Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/NiqjOlNTXM20fr7bb_Hu7fNVpnk.roa
File:                     NiqjOlNTXM20fr7bb_Hu7fNVpnk.roa (raw, json)
Hash identifier:          WMjXZpt8cy+IOzVtTivSuKAcQFZieAhNSlute/PEdJQ=
Subject key identifier:   36:2A:A3:3A:53:53:5C:CD:B4:7E:BE:DB:6F:F1:EE:ED:F3:55:A6:79
Certificate issuer:       /CN=ab54fe831b6a719f42e6c8486fd03b550be761fb
Certificate serial:       019427479597D62B430822D1DE63D8BDAD3F
Authority key identifier: AB:54:FE:83:1B:6A:71:9F:42:E6:C8:48:6F:D0:3B:55:0B:E7:61:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q1T-gxtqcZ9C5shIb9A7VQvnYfs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/NiqjOlNTXM20fr7bb_Hu7fNVpnk.roa
Signing time:             Thu 02 Jan 2025 13:49:50 +0000
ROA not before:           Thu 02 Jan 2025 13:49:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200064
IP address blocks:        185.111.186.0/24 maxlen: 24
                          185.111.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/q1T-gxtqcZ9C5shIb9A7VQvnYfs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/q1T-gxtqcZ9C5shIb9A7VQvnYfs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q1T-gxtqcZ9C5shIb9A7VQvnYfs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 01:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:95:97:d6:2b:43:08:22:d1:de:63:d8:bd:ad:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab54fe831b6a719f42e6c8486fd03b550be761fb
        Validity
            Not Before: Jan  2 13:49:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=362aa33a53535ccdb47ebedb6ff1eeedf355a679
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:36:28:42:59:79:48:c2:fd:0f:2f:d8:af:c5:
                    66:e4:e5:38:c6:15:46:86:92:47:a2:ef:7a:b9:05:
                    ea:d8:85:85:b1:a3:26:d4:ec:66:1a:63:6d:96:6f:
                    3c:23:1b:07:85:89:ad:53:d4:22:ba:68:82:ae:46:
                    cb:53:da:ef:67:02:9f:02:ed:da:34:40:cb:6c:e8:
                    c1:1a:7b:de:81:4a:b6:0c:22:08:59:73:39:de:5a:
                    08:35:98:01:0d:c9:62:96:26:73:3f:5d:68:7a:3d:
                    35:ae:09:8e:b1:48:3d:63:23:f6:9c:ce:05:fe:60:
                    a7:ab:01:08:12:a7:81:12:fc:2a:be:61:1b:06:59:
                    19:26:89:25:c2:df:55:1c:ad:13:38:06:88:09:b9:
                    78:3f:20:51:fd:94:05:9c:30:ed:bb:19:d8:02:b8:
                    cf:67:72:ed:c2:0d:38:c1:de:1a:de:29:5f:96:07:
                    7c:70:f9:05:d4:01:a6:92:d3:32:0d:84:8f:f4:1d:
                    9e:8c:db:0e:7f:d4:cc:77:98:93:c8:29:2e:d7:60:
                    35:c9:cb:26:c4:b7:87:37:0b:85:e3:36:8a:27:72:
                    5f:74:7a:a2:a7:99:f9:84:1b:4b:a1:38:ac:b3:d9:
                    03:5d:bf:f0:3e:d5:b6:65:4e:74:78:8c:fd:f8:0c:
                    a9:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:2A:A3:3A:53:53:5C:CD:B4:7E:BE:DB:6F:F1:EE:ED:F3:55:A6:79
            X509v3 Authority Key Identifier:
