Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/KtGW244lg_TT3vkNBRA84agRHnA.roa
File:                     KtGW244lg_TT3vkNBRA84agRHnA.roa (raw, json)
Hash identifier:          qkYKLA3oKyGpEm1ujAs0f9puAQXOUK+jHsSPgEJJ2N8=
Subject key identifier:   2A:D1:96:DB:8E:25:83:F4:D3:DE:F9:0D:05:10:3C:E1:A8:11:1E:70
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       01963F19B0958C3EF4B9383DAFD3BC33E19E
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/KtGW244lg_TT3vkNBRA84agRHnA.roa
Signing time:             Wed 16 Apr 2025 14:56:10 +0000
ROA not before:           Wed 16 Apr 2025 14:56:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16125
IP address blocks:        89.106.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 20:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:3f:19:b0:95:8c:3e:f4:b9:38:3d:af:d3:bc:33:e1:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Apr 16 14:56:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2ad196db8e2583f4d3def90d05103ce1a8111e70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:25:58:67:2d:15:7f:72:84:d5:de:27:f7:ba:
                    25:22:c6:fa:a8:78:e3:ef:91:87:c1:68:cd:75:fb:
                    05:aa:cd:0b:09:d2:91:a0:b5:ab:02:78:20:b5:00:
                    85:3e:0f:00:9a:ea:6c:9c:d7:9e:db:1c:92:a1:2d:
                    65:d4:d1:f0:c8:2a:a1:33:43:f1:c0:11:86:85:e3:
                    84:2d:bf:47:85:9a:51:b2:92:ec:bd:a5:4e:cd:da:
                    79:e8:9a:12:9a:0d:3c:14:2a:65:d0:81:5c:7e:99:
                    01:9f:22:aa:a9:a0:4f:2c:c6:0e:33:e0:f4:cd:3b:
                    a2:55:87:40:a2:ea:fb:a5:56:7f:0d:c9:f9:e3:53:
                    c3:7c:26:87:de:61:80:9e:6a:25:6d:26:ff:d2:66:
                    75:66:a1:bf:19:44:47:cc:66:4d:f9:a7:ac:34:df:
                    18:1b:ab:ff:2f:80:75:2a:78:a8:ba:b5:1f:3b:9c:
                    95:ba:bc:20:c7:c4:23:16:4b:a1:b2:25:2d:da:03:
                    b3:bc:94:43:68:45:f5:f7:cc:dd:31:ba:c7:35:ec:
                    d3:3a:24:9e:b2:70:9b:5b:36:6e:43:66:01:67:c8:
                    c7:71:09:47:98:5c:cf:fd:c3:50:24:3e:38:7a:28:
                    9b:3c:32:1e:f3:9d:57:2a:29:2c:b7:8d:b0:da:36:
                    1e:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:D1:96:DB:8E:25:83:F4:D3:DE:F9:0D:05:10:3C:E1:A8:11:1E:70
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/KtGW244lg_TT3vkNBRA84agRHnA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.106.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         df:b2:c5:2e:7b:07:6f:eb:18:70:27:6d:ce:3c:29:46:5c:02:
         a3:bb:dd:a5:e7:b3:bb:41:fc:ea:a3:3c:59:41:67:54:1b:f3:
         08:8e:06:1a:74:b4:6d:ea:22:b2:02:18:51:4d:a6:63:45:06:
         93:a9:e2:e7:d4:79:94:e3:30:20:5e:6d:4d:85:93:1a:35:6c:
         d5:d9:0c:f8:90:20:1c:07:78:ce:22:1e:6a:2c:1b:f6:ef:04:
         07:2d:96:43:d7:43:f4:8b:4a:1e:cd:cd:2c:10:66:73:e9:66:
         23:22:76:b7:43:a7:5b:b8:51:6d:10:b9:86:71:2c:db:bd:67:
         13:89:69:c4:69:ad:e9:0b:b2:de:cd:15:77:26:c2:6e:53:e8:
         d1:3c:71:d9:55:b9:b9:f3:c4:40:7a:38:22:b0:8b:7e:c9:6b:
         36:3c:b9:8a:2a:c0:2d:84:6c:09:0d:cd:9a:8a:07:a6:10:02:
         a7:20:62:44:91:ab:74:3e:f0:f5:7c:ce:06:d0:c0:2d:b0:1b:
         03:c0:2c:ee:d4:cd:69:9f:aa:94:c2:b5:38:df:ba:00:c7:29:
         a5:cc:bb:5b:53:69:07:af:56:02:9c:47:df:3d:aa:30:5a:74:
         fd:0d:9f:a4:f7:90:ab:90:a0:b3:a1:b4:ed:5e:cb:93:c8:0f:
         dc:26:9a:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZY/GbCVjD70uTg9r9O8M+GeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjUwNDE2MTQ1NjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWQxOTZkYjhlMjU4M2Y0ZDNkZWY5MGQwNTEwM2NlMWE4MTExZTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1CVYZy0Vf3KE1d4n97olIsb6qHjj
75GHwWjNdfsFqs0LCdKRoLWrAnggtQCFPg8AmupsnNee2xySoS1l1NHwyCqhM0Px
wBGGheOELb9HhZpRspLsvaVOzdp56JoSmg08FCpl0IFcfpkBnyKqqaBPLMYOM+D0
zTuiVYdAour7pVZ/Dcn541PDfCaH3mGAnmolbSb/0mZ1ZqG/GURHzGZN+aesNN8Y
G6v/L4B1KniourUfO5yVurwgx8QjFkuhsiUt2gOzvJRDaEX198zdMbrHNezTOiSe
snCbWzZuQ2YBZ8jHcQlHmFzP/cNQJD44eiibPDIe851XKikst42w2jYewwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCrRltuOJYP00975DQUQPOGoER5wMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvS3RHVzI0NGxnX1RUM3ZrTkJSQTg0YWdSSG5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWWoEMA0G
CSqGSIb3DQEBCwUAA4IBAQDfssUuewdv6xhwJ23OPClGXAKju92l57O7QfzqozxZ
QWdUG/MIjgYadLRt6iKyAhhRTaZjRQaTqeLn1HmU4zAgXm1NhZMaNWzV2Qz4kCAc
B3jOIh5qLBv27wQHLZZD10P0i0oezc0sEGZz6WYjIna3Q6dbuFFtELmGcSzbvWcT
iWnEaa3pC7LezRV3JsJuU+jRPHHZVbm588RAejgisIt+yWs2PLmKKsAthGwJDc2a
igemEAKnIGJEkat0PvD1fM4G0MAtsBsDwCzu1M1pn6qUwrU437oAxymlzLtbU2kH
r1YCnEffPaowWnT9DZ+k95CrkKCzobTtXsuTyA/cJppL
-----END CERTIFICATE-----