Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/6b544c-50e7-4f96-8c8d-8dee1da10741/1/KzIn4K4LGUhk7ahqCpBF3dUn2js.roa
File:                     KzIn4K4LGUhk7ahqCpBF3dUn2js.roa (raw, json)
Hash identifier:          sArPRbY2NbhQMJF8NLf9Nvh0HsgPmZBF4FQAbmtOpRo=
Subject key identifier:   2B:32:27:E0:AE:0B:19:48:64:ED:A8:6A:0A:90:45:DD:D5:27:DA:3B
Certificate issuer:       /CN=ec7469c5428eef9ab768d9ed6c2c89443a6bb4be
Certificate serial:       0196CF9FFBB37A64619E395D7263E0249739
Authority key identifier: EC:74:69:C5:42:8E:EF:9A:B7:68:D9:ED:6C:2C:89:44:3A:6B:B4:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7HRpxUKO75q3aNntbCyJRDprtL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/6b544c-50e7-4f96-8c8d-8dee1da10741/1/KzIn4K4LGUhk7ahqCpBF3dUn2js.roa
Signing time:             Wed 14 May 2025 16:28:10 +0000
ROA not before:           Wed 14 May 2025 16:28:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215930
IP address blocks:        81.30.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/6b544c-50e7-4f96-8c8d-8dee1da10741/1/7HRpxUKO75q3aNntbCyJRDprtL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/6b544c-50e7-4f96-8c8d-8dee1da10741/1/7HRpxUKO75q3aNntbCyJRDprtL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7HRpxUKO75q3aNntbCyJRDprtL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 15 May 2025 14:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:cf:9f:fb:b3:7a:64:61:9e:39:5d:72:63:e0:24:97:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec7469c5428eef9ab768d9ed6c2c89443a6bb4be
        Validity
            Not Before: May 14 16:28:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2b3227e0ae0b194864eda86a0a9045ddd527da3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:28:1d:71:34:b4:c4:46:34:b7:87:cf:77:49:
                    eb:d9:6b:58:78:59:a1:aa:a7:89:6b:59:4b:4a:f8:
                    e3:01:6c:61:d6:e9:43:93:dd:df:db:02:bf:52:bf:
                    af:c4:fd:bc:69:07:83:a5:2f:95:98:fb:4a:15:9e:
                    ae:7e:4f:2d:a4:47:71:97:5b:26:1e:ca:47:8c:d5:
                    4c:5e:36:ee:72:e4:9a:b0:a4:45:6e:9c:dd:72:10:
                    9c:3d:d2:1e:88:7c:9b:40:32:3c:c3:01:5b:60:91:
                    a8:2b:72:03:fd:62:e5:50:4b:41:ea:89:57:5d:02:
                    02:38:9d:09:71:77:bb:13:5f:03:64:d3:ad:9b:2f:
                    3e:b4:e8:b0:df:b6:d0:ed:c7:23:cd:a4:7e:f5:e7:
                    42:bf:d0:75:f9:8c:db:44:25:54:2f:4a:27:4c:da:
                    2e:6a:ba:32:91:86:8d:34:79:bd:2a:08:9a:d5:f3:
                    ca:8e:1a:f1:3e:60:c6:e3:3e:98:f1:0c:77:13:40:
                    cc:db:b7:08:03:f1:f4:a7:87:78:22:6a:c8:d0:5b:
                    45:eb:c6:de:34:05:95:c5:dd:86:f2:3c:a8:db:ac:
                    6b:9a:86:7b:6a:ab:c2:28:05:8d:e6:72:58:b5:5b:
                    bb:9e:ae:57:88:53:e2:d9:1a:d3:56:81:60:76:f0:
                    d6:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:32:27:E0:AE:0B:19:48:64:ED:A8:6A:0A:90:45:DD:D5:27:DA:3B
            X509v3 Authority Key Identifier:
