Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/kcVrQDMCCgRK2aSR_70n-hS6gwg.roa
File:                     kcVrQDMCCgRK2aSR_70n-hS6gwg.roa (raw, json)
Hash identifier:          HXkrdakSZhEANSZT6fRBnt4/war5MAIYOqC66H64skI=
Subject key identifier:   91:C5:6B:40:33:02:0A:04:4A:D9:A4:91:FF:BD:27:FA:14:BA:83:08
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       0196B19A216C44B243B42CE96B011A8ACF20
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/kcVrQDMCCgRK2aSR_70n-hS6gwg.roa
Signing time:             Thu 08 May 2025 20:33:10 +0000
ROA not before:           Thu 08 May 2025 20:33:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        185.244.104.0/24 maxlen: 24
                          2a10:b45::/32 maxlen: 32
                          2a13:b4c1::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b1:9a:21:6c:44:b2:43:b4:2c:e9:6b:01:1a:8a:cf:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: May  8 20:33:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=91c56b4033020a044ad9a491ffbd27fa14ba8308
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:6a:70:6e:77:f1:03:8a:2e:f2:18:b7:ec:86:
                    f9:0d:a7:63:da:96:33:88:22:64:bc:36:e1:f6:c0:
                    d0:d1:e6:cc:00:2e:41:3e:c9:1e:4f:8e:42:65:d1:
                    86:a7:2c:1f:ac:9b:1e:bc:59:bd:5d:31:5a:a5:61:
                    4d:eb:f8:9b:22:8d:a4:84:16:98:9b:39:09:48:ea:
                    50:f3:b9:20:d9:0b:2c:1d:76:a2:fa:d5:bd:2b:3a:
                    9e:f3:90:58:9d:fe:83:23:39:9a:c7:da:b1:f6:f8:
                    8c:a4:25:63:ab:1c:4f:f7:99:72:e2:56:b1:c5:8d:
                    97:2d:26:c0:73:66:af:bf:65:fb:39:8b:6b:6a:03:
                    42:01:8b:ec:60:ab:6e:4a:f6:22:13:72:f6:f0:40:
                    10:e5:90:7d:e6:51:7b:dd:06:2d:64:70:fc:e1:42:
                    3d:d0:78:9d:3b:93:a0:b4:59:2b:d0:30:1a:1a:14:
                    57:45:2f:c9:ce:85:6a:d5:80:2b:ac:7c:51:63:a4:
                    32:66:09:ed:87:1a:48:8c:44:13:1b:53:63:fe:85:
                    7a:71:9e:4a:14:c8:6a:c0:d0:5a:d2:52:4b:f2:eb:
                    41:09:20:d2:ba:54:83:ab:c2:be:66:09:a5:56:26:
                    6a:46:9c:3a:90:91:a0:b6:ea:e4:6b:6e:0a:4d:98:
                    45:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:C5:6B:40:33:02:0A:04:4A:D9:A4:91:FF:BD:27:FA:14:BA:83:08
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/kcVrQDMCCgRK2aSR_70n-hS6gwg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.244.104.0/24
                IPv6:
                  2a10:b45::/32
                  2a13:b4c1::/32

    Signature Algorithm: sha256WithRSAEncryption
         6d:75:96:14:db:7f:d8:d4:4e:9e:2d:ad:9f:a7:f0:fb:61:55:
         89:ed:f1:e8:8a:01:ea:94:6a:eb:94:d9:4d:78:d7:33:c8:75:
         d8:b3:8f:1d:e0:85:68:81:7a:b4:6c:8c:4b:02:92:7b:66:29:
         c2:63:16:d2:34:b6:4a:02:e6:41:73:58:39:84:de:6f:ac:16:
         73:16:6b:a1:3a:54:54:e0:41:b7:d8:3d:11:17:07:48:31:dd:
         4b:1e:d4:40:c7:39:bc:0f:b9:cd:eb:72:da:c6:7a:32:df:c7:
         dd:a8:14:b2:ec:f9:27:81:34:27:e3:98:dc:67:1a:ec:b9:47:
         45:9a:71:a9:f5:6c:c2:d9:28:dc:47:32:75:d6:2d:17:4a:6b:
         d0:c9:f9:cf:a5:70:bb:85:90:38:a2:e4:3f:e8:57:b8:94:d7:
         3c:81:a7:47:0b:8f:2e:a7:39:b6:f0:25:35:c0:a9:3d:95:57:
         84:ef:ff:d2:09:a2:68:f6:1e:52:f6:3e:88:d2:12:ee:d9:86:
         38:93:71:e8:69:22:89:27:da:19:71:0a:09:ee:50:f3:c5:4b:
         9a:0e:dd:ef:5f:4b:4f:ec:f4:58:15:32:64:8b:a0:cd:46:91:
         5c:57:76:57:09:fe:c6:b4:44:eb:1f:3a:60:6a:63:f2:4d:80:
         4e:40:df:d4
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZaxmiFsRLJDtCzpawEais8gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwNTA4MjAzMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWM1NmI0MDMzMDIwYTA0NGFkOWE0OTFmZmJkMjdmYTE0YmE4MzA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2mpwbnfxA4ou8hi37Ib5Dadj2pYz
iCJkvDbh9sDQ0ebMAC5BPskeT45CZdGGpywfrJsevFm9XTFapWFN6/ibIo2khBaY
mzkJSOpQ87kg2QssHXai+tW9Kzqe85BYnf6DIzmax9qx9viMpCVjqxxP95ly4lax
xY2XLSbAc2avv2X7OYtragNCAYvsYKtuSvYiE3L28EAQ5ZB95lF73QYtZHD84UI9
0HidO5OgtFkr0DAaGhRXRS/JzoVq1YArrHxRY6QyZgnthxpIjEQTG1Nj/oV6cZ5K
FMhqwNBa0lJL8utBCSDSulSDq8K+ZgmlViZqRpw6kJGgturka24KTZhFrQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFJHFa0AzAgoEStmkkf+9J/oUuoMIMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEva2NWclFETUNDZ1JLMmFTUl83MG4taFM2Z3dnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAMBAIAATAGAwQAufRoMBQE
AgACMA4DBQAqEAtFAwUAKhO0wTANBgkqhkiG9w0BAQsFAAOCAQEAbXWWFNt/2NRO
ni2tn6fw+2FVie3x6IoB6pRq65TZTXjXM8h12LOPHeCFaIF6tGyMSwKSe2YpwmMW
0jS2SgLmQXNYOYTeb6wWcxZroTpUVOBBt9g9ERcHSDHdSx7UQMc5vA+5zety2sZ6
Mt/H3agUsuz5J4E0J+OY3Gca7LlHRZpxqfVswtko3EcyddYtF0pr0Mn5z6Vwu4WQ
OKLkP+hXuJTXPIGnRwuPLqc5tvAlNcCpPZVXhO//0gmiaPYeUvY+iNIS7tmGOJNx
6GkiiSfaGXEKCe5Q88VLmg7d719LT+z0WBUyZIugzUaRXFd2Vwn+xrRE6x86YGpj
8k2ATkDf1A==
-----END CERTIFICATE-----