Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/936cbb-bac4-4fde-8def-febc1ed3ceba/1/2j_QBpsrLBBxs622BISyOZtEgFA.roa
File:                     2j_QBpsrLBBxs622BISyOZtEgFA.roa (raw, json)
Hash identifier:          32mbR7LJ1AvTIHIxhitKhF6+X6cgHFfdsLG9qjMakhU=
Subject key identifier:   DA:3F:D0:06:9B:2B:2C:10:71:B3:AD:B6:04:84:B2:39:9B:44:80:50
Certificate issuer:       /CN=89edfa414944d010ac69ee5bfb22773b24b27efb
Certificate serial:       0197C7DC23DA901B96CC465FAD7841CB6362
Authority key identifier: 89:ED:FA:41:49:44:D0:10:AC:69:EE:5B:FB:22:77:3B:24:B2:7E:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ie36QUlE0BCsae5b-yJ3OySyfvs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/936cbb-bac4-4fde-8def-febc1ed3ceba/1/2j_QBpsrLBBxs622BISyOZtEgFA.roa
Signing time:             Tue 01 Jul 2025 21:19:42 +0000
ROA not before:           Tue 01 Jul 2025 21:19:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216383
IP address blocks:        185.36.145.0/24 maxlen: 24
                          2a13:3e40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/936cbb-bac4-4fde-8def-febc1ed3ceba/1/ie36QUlE0BCsae5b-yJ3OySyfvs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/936cbb-bac4-4fde-8def-febc1ed3ceba/1/ie36QUlE0BCsae5b-yJ3OySyfvs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ie36QUlE0BCsae5b-yJ3OySyfvs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c7:dc:23:da:90:1b:96:cc:46:5f:ad:78:41:cb:63:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89edfa414944d010ac69ee5bfb22773b24b27efb
        Validity
            Not Before: Jul  1 21:19:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=da3fd0069b2b2c1071b3adb60484b2399b448050
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:de:1b:c7:54:ee:c6:98:b3:10:bd:5f:fe:56:
                    c4:5c:52:3f:51:5a:f0:41:08:7f:04:4c:d8:a2:de:
                    aa:7d:83:40:1a:d9:25:11:2b:b5:2d:06:62:16:46:
                    4a:27:cc:d7:34:ed:21:37:40:31:d0:e7:d3:f9:03:
                    9a:a9:73:07:b0:66:e8:86:fc:83:fc:bd:05:b4:d1:
                    95:1a:56:ca:79:ec:b6:62:f2:b4:8f:12:e2:1b:ce:
                    c5:5a:97:b4:ac:5e:ca:7d:e1:3c:1a:b9:fd:ba:b7:
                    9b:bc:2f:f5:d3:b1:8b:c6:40:46:e6:e6:90:31:c8:
                    7b:d0:0a:98:f6:f9:16:ac:e2:2f:64:87:28:fc:b9:
                    4d:44:e7:11:63:4a:4c:71:5a:f2:ad:c1:1b:8f:ee:
                    d0:79:67:8f:3f:a4:54:ed:68:95:62:e6:90:55:c0:
                    ff:f4:8b:45:15:6b:74:39:4e:e2:d4:ea:ec:2d:d0:
                    bd:16:d9:fb:94:c6:a1:00:1e:f2:84:b3:c0:8d:20:
                    ce:ea:bb:e1:d0:2b:83:7c:f8:a1:7b:65:68:70:a0:
                    f3:80:83:a0:14:35:46:34:bd:c3:93:a1:81:b9:98:
                    6e:82:b4:0c:71:65:b4:32:ca:0c:79:e1:ec:56:1f:
                    2f:28:4d:8a:ec:0e:cc:9b:db:ab:11:3b:aa:86:20:
                    34:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:3F:D0:06:9B:2B:2C:10:71:B3:AD:B6:04:84:B2:39:9B:44:80:50
            X509v3 Authority Key Identifier:
