File:                     kJ_ZNbK3slQcy_TN55gyoHn1G0k.roa (raw, json)
Hash identifier:          wZeyZOyIkRQ2u4cIoDaxSKEDydGOPToWwbH3yN/22T0=
Subject key identifier:   90:9F:D9:35:B2:B7:B2:54:1C:CB:F4:CD:E7:98:32:A0:79:F5:1B:49
Certificate issuer:       /CN=464d733de81fbd486d442358e0c15370520f9312
Certificate serial:       01971CC4958D8F51C3886DA756B9F4B99659
Authority key identifier: 46:4D:73:3D:E8:1F:BD:48:6D:44:23:58:E0:C1:53:70:52:0F:93:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rk1zPegfvUhtRCNY4MFTcFIPkxI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/d7ffed-6c1d-4131-950f-a49d1a006dc9/1/kJ_ZNbK3slQcy_TN55gyoHn1G0k.roa
Signing time:             Thu 29 May 2025 15:58:54 +0000
ROA not before:           Thu 29 May 2025 15:58:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209759
IP address blocks:        185.246.32.0/22 maxlen: 22
                          213.181.20.0/22 maxlen: 22
                          213.181.24.0/22 maxlen: 22
                          213.181.28.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/d7ffed-6c1d-4131-950f-a49d1a006dc9/1/Rk1zPegfvUhtRCNY4MFTcFIPkxI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/d7ffed-6c1d-4131-950f-a49d1a006dc9/1/Rk1zPegfvUhtRCNY4MFTcFIPkxI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Rk1zPegfvUhtRCNY4MFTcFIPkxI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Jun 2025 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:1c:c4:95:8d:8f:51:c3:88:6d:a7:56:b9:f4:b9:96:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=464d733de81fbd486d442358e0c15370520f9312
        Validity
            Not Before: May 29 15:58:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=909fd935b2b7b2541ccbf4cde79832a079f51b49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:03:6e:1f:5f:1b:63:bb:25:9e:d6:c0:bf:f8:
                    94:23:c2:a9:b3:de:e6:9b:2e:0b:38:70:1b:e1:86:
                    af:22:4e:4b:17:d1:d4:9e:da:aa:1f:cd:b8:e5:23:
                    d5:48:3f:0f:da:a4:2c:4d:a5:49:23:50:4d:4d:58:
                    2f:55:e4:3f:55:b0:80:69:9f:1b:5b:56:36:31:72:
                    9d:4d:aa:1c:b1:48:5c:9c:23:73:9e:ff:e0:b0:00:
                    03:a5:10:2a:51:e6:8c:40:cf:25:69:c6:e0:ee:80:
                    ee:48:77:31:f7:89:ca:70:a6:61:1e:2c:f3:b0:49:
                    ee:4e:39:f9:9d:42:24:d5:ca:5b:94:8e:dc:33:4f:
                    8c:4d:e5:78:eb:f1:c3:4d:aa:ed:1a:21:3e:63:a3:
                    88:93:5c:8d:8f:0c:bc:c9:42:63:da:d9:2b:33:cf:
                    6b:83:2c:ad:2f:58:d6:9f:6d:da:91:eb:1e:4c:de:
                    71:82:48:bb:10:88:67:41:05:f9:8c:a8:74:5b:97:
                    3e:aa:2e:03:9d:aa:29:ff:8f:58:61:74:37:48:1a:
                    48:3d:a6:cb:a9:6b:d1:ba:f7:fb:bb:c0:71:2b:2a:
                    b6:18:f4:b6:b1:db:04:c1:dd:ed:7a:13:45:e2:c5:
                    12:7c:f9:fb:8c:1e:7d:50:06:f5:b7:37:5f:46:33:
                    58:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:9F:D9:35:B2:B7:B2:54:1C:CB:F4:CD:E7:98:32:A0:79:F5:1B:49
            X509v3 Authority Key Identifier:
                keyid:46:4D:73:3D:E8:1F:BD:48:6D:44:23:58:E0:C1:53:70:52:0F:93:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rk1zPegfvUhtRCNY4MFTcFIPkxI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/d7ffed-6c1d-4131-950f-a49d1a006dc9/1/kJ_ZNbK3slQcy_TN55gyoHn1G0k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/d7ffed-6c1d-4131-950f-a49d1a006dc9/1/Rk1zPegfvUhtRCNY4MFTcFIPkxI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.246.32.0/22
                  213.181.20.0-213.181.31.255

    Signature Algorithm: sha256WithRSAEncryption
         a2:81:ee:1e:34:80:6e:7b:fc:8b:e4:69:e4:20:77:6c:7c:3e:
         6d:53:03:0b:bc:16:18:44:98:90:22:54:ed:b0:86:f0:7d:51:
         27:bc:a7:e1:ef:a0:b9:63:69:ca:fe:ca:15:b8:71:b6:9e:2c:
         e1:50:cd:94:de:e1:7c:42:e7:fa:94:7d:48:8b:4c:14:b7:cd:
         e3:f9:7f:23:3d:64:d2:32:e4:67:3e:a7:7f:d7:43:fc:7c:8b:
         cb:bf:97:47:12:cb:bb:a9:13:2a:af:85:06:d4:c4:61:da:8f:
         41:70:73:93:47:1b:6c:3a:e0:a7:b3:73:31:53:dd:20:b6:f9:
         57:f7:16:20:89:45:92:9e:d0:d9:f3:1e:af:37:5c:88:33:c4:
         21:f3:3b:c4:85:3f:10:f3:49:aa:33:27:00:29:a4:92:da:c0:
         d6:1d:3f:c3:85:9c:75:2d:a2:b0:67:0e:ef:c5:38:7b:dc:58:
         73:b9:df:23:6b:3c:a5:ea:e3:4b:5c:6d:cf:ae:0a:75:bf:71:
         4e:26:2c:08:97:e6:a3:db:7d:c3:98:1c:2e:b1:e3:3e:c2:a7:
         ae:68:a3:9c:02:6b:ef:58:5d:2a:4e:d9:b9:47:e4:19:56:2d:
         32:82:68:3e:0e:37:c1:15:09:b4:f7:6d:5b:38:c3:b5:65:02:
         31:f6:53:55
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZccxJWNj1HDiG2nVrn0uZZZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NGQ3MzNkZTgxZmJkNDg2ZDQ0MjM1OGUwYzE1MzcwNTIw
ZjkzMTIwHhcNMjUwNTI5MTU1ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDlmZDkzNWIyYjdiMjU0MWNjYmY0Y2RlNzk4MzJhMDc5ZjUxYjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnwNuH18bY7slntbAv/iUI8Kps97m
my4LOHAb4YavIk5LF9HUntqqH8245SPVSD8P2qQsTaVJI1BNTVgvVeQ/VbCAaZ8b
W1Y2MXKdTaocsUhcnCNznv/gsAADpRAqUeaMQM8lacbg7oDuSHcx94nKcKZhHizz
sEnuTjn5nUIk1cpblI7cM0+MTeV46/HDTartGiE+Y6OIk1yNjwy8yUJj2tkrM89r
gyytL1jWn23akeseTN5xgki7EIhnQQX5jKh0W5c+qi4Dnaop/49YYXQ3SBpIPabL
qWvRuvf7u8BxKyq2GPS2sdsEwd3tehNF4sUSfPn7jB59UAb1tzdfRjNYXQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFJCf2TWyt7JUHMv0zeeYMqB59RtJMB8GA1UdIwQY
MBaAFEZNcz3oH71IbUQjWODBU3BSD5MSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmsxelBlZ2Z2VWh0UkNOWTRNRlRjRklQa3hJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi9kN2ZmZWQtNmMxZC00MTMxLTk1MGYt
YTQ5ZDFhMDA2ZGM5LzEva0pfWk5iSzNzbFFjeV9UTjU1Z3lvSG4xRzBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi9kN2ZmZWQtNmMxZC00MTMxLTk1MGYtYTQ5ZDFhMDA2ZGM5
LzEvUmsxelBlZ2Z2VWh0UkNOWTRNRlRjRklQa3hJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQCufYgMAwD
BALVtRQDBAXVtQAwDQYJKoZIhvcNAQELBQADggEBAKKB7h40gG57/IvkaeQgd2x8
Pm1TAwu8FhhEmJAiVO2whvB9USe8p+HvoLljacr+yhW4cbaeLOFQzZTe4XxC5/qU
fUiLTBS3zeP5fyM9ZNIy5Gc+p3/XQ/x8i8u/l0cSy7upEyqvhQbUxGHaj0Fwc5NH
G2w64KezczFT3SC2+Vf3FiCJRZKe0NnzHq83XIgzxCHzO8SFPxDzSaozJwAppJLa
wNYdP8OFnHUtorBnDu/FOHvcWHO53yNrPKXq40tcbc+uCnW/cU4mLAiX5qPbfcOY
HC6x4z7Cp65oo5wCa+9YXSpO2blH5BlWLTKCaD4ON8EVCbT3bVs4w7VlAjH2U1U=
-----END CERTIFICATE-----