Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/f19c9e-c541-4363-b25b-a806163ec294/1/NJJQIAvEDlH4wZu4zaM1fPZpVGI.roa
File:                     NJJQIAvEDlH4wZu4zaM1fPZpVGI.roa (raw, json)
Hash identifier:          zmrVvshEoDYlY+afA5JOHL7lyVYdqt5pXq3EABMgUFM=
Subject key identifier:   34:92:50:20:0B:C4:0E:51:F8:C1:9B:B8:CD:A3:35:7C:F6:69:54:62
Certificate issuer:       /CN=d95413eb29a43d2e45fecdd88ee5396c96bf1cb5
Certificate serial:       019421B1F246FF213BA12D7D13F55DA1A33C
Authority key identifier: D9:54:13:EB:29:A4:3D:2E:45:FE:CD:D8:8E:E5:39:6C:96:BF:1C:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2VQT6ymkPS5F_s3YjuU5bJa_HLU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/f19c9e-c541-4363-b25b-a806163ec294/1/NJJQIAvEDlH4wZu4zaM1fPZpVGI.roa
Signing time:             Wed 01 Jan 2025 11:48:17 +0000
ROA not before:           Wed 01 Jan 2025 11:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42184
IP address blocks:        88.218.84.0/22 maxlen: 22
                          185.72.200.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/f19c9e-c541-4363-b25b-a806163ec294/1/2VQT6ymkPS5F_s3YjuU5bJa_HLU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/f19c9e-c541-4363-b25b-a806163ec294/1/2VQT6ymkPS5F_s3YjuU5bJa_HLU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2VQT6ymkPS5F_s3YjuU5bJa_HLU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:f2:46:ff:21:3b:a1:2d:7d:13:f5:5d:a1:a3:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d95413eb29a43d2e45fecdd88ee5396c96bf1cb5
        Validity
            Not Before: Jan  1 11:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=349250200bc40e51f8c19bb8cda3357cf6695462
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:fd:ec:2a:75:4b:35:c6:da:fc:10:4d:91:2c:
                    f2:90:95:f4:11:74:e6:e6:e8:04:44:4d:f2:dd:79:
                    37:1a:c7:c5:74:91:dd:e4:dd:6e:da:4f:d7:c8:4a:
                    f0:e8:a0:ec:25:1b:b4:a5:72:34:b8:32:df:36:67:
                    5c:31:73:4a:f3:74:e0:97:13:7a:96:e8:da:9d:34:
                    7c:25:85:67:63:18:d3:be:6f:71:60:f0:aa:55:cb:
                    57:b9:b0:82:ff:64:3f:f8:70:c1:f5:14:16:ec:b7:
                    d1:55:f3:cf:02:3a:fb:66:d6:9b:d3:85:9e:4d:3e:
                    a2:4a:7b:77:2f:d1:9d:2e:3c:0a:f3:a3:2d:0f:9f:
                    ac:dd:9d:85:08:9f:f6:48:5a:7d:94:58:56:ff:45:
                    fc:32:a9:6e:6f:3a:ff:ba:de:b3:a0:b4:4c:f9:eb:
                    19:7b:77:07:96:72:82:bf:c7:5a:ee:e9:e8:90:9d:
                    b6:64:7d:91:dd:a9:48:90:9f:5b:98:a7:e5:be:f7:
                    21:d5:8a:2c:e7:ee:08:ea:da:d8:64:f3:f1:35:8b:
                    6f:dd:5e:19:84:8e:64:f2:b2:01:ec:c4:e8:ac:9c:
                    d1:85:47:3b:52:9b:df:48:4b:97:10:eb:94:1f:64:
                    19:9e:b7:c6:2c:6d:9e:c7:e9:92:3a:25:f0:71:55:
                    72:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:92:50:20:0B:C4:0E:51:F8:C1:9B:B8:CD:A3:35:7C:F6:69:54:62
            X509v3 Authority Key Identifier:
                keyid:D9:54:13:EB:29:A4:3D:2E:45:FE:CD:D8:8E:E5:39:6C:96:BF:1C:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2VQT6ymkPS5F_s3YjuU5bJa_HLU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/f19c9e-c541-4363-b25b-a806163ec294/1/NJJQIAvEDlH4wZu4zaM1fPZpVGI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/f19c9e-c541-4363-b25b-a806163ec294/1/2VQT6ymkPS5F_s3YjuU5bJa_HLU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.218.84.0/22
                  185.72.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         16:eb:49:f2:fa:e6:af:c1:f9:28:88:38:22:c6:78:38:1d:d1:
         07:05:f9:66:19:41:ed:78:a9:9d:01:1b:1d:92:14:bd:1e:e6:
         30:4b:1f:45:a9:d6:55:47:02:ea:38:49:4c:fe:1d:2d:1e:eb:
         64:19:84:60:09:63:59:c0:57:a4:87:cb:51:b0:9f:8a:b3:e8:
         57:4c:d3:69:3e:cc:8c:06:5e:f5:e2:6c:07:dd:90:1c:84:ef:
         c0:05:50:60:21:0d:be:6c:4a:15:17:27:60:6c:89:0e:cf:3f:
         33:7c:42:9d:72:b7:2a:66:1e:e4:14:86:de:e1:90:db:d2:ad:
         96:52:f5:5b:3d:98:9f:13:a4:e1:ea:26:13:5f:a6:18:ee:23:
         4c:49:6f:12:cd:03:97:ee:4b:19:80:da:ea:b7:1a:b1:3c:da:
         79:a0:e9:f7:cb:0c:e3:10:60:20:a2:97:af:ec:43:88:52:66:
         23:4d:80:10:99:3a:35:6d:01:b6:09:aa:a6:7e:ef:41:5f:7c:
         10:f8:cc:63:54:f4:f3:11:4d:8d:97:73:c3:4d:56:94:19:a1:
         b5:39:38:94:f1:a9:37:0a:9d:0e:81:ee:61:c9:93:27:c6:93:
         47:8d:16:c3:e6:ce:ad:5f:27:c3:b6:99:f9:f6:c2:28:60:fc:
         f8:4f:35:ed
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhsfJG/yE7oS19E/VdoaM8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5NTQxM2ViMjlhNDNkMmU0NWZlY2RkODhlZTUzOTZjOTZi
ZjFjYjUwHhcNMjUwMTAxMTE0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDkyNTAyMDBiYzQwZTUxZjhjMTliYjhjZGEzMzU3Y2Y2Njk1NDYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjf3sKnVLNcba/BBNkSzykJX0EXTm
5ugERE3y3Xk3GsfFdJHd5N1u2k/XyErw6KDsJRu0pXI0uDLfNmdcMXNK83TglxN6
lujanTR8JYVnYxjTvm9xYPCqVctXubCC/2Q/+HDB9RQW7LfRVfPPAjr7Ztab04We
TT6iSnt3L9GdLjwK86MtD5+s3Z2FCJ/2SFp9lFhW/0X8Mqlubzr/ut6zoLRM+esZ
e3cHlnKCv8da7unokJ22ZH2R3alIkJ9bmKflvvch1Yos5+4I6trYZPPxNYtv3V4Z
hI5k8rIB7MTorJzRhUc7UpvfSEuXEOuUH2QZnrfGLG2ex+mSOiXwcVVy/QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDSSUCALxA5R+MGbuM2jNXz2aVRiMB8GA1UdIwQY
MBaAFNlUE+sppD0uRf7N2I7lOWyWvxy1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlZRVDZ5bWtQUzVGX3MzWWp1VTViSmFfSExVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC9mMTljOWUtYzU0MS00MzYzLWIyNWIt
YTgwNjE2M2VjMjk0LzEvTkpKUUlBdkVEbEg0d1p1NHphTTFmUFpwVkdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC9mMTljOWUtYzU0MS00MzYzLWIyNWItYTgwNjE2M2VjMjk0
LzEvMlZRVDZ5bWtQUzVGX3MzWWp1VTViSmFfSExVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCWNpUAwQC
uUjIMA0GCSqGSIb3DQEBCwUAA4IBAQAW60ny+uavwfkoiDgixng4HdEHBflmGUHt
eKmdARsdkhS9HuYwSx9FqdZVRwLqOElM/h0tHutkGYRgCWNZwFekh8tRsJ+Ks+hX
TNNpPsyMBl714mwH3ZAchO/ABVBgIQ2+bEoVFydgbIkOzz8zfEKdcrcqZh7kFIbe
4ZDb0q2WUvVbPZifE6Th6iYTX6YY7iNMSW8SzQOX7ksZgNrqtxqxPNp5oOn3ywzj
EGAgopev7EOIUmYjTYAQmTo1bQG2Caqmfu9BX3wQ+MxjVPTzEU2Nl3PDTVaUGaG1
OTiU8ak3Cp0Oge5hyZMnxpNHjRbD5s6tXyfDtpn59sIoYPz4TzXt
-----END CERTIFICATE-----