Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/96c272-f746-4628-95bc-a6126b54094d/1/KJvnnNhFUTDBaAiTXmZylxAZWgo.roa
File:                     KJvnnNhFUTDBaAiTXmZylxAZWgo.roa (raw, json)
Hash identifier:          st1kuzlQOffihqK5tkHfGz91GmZ0H30PPD1FGd+/4YY=
Subject key identifier:   28:9B:E7:9C:D8:45:51:30:C1:68:08:93:5E:66:72:97:10:19:5A:0A
Certificate issuer:       /CN=a4e7a0d2fc57a67bb2b7e85c3e8d78192bca0f18
Certificate serial:       0198325B5FAA0960FDB4FE7A8AC49738360F
Authority key identifier: A4:E7:A0:D2:FC:57:A6:7B:B2:B7:E8:5C:3E:8D:78:19:2B:CA:0F:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pOeg0vxXpnuyt-hcPo14GSvKDxg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/96c272-f746-4628-95bc-a6126b54094d/1/KJvnnNhFUTDBaAiTXmZylxAZWgo.roa
Signing time:             Tue 22 Jul 2025 13:38:25 +0000
ROA not before:           Tue 22 Jul 2025 13:38:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     398704
IP address blocks:        212.82.44.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/96c272-f746-4628-95bc-a6126b54094d/1/pOeg0vxXpnuyt-hcPo14GSvKDxg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/96c272-f746-4628-95bc-a6126b54094d/1/pOeg0vxXpnuyt-hcPo14GSvKDxg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pOeg0vxXpnuyt-hcPo14GSvKDxg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 04:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:32:5b:5f:aa:09:60:fd:b4:fe:7a:8a:c4:97:38:36:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4e7a0d2fc57a67bb2b7e85c3e8d78192bca0f18
        Validity
            Not Before: Jul 22 13:38:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=289be79cd8455130c16808935e66729710195a0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:08:4e:fc:c0:21:38:ae:d0:e0:89:a3:8a:02:
                    d9:c1:e1:d1:ee:16:02:f4:d5:b4:e8:50:a2:1b:a5:
                    e7:05:9f:fa:93:86:08:bc:f1:d3:0b:31:b4:95:00:
                    1e:c1:ba:0f:5b:9a:b6:b0:4c:04:de:e6:e4:8e:0b:
                    4b:3e:6a:e9:09:e8:4f:98:d5:d9:84:94:95:e9:e7:
                    34:b5:7c:c9:ba:35:db:bc:05:fd:e8:06:70:c3:61:
                    2b:ca:56:e3:2d:6c:83:0b:f1:96:e3:44:5c:ec:45:
                    10:1c:83:5c:c9:c8:c3:db:b4:ca:e2:3a:fc:be:1b:
                    ff:03:11:e2:da:d8:d4:aa:57:1a:0e:77:21:e0:5d:
                    c9:bb:2e:9e:f6:e7:a8:dc:1e:73:14:f3:9f:7b:29:
                    7e:2a:bf:cd:84:ab:9d:cd:31:c6:31:ba:66:ee:3d:
                    ce:31:e8:f7:55:28:c0:74:a0:bc:be:80:42:99:64:
                    92:85:e6:a0:cd:85:5d:25:56:76:4b:5f:ae:be:94:
                    77:16:56:75:9c:8f:aa:aa:24:d2:3c:7e:9a:f9:3a:
                    f6:98:6e:58:43:91:39:91:79:4f:07:fc:9f:55:66:
                    ca:8b:8d:5c:1c:15:1e:a3:62:37:9e:30:9c:66:8e:
                    06:ab:b9:fd:6e:ff:89:19:42:39:61:f6:8a:cf:08:
                    91:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:9B:E7:9C:D8:45:51:30:C1:68:08:93:5E:66:72:97:10:19:5A:0A
            X509v3 Authority Key Identifier:
