Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/w_7KSHXu7o9ktpz_Vrh_00tv7HI.roa
File:                     w_7KSHXu7o9ktpz_Vrh_00tv7HI.roa (raw, json)
Hash identifier:          gkGoVuf1pEqMxqdRmFn7c7MKr+cC0H9E1TpCk2Uue1E=
Subject key identifier:   C3:FE:CA:48:75:EE:EE:8F:64:B6:9C:FF:56:B8:7F:D3:4B:6F:EC:72
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       019424454D2C733EDAE0DCB3B0AEB090E8D5
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/w_7KSHXu7o9ktpz_Vrh_00tv7HI.roa
Signing time:             Wed 01 Jan 2025 23:48:29 +0000
ROA not before:           Wed 01 Jan 2025 23:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     22427
IP address blocks:        185.226.182.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 10:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:4d:2c:73:3e:da:e0:dc:b3:b0:ae:b0:90:e8:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Jan  1 23:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c3feca4875eeee8f64b69cff56b87fd34b6fec72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:23:10:c0:67:47:e1:d8:54:bb:d5:96:e0:e9:
                    ee:29:cd:92:97:00:da:4e:4f:8f:41:fe:99:bc:82:
                    d3:25:ac:83:67:53:ef:01:54:91:f0:3e:c5:91:97:
                    3f:35:d4:6f:5e:09:7d:d3:26:b9:de:ad:42:4c:93:
                    20:2d:ad:78:3a:e5:d2:48:19:9d:e3:8c:a8:ec:08:
                    bd:79:3c:f1:df:19:3c:b9:57:09:f1:d0:a6:b3:bb:
                    1f:01:ac:ee:39:57:17:f5:c9:0c:35:0e:9b:4b:bb:
                    c8:57:0b:16:7c:a1:3b:d4:ac:ad:bd:4e:d7:fe:5a:
                    fa:97:30:d1:06:5d:d9:1c:56:ae:8c:fd:10:9f:22:
                    e2:f4:c0:d7:c2:77:40:9c:6e:88:78:87:8d:19:8a:
                    b3:4b:80:d4:f6:12:a5:10:b1:6a:5f:6f:cf:f4:52:
                    3b:b5:8a:9f:51:6b:74:15:23:d1:46:c4:55:10:1b:
                    7d:cf:14:5a:42:ae:aa:95:fa:ee:0d:ac:2f:db:93:
                    48:01:a3:cb:e9:da:27:67:ab:a1:94:a3:9c:30:2d:
                    ef:b1:8a:d6:aa:8b:61:c5:39:c1:4c:ee:ec:4d:4c:
                    12:8f:92:18:2e:34:fa:03:73:e5:ea:ee:81:d0:83:
                    16:9d:d1:04:46:a8:61:15:69:45:4b:bb:c6:23:44:
                    0b:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:FE:CA:48:75:EE:EE:8F:64:B6:9C:FF:56:B8:7F:D3:4B:6F:EC:72
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/w_7KSHXu7o9ktpz_Vrh_00tv7HI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.226.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:bd:24:b3:cb:91:ac:89:4d:f4:ca:a3:44:38:92:14:b9:f0:
         bf:2a:00:bd:a3:6c:b4:76:de:f9:54:fe:69:33:c9:5e:b4:e9:
         0a:5a:ed:62:fc:59:fe:b2:4a:9c:ab:60:ea:8b:03:98:24:b5:
         4a:2d:34:0f:26:db:74:2d:ad:47:fa:ed:57:0d:aa:f8:e4:3c:
         04:7a:36:32:56:9d:b0:42:ca:a7:6e:94:a1:7b:ae:e0:ed:6c:
         e9:21:02:08:cf:f8:b2:12:b0:1e:55:f2:bf:ce:d2:5c:e1:5c:
         89:dc:01:5e:7f:64:c6:0d:ad:2e:8e:e6:74:05:38:ff:c8:0c:
         d4:5c:09:ad:44:cc:93:78:05:77:4e:7f:bd:a9:33:a8:29:14:
         15:a3:bd:7e:d8:9f:65:0e:b8:60:92:d0:42:28:55:af:b8:f4:
         ad:c2:8a:4d:45:54:70:82:c2:d3:fb:a5:51:22:17:40:c3:e2:
         89:58:10:7c:cf:49:7d:31:d7:40:c4:5c:e8:eb:6a:16:1e:52:
         5b:cf:60:14:03:4c:3f:46:3f:75:86:9a:1f:3a:f0:79:6f:61:
         66:df:6e:a5:63:3c:9e:aa:a6:be:29:e3:f4:a3:ea:48:33:1a:
         67:1e:4c:83:01:a9:63:12:8d:a4:f8:43:5c:65:7f:a5:e4:1b:
         c0:44:65:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRU0scz7a4NyzsK6wkOjVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjUwMTAxMjM0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2ZlY2E0ODc1ZWVlZThmNjRiNjljZmY1NmI4N2ZkMzRiNmZlYzcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2SMQwGdH4dhUu9WW4OnuKc2SlwDa
Tk+PQf6ZvILTJayDZ1PvAVSR8D7FkZc/NdRvXgl90ya53q1CTJMgLa14OuXSSBmd
44yo7Ai9eTzx3xk8uVcJ8dCms7sfAazuOVcX9ckMNQ6bS7vIVwsWfKE71KytvU7X
/lr6lzDRBl3ZHFaujP0QnyLi9MDXwndAnG6IeIeNGYqzS4DU9hKlELFqX2/P9FI7
tYqfUWt0FSPRRsRVEBt9zxRaQq6qlfruDawv25NIAaPL6donZ6uhlKOcMC3vsYrW
qothxTnBTO7sTUwSj5IYLjT6A3Pl6u6B0IMWndEERqhhFWlFS7vGI0QLqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMP+ykh17u6PZLac/1a4f9NLb+xyMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvd183S1NIWHU3bzlrdHB6X1ZyaF8wMHR2N0hJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueK2MA0G
CSqGSIb3DQEBCwUAA4IBAQAJvSSzy5GsiU30yqNEOJIUufC/KgC9o2y0dt75VP5p
M8letOkKWu1i/Fn+skqcq2DqiwOYJLVKLTQPJtt0La1H+u1XDar45DwEejYyVp2w
QsqnbpShe67g7WzpIQIIz/iyErAeVfK/ztJc4VyJ3AFef2TGDa0ujuZ0BTj/yAzU
XAmtRMyTeAV3Tn+9qTOoKRQVo71+2J9lDrhgktBCKFWvuPStwopNRVRwgsLT+6VR
IhdAw+KJWBB8z0l9MddAxFzo62oWHlJbz2AUA0w/Rj91hpofOvB5b2Fm326lYzye
qqa+KeP0o+pIMxpnHkyDAaljEo2k+ENcZX+l5BvARGXF
-----END CERTIFICATE-----