Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/92d208-a22a-421c-8c5b-eaf9da4adef6/1/NMUyPdZC5qwvI-uU8yAq__R87OE.roa
File:                     NMUyPdZC5qwvI-uU8yAq__R87OE.roa (raw, json)
Hash identifier:          wNqu5LklcPh8GK25XCT828wVBYluabvZCKgobN8TPqk=
Subject key identifier:   34:C5:32:3D:D6:42:E6:AC:2F:23:EB:94:F3:20:2A:FF:F4:7C:EC:E1
Certificate issuer:       /CN=fa55d2877132aaadcdf54058acbf9e07eddb598c
Certificate serial:       019426D8B6917D6DC32B9EFBBF4C7E088ED7
Authority key identifier: FA:55:D2:87:71:32:AA:AD:CD:F5:40:58:AC:BF:9E:07:ED:DB:59:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-lXSh3Eyqq3N9UBYrL-eB-3bWYw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/92d208-a22a-421c-8c5b-eaf9da4adef6/1/NMUyPdZC5qwvI-uU8yAq__R87OE.roa
Signing time:             Thu 02 Jan 2025 11:48:44 +0000
ROA not before:           Thu 02 Jan 2025 11:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25009
IP address blocks:        185.21.112.0/22 maxlen: 24
                          2a03:240::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/92d208-a22a-421c-8c5b-eaf9da4adef6/1/1-lXSh3Eyqq3N9UBYrL-eB-3bWYw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/92d208-a22a-421c-8c5b-eaf9da4adef6/1/1-lXSh3Eyqq3N9UBYrL-eB-3bWYw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-lXSh3Eyqq3N9UBYrL-eB-3bWYw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d8:b6:91:7d:6d:c3:2b:9e:fb:bf:4c:7e:08:8e:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fa55d2877132aaadcdf54058acbf9e07eddb598c
        Validity
            Not Before: Jan  2 11:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=34c5323dd642e6ac2f23eb94f3202afff47cece1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:b6:28:7c:eb:ab:df:53:65:05:1d:28:13:0e:
                    1a:fd:f6:56:74:46:a2:64:24:80:f6:98:86:83:2d:
                    76:4a:0b:02:fc:dc:dd:f9:b7:ff:87:80:3e:c9:38:
                    e2:b8:e4:47:05:f6:e3:16:cc:9a:b6:61:5b:08:12:
                    e3:de:fc:96:90:e6:32:5f:a8:63:44:39:0e:62:97:
                    2a:1a:36:ec:89:34:98:25:72:12:a1:4b:e3:8d:ac:
                    c3:cc:c3:8e:d8:25:57:ac:c4:b0:9e:6c:d9:86:56:
                    59:ae:66:9d:d1:92:fd:e5:2a:71:8f:3b:5c:ac:52:
                    f8:36:5d:b8:9d:0a:a8:51:ab:d2:9f:aa:c1:87:69:
                    da:a4:37:2a:a3:41:f8:57:99:cb:e9:2b:c2:52:8d:
                    2d:17:f0:df:27:05:b6:7c:87:e5:dc:7c:eb:d3:3a:
                    34:6c:4a:fa:f8:2e:61:e4:e4:0a:7b:83:45:d1:8b:
                    5f:2e:ca:cb:35:40:ab:fd:00:24:7a:fc:24:fa:6a:
                    51:31:1e:f1:7e:7e:9e:49:68:c3:cc:fd:08:93:ba:
                    c3:13:1d:1c:8c:c0:3c:fa:64:bd:cb:09:2a:84:38:
                    43:95:b7:ec:29:5e:58:bc:ce:1a:ef:7b:fd:07:1c:
                    27:86:35:07:f3:d7:b4:23:d7:b4:cd:f3:24:a9:02:
                    ad:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:C5:32:3D:D6:42:E6:AC:2F:23:EB:94:F3:20:2A:FF:F4:7C:EC:E1
            X509v3 Authority Key Identifier:
                keyid:FA:55:D2:87:71:32:AA:AD:CD:F5:40:58:AC:BF:9E:07:ED:DB:59:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-lXSh3Eyqq3N9UBYrL-eB-3bWYw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/92d208-a22a-421c-8c5b-eaf9da4adef6/1/NMUyPdZC5qwvI-uU8yAq__R87OE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/92d208-a22a-421c-8c5b-eaf9da4adef6/1/1-lXSh3Eyqq3N9UBYrL-eB-3bWYw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.21.112.0/22
                IPv6:
                  2a03:240::/32

    Signature Algorithm: sha256WithRSAEncryption
         80:2e:22:06:49:64:4f:0e:c2:dd:24:07:2b:a1:12:89:18:c0:
         69:e7:9b:57:a9:dd:cd:88:ee:7e:87:c0:c5:a9:8a:c6:d0:72:
         08:a8:3f:6d:d2:62:20:f4:00:18:3e:d5:35:7d:89:5b:97:a8:
         dc:71:23:d6:bf:b5:aa:ce:ce:7c:77:ee:6e:9c:ce:cf:c8:ed:
         88:79:62:b2:26:8c:4c:3f:c2:66:4f:76:51:30:f6:30:6c:94:
         6c:fd:dc:3e:05:a8:b3:81:47:a3:aa:91:8b:94:88:12:4f:c9:
         6c:d0:72:a0:a3:c7:9d:13:bb:1c:77:44:9f:22:95:86:70:b8:
         53:71:f6:89:4d:8c:c0:84:b1:92:01:07:86:91:8e:bb:5b:96:
         5c:12:19:70:91:66:c4:09:34:11:0f:c1:f8:f8:e0:bd:25:ad:
         c5:fc:12:1f:8b:17:86:78:15:dc:21:47:60:35:47:6c:68:8c:
         dd:1f:f0:37:2f:be:a5:eb:b5:b1:a2:ed:95:90:94:dc:a9:ae:
         43:b8:a8:1c:a7:ac:c7:79:e4:89:da:08:1f:fd:73:f1:28:3b:
         99:8a:b4:ec:3f:89:72:7c:0e:37:ac:53:61:e0:fe:54:c0:38:
         00:a3:6e:c2:d7:46:4f:01:0b:9f:29:19:45:df:48:ca:bd:5c:
         b3:d0:ff:cb
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQm2LaRfW3DK577v0x+CI7XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhNTVkMjg3NzEzMmFhYWRjZGY1NDA1OGFjYmY5ZTA3ZWRk
YjU5OGMwHhcNMjUwMTAyMTE0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGM1MzIzZGQ2NDJlNmFjMmYyM2ViOTRmMzIwMmFmZmY0N2NlY2UxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyrYofOur31NlBR0oEw4a/fZWdEai
ZCSA9piGgy12SgsC/Nzd+bf/h4A+yTjiuORHBfbjFsyatmFbCBLj3vyWkOYyX6hj
RDkOYpcqGjbsiTSYJXISoUvjjazDzMOO2CVXrMSwnmzZhlZZrmad0ZL95Spxjztc
rFL4Nl24nQqoUavSn6rBh2napDcqo0H4V5nL6SvCUo0tF/DfJwW2fIfl3Hzr0zo0
bEr6+C5h5OQKe4NF0YtfLsrLNUCr/QAkevwk+mpRMR7xfn6eSWjDzP0Ik7rDEx0c
jMA8+mS9ywkqhDhDlbfsKV5YvM4a73v9BxwnhjUH89e0I9e0zfMkqQKtcQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDTFMj3WQuasLyPrlPMgKv/0fOzhMB8GA1UdIwQY
MBaAFPpV0odxMqqtzfVAWKy/ngft21mMMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1sWFNoM0V5cXEzTjlVQllyTC1lQi0zYldZdy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDIvOTJkMjA4LWEyMmEtNDIxYy04YzVi
LWVhZjlkYTRhZGVmNi8xL05NVXlQZFpDNXF3dkktdVU4eUFxX19SODdPRS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMDIvOTJkMjA4LWEyMmEtNDIxYy04YzViLWVhZjlkYTRhZGVm
Ni8xLzEtbFhTaDNFeXFxM045VUJZckwtZUItM2JXWXcuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLgYIKwYBBQUHAQcBAf8EHzAdMAwEAgABMAYDBAK5FXAw
DQQCAAIwBwMFACoDAkAwDQYJKoZIhvcNAQELBQADggEBAIAuIgZJZE8Owt0kByuh
EokYwGnnm1ep3c2I7n6HwMWpisbQcgioP23SYiD0ABg+1TV9iVuXqNxxI9a/tarO
znx37m6czs/I7Yh5YrImjEw/wmZPdlEw9jBslGz93D4FqLOBR6OqkYuUiBJPyWzQ
cqCjx50Tuxx3RJ8ilYZwuFNx9olNjMCEsZIBB4aRjrtbllwSGXCRZsQJNBEPwfj4
4L0lrcX8Eh+LF4Z4FdwhR2A1R2xojN0f8DcvvqXrtbGi7ZWQlNyprkO4qBynrMd5
5InaCB/9c/EoO5mKtOw/iXJ8DjesU2Hg/lTAOACjbsLXRk8BC58pGUXfSMq9XLPQ
/8s=
-----END CERTIFICATE-----