Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/KM_F04W97L4fGV6eB1EFGADXYBA.roa
File:                     KM_F04W97L4fGV6eB1EFGADXYBA.roa (raw, json)
Hash identifier:          dZWwjg2hZJwYzS80M1Flty/faDlYaBPiOJ5OQ7mS6kc=
Subject key identifier:   28:CF:C5:D3:85:BD:EC:BE:1F:19:5E:9E:07:51:05:18:00:D7:60:10
Certificate issuer:       /CN=4f8aea2f025f495beacee7ce5a8820519dda1370
Certificate serial:       01966CA14547A096BB91107A9B103B920937
Authority key identifier: 4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/KM_F04W97L4fGV6eB1EFGADXYBA.roa
Signing time:             Fri 25 Apr 2025 11:07:10 +0000
ROA not before:           Fri 25 Apr 2025 11:07:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210469
IP address blocks:        85.117.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 05:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:6c:a1:45:47:a0:96:bb:91:10:7a:9b:10:3b:92:09:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f8aea2f025f495beacee7ce5a8820519dda1370
        Validity
            Not Before: Apr 25 11:07:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=28cfc5d385bdecbe1f195e9e0751051800d76010
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:2a:41:8c:5c:f5:17:fb:63:82:dd:cd:49:8f:
                    d3:bf:c4:aa:7d:4e:16:fe:f0:e5:ee:b2:c9:07:17:
                    8f:2e:15:58:68:b0:fc:9e:fc:11:32:2c:f4:98:1d:
                    69:c1:46:94:10:94:5a:d3:99:6a:31:e7:ae:ff:f9:
                    8f:c1:ea:c8:26:f8:37:ce:05:4f:83:c6:f0:c6:5d:
                    28:a9:43:e6:ef:a1:73:f4:00:b8:b9:9e:84:df:d3:
                    45:1d:a6:75:5f:97:70:63:28:1d:9a:32:2f:14:9a:
                    1a:8e:b9:e2:a1:73:20:5f:82:59:ec:64:04:91:db:
                    d7:c0:d5:72:d8:56:9a:e7:92:4b:8b:cb:e8:c2:14:
                    dd:8a:98:47:dc:eb:75:35:98:c7:d4:33:e6:2e:c2:
                    30:d4:f2:f0:eb:ef:77:7c:3f:d0:fd:ae:d5:c4:53:
                    95:c8:b6:6c:0c:47:18:db:4a:15:56:c0:0f:20:67:
                    60:4a:46:61:8a:68:c2:c1:7a:6b:e6:e0:be:ce:01:
                    2a:52:4e:ac:86:8f:04:d8:38:27:37:6b:b9:41:38:
                    83:a6:1f:2b:a3:ab:7d:48:d9:7d:8a:85:db:fa:27:
                    e3:ea:95:a8:bb:21:91:22:7b:1f:96:0b:84:bd:7c:
                    5d:db:02:c1:36:79:16:a9:00:1a:9c:c9:1a:87:56:
                    f5:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:CF:C5:D3:85:BD:EC:BE:1F:19:5E:9E:07:51:05:18:00:D7:60:10
            X509v3 Authority Key Identifier:
                keyid:4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/KM_F04W97L4fGV6eB1EFGADXYBA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.117.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:49:f5:36:61:2e:b6:c6:88:fc:6b:85:36:b0:38:da:ff:6b:
         3f:23:69:90:10:56:fc:c2:ec:47:dd:4d:b5:90:79:f5:88:dd:
         72:90:ca:a5:20:06:ee:f6:e8:02:0b:73:f4:3a:a2:a8:d7:9d:
         6b:c6:64:4a:94:7e:d2:df:75:e6:cb:65:3d:9e:ad:a0:9d:ea:
         bd:21:68:71:cd:2a:5d:9e:c9:d3:74:83:ce:17:7a:f6:95:88:
         57:05:41:9c:19:4e:b2:2e:8a:2b:36:3a:70:ad:35:55:9b:be:
         39:f1:a7:2b:d7:c1:8f:16:6c:4d:12:75:d6:ab:bb:09:c0:53:
         59:be:4c:a6:19:4f:60:9b:6b:69:f0:72:2d:9f:31:47:3a:fe:
         3f:88:fb:4c:69:38:e3:e2:cb:03:4d:af:ca:51:f8:c8:88:72:
         4d:42:7c:e6:6a:78:4a:0c:38:f4:56:0b:78:05:f0:6f:99:77:
         e4:4b:50:49:63:a6:69:5a:c9:99:d7:f2:f7:c6:9a:f1:81:3c:
         40:0c:6c:05:6d:30:e7:19:cd:5e:20:a5:07:cb:2a:b5:7b:67:
         31:14:bf:90:2f:08:aa:6d:ba:eb:30:76:8c:17:78:4a:0e:ea:
         da:45:0e:cb:61:62:cd:7f:12:0a:bc:d7:76:84:4f:ef:2b:28:
         da:e7:bf:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZsoUVHoJa7kRB6mxA7kgk3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOGFlYTJmMDI1ZjQ5NWJlYWNlZTdjZTVhODgyMDUxOWRk
YTEzNzAwHhcNMjUwNDI1MTEwNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGNmYzVkMzg1YmRlY2JlMWYxOTVlOWUwNzUxMDUxODAwZDc2MDEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzCpBjFz1F/tjgt3NSY/Tv8SqfU4W
/vDl7rLJBxePLhVYaLD8nvwRMiz0mB1pwUaUEJRa05lqMeeu//mPwerIJvg3zgVP
g8bwxl0oqUPm76Fz9AC4uZ6E39NFHaZ1X5dwYygdmjIvFJoajrnioXMgX4JZ7GQE
kdvXwNVy2Faa55JLi8vowhTdiphH3Ot1NZjH1DPmLsIw1PLw6+93fD/Q/a7VxFOV
yLZsDEcY20oVVsAPIGdgSkZhimjCwXpr5uC+zgEqUk6sho8E2DgnN2u5QTiDph8r
o6t9SNl9ioXb+ifj6pWouyGRInsflguEvXxd2wLBNnkWqQAanMkah1b1dwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCjPxdOFvey+HxlengdRBRgA12AQMB8GA1UdIwQY
MBaAFE+K6i8CX0lb6s7nzlqIIFGd2hNwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUt
NjA4MDk1MmYwZTA0LzEvS01fRjA0Vzk3TDRmR1Y2ZUIxRUZHQURYWUJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUtNjA4MDk1MmYwZTA0
LzEvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVXXxMA0G
CSqGSIb3DQEBCwUAA4IBAQAsSfU2YS62xoj8a4U2sDja/2s/I2mQEFb8wuxH3U21
kHn1iN1ykMqlIAbu9ugCC3P0OqKo151rxmRKlH7S33Xmy2U9nq2gneq9IWhxzSpd
nsnTdIPOF3r2lYhXBUGcGU6yLoorNjpwrTVVm7458acr18GPFmxNEnXWq7sJwFNZ
vkymGU9gm2tp8HItnzFHOv4/iPtMaTjj4ssDTa/KUfjIiHJNQnzmanhKDDj0Vgt4
BfBvmXfkS1BJY6ZpWsmZ1/L3xprxgTxADGwFbTDnGc1eIKUHyyq1e2cxFL+QLwiq
bbrrMHaMF3hKDuraRQ7LYWLNfxIKvNd2hE/vKyja57/s
-----END CERTIFICATE-----