Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/KT_NrD3qyxn5z58dY8-LQBmMBX0.roa
File:                     KT_NrD3qyxn5z58dY8-LQBmMBX0.roa (raw, json)
Hash identifier:          QK6jrEC9L8y+62wWZK3q0RrCAjP/Prph8zJUZAB0ZjM=
Subject key identifier:   29:3F:CD:AC:3D:EA:CB:19:F9:CF:9F:1D:63:CF:8B:40:19:8C:05:7D
Certificate issuer:       /CN=c378bc3bd350eedc4f377c224556b250da6dde6f
Certificate serial:       0195FF6E3E4F7B17E3B0EC5EE0B9150CD2AF
Authority key identifier: C3:78:BC:3B:D3:50:EE:DC:4F:37:7C:22:45:56:B2:50:DA:6D:DE:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w3i8O9NQ7txPN3wiRVayUNpt3m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/KT_NrD3qyxn5z58dY8-LQBmMBX0.roa
Signing time:             Fri 04 Apr 2025 06:12:49 +0000
ROA not before:           Fri 04 Apr 2025 06:12:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        93.127.156.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/w3i8O9NQ7txPN3wiRVayUNpt3m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/w3i8O9NQ7txPN3wiRVayUNpt3m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w3i8O9NQ7txPN3wiRVayUNpt3m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:ff:6e:3e:4f:7b:17:e3:b0:ec:5e:e0:b9:15:0c:d2:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c378bc3bd350eedc4f377c224556b250da6dde6f
        Validity
            Not Before: Apr  4 06:12:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=293fcdac3deacb19f9cf9f1d63cf8b40198c057d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:cb:f2:56:48:93:73:5f:1e:a6:6c:20:a2:f7:
                    a3:68:68:c2:22:86:53:55:a3:a2:a0:e1:42:87:24:
                    1b:6d:cd:40:15:b3:06:ad:14:0a:54:76:82:e8:6a:
                    25:c7:20:75:ef:d4:2f:83:d6:5d:f3:68:c8:da:d5:
                    3a:96:09:e1:16:7f:1a:0d:b1:40:c4:ab:c9:f8:0c:
                    25:53:b6:38:a0:da:90:bc:22:8a:94:e6:b9:db:eb:
                    a1:99:f4:2a:40:65:8e:fb:6a:2b:8c:c7:8a:df:fb:
                    9f:94:c5:ce:ef:0f:74:54:25:20:ca:5e:37:2b:45:
                    a2:ac:18:be:ae:3f:71:5c:e7:88:7b:c8:db:01:d5:
                    f8:a0:1d:77:c1:ec:f7:c4:ee:8b:f4:4e:01:1a:5f:
                    ae:bc:c1:18:67:14:10:d5:f2:27:4f:22:9e:89:d6:
                    a9:38:6a:3e:8f:84:0a:f1:63:ae:89:3c:6d:ba:b9:
                    ff:86:83:90:e2:97:61:2e:ed:6d:7d:6e:a0:88:d2:
                    48:25:41:1a:1d:d6:cf:6d:6d:c0:52:29:7e:78:82:
                    1b:00:b8:1a:6f:ef:f8:3a:f9:52:17:55:cf:92:06:
                    14:d5:24:11:56:68:80:a1:07:b4:d6:16:5b:18:64:
                    89:14:31:c4:4d:67:f3:94:51:b6:d7:61:78:1b:c9:
                    ab:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:3F:CD:AC:3D:EA:CB:19:F9:CF:9F:1D:63:CF:8B:40:19:8C:05:7D
            X509v3 Authority Key Identifier:
