Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/kLn_D-e9WG6tolNpAeYCadCv4UA.roa
File:                     kLn_D-e9WG6tolNpAeYCadCv4UA.roa (raw, json)
Hash identifier:          qGcHyU2UYwNyNUgraxetIQ1R1l+955xYjSqPhifUIW0=
Subject key identifier:   90:B9:FF:0F:E7:BD:58:6E:AD:A2:53:69:01:E6:02:69:D0:AF:E1:40
Certificate issuer:       /CN=12fd558a64e97586a43dc7ee50a8d6b292365b60
Certificate serial:       01966C37FB9014AE692844882B6C14E7578A
Authority key identifier: 12:FD:55:8A:64:E9:75:86:A4:3D:C7:EE:50:A8:D6:B2:92:36:5B:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/kLn_D-e9WG6tolNpAeYCadCv4UA.roa
Signing time:             Fri 25 Apr 2025 09:12:10 +0000
ROA not before:           Fri 25 Apr 2025 09:12:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214294
IP address blocks:        176.116.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 May 2025 06:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:6c:37:fb:90:14:ae:69:28:44:88:2b:6c:14:e7:57:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12fd558a64e97586a43dc7ee50a8d6b292365b60
        Validity
            Not Before: Apr 25 09:12:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=90b9ff0fe7bd586eada2536901e60269d0afe140
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:73:8a:00:e5:c4:c7:8b:cc:7e:8a:45:a0:cc:
                    b2:67:c9:16:01:69:75:8b:ad:18:13:18:e5:a4:86:
                    28:a3:48:bb:c1:bc:ba:5f:14:cf:5f:0b:c3:fb:59:
                    b3:69:0c:b3:e6:4c:21:ec:dc:eb:bc:d6:02:57:f8:
                    3e:23:b8:3b:ee:3b:9e:e9:3b:35:cf:ed:00:0f:18:
                    63:14:df:5e:19:d9:7d:1a:c2:9b:36:72:8d:b9:02:
                    99:29:7a:d6:4d:cd:65:28:96:6b:ce:48:26:36:b0:
                    b6:e7:00:0e:d3:41:45:44:52:a3:b5:90:1d:95:94:
                    6e:ca:18:9b:6f:4f:e6:8c:0f:06:72:98:cb:0e:2d:
                    91:1f:4b:94:72:ed:d8:24:24:11:02:cb:1f:0f:25:
                    08:b6:0b:cd:cf:14:93:09:12:57:99:ce:ad:b2:a2:
                    46:6d:8b:af:fa:bb:a5:39:8f:7b:eb:be:36:96:58:
                    a4:7f:27:7e:e1:36:67:cc:86:2f:d8:1d:5a:87:42:
                    e9:6b:bb:5d:38:c1:e9:37:52:ba:d9:d1:67:2e:6f:
                    4a:9b:29:e9:f3:40:b7:7f:09:5e:62:9a:42:f3:06:
                    da:46:f1:3d:a9:b4:3c:40:62:a5:37:c7:a9:fd:ac:
                    63:59:95:41:36:f1:3a:e1:69:db:75:38:fe:28:26:
                    34:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:B9:FF:0F:E7:BD:58:6E:AD:A2:53:69:01:E6:02:69:D0:AF:E1:40
            X509v3 Authority Key Identifier:
