Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/kNeM6p-IQLH9CjhZM70voWfZYss.roa
File:                     kNeM6p-IQLH9CjhZM70voWfZYss.roa (raw, json)
Hash identifier:          NnHfZCN5hO9n0kbqoezGKEdbs3bcLF3g9Cy4caUwikw=
Subject key identifier:   90:D7:8C:EA:9F:88:40:B1:FD:0A:38:59:33:BD:2F:A1:67:D9:62:CB
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       0196916E0C67E29D92F4F082145534237C68
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/kNeM6p-IQLH9CjhZM70voWfZYss.roa
Signing time:             Fri 02 May 2025 14:37:10 +0000
ROA not before:           Fri 02 May 2025 14:37:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209309
IP address blocks:        45.84.178.0/24 maxlen: 24
                          45.138.159.0/24 maxlen: 24
                          94.158.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 11:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:91:6e:0c:67:e2:9d:92:f4:f0:82:14:55:34:23:7c:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: May  2 14:37:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=90d78cea9f8840b1fd0a385933bd2fa167d962cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:21:28:6b:87:c8:5a:9c:56:c5:64:76:1c:f9:
                    59:11:95:7c:72:64:f8:aa:3b:fb:3e:1b:7f:73:3d:
                    fc:5e:05:27:43:3e:7a:38:ce:5f:37:2b:6f:8f:b9:
                    76:d3:ec:51:0a:93:df:71:2c:3b:1b:de:72:14:89:
                    cf:18:98:43:30:a5:7f:fb:ea:77:f5:66:fe:50:b2:
                    7e:4e:b4:94:a8:2d:65:ff:70:27:fc:7e:25:c4:d4:
                    5c:ac:af:64:a6:9a:44:47:a2:d8:f1:bb:7c:46:a1:
                    98:0f:64:4e:67:ce:04:eb:18:43:df:4d:af:1f:78:
                    ae:3b:1a:0c:17:1c:20:6d:7b:fb:18:90:3b:fd:3d:
                    54:1d:1d:4c:c1:01:70:62:5a:92:7f:f8:e6:63:df:
                    e5:21:25:43:37:81:22:40:28:6d:75:43:c5:0b:58:
                    b8:be:a1:2d:47:15:db:2d:5d:3c:03:a8:9b:95:53:
                    ad:9c:b2:b6:ac:76:1c:9f:8c:be:82:36:f1:27:c7:
                    a9:7a:43:ea:ae:21:d7:1a:67:bf:aa:85:ec:2a:1b:
                    2a:15:24:0a:2c:2b:f5:ae:8f:d4:b2:58:e7:59:22:
                    09:a6:2f:f1:f5:43:44:3a:8d:5f:d4:c6:b7:66:d0:
                    b8:aa:5c:01:4e:9b:39:a8:56:ca:d5:5e:23:da:92:
                    28:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:D7:8C:EA:9F:88:40:B1:FD:0A:38:59:33:BD:2F:A1:67:D9:62:CB
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/kNeM6p-IQLH9CjhZM70voWfZYss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.178.0/24
                  45.138.159.0/24
                  94.158.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:3b:b3:e3:b7:aa:00:db:d8:12:0d:a2:17:b0:79:0a:b9:bc:
         4b:8a:fd:4c:06:1b:5c:89:7c:de:a7:33:6e:d5:9f:aa:ef:af:
         18:0b:59:03:48:c7:8b:60:c0:8b:17:69:50:4a:4c:af:a2:97:
         4f:68:91:9b:4f:40:4f:fa:66:41:90:38:b3:30:67:71:66:2a:
         da:e5:cf:26:b4:eb:8d:f6:18:75:2b:17:be:37:04:f1:23:d1:
         3f:56:dc:26:84:7d:05:22:ff:c7:62:a4:e0:d0:41:29:9b:26:
         6e:c1:47:79:f5:ab:9a:1b:26:0f:42:4f:7c:dd:cd:d4:49:33:
         85:c8:2d:dd:20:c4:b3:3b:98:62:2d:58:fe:86:24:8b:6e:17:
         21:cd:a0:06:a5:7d:72:32:10:0f:b0:f8:36:33:65:9a:92:1a:
         6f:66:d1:2c:5d:c6:31:e8:fe:ea:3c:bb:c8:ce:62:78:76:32:
         95:b5:1e:53:16:fe:69:86:cd:a2:e5:10:59:ce:36:32:34:e7:
         ab:c4:d5:e6:f5:27:07:35:62:0b:63:ef:08:54:44:ee:f4:53:
         da:d4:c8:60:8c:a7:ed:e2:ab:ce:91:88:ea:4c:13:47:f4:60:
         6b:79:4d:27:3f:24:8b:e2:3a:a3:6f:03:2b:1e:f3:05:1d:09:
         0d:29:87:c6
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZaRbgxn4p2S9PCCFFU0I3xoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjUwNTAyMTQzNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGQ3OGNlYTlmODg0MGIxZmQwYTM4NTkzM2JkMmZhMTY3ZDk2MmNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwCEoa4fIWpxWxWR2HPlZEZV8cmT4
qjv7Pht/cz38XgUnQz56OM5fNytvj7l20+xRCpPfcSw7G95yFInPGJhDMKV/++p3
9Wb+ULJ+TrSUqC1l/3An/H4lxNRcrK9kpppER6LY8bt8RqGYD2ROZ84E6xhD302v
H3iuOxoMFxwgbXv7GJA7/T1UHR1MwQFwYlqSf/jmY9/lISVDN4EiQChtdUPFC1i4
vqEtRxXbLV08A6iblVOtnLK2rHYcn4y+gjbxJ8epekPqriHXGme/qoXsKhsqFSQK
LCv1ro/UsljnWSIJpi/x9UNEOo1f1Ma3ZtC4qlwBTps5qFbK1V4j2pIo1QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJDXjOqfiECx/Qo4WTO9L6Fn2WLLMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEva05lTTZwLUlRTEg5Q2poWk03MHZvV2ZaWXNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALVSyAwQA
LYqfAwQAXp69MA0GCSqGSIb3DQEBCwUAA4IBAQCHO7Pjt6oA29gSDaIXsHkKubxL
iv1MBhtciXzepzNu1Z+q768YC1kDSMeLYMCLF2lQSkyvopdPaJGbT0BP+mZBkDiz
MGdxZira5c8mtOuN9hh1Kxe+NwTxI9E/VtwmhH0FIv/HYqTg0EEpmyZuwUd59aua
GyYPQk983c3USTOFyC3dIMSzO5hiLVj+hiSLbhchzaAGpX1yMhAPsPg2M2Wakhpv
ZtEsXcYx6P7qPLvIzmJ4djKVtR5TFv5phs2i5RBZzjYyNOerxNXm9ScHNWILY+8I
VETu9FPa1MhgjKft4qvOkYjqTBNH9GBreU0nPySL4jqjbwMrHvMFHQkNKYfG
-----END CERTIFICATE-----