Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/kcn-GuxiUfCVJsyNjRStSITMvnE.roa
File:                     kcn-GuxiUfCVJsyNjRStSITMvnE.roa (raw, json)
Hash identifier:          vCD+XZaaWtzb3bPEfRsjxs+78AZ1wFV4o1/aQudm6lI=
Subject key identifier:   91:C9:FE:1A:EC:62:51:F0:95:26:CC:8D:8D:14:AD:48:84:CC:BE:71
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       01965C5A07E9825C23147334CBC5CB20BA56
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/kcn-GuxiUfCVJsyNjRStSITMvnE.roa
Signing time:             Tue 22 Apr 2025 07:15:26 +0000
ROA not before:           Tue 22 Apr 2025 07:15:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42337
IP address blocks:        178.239.149.0/24 maxlen: 24
                          185.243.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 06 May 2025 16:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:5c:5a:07:e9:82:5c:23:14:73:34:cb:c5:cb:20:ba:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Apr 22 07:15:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=91c9fe1aec6251f09526cc8d8d14ad4884ccbe71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:0f:a0:42:fb:2d:f6:d3:57:b7:29:94:0d:f0:
                    ca:2c:16:de:18:23:62:39:25:7f:83:fd:43:7a:eb:
                    a1:5e:e2:56:e4:85:a2:42:bf:e0:f5:ed:55:71:ba:
                    cd:03:91:fe:10:2e:8d:f0:2d:11:4c:6f:0b:bc:5f:
                    da:67:53:45:63:20:4d:94:f1:18:a4:94:e6:ae:8c:
                    ca:a7:55:70:47:04:50:62:7e:ab:7b:c2:c6:02:91:
                    84:63:e8:a2:17:3c:64:30:fb:c9:88:fa:77:ba:2b:
                    36:1e:bc:05:4b:d9:4e:ad:fa:80:64:f9:fa:23:a2:
                    02:6e:c0:a3:4b:ff:51:13:0c:35:ab:ee:8b:c4:57:
                    a5:ac:08:7f:40:8a:9f:9a:68:54:e2:a3:5e:1f:cd:
                    8f:c8:52:81:bc:49:d1:d1:7e:c5:ed:aa:a8:f8:91:
                    c9:cf:11:c4:e7:69:bd:bc:20:07:34:60:a3:5d:75:
                    c2:ee:4d:c7:66:5f:c6:b0:da:da:eb:0e:be:7e:a4:
                    da:c5:37:60:d9:0e:fe:f0:9b:3f:02:59:99:4a:da:
                    68:bb:63:b4:81:a4:a4:41:64:f3:b0:71:88:90:4c:
                    25:56:c9:ff:b0:c3:e9:a3:87:a1:b7:99:f3:8d:ee:
                    2d:74:cf:12:ea:09:d3:a5:2e:64:a6:4f:ec:d7:a6:
                    46:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:C9:FE:1A:EC:62:51:F0:95:26:CC:8D:8D:14:AD:48:84:CC:BE:71
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/kcn-GuxiUfCVJsyNjRStSITMvnE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.239.149.0/24
                  185.243.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:10:7e:79:f7:71:09:5a:56:f5:61:b6:7e:10:8f:7d:6c:53:
         c1:4b:40:88:cc:48:75:b3:54:27:9c:87:5f:5b:1e:61:90:5a:
         ce:bb:60:1c:ef:1c:47:06:c9:7d:72:d9:e5:de:bd:4f:f5:bd:
         d2:c2:7f:b0:48:b3:26:dd:08:7a:86:3f:30:a7:69:dd:15:9a:
         e1:6f:2b:74:c5:f3:a0:63:35:30:11:53:5e:8b:d5:19:7d:d1:
         0d:70:c0:5d:e3:b9:2d:54:ef:ff:3a:98:fb:19:f2:e9:c1:64:
         bc:2d:5a:67:b4:54:8d:cd:14:1d:6a:7b:51:ac:36:5d:84:f4:
         97:d5:cb:d2:20:04:df:10:7c:47:09:af:17:40:b5:d0:9a:a4:
         98:5d:16:9c:36:10:3f:1f:45:b3:cb:36:e9:1a:5e:6d:68:d4:
         c1:d1:ea:ea:75:6f:fa:72:b3:27:c9:2a:1e:42:db:d9:9f:4a:
         b6:66:0b:f6:4a:66:e3:74:df:60:af:f4:31:62:d2:d0:e4:e0:
         78:6b:02:2c:a8:f5:3d:90:f6:2b:0f:24:07:64:d4:63:89:01:
         c2:40:5b:83:b2:cb:93:a9:89:ff:e4:81:96:1a:2d:68:dc:56:
         e6:d2:0e:17:1e:61:ba:82:6a:e7:86:e1:dd:a8:ce:15:46:d9:
         71:15:8f:7c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZZcWgfpglwjFHM0y8XLILpWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjUwNDIyMDcxNTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWM5ZmUxYWVjNjI1MWYwOTUyNmNjOGQ4ZDE0YWQ0ODg0Y2NiZTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsg+gQvst9tNXtymUDfDKLBbeGCNi
OSV/g/1DeuuhXuJW5IWiQr/g9e1VcbrNA5H+EC6N8C0RTG8LvF/aZ1NFYyBNlPEY
pJTmrozKp1VwRwRQYn6re8LGApGEY+iiFzxkMPvJiPp3uis2HrwFS9lOrfqAZPn6
I6ICbsCjS/9REww1q+6LxFelrAh/QIqfmmhU4qNeH82PyFKBvEnR0X7F7aqo+JHJ
zxHE52m9vCAHNGCjXXXC7k3HZl/GsNra6w6+fqTaxTdg2Q7+8Js/AlmZStpou2O0
gaSkQWTzsHGIkEwlVsn/sMPpo4eht5nzje4tdM8S6gnTpS5kpk/s16ZGpQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJHJ/hrsYlHwlSbMjY0UrUiEzL5xMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEva2NuLUd1eGlVZkNWSnN5TmpSU3RTSVRNdm5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsu+VAwQA
ufMzMA0GCSqGSIb3DQEBCwUAA4IBAQAVEH5593EJWlb1YbZ+EI99bFPBS0CIzEh1
s1QnnIdfWx5hkFrOu2Ac7xxHBsl9ctnl3r1P9b3Swn+wSLMm3Qh6hj8wp2ndFZrh
byt0xfOgYzUwEVNei9UZfdENcMBd47ktVO//Opj7GfLpwWS8LVpntFSNzRQdantR
rDZdhPSX1cvSIATfEHxHCa8XQLXQmqSYXRacNhA/H0WzyzbpGl5taNTB0erqdW/6
crMnySoeQtvZn0q2Zgv2SmbjdN9gr/QxYtLQ5OB4awIsqPU9kPYrDyQHZNRjiQHC
QFuDssuTqYn/5IGWGi1o3Fbm0g4XHmG6gmrnhuHdqM4VRtlxFY98
-----END CERTIFICATE-----