                keyid:EC:74:69:C5:42:8E:EF:9A:B7:68:D9:ED:6C:2C:89:44:3A:6B:B4:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7HRpxUKO75q3aNntbCyJRDprtL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/6b544c-50e7-4f96-8c8d-8dee1da10741/1/KzIn4K4LGUhk7ahqCpBF3dUn2js.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/6b544c-50e7-4f96-8c8d-8dee1da10741/1/7HRpxUKO75q3aNntbCyJRDprtL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.30.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:1e:ea:23:37:4d:6c:a7:59:9c:1d:9d:aa:6b:f9:46:64:af:
         8c:dd:91:cb:da:42:70:a1:88:58:63:57:0b:05:13:f3:63:b7:
         7b:e8:51:ca:05:9c:49:26:99:05:56:cd:d5:29:30:53:9f:f1:
         37:9a:64:cf:d7:99:07:d7:c6:24:70:f8:77:58:4b:db:eb:d8:
         e0:c0:06:b2:92:f7:b5:3e:3c:79:53:df:6c:67:6c:24:6c:c8:
         35:f0:3e:70:5f:de:3c:e7:8f:7e:55:85:08:e7:1d:3b:55:21:
         49:5c:13:33:45:0b:cd:d9:d1:ee:1f:6c:f3:65:47:3d:cf:bc:
         3f:ac:1c:0c:33:94:27:3c:77:e5:5e:a2:2e:59:f3:88:08:cc:
         fd:f2:e0:68:9c:08:b7:ee:89:28:b8:11:da:68:85:d0:36:65:
         a1:d5:ca:79:9c:40:13:39:28:0f:48:17:6f:d6:92:62:b8:c4:
         71:3f:72:8b:85:f1:2b:60:94:68:9a:ec:a9:68:ec:23:ab:b1:
         bb:07:7a:b4:11:66:c5:1f:9d:d6:e5:28:d7:a3:e0:db:5c:1d:
         23:6d:0b:ce:fe:11:37:ff:13:56:3c:6f:d8:50:0d:22:73:00:
         f9:ce:ea:28:56:f1:66:23:30:1d:3e:3f:eb:6f:e5:17:94:78:
         bc:93:90:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbPn/uzemRhnjldcmPgJJc5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNzQ2OWM1NDI4ZWVmOWFiNzY4ZDllZDZjMmM4OTQ0M2E2
YmI0YmUwHhcNMjUwNTE0MTYyODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjMyMjdlMGFlMGIxOTQ4NjRlZGE4NmEwYTkwNDVkZGQ1MjdkYTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoigdcTS0xEY0t4fPd0nr2WtYeFmh
qqeJa1lLSvjjAWxh1ulDk93f2wK/Ur+vxP28aQeDpS+VmPtKFZ6ufk8tpEdxl1sm
HspHjNVMXjbucuSasKRFbpzdchCcPdIeiHybQDI8wwFbYJGoK3ID/WLlUEtB6olX
XQICOJ0JcXe7E18DZNOtmy8+tOiw37bQ7ccjzaR+9edCv9B1+YzbRCVUL0onTNou
aroykYaNNHm9Kgia1fPKjhrxPmDG4z6Y8Qx3E0DM27cIA/H0p4d4ImrI0FtF68be
NAWVxd2G8jyo26xrmoZ7aqvCKAWN5nJYtVu7nq5XiFPi2RrTVoFgdvDWtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCsyJ+CuCxlIZO2oagqQRd3VJ9o7MB8GA1UdIwQY
MBaAFOx0acVCju+at2jZ7WwsiUQ6a7S+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0hScHhVS083NXEzYU5udGJDeUpSRHBydEw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny82YjU0NGMtNTBlNy00Zjk2LThjOGQt
OGRlZTFkYTEwNzQxLzEvS3pJbjRLNExHVWhrN2FocUNwQkYzZFVuMmpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny82YjU0NGMtNTBlNy00Zjk2LThjOGQtOGRlZTFkYTEwNzQx
LzEvN0hScHhVS083NXEzYU5udGJDeUpSRHBydEw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUR5rMA0G
CSqGSIb3DQEBCwUAA4IBAQCXHuojN01sp1mcHZ2qa/lGZK+M3ZHL2kJwoYhYY1cL
BRPzY7d76FHKBZxJJpkFVs3VKTBTn/E3mmTP15kH18YkcPh3WEvb69jgwAaykve1
Pjx5U99sZ2wkbMg18D5wX948549+VYUI5x07VSFJXBMzRQvN2dHuH2zzZUc9z7w/
rBwMM5QnPHflXqIuWfOICMz98uBonAi37okouBHaaIXQNmWh1cp5nEATOSgPSBdv
1pJiuMRxP3KLhfErYJRomuypaOwjq7G7B3q0EWbFH53W5SjXo+DbXB0jbQvO/hE3
/xNWPG/YUA0icwD5zuooVvFmIzAdPj/rb+UXlHi8k5D7
-----END CERTIFICATE-----