Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/ABJStH93Tb6FchJ9fsWarHUv7_o.roa
File:                     ABJStH93Tb6FchJ9fsWarHUv7_o.roa (raw, json)
Hash identifier:          2aWwBiU7xdii1VsEutmj7weOOLZIls6NzS14i2lKxbg=
Subject key identifier:   00:12:52:B4:7F:77:4D:BE:85:72:12:7D:7E:C5:9A:AC:75:2F:EF:FA
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       01942445547AB2F2D91FA4907A6741681659
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/ABJStH93Tb6FchJ9fsWarHUv7_o.roa
Signing time:             Wed 01 Jan 2025 23:48:30 +0000
ROA not before:           Wed 01 Jan 2025 23:48:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212669
IP address blocks:        185.199.150.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 10:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:54:7a:b2:f2:d9:1f:a4:90:7a:67:41:68:16:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Jan  1 23:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=001252b47f774dbe8572127d7ec59aac752feffa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:dc:80:a4:3d:da:9a:61:4f:0d:b8:89:2d:a9:
                    fe:01:f0:a5:9d:19:8c:94:ff:92:f7:bb:4a:79:63:
                    2c:ff:fb:14:d2:a7:39:2f:28:32:14:4d:06:03:e9:
                    d8:f5:a9:18:84:97:cc:24:da:a7:b9:22:9f:af:b0:
                    2e:b9:aa:8a:34:9b:e0:3f:c2:e6:75:ed:5a:3d:ba:
                    74:1b:57:86:20:20:56:8e:81:d2:6d:7b:f8:63:2f:
                    b7:3a:fe:7b:80:22:87:ea:35:e1:d0:4b:f1:21:8f:
                    17:8c:80:2e:6e:d8:d4:32:f6:2c:21:60:e3:ce:8b:
                    ac:4e:cb:64:73:24:ee:10:4d:7b:c3:4b:9c:f0:a9:
                    1e:3c:5e:31:19:1a:b1:58:d2:f5:6a:58:19:0d:28:
                    ac:96:86:c9:fe:88:05:2b:74:54:99:f2:98:b3:2f:
                    91:70:44:ae:3e:84:8b:0d:33:6c:ef:30:8d:c1:78:
                    3d:39:5b:f1:71:6c:62:57:1e:76:db:32:d4:7e:03:
                    14:bb:65:eb:a1:d0:7e:86:6a:a6:58:45:7a:f8:7c:
                    4c:ef:6a:28:ba:7d:ce:6b:58:b3:c7:22:7e:0f:29:
                    d4:bd:9a:49:34:79:a9:77:58:16:86:ad:d8:ef:0a:
                    d9:e8:e5:e0:c5:7c:cb:b6:01:1f:9f:a5:da:9e:ed:
                    9e:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:12:52:B4:7F:77:4D:BE:85:72:12:7D:7E:C5:9A:AC:75:2F:EF:FA
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/ABJStH93Tb6FchJ9fsWarHUv7_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.199.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:27:eb:92:c1:f8:50:10:0a:26:91:d4:42:b4:18:f7:38:42:
         c0:2f:95:6b:80:ef:f5:97:9a:f5:de:45:26:97:50:a9:86:09:
         6f:26:c1:d0:13:38:ad:aa:89:76:e3:ab:88:b9:f0:81:61:dc:
         62:5c:d7:25:bb:72:eb:11:34:c8:e6:65:eb:e5:ef:a3:ee:b0:
         21:66:f7:b1:92:74:27:bd:21:cc:f0:61:13:02:4b:17:e6:94:
         1d:22:e8:03:46:fa:59:5f:62:90:a2:a5:0f:38:32:bb:c6:d3:
         50:eb:fc:de:c6:4c:1d:32:d9:cc:28:a0:60:03:18:5b:ee:5d:
         22:8f:6c:f8:4f:db:4e:42:98:91:39:1d:33:3b:81:79:17:e9:
         91:e0:1d:e5:36:66:e5:22:00:00:83:32:1a:0c:90:20:09:6e:
         00:aa:77:e7:74:50:b0:80:ff:63:24:16:64:59:ca:52:db:d6:
         a2:cd:59:b2:c9:68:08:b1:7a:dc:f5:b8:bc:37:6b:25:4c:fa:
         62:10:c1:60:11:1b:fa:ed:c7:45:8d:8f:ac:91:7c:7b:3b:29:
         de:2d:d2:d9:1b:79:cb:c8:5f:df:e3:c8:bb:69:2f:ea:d7:c6:
         57:81:bd:80:9f:55:d8:c4:6d:c9:ee:ab:2f:c8:fb:51:a4:b9:
         20:7d:a9:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRVR6svLZH6SQemdBaBZZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjUwMTAxMjM0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDEyNTJiNDdmNzc0ZGJlODU3MjEyN2Q3ZWM1OWFhYzc1MmZlZmZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz9yApD3ammFPDbiJLan+AfClnRmM
lP+S97tKeWMs//sU0qc5LygyFE0GA+nY9akYhJfMJNqnuSKfr7AuuaqKNJvgP8Lm
de1aPbp0G1eGICBWjoHSbXv4Yy+3Ov57gCKH6jXh0EvxIY8XjIAubtjUMvYsIWDj
zousTstkcyTuEE17w0uc8KkePF4xGRqxWNL1algZDSislobJ/ogFK3RUmfKYsy+R
cESuPoSLDTNs7zCNwXg9OVvxcWxiVx522zLUfgMUu2XrodB+hmqmWEV6+HxM72oo
un3Oa1izxyJ+DynUvZpJNHmpd1gWhq3Y7wrZ6OXgxXzLtgEfn6Xanu2e6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAASUrR/d02+hXISfX7Fmqx1L+/6MB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvQUJKU3RIOTNUYjZGY2hKOWZzV2FySFV2N19vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuceWMA0G
CSqGSIb3DQEBCwUAA4IBAQBJJ+uSwfhQEAomkdRCtBj3OELAL5VrgO/1l5r13kUm
l1CphglvJsHQEzitqol246uIufCBYdxiXNclu3LrETTI5mXr5e+j7rAhZvexknQn
vSHM8GETAksX5pQdIugDRvpZX2KQoqUPODK7xtNQ6/zexkwdMtnMKKBgAxhb7l0i
j2z4T9tOQpiROR0zO4F5F+mR4B3lNmblIgAAgzIaDJAgCW4AqnfndFCwgP9jJBZk
WcpS29aizVmyyWgIsXrc9bi8N2slTPpiEMFgERv67cdFjY+skXx7OyneLdLZG3nL
yF/f48i7aS/q18ZXgb2An1XYxG3J7qsvyPtRpLkgfalZ
-----END CERTIFICATE-----