Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/NxQAPQR8rp1ER38mKNfcazHIBhQ.roa
File:                     NxQAPQR8rp1ER38mKNfcazHIBhQ.roa (raw, json)
Hash identifier:          wCtPBIS49fKHHMFKOw3HWymQSF7B9t4mqXvGZeibWI0=
Subject key identifier:   37:14:00:3D:04:7C:AE:9D:44:47:7F:26:28:D7:DC:6B:31:C8:06:14
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       01942144195257DC61FE621EDDFDF6252F92
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/NxQAPQR8rp1ER38mKNfcazHIBhQ.roa
Signing time:             Wed 01 Jan 2025 09:48:18 +0000
ROA not before:           Wed 01 Jan 2025 09:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214612
IP address blocks:        80.242.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:19:52:57:dc:61:fe:62:1e:dd:fd:f6:25:2f:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Jan  1 09:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3714003d047cae9d44477f2628d7dc6b31c80614
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:dd:93:fd:aa:56:b0:c3:06:4c:16:a4:aa:32:
                    08:1a:ce:35:4c:7c:29:82:af:2a:c4:02:dc:f9:e4:
                    9e:e0:46:75:f6:15:9a:d0:21:0f:2c:37:4a:f9:41:
                    85:65:17:63:4b:41:ca:9d:94:24:37:e1:76:41:6b:
                    66:58:4b:c4:2e:c7:72:fe:b9:a5:49:db:31:3f:8c:
                    43:6e:be:54:95:34:bf:31:ec:21:8b:a1:a4:fd:21:
                    01:d2:e2:4a:c7:ad:54:a9:a4:0f:be:37:b0:1f:b4:
                    f4:1d:0c:e7:80:49:7c:41:c3:ae:b9:e5:d4:d5:0f:
                    8a:46:43:52:1e:32:32:1f:c7:50:a4:37:fd:ff:4c:
                    6d:fb:7c:40:d1:a6:57:d9:10:11:10:f0:ef:88:ad:
                    69:f4:b6:64:95:38:14:f0:16:02:6d:f1:97:b2:a3:
                    f3:22:e0:46:86:12:c2:8e:42:18:fa:81:6d:ee:ed:
                    a9:c2:35:63:8a:2e:99:9e:e6:70:1a:ef:a5:f9:0a:
                    60:cf:9f:fe:eb:e1:ad:01:4b:f7:80:fa:e2:1c:bd:
                    bf:be:93:9d:23:1f:d2:aa:13:97:7d:ca:cd:be:ac:
                    2e:24:f9:63:cc:4e:1f:9c:b0:d6:a2:4f:eb:e3:e5:
                    83:69:62:fc:c3:dc:11:95:d3:01:03:39:6e:7b:2a:
                    28:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:14:00:3D:04:7C:AE:9D:44:47:7F:26:28:D7:DC:6B:31:C8:06:14
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/NxQAPQR8rp1ER38mKNfcazHIBhQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.242.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:58:c5:ff:63:08:01:d1:49:bf:e7:3a:6d:78:d7:b8:69:e3:
         43:49:72:8a:d6:77:f7:43:16:3c:80:38:c9:90:26:63:48:24:
         8b:c2:e8:05:72:b9:03:70:7d:f8:5c:5e:f8:d5:e7:43:98:f1:
         b4:92:03:05:d1:71:4e:7f:2d:6a:a0:9c:2f:67:9e:d8:d9:5c:
         3e:7e:62:32:b9:59:6b:ce:9e:96:9a:bd:12:fe:46:e5:81:16:
         ec:e2:22:fe:8a:ac:7e:a8:b1:f1:d2:4b:0f:ad:35:f7:e5:21:
         fc:70:dd:e8:ad:72:2a:d9:0f:82:73:f4:d6:9e:72:fb:a5:e1:
         32:93:af:b9:55:68:01:44:08:07:e8:fc:5c:fa:bd:47:7a:69:
         f4:de:a7:74:b4:a1:83:4a:d8:97:4e:9d:bc:4c:5a:5f:c5:a1:
         a3:6c:9b:0d:c2:28:13:62:aa:96:0c:f9:7c:4e:70:6a:9d:af:
         8e:4c:7d:92:fe:3a:a3:ae:e2:e9:79:42:ff:bc:e8:6b:8a:96:
         96:17:18:7d:a9:45:a7:e7:47:3f:c7:39:a3:86:d2:f3:b5:d1:
         24:0d:49:ed:5f:7e:60:81:36:38:5b:07:fb:3f:c3:13:47:f4:
         b2:37:10:67:b3:1c:d5:78:74:8a:b6:bf:02:20:80:93:d6:d1:
         20:f9:33:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRBlSV9xh/mIe3f32JS+SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjUwMTAxMDk0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzE0MDAzZDA0N2NhZTlkNDQ0NzdmMjYyOGQ3ZGM2YjMxYzgwNjE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmt2T/apWsMMGTBakqjIIGs41THwp
gq8qxALc+eSe4EZ19hWa0CEPLDdK+UGFZRdjS0HKnZQkN+F2QWtmWEvELsdy/rml
SdsxP4xDbr5UlTS/Mewhi6Gk/SEB0uJKx61UqaQPvjewH7T0HQzngEl8QcOuueXU
1Q+KRkNSHjIyH8dQpDf9/0xt+3xA0aZX2RAREPDviK1p9LZklTgU8BYCbfGXsqPz
IuBGhhLCjkIY+oFt7u2pwjVjii6ZnuZwGu+l+Qpgz5/+6+GtAUv3gPriHL2/vpOd
Ix/SqhOXfcrNvqwuJPljzE4fnLDWok/r4+WDaWL8w9wRldMBAzlueyoowQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDcUAD0EfK6dREd/JijX3GsxyAYUMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvTnhRQVBRUjhycDFFUjM4bUtOZmNhekhJQmhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUPI2MA0G
CSqGSIb3DQEBCwUAA4IBAQCMWMX/YwgB0Um/5zpteNe4aeNDSXKK1nf3QxY8gDjJ
kCZjSCSLwugFcrkDcH34XF741edDmPG0kgMF0XFOfy1qoJwvZ57Y2Vw+fmIyuVlr
zp6Wmr0S/kblgRbs4iL+iqx+qLHx0ksPrTX35SH8cN3orXIq2Q+Cc/TWnnL7peEy
k6+5VWgBRAgH6Pxc+r1Hemn03qd0tKGDStiXTp28TFpfxaGjbJsNwigTYqqWDPl8
TnBqna+OTH2S/jqjruLpeUL/vOhripaWFxh9qUWn50c/xzmjhtLztdEkDUntX35g
gTY4Wwf7P8MTR/SyNxBnsxzVeHSKtr8CIICT1tEg+TN/
-----END CERTIFICATE-----