                keyid:89:ED:FA:41:49:44:D0:10:AC:69:EE:5B:FB:22:77:3B:24:B2:7E:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ie36QUlE0BCsae5b-yJ3OySyfvs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/936cbb-bac4-4fde-8def-febc1ed3ceba/1/2j_QBpsrLBBxs622BISyOZtEgFA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/936cbb-bac4-4fde-8def-febc1ed3ceba/1/ie36QUlE0BCsae5b-yJ3OySyfvs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.36.145.0/24
                IPv6:
                  2a13:3e40::/29

    Signature Algorithm: sha256WithRSAEncryption
         59:fe:6c:9b:94:28:ac:76:6b:07:be:b2:c2:f2:6f:4c:aa:36:
         48:fc:a7:d0:ef:75:1a:27:10:e2:53:64:ea:10:a7:d9:9f:1e:
         f4:a0:51:23:1b:c8:50:ae:c8:3e:21:63:10:5f:af:d9:c6:f3:
         ab:c9:5f:b1:60:73:c3:e3:7d:7d:07:67:cb:b2:28:e5:6d:7b:
         68:95:d1:22:d2:cd:21:50:10:50:46:d8:0a:8f:39:ae:16:c1:
         39:6f:7f:e0:ef:ac:8e:b3:b9:69:39:68:3d:ea:51:a7:15:3c:
         53:fa:62:cb:b0:53:da:bc:c2:fe:43:03:65:ec:6d:90:ad:b7:
         9a:c5:4c:c1:ca:d5:f2:54:cf:18:3b:bd:d9:ac:ae:15:f2:44:
         40:60:3c:6e:bf:a9:6a:4a:d3:e0:1d:14:fe:e8:7d:9b:08:7c:
         fb:ee:b8:aa:b1:95:31:34:8e:25:19:09:25:4f:81:d2:48:dc:
         49:61:4e:3b:7a:07:c9:f8:13:f9:24:05:7c:05:ba:d5:34:f5:
         74:f6:82:5a:94:46:c6:c2:31:c9:fc:58:24:5d:4c:a7:2e:45:
         ca:41:6f:6d:04:43:40:df:2a:52:05:f5:9c:b9:35:6f:ab:6b:
         a6:31:f7:1d:61:ae:cc:3e:77:ab:7f:13:a5:aa:34:68:6e:71:
         93:c6:17:ae
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZfH3CPakBuWzEZfrXhBy2NiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5ZWRmYTQxNDk0NGQwMTBhYzY5ZWU1YmZiMjI3NzNiMjRi
MjdlZmIwHhcNMjUwNzAxMjExOTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTNmZDAwNjliMmIyYzEwNzFiM2FkYjYwNDg0YjIzOTliNDQ4MDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAud4bx1TuxpizEL1f/lbEXFI/UVrw
QQh/BEzYot6qfYNAGtklESu1LQZiFkZKJ8zXNO0hN0Ax0OfT+QOaqXMHsGbohvyD
/L0FtNGVGlbKeey2YvK0jxLiG87FWpe0rF7KfeE8Grn9urebvC/107GLxkBG5uaQ
Mch70AqY9vkWrOIvZIco/LlNROcRY0pMcVryrcEbj+7QeWePP6RU7WiVYuaQVcD/
9ItFFWt0OU7i1OrsLdC9Ftn7lMahAB7yhLPAjSDO6rvh0CuDfPihe2VocKDzgIOg
FDVGNL3Dk6GBuZhugrQMcWW0MsoMeeHsVh8vKE2K7A7Mm9urETuqhiA0zwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNo/0AabKywQcbOttgSEsjmbRIBQMB8GA1UdIwQY
MBaAFInt+kFJRNAQrGnuW/sidzsksn77MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWUzNlFVbEUwQkNzYWU1Yi15SjNPeVN5ZnZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC85MzZjYmItYmFjNC00ZmRlLThkZWYt
ZmViYzFlZDNjZWJhLzEvMmpfUUJwc3JMQkJ4czYyMkJJU3lPWnRFZ0ZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC85MzZjYmItYmFjNC00ZmRlLThkZWYtZmViYzFlZDNjZWJh
LzEvaWUzNlFVbEUwQkNzYWU1Yi15SjNPeVN5ZnZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuSSRMA0E
AgACMAcDBQMqEz5AMA0GCSqGSIb3DQEBCwUAA4IBAQBZ/myblCisdmsHvrLC8m9M
qjZI/KfQ73UaJxDiU2TqEKfZnx70oFEjG8hQrsg+IWMQX6/ZxvOryV+xYHPD4319
B2fLsijlbXtoldEi0s0hUBBQRtgKjzmuFsE5b3/g76yOs7lpOWg96lGnFTxT+mLL
sFPavML+QwNl7G2QrbeaxUzBytXyVM8YO73ZrK4V8kRAYDxuv6lqStPgHRT+6H2b
CHz77riqsZUxNI4lGQklT4HSSNxJYU47egfJ+BP5JAV8BbrVNPV09oJalEbGwjHJ
/FgkXUynLkXKQW9tBENA3ypSBfWcuTVvq2umMfcdYa7MPnerfxOlqjRobnGTxheu
-----END CERTIFICATE-----