                keyid:C3:78:BC:3B:D3:50:EE:DC:4F:37:7C:22:45:56:B2:50:DA:6D:DE:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w3i8O9NQ7txPN3wiRVayUNpt3m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/KT_NrD3qyxn5z58dY8-LQBmMBX0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/w3i8O9NQ7txPN3wiRVayUNpt3m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.127.156.0/23

    Signature Algorithm: sha256WithRSAEncryption
         83:3a:55:25:c1:bf:45:8f:d4:16:50:4e:8a:cc:05:0b:00:54:
         43:b8:d7:9e:b9:eb:1e:e4:a9:60:73:a0:62:c8:5a:71:db:f1:
         03:35:fe:97:0d:ca:26:07:f8:ce:a2:4f:cf:c0:48:fe:f5:9e:
         5a:3b:0d:81:4c:2c:6e:c0:fd:0d:a5:40:76:91:81:23:fd:30:
         2a:a4:92:70:c6:9b:bd:23:44:31:77:39:70:a4:07:f4:d8:23:
         80:45:3d:46:a1:22:4f:f7:96:68:20:1c:0d:d3:4e:18:7c:a7:
         36:8f:99:c5:83:96:66:4d:cc:a7:96:cb:25:27:38:5b:3a:17:
         05:cc:4e:ca:cc:d5:bb:8d:a4:70:98:d4:5a:34:29:ff:c5:ce:
         68:04:60:aa:5c:6a:4a:63:39:2f:b8:66:3b:6a:b2:b5:0b:de:
         38:7e:a8:99:0e:ce:8c:38:e8:c0:f5:4c:15:a8:0c:c9:a5:e3:
         e2:3f:8d:dd:e0:f8:8a:72:a7:49:83:e5:48:a3:ec:94:39:b5:
         02:35:78:b4:85:68:e3:1b:8c:7e:bf:b6:09:f4:f7:a5:44:b4:
         ca:07:4e:e5:97:76:5a:56:1b:00:a5:43:95:a5:74:35:f0:30:
         28:15:09:a6:6c:2e:39:15:b8:96:b6:c7:ce:be:d6:e9:99:56:
         44:c2:c1:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZX/bj5PexfjsOxe4LkVDNKvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNzhiYzNiZDM1MGVlZGM0ZjM3N2MyMjQ1NTZiMjUwZGE2
ZGRlNmYwHhcNMjUwNDA0MDYxMjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTNmY2RhYzNkZWFjYjE5ZjljZjlmMWQ2M2NmOGI0MDE5OGMwNTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo8vyVkiTc18epmwgovejaGjCIoZT
VaOioOFChyQbbc1AFbMGrRQKVHaC6GolxyB179Qvg9Zd82jI2tU6lgnhFn8aDbFA
xKvJ+AwlU7Y4oNqQvCKKlOa52+uhmfQqQGWO+2orjMeK3/uflMXO7w90VCUgyl43
K0WirBi+rj9xXOeIe8jbAdX4oB13wez3xO6L9E4BGl+uvMEYZxQQ1fInTyKeidap
OGo+j4QK8WOuiTxturn/hoOQ4pdhLu1tfW6giNJIJUEaHdbPbW3AUil+eIIbALga
b+/4OvlSF1XPkgYU1SQRVmiAoQe01hZbGGSJFDHETWfzlFG212F4G8mrmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCk/zaw96ssZ+c+fHWPPi0AZjAV9MB8GA1UdIwQY
MBaAFMN4vDvTUO7cTzd8IkVWslDabd5vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzNpOE85TlE3dHhQTjN3aVJWYXlVTnB0M204LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi9iZTY2ZTQtZjE0Yi00YjMxLWJkYWYt
NDQxNDU1OGZkY2JiLzEvS1RfTnJEM3F5eG41ejU4ZFk4LUxRQm1NQlgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi9iZTY2ZTQtZjE0Yi00YjMxLWJkYWYtNDQxNDU1OGZkY2Ji
LzEvdzNpOE85TlE3dHhQTjN3aVJWYXlVTnB0M204LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXX+cMA0G
CSqGSIb3DQEBCwUAA4IBAQCDOlUlwb9Fj9QWUE6KzAULAFRDuNeeuese5Klgc6Bi
yFpx2/EDNf6XDcomB/jOok/PwEj+9Z5aOw2BTCxuwP0NpUB2kYEj/TAqpJJwxpu9
I0QxdzlwpAf02COART1GoSJP95ZoIBwN004YfKc2j5nFg5ZmTcynlsslJzhbOhcF
zE7KzNW7jaRwmNRaNCn/xc5oBGCqXGpKYzkvuGY7arK1C944fqiZDs6MOOjA9UwV
qAzJpePiP43d4PiKcqdJg+VIo+yUObUCNXi0hWjjG4x+v7YJ9PelRLTKB07ll3Za
VhsApUOVpXQ18DAoFQmmbC45FbiWtsfOvtbpmVZEwsFS
-----END CERTIFICATE-----