                keyid:A4:E7:A0:D2:FC:57:A6:7B:B2:B7:E8:5C:3E:8D:78:19:2B:CA:0F:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pOeg0vxXpnuyt-hcPo14GSvKDxg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/96c272-f746-4628-95bc-a6126b54094d/1/KJvnnNhFUTDBaAiTXmZylxAZWgo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/96c272-f746-4628-95bc-a6126b54094d/1/pOeg0vxXpnuyt-hcPo14GSvKDxg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.82.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9f:5f:a5:af:77:4f:6e:14:a2:af:0e:e7:69:a3:ed:f6:f4:a4:
         cf:a4:27:57:11:fe:fc:75:26:a1:5a:26:ea:5e:1f:b7:f2:8e:
         5a:da:35:bf:0e:ea:ca:93:6b:be:80:06:fc:9d:a7:9f:64:53:
         04:14:da:9f:27:16:38:ca:69:54:83:8e:2b:74:d9:3a:fc:3f:
         61:6c:fc:2c:31:2e:44:0d:d1:9c:6a:92:c0:94:e7:b8:86:ce:
         74:4b:b1:a8:c6:ad:0c:42:57:8c:3e:91:b7:f0:f6:f6:10:87:
         d1:ad:b2:91:7c:ea:78:cf:24:25:d0:ad:7d:d9:93:07:00:b5:
         e5:3b:f8:2c:11:8a:2f:ec:09:b9:52:69:53:8f:30:33:20:08:
         6b:d0:e5:4b:7d:07:0b:fd:08:b7:e3:75:aa:9d:1c:14:32:28:
         b9:7c:41:f4:0e:e5:75:dc:b1:9b:36:d5:e3:ad:a7:e3:27:24:
         3c:ed:7d:3a:4b:01:ca:0f:8f:d3:d9:4c:0e:d2:cc:77:50:19:
         96:06:91:30:b0:24:93:fd:bd:86:b7:74:14:b6:c8:d5:43:aa:
         01:a2:0a:e6:ec:6b:6d:44:6b:4c:7f:e8:ac:b2:2c:b9:b1:37:
         6a:61:41:5b:80:a1:70:45:7a:30:36:39:3f:13:e1:ca:3c:b2:
         72:70:61:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgyW1+qCWD9tP56isSXODYPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0ZTdhMGQyZmM1N2E2N2JiMmI3ZTg1YzNlOGQ3ODE5MmJj
YTBmMTgwHhcNMjUwNzIyMTMzODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODliZTc5Y2Q4NDU1MTMwYzE2ODA4OTM1ZTY2NzI5NzEwMTk1YTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApAhO/MAhOK7Q4ImjigLZweHR7hYC
9NW06FCiG6XnBZ/6k4YIvPHTCzG0lQAewboPW5q2sEwE3ubkjgtLPmrpCehPmNXZ
hJSV6ec0tXzJujXbvAX96AZww2ErylbjLWyDC/GW40Rc7EUQHINcycjD27TK4jr8
vhv/AxHi2tjUqlcaDnch4F3Juy6e9ueo3B5zFPOfeyl+Kr/NhKudzTHGMbpm7j3O
Mej3VSjAdKC8voBCmWSSheagzYVdJVZ2S1+uvpR3FlZ1nI+qqiTSPH6a+Tr2mG5Y
Q5E5kXlPB/yfVWbKi41cHBUeo2I3njCcZo4Gq7n9bv+JGUI5YfaKzwiRwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCib55zYRVEwwWgIk15mcpcQGVoKMB8GA1UdIwQY
MBaAFKTnoNL8V6Z7srfoXD6NeBkryg8YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcE9lZzB2eFhwbnV5dC1oY1BvMTRHU3ZLRHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny85NmMyNzItZjc0Ni00NjI4LTk1YmMt
YTYxMjZiNTQwOTRkLzEvS0p2bm5OaEZVVERCYUFpVFhtWnlseEFaV2dvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny85NmMyNzItZjc0Ni00NjI4LTk1YmMtYTYxMjZiNTQwOTRk
LzEvcE9lZzB2eFhwbnV5dC1oY1BvMTRHU3ZLRHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1FIsMA0G
CSqGSIb3DQEBCwUAA4IBAQCfX6Wvd09uFKKvDudpo+329KTPpCdXEf78dSahWibq
Xh+38o5a2jW/DurKk2u+gAb8naefZFMEFNqfJxY4ymlUg44rdNk6/D9hbPwsMS5E
DdGcapLAlOe4hs50S7Goxq0MQleMPpG38Pb2EIfRrbKRfOp4zyQl0K192ZMHALXl
O/gsEYov7Am5UmlTjzAzIAhr0OVLfQcL/Qi343WqnRwUMii5fEH0DuV13LGbNtXj
rafjJyQ87X06SwHKD4/T2UwO0sx3UBmWBpEwsCST/b2Gt3QUtsjVQ6oBogrm7Gtt
RGtMf+issiy5sTdqYUFbgKFwRXowNjk/E+HKPLJycGHk
-----END CERTIFICATE-----