                keyid:12:FD:55:8A:64:E9:75:86:A4:3D:C7:EE:50:A8:D6:B2:92:36:5B:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/kLn_D-e9WG6tolNpAeYCadCv4UA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.116.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:10:77:a5:83:39:f3:66:62:bb:b1:08:d7:eb:fe:f5:0e:75:
         b9:fd:2d:75:e8:a1:2d:32:24:ff:ef:d0:ad:9c:e5:9a:a1:36:
         5e:69:c0:ff:44:f0:32:70:19:a7:a8:66:ce:7f:ae:b3:d2:a0:
         8c:38:c7:fa:f3:2a:0b:12:f4:7d:b4:32:ba:a3:57:82:28:f4:
         39:60:0a:2c:25:d6:79:9a:0c:29:e7:25:cb:90:c1:8f:1d:0e:
         85:30:b4:d7:10:86:a7:84:8c:63:9c:7e:54:ae:57:af:0c:a0:
         53:63:1d:83:ee:1b:06:db:96:15:ce:a6:98:69:cd:73:c5:05:
         a2:67:a6:7d:c8:3f:30:1d:d2:32:61:98:4f:84:39:8c:d1:ba:
         68:79:ec:41:b3:35:4d:95:5e:bc:f5:9c:49:54:5c:eb:e0:53:
         55:95:81:4d:03:88:db:22:20:13:54:fe:1e:a1:70:2e:e9:a2:
         a3:80:fc:23:fc:68:8c:5a:ab:22:29:cd:7d:74:a5:6e:57:7f:
         ea:b6:2f:8a:79:09:67:13:71:ae:5f:88:23:a7:2a:15:6e:f2:
         30:74:14:00:24:99:2d:d0:7a:62:91:8f:ae:e7:fa:41:2f:ac:
         5f:9e:f7:a7:fb:3d:08:74:b4:7d:27:1e:f5:2f:10:0a:a8:02:
         ff:52:49:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZsN/uQFK5pKESIK2wU51eKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyZmQ1NThhNjRlOTc1ODZhNDNkYzdlZTUwYThkNmIyOTIz
NjViNjAwHhcNMjUwNDI1MDkxMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGI5ZmYwZmU3YmQ1ODZlYWRhMjUzNjkwMWU2MDI2OWQwYWZlMTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0XOKAOXEx4vMfopFoMyyZ8kWAWl1
i60YExjlpIYoo0i7wby6XxTPXwvD+1mzaQyz5kwh7NzrvNYCV/g+I7g77jue6Ts1
z+0ADxhjFN9eGdl9GsKbNnKNuQKZKXrWTc1lKJZrzkgmNrC25wAO00FFRFKjtZAd
lZRuyhibb0/mjA8GcpjLDi2RH0uUcu3YJCQRAssfDyUItgvNzxSTCRJXmc6tsqJG
bYuv+rulOY976742llikfyd+4TZnzIYv2B1ah0Lpa7tdOMHpN1K62dFnLm9Kmynp
80C3fwleYppC8wbaRvE9qbQ8QGKlN8ep/axjWZVBNvE64WnbdTj+KCY06QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJC5/w/nvVhuraJTaQHmAmnQr+FAMB8GA1UdIwQY
MBaAFBL9VYpk6XWGpD3H7lCo1rKSNltgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXYxVmltVHBkWWFrUGNmdVVLaldzcEkyVzJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9hZjk2ZGYtYTRkNS00OGY5LWFjMGMt
MjRkOGU3NDdjMzhmLzEva0xuX0QtZTlXRzZ0b2xOcEFlWUNhZEN2NFVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS9hZjk2ZGYtYTRkNS00OGY5LWFjMGMtMjRkOGU3NDdjMzhm
LzEvRXYxVmltVHBkWWFrUGNmdVVLaldzcEkyVzJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHQGMA0G
CSqGSIb3DQEBCwUAA4IBAQCNEHelgznzZmK7sQjX6/71DnW5/S116KEtMiT/79Ct
nOWaoTZeacD/RPAycBmnqGbOf66z0qCMOMf68yoLEvR9tDK6o1eCKPQ5YAosJdZ5
mgwp5yXLkMGPHQ6FMLTXEIanhIxjnH5UrlevDKBTYx2D7hsG25YVzqaYac1zxQWi
Z6Z9yD8wHdIyYZhPhDmM0bpoeexBszVNlV689ZxJVFzr4FNVlYFNA4jbIiATVP4e
oXAu6aKjgPwj/GiMWqsiKc19dKVuV3/qti+KeQlnE3GuX4gjpyoVbvIwdBQAJJkt
0HpikY+u5/pBL6xfnven+z0IdLR9Jx71LxAKqAL/Uknu
-----END CERTIFICATE-----