Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/NgAjxh4miihqji-G3O_1YnZlCjg.roa
File:                     NgAjxh4miihqji-G3O_1YnZlCjg.roa (raw, json)
Hash identifier:          gbDUrtu6GLAQ/PE/agZMovK+oqiqqBgza15DxEig55s=
Subject key identifier:   36:00:23:C6:1E:26:8A:28:6A:8E:2F:86:DC:EF:F5:62:76:65:0A:38
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       01941F8C41998B33652924CC66DD0909EEB1
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/NgAjxh4miihqji-G3O_1YnZlCjg.roa
Signing time:             Wed 01 Jan 2025 01:47:53 +0000
ROA not before:           Wed 01 Jan 2025 01:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212221
IP address blocks:        85.120.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:41:99:8b:33:65:29:24:cc:66:dd:09:09:ee:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 01:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=360023c61e268a286a8e2f86dceff56276650a38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:ec:05:de:8f:04:8c:c5:93:f5:24:e5:53:9d:
                    c9:62:4b:09:70:35:c7:7a:7f:c2:e8:c2:9c:30:d8:
                    c9:2e:72:1c:37:ee:3b:4e:8b:ac:a4:05:0c:8b:48:
                    4f:5b:60:1b:50:c9:6a:c0:20:84:5f:12:fa:78:9b:
                    15:07:fb:0b:99:8a:c7:b7:75:46:c5:b5:5f:c4:94:
                    d0:12:ab:a3:d2:ea:87:87:2f:11:db:fa:91:5f:ad:
                    87:cb:0e:bb:61:cd:43:a2:7a:51:ba:37:42:1f:fa:
                    9c:94:1e:52:c1:ac:34:2e:9b:f1:36:dd:bb:c5:50:
                    51:9f:94:7d:9d:2e:9e:c0:64:a2:b8:a7:87:0e:02:
                    14:f2:bd:40:ea:a8:0d:f3:14:a3:96:58:39:f6:4f:
                    ea:d5:d1:d4:be:22:b7:80:d7:43:d2:af:2d:78:a8:
                    8b:a6:7e:fa:b4:94:fd:fe:41:34:9c:a6:5a:d7:e3:
                    99:33:81:03:7d:da:f7:3a:65:9b:e7:5b:d1:87:c3:
                    27:c4:d9:58:47:84:a9:40:56:59:9b:01:ce:25:4d:
                    3c:41:89:e8:a2:0f:4a:5f:59:99:03:22:b7:67:66:
                    e7:6c:c9:30:95:d4:24:a9:8e:2b:e5:f6:96:00:8a:
                    99:e6:8c:b3:91:8e:a3:d8:b1:a8:9c:1b:c8:51:a1:
                    56:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:00:23:C6:1E:26:8A:28:6A:8E:2F:86:DC:EF:F5:62:76:65:0A:38
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/NgAjxh4miihqji-G3O_1YnZlCjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.120.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:33:b2:d5:e4:26:4b:cc:2f:94:91:f0:98:49:77:57:bc:c5:
         e1:6e:9d:6d:3d:ba:e4:14:91:c3:e6:c9:4a:26:c7:05:d8:96:
         36:05:d9:c5:29:dc:40:5d:a0:c1:67:e2:a2:5f:61:bd:e3:69:
         f8:33:94:0c:41:ec:a2:61:6e:66:dd:c2:bf:de:1e:56:db:fc:
         51:2b:7b:67:c8:bc:a8:3c:f1:8a:0b:0d:ab:1d:64:36:02:82:
         98:28:b4:5b:9b:7e:58:91:b5:7c:aa:4f:69:ba:df:b9:33:b5:
         da:8d:90:c5:1c:79:67:13:a4:72:c0:c4:d6:79:13:bd:20:cf:
         80:29:ee:2d:1b:5c:ab:22:5b:6e:62:63:c4:e0:14:84:c9:75:
         aa:1d:2e:73:c0:68:8c:cc:f4:4c:1d:af:05:3d:5d:20:ec:d7:
         ba:65:87:fd:60:fb:73:5f:65:fd:a5:c0:2d:64:56:66:74:7d:
         a6:22:30:29:12:e7:47:d4:59:b6:3f:1d:ca:e4:b8:b9:2a:06:
         14:1a:76:2f:72:a5:e5:1a:5b:b2:6f:99:0c:32:e4:04:9a:1d:
         4b:3f:7c:22:38:81:5b:f1:98:33:a1:77:f0:de:b0:a3:5d:18:
         16:d7:b4:d8:ee:a1:97:46:0f:dc:f1:7f:02:50:6f:b7:a2:0d:
         a9:63:43:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjEGZizNlKSTMZt0JCe6xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjUwMTAxMDE0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjAwMjNjNjFlMjY4YTI4NmE4ZTJmODZkY2VmZjU2Mjc2NjUwYTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqewF3o8EjMWT9STlU53JYksJcDXH
en/C6MKcMNjJLnIcN+47TouspAUMi0hPW2AbUMlqwCCEXxL6eJsVB/sLmYrHt3VG
xbVfxJTQEquj0uqHhy8R2/qRX62Hyw67Yc1DonpRujdCH/qclB5Swaw0LpvxNt27
xVBRn5R9nS6ewGSiuKeHDgIU8r1A6qgN8xSjllg59k/q1dHUviK3gNdD0q8teKiL
pn76tJT9/kE0nKZa1+OZM4EDfdr3OmWb51vRh8MnxNlYR4SpQFZZmwHOJU08QYno
og9KX1mZAyK3Z2bnbMkwldQkqY4r5faWAIqZ5oyzkY6j2LGonBvIUaFWBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDYAI8YeJoooao4vhtzv9WJ2ZQo4MB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvTmdBanhoNG1paWhxamktRzNPXzFZblpsQ2pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVXj7MA0G
CSqGSIb3DQEBCwUAA4IBAQBiM7LV5CZLzC+UkfCYSXdXvMXhbp1tPbrkFJHD5slK
JscF2JY2BdnFKdxAXaDBZ+KiX2G942n4M5QMQeyiYW5m3cK/3h5W2/xRK3tnyLyo
PPGKCw2rHWQ2AoKYKLRbm35YkbV8qk9put+5M7XajZDFHHlnE6RywMTWeRO9IM+A
Ke4tG1yrIltuYmPE4BSEyXWqHS5zwGiMzPRMHa8FPV0g7Ne6ZYf9YPtzX2X9pcAt
ZFZmdH2mIjApEudH1Fm2Px3K5Li5KgYUGnYvcqXlGluyb5kMMuQEmh1LP3wiOIFb
8ZgzoXfw3rCjXRgW17TY7qGXRg/c8X8CUG+3og2pY0Mn
-----END CERTIFICATE-----