Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/kOBga6etiZVZzmZl7WKf_MvjPdM.roa
File:                     kOBga6etiZVZzmZl7WKf_MvjPdM.roa (raw, json)
Hash identifier:          EjRGbQWwCltfI2wPUkjaoS0GcuhKYWj4cY54bpUjuUo=
Subject key identifier:   90:E0:60:6B:A7:AD:89:95:59:CE:66:65:ED:62:9F:FC:CB:E3:3D:D3
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019692627E12270C5D08F38C66E9D14A826E
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/kOBga6etiZVZzmZl7WKf_MvjPdM.roa
Signing time:             Fri 02 May 2025 19:04:10 +0000
ROA not before:           Fri 02 May 2025 19:04:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13335
IP address blocks:        124.198.128.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:92:62:7e:12:27:0c:5d:08:f3:8c:66:e9:d1:4a:82:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: May  2 19:04:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=90e0606ba7ad899559ce6665ed629ffccbe33dd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:c1:77:08:c2:91:03:e0:9b:8e:04:9a:81:c6:
                    2d:34:bd:2d:f7:c7:0b:62:44:09:c5:85:17:e8:40:
                    1c:60:39:65:da:ce:1f:55:8f:69:d4:fd:d0:9c:0f:
                    d5:67:69:6d:1a:47:1c:dc:9b:bf:b8:4c:c6:5b:9c:
                    70:c8:fd:fd:72:6c:f3:a4:41:c1:9d:52:a1:2a:47:
                    68:84:95:4b:19:c0:43:28:66:ac:22:25:e4:88:dc:
                    7c:89:e7:9d:4f:78:74:24:2a:21:3b:dc:7a:6b:da:
                    a5:0e:59:ba:a9:70:c1:78:59:a7:ef:bc:e8:7d:99:
                    db:ad:46:81:47:b4:af:3b:f1:dd:58:7f:e7:09:43:
                    e7:ad:f1:21:59:88:c1:65:1e:64:43:35:fc:c4:26:
                    e3:b7:70:a5:7f:b6:55:77:40:1b:5f:bd:89:1d:59:
                    ff:37:6c:7f:8f:4c:03:df:b9:1f:59:c2:fc:d6:89:
                    0f:7b:e8:19:cc:b3:aa:3b:c3:aa:71:9d:79:af:d8:
                    43:91:f5:5d:8b:71:fc:d8:cc:c7:d2:9d:17:57:60:
                    eb:e2:b1:60:68:15:21:61:c8:cb:82:8b:ee:e8:d0:
                    59:26:e2:00:9c:10:b4:02:e5:fa:90:3d:75:06:f1:
                    f7:d7:99:44:23:ae:da:7c:ee:81:a6:81:2c:13:a6:
                    b6:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:E0:60:6B:A7:AD:89:95:59:CE:66:65:ED:62:9F:FC:CB:E3:3D:D3
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/kOBga6etiZVZzmZl7WKf_MvjPdM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  124.198.128.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0a:d8:41:3c:38:98:64:ae:f4:62:42:03:e5:0f:f2:34:6c:0d:
         80:2a:ff:f8:e7:c6:a8:b5:3c:1f:a4:70:f8:ed:e3:65:57:ab:
         d9:84:cf:11:dc:59:4b:69:bb:66:3e:ea:54:25:09:b2:8d:d3:
         5e:67:6c:33:2a:b0:f5:dd:bd:03:ad:19:da:b5:8f:90:df:ef:
         fe:e5:9d:7c:96:b1:d9:cc:3f:27:fc:fa:3c:1e:e5:dd:ee:52:
         0f:f0:e7:9b:4b:1e:00:05:a8:30:00:59:ca:bf:03:e8:e6:92:
         1c:db:f4:61:c3:11:e0:9a:dd:01:2d:a2:1c:0d:ba:57:bb:97:
         31:a6:fa:52:54:e4:08:d9:18:0b:a8:7d:1d:0d:53:a7:94:76:
         70:1d:e3:ab:9d:99:3a:c7:9b:cf:ad:13:ee:ec:50:63:cd:ef:
         fb:88:d6:24:a1:1b:d1:08:f7:4b:c5:15:e1:e3:1f:e7:28:87:
         cd:c1:12:03:cd:06:e2:50:74:fa:90:b2:35:7d:f9:97:db:84:
         eb:5c:36:e6:ce:b5:61:02:cd:04:0b:87:3c:10:83:e2:b6:38:
         ee:3c:03:b3:6f:82:dd:21:2e:bf:2f:04:4a:64:af:29:f4:5b:
         ec:28:a2:eb:be:94:3f:9f:59:ac:3b:2f:c8:89:5e:b7:07:fb:
         d7:ff:3d:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaSYn4SJwxdCPOMZunRSoJuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjUwNTAyMTkwNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGUwNjA2YmE3YWQ4OTk1NTljZTY2NjVlZDYyOWZmY2NiZTMzZGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0sF3CMKRA+CbjgSagcYtNL0t98cL
YkQJxYUX6EAcYDll2s4fVY9p1P3QnA/VZ2ltGkcc3Ju/uEzGW5xwyP39cmzzpEHB
nVKhKkdohJVLGcBDKGasIiXkiNx8ieedT3h0JCohO9x6a9qlDlm6qXDBeFmn77zo
fZnbrUaBR7SvO/HdWH/nCUPnrfEhWYjBZR5kQzX8xCbjt3Clf7ZVd0AbX72JHVn/
N2x/j0wD37kfWcL81okPe+gZzLOqO8OqcZ15r9hDkfVdi3H82MzH0p0XV2Dr4rFg
aBUhYcjLgovu6NBZJuIAnBC0AuX6kD11BvH315lEI67afO6BpoEsE6a2PwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJDgYGunrYmVWc5mZe1in/zL4z3TMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEva09CZ2E2ZXRpWlZaem1abDdXS2ZfTXZqUGRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBfMaAMA0G
CSqGSIb3DQEBCwUAA4IBAQAK2EE8OJhkrvRiQgPlD/I0bA2AKv/458aotTwfpHD4
7eNlV6vZhM8R3FlLabtmPupUJQmyjdNeZ2wzKrD13b0DrRnatY+Q3+/+5Z18lrHZ
zD8n/Po8HuXd7lIP8OebSx4ABagwAFnKvwPo5pIc2/RhwxHgmt0BLaIcDbpXu5cx
pvpSVOQI2RgLqH0dDVOnlHZwHeOrnZk6x5vPrRPu7FBjze/7iNYkoRvRCPdLxRXh
4x/nKIfNwRIDzQbiUHT6kLI1ffmX24TrXDbmzrVhAs0EC4c8EIPitjjuPAOzb4Ld
IS6/LwRKZK8p9FvsKKLrvpQ/n1msOy/IiV63B/vX/z3R
-----END CERTIFICATE-----