                keyid:AB:54:FE:83:1B:6A:71:9F:42:E6:C8:48:6F:D0:3B:55:0B:E7:61:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q1T-gxtqcZ9C5shIb9A7VQvnYfs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/NiqjOlNTXM20fr7bb_Hu7fNVpnk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/q1T-gxtqcZ9C5shIb9A7VQvnYfs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.111.186.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9d:14:f4:be:da:95:49:c7:40:3f:0d:5f:7e:bc:b2:00:86:9c:
         e9:3f:7b:6b:31:db:fb:3d:a3:18:de:71:6b:d8:83:fe:1d:37:
         dc:9b:f9:7f:c2:99:f9:c4:0a:e1:7c:96:e8:44:e8:04:84:0f:
         50:a5:70:0e:e8:6a:f9:1c:ca:f6:6b:b6:d8:ee:b8:7c:50:d2:
         3f:21:6c:5c:de:d5:e9:73:4e:21:6c:43:26:5b:ff:b5:25:b7:
         39:5b:a4:17:16:cf:e6:17:6c:fd:77:c4:fd:3c:aa:95:5c:23:
         4d:98:89:0e:a4:9d:25:0c:56:13:6d:14:84:20:d8:11:ad:89:
         c1:32:26:a6:da:68:bf:8b:86:39:a3:4c:a7:69:db:1a:3e:d0:
         f6:db:9f:75:3a:bc:ff:9e:da:3b:65:c6:b4:35:6f:b8:d5:0a:
         28:7a:ae:e3:9f:2d:ae:47:ee:3a:0b:2b:c4:09:bc:e5:69:6e:
         dc:63:bc:38:11:e4:8a:66:e1:65:45:da:2d:ae:08:58:22:6c:
         41:32:c2:1c:2a:da:42:eb:18:d2:01:7d:74:31:d3:08:f1:dc:
         03:e1:f8:fe:b2:e6:cd:2e:a7:51:48:5a:8b:76:88:9b:0b:b3:
         05:f4:d0:5c:6c:71:8c:3d:99:61:42:18:01:97:34:9c:75:87:
         40:c8:4a:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR5WX1itDCCLR3mPYva0/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNTRmZTgzMWI2YTcxOWY0MmU2Yzg0ODZmZDAzYjU1MGJl
NzYxZmIwHhcNMjUwMTAyMTM0OTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjJhYTMzYTUzNTM1Y2NkYjQ3ZWJlZGI2ZmYxZWVlZGYzNTVhNjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApjYoQll5SML9Dy/Yr8Vm5OU4xhVG
hpJHou96uQXq2IWFsaMm1OxmGmNtlm88IxsHhYmtU9QiumiCrkbLU9rvZwKfAu3a
NEDLbOjBGnvegUq2DCIIWXM53loINZgBDcliliZzP11oej01rgmOsUg9YyP2nM4F
/mCnqwEIEqeBEvwqvmEbBlkZJoklwt9VHK0TOAaICbl4PyBR/ZQFnDDtuxnYArjP
Z3Ltwg04wd4a3ilflgd8cPkF1AGmktMyDYSP9B2ejNsOf9TMd5iTyCku12A1ycsm
xLeHNwuF4zaKJ3JfdHqip5n5hBtLoTiss9kDXb/wPtW2ZU50eIz9+AypKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDYqozpTU1zNtH6+22/x7u3zVaZ5MB8GA1UdIwQY
MBaAFKtU/oMbanGfQubISG/QO1UL52H7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTFULWd4dHFjWjlDNXNoSWI5QTdWUXZuWWZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS81ZWFhYTctMzEwNy00MjY4LWFhZDYt
NmZkOTc4OTIwNWJhLzEvTmlxak9sTlRYTTIwZnI3YmJfSHU3Zk5WcG5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS81ZWFhYTctMzEwNy00MjY4LWFhZDYtNmZkOTc4OTIwNWJh
LzEvcTFULWd4dHFjWjlDNXNoSWI5QTdWUXZuWWZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuW+6MA0G
CSqGSIb3DQEBCwUAA4IBAQCdFPS+2pVJx0A/DV9+vLIAhpzpP3trMdv7PaMY3nFr
2IP+HTfcm/l/wpn5xArhfJboROgEhA9QpXAO6Gr5HMr2a7bY7rh8UNI/IWxc3tXp
c04hbEMmW/+1Jbc5W6QXFs/mF2z9d8T9PKqVXCNNmIkOpJ0lDFYTbRSEINgRrYnB
Miam2mi/i4Y5o0ynadsaPtD22591Orz/nto7Zca0NW+41Qooeq7jny2uR+46CyvE
CbzlaW7cY7w4EeSKZuFlRdotrghYImxBMsIcKtpC6xjSAX10MdMI8dwD4fj+subN
LqdRSFqLdoibC7MF9NBcbHGMPZlhQhgBlzScdYdAyErM
-----END CERTIFICATE-----