Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/0Z8yTYlKjkqvKh6kY-kM6OXYfz8.roa
File:                     0Z8yTYlKjkqvKh6kY-kM6OXYfz8.roa (raw, json)
Hash identifier:          fwm0Gtt1RFKV50/Ms+CgVe/rwlPJ9Q3VLzTFIW1v2aw=
Subject key identifier:   D1:9F:32:4D:89:4A:8E:4A:AF:2A:1E:A4:63:E9:0C:E8:E5:D8:7F:3F
Certificate issuer:       /CN=746365355b665564a210c358c68a0117b7fbeb9a
Certificate serial:       019423D7E507085DDFA3EEA01A6A3D2DE348
Authority key identifier: 74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/0Z8yTYlKjkqvKh6kY-kM6OXYfz8.roa
Signing time:             Wed 01 Jan 2025 21:48:58 +0000
ROA not before:           Wed 01 Jan 2025 21:48:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52194
IP address blocks:        212.22.81.0/24 maxlen: 24
                          212.22.87.0/24 maxlen: 24
                          212.22.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 06:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:e5:07:08:5d:df:a3:ee:a0:1a:6a:3d:2d:e3:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746365355b665564a210c358c68a0117b7fbeb9a
        Validity
            Not Before: Jan  1 21:48:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d19f324d894a8e4aaf2a1ea463e90ce8e5d87f3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:37:6f:03:b3:3a:d3:cb:b3:a9:c6:4d:c3:19:
                    e1:82:91:5b:29:09:08:04:01:46:39:d0:58:8b:3c:
                    c1:ff:ee:62:68:ee:a8:56:b5:a2:08:6e:0d:49:fe:
                    a5:76:7e:27:5d:53:f5:47:d1:46:c0:29:6d:13:2b:
                    31:87:be:cc:bc:cf:5e:f8:01:0a:03:e0:96:c0:bd:
                    9a:d5:ef:f6:13:99:57:51:07:fd:ed:6a:8d:a8:e0:
                    2b:8e:bf:46:e0:73:42:95:1c:23:c0:15:bc:d2:b6:
                    20:c8:07:78:33:66:9f:8a:72:20:59:5b:14:d9:a7:
                    b4:b1:21:cb:a9:5c:bc:63:4b:52:8b:0f:92:52:fc:
                    8e:b8:68:a5:8f:49:9d:9a:5a:6d:3e:02:ab:e4:18:
                    9c:0c:4e:13:6a:79:81:89:8a:54:f4:56:8a:db:35:
                    6f:28:2b:9f:46:76:a7:41:83:f1:33:fb:1e:4f:35:
                    a1:1e:f9:42:55:5c:a6:20:5e:ad:78:30:82:bf:84:
                    3d:bc:2b:25:3b:fd:ef:77:44:73:e0:2f:0c:bb:ba:
                    a9:08:0c:3d:65:65:5d:d1:e9:5d:c7:2f:d1:d5:65:
                    c2:64:b6:1b:13:77:d9:a2:52:5d:da:23:33:9b:a5:
                    01:ab:89:a8:f9:e2:31:c7:1c:bb:85:b1:4f:6f:af:
                    d2:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:9F:32:4D:89:4A:8E:4A:AF:2A:1E:A4:63:E9:0C:E8:E5:D8:7F:3F
            X509v3 Authority Key Identifier:
                keyid:74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/0Z8yTYlKjkqvKh6kY-kM6OXYfz8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.22.81.0/24
                  212.22.87.0/24
                  212.22.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:dc:0e:48:29:36:77:34:01:01:51:52:f3:ef:f8:8a:f6:90:
         c3:e8:28:00:9b:30:64:3d:1e:85:66:01:03:c8:47:55:7b:7d:
         54:27:ab:9a:54:dd:6b:ec:e7:50:81:80:b1:f3:6a:ed:93:21:
         00:da:47:f6:05:eb:57:b9:a1:f0:f5:87:3e:e3:6d:1f:37:57:
         57:54:98:ac:b9:5e:b7:3d:b7:93:b5:2b:28:9d:8b:b4:d9:ff:
         c8:e7:07:58:75:c9:41:b1:24:31:fc:47:13:79:68:7c:dc:c6:
         7f:06:f5:c3:8e:d7:89:f7:d7:af:c1:24:bc:45:58:10:04:d8:
         72:1b:a6:3e:c5:9d:28:46:3c:dc:71:d6:28:86:ff:7a:8a:69:
         a9:5e:07:a7:8e:ca:3f:d5:ab:d7:06:cc:ca:42:26:7f:9b:a7:
         49:84:4d:8e:22:c1:ac:9b:c1:15:fc:30:37:8b:7c:67:14:51:
         ac:c9:4b:5c:5c:f6:b8:58:30:49:e3:9f:25:64:10:e0:40:5f:
         a0:9e:e0:fe:17:95:a8:c1:2b:c5:8b:d4:0a:eb:03:d8:8d:58:
         e4:8c:2f:d0:a1:da:79:06:d5:7b:25:86:e0:c4:59:5b:44:70:
         35:f3:66:4c:9a:95:69:24:ab:a3:44:e2:86:eb:6c:2c:ae:7f:
         1b:42:75:b6
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQj1+UHCF3fo+6gGmo9LeNIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NjM2NTM1NWI2NjU1NjRhMjEwYzM1OGM2OGEwMTE3Yjdm
YmViOWEwHhcNMjUwMTAxMjE0ODU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTlmMzI0ZDg5NGE4ZTRhYWYyYTFlYTQ2M2U5MGNlOGU1ZDg3ZjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvTdvA7M608uzqcZNwxnhgpFbKQkI
BAFGOdBYizzB/+5iaO6oVrWiCG4NSf6ldn4nXVP1R9FGwCltEysxh77MvM9e+AEK
A+CWwL2a1e/2E5lXUQf97WqNqOArjr9G4HNClRwjwBW80rYgyAd4M2afinIgWVsU
2ae0sSHLqVy8Y0tSiw+SUvyOuGilj0mdmlptPgKr5BicDE4TanmBiYpU9FaK2zVv
KCufRnanQYPxM/seTzWhHvlCVVymIF6teDCCv4Q9vCslO/3vd0Rz4C8Mu7qpCAw9
ZWVd0eldxy/R1WXCZLYbE3fZolJd2iMzm6UBq4mo+eIxxxy7hbFPb6/SswIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNGfMk2JSo5KryoepGPpDOjl2H8/MB8GA1UdIwQY
MBaAFHRjZTVbZlVkohDDWMaKARe3++uaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGIt
NmE0ZWNhZjhiM2IxLzEvMFo4eVRZbEtqa3F2S2g2a1kta002T1hZZno4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGItNmE0ZWNhZjhiM2Ix
LzEvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQA1BZRAwQA
1BZXAwQA1BZfMA0GCSqGSIb3DQEBCwUAA4IBAQBa3A5IKTZ3NAEBUVLz7/iK9pDD
6CgAmzBkPR6FZgEDyEdVe31UJ6uaVN1r7OdQgYCx82rtkyEA2kf2BetXuaHw9Yc+
420fN1dXVJisuV63PbeTtSsonYu02f/I5wdYdclBsSQx/EcTeWh83MZ/BvXDjteJ
99evwSS8RVgQBNhyG6Y+xZ0oRjzccdYohv96immpXgenjso/1avXBszKQiZ/m6dJ
hE2OIsGsm8EV/DA3i3xnFFGsyUtcXPa4WDBJ458lZBDgQF+gnuD+F5WowSvFi9QK
6wPYjVjkjC/Qodp5BtV7JYbgxFlbRHA182ZMmpVpJKujROKG62wsrn8bQnW2
-----END CERTIFICATE-----