Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/_NrgBUAyfzYFDd9cIrKqzF0ghME.roa
File:                     _NrgBUAyfzYFDd9cIrKqzF0ghME.roa (raw, json)
Hash identifier:          W7nDT2dCsGcDt8C2cPf71ExYIN3QP6IV6eZoCHqhZBc=
Subject key identifier:   FC:DA:E0:05:40:32:7F:36:05:0D:DF:5C:22:B2:AA:CC:5D:20:84:C1
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       0194244536354A996513841BFEA3B41DE8EA
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/_NrgBUAyfzYFDd9cIrKqzF0ghME.roa
Signing time:             Wed 01 Jan 2025 23:48:23 +0000
ROA not before:           Wed 01 Jan 2025 23:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213937
IP address blocks:        194.32.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 08:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:36:35:4a:99:65:13:84:1b:fe:a3:b4:1d:e8:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Jan  1 23:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fcdae00540327f36050ddf5c22b2aacc5d2084c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:8d:43:1d:ba:b6:17:09:5e:79:8a:a4:50:b2:
                    14:b0:8e:4e:73:83:a7:b5:91:a4:09:6c:05:47:32:
                    d1:be:0a:3d:f4:25:b2:2b:9c:ca:27:f5:5b:56:30:
                    51:b7:35:1c:f1:05:53:5a:05:dd:7e:8c:09:b5:dc:
                    78:12:aa:a4:d8:14:91:d9:03:7e:e5:ce:de:1a:90:
                    78:fd:f9:fd:b6:66:ed:0f:d3:c2:70:e6:b0:92:06:
                    3e:6d:7f:17:28:90:6b:74:58:2b:f5:a8:51:9c:35:
                    eb:71:04:76:70:8f:2a:ca:67:33:01:dc:3a:d7:23:
                    74:6f:8a:7c:23:67:61:b6:7e:c1:d1:0c:97:00:4e:
                    e1:34:47:30:47:9c:6d:8c:07:9d:e1:97:a7:bd:61:
                    d3:0a:c5:77:86:7d:93:c9:b4:41:d1:c8:4a:77:87:
                    f6:87:d9:48:09:50:89:8d:a9:ae:91:a2:d2:24:2b:
                    3f:07:bf:a7:8d:8f:fc:6c:3c:15:be:c3:cd:84:6c:
                    56:d4:59:0d:53:28:52:d1:46:40:00:c2:23:e8:a0:
                    e7:f6:fc:6d:17:4d:0e:18:35:a8:4b:73:75:41:20:
                    ff:30:9d:82:b1:c3:b5:3d:ec:a1:86:fa:d5:d6:2d:
                    e6:9c:c0:7a:ed:fe:99:57:81:1c:72:0c:16:46:0c:
                    c2:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:DA:E0:05:40:32:7F:36:05:0D:DF:5C:22:B2:AA:CC:5D:20:84:C1
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/_NrgBUAyfzYFDd9cIrKqzF0ghME.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.32.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:9b:c3:c7:e6:f4:88:0f:06:d8:ae:d9:6d:3c:69:52:1f:74:
         11:b6:75:63:b9:28:b2:1b:4b:f6:d6:4e:62:4b:59:c1:f4:1b:
         83:56:9a:bd:9c:93:4b:a1:bd:42:c8:2a:28:92:c7:18:05:9a:
         3e:2f:c2:b7:79:62:39:ed:97:e5:bf:cf:0d:83:0f:8a:89:35:
         fc:e4:a4:df:a5:eb:26:67:09:e7:ab:ea:fc:03:d4:c5:07:72:
         bb:5a:73:73:36:04:d7:b6:99:2e:81:44:2a:0f:9c:f0:2f:35:
         17:8a:e3:e8:b6:e6:14:e5:97:19:27:0d:7a:68:7e:c7:2d:b4:
         4c:6f:ad:94:8b:b9:ef:09:74:8e:33:1f:ae:c4:cc:a5:d3:a6:
         8a:bb:85:ed:79:17:27:cc:9c:a0:c2:fd:81:68:03:82:2d:20:
         d8:2b:f9:55:c0:6b:52:dc:cc:d3:d0:a2:c8:b4:83:49:c8:ea:
         db:13:79:11:d6:12:30:14:c6:02:19:69:06:89:e0:34:f5:7e:
         4b:30:be:bc:83:16:fe:4b:e5:41:22:07:a3:c4:4c:d2:e2:4e:
         04:d3:6c:8b:8a:3f:69:de:29:18:4c:2b:a4:f1:ba:e9:b4:d7:
         74:0d:26:fa:36:de:63:ba:0a:6f:8b:c0:50:2f:49:42:8e:32:
         f5:77:41:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRTY1SpllE4Qb/qO0HejqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjUwMTAxMjM0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2RhZTAwNTQwMzI3ZjM2MDUwZGRmNWMyMmIyYWFjYzVkMjA4NGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApY1DHbq2FwleeYqkULIUsI5Oc4On
tZGkCWwFRzLRvgo99CWyK5zKJ/VbVjBRtzUc8QVTWgXdfowJtdx4Eqqk2BSR2QN+
5c7eGpB4/fn9tmbtD9PCcOawkgY+bX8XKJBrdFgr9ahRnDXrcQR2cI8qymczAdw6
1yN0b4p8I2dhtn7B0QyXAE7hNEcwR5xtjAed4ZenvWHTCsV3hn2TybRB0chKd4f2
h9lICVCJjamukaLSJCs/B7+njY/8bDwVvsPNhGxW1FkNUyhS0UZAAMIj6KDn9vxt
F00OGDWoS3N1QSD/MJ2CscO1PeyhhvrV1i3mnMB67f6ZV4EccgwWRgzCHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPza4AVAMn82BQ3fXCKyqsxdIITBMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvX05yZ0JVQXlmellGRGQ5Y0lyS3F6RjBnaE1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiDyMA0G
CSqGSIb3DQEBCwUAA4IBAQABm8PH5vSIDwbYrtltPGlSH3QRtnVjuSiyG0v21k5i
S1nB9BuDVpq9nJNLob1CyCookscYBZo+L8K3eWI57Zflv88Ngw+KiTX85KTfpesm
Zwnnq+r8A9TFB3K7WnNzNgTXtpkugUQqD5zwLzUXiuPotuYU5ZcZJw16aH7HLbRM
b62Ui7nvCXSOMx+uxMyl06aKu4XteRcnzJygwv2BaAOCLSDYK/lVwGtS3MzT0KLI
tINJyOrbE3kR1hIwFMYCGWkGieA09X5LML68gxb+S+VBIgejxEzS4k4E02yLij9p
3ikYTCuk8brptNd0DSb6Nt5jugpvi8BQL0lCjjL1d0Fs
-----END CERTIFICATE-----