Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/1i1h10HKuKMLFRXN4cBGZ2mRyJM.roa
File:                     1i1h10HKuKMLFRXN4cBGZ2mRyJM.roa (raw, json)
Hash identifier:          7JEI6UNI/BK6+fsUZu0VQIRD6uiIejb022WVzNTlPqI=
Subject key identifier:   D6:2D:61:D7:41:CA:B8:A3:0B:15:15:CD:E1:C0:46:67:69:91:C8:93
Certificate issuer:       /CN=746365355b665564a210c358c68a0117b7fbeb9a
Certificate serial:       019423D7DD8603429E307FA9E563DBE2FD05
Authority key identifier: 74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/1i1h10HKuKMLFRXN4cBGZ2mRyJM.roa
Signing time:             Wed 01 Jan 2025 21:48:57 +0000
ROA not before:           Wed 01 Jan 2025 21:48:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29182
IP address blocks:        212.22.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:dd:86:03:42:9e:30:7f:a9:e5:63:db:e2:fd:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746365355b665564a210c358c68a0117b7fbeb9a
        Validity
            Not Before: Jan  1 21:48:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d62d61d741cab8a30b1515cde1c046676991c893
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:6b:48:a9:b3:13:9d:03:5f:2b:2e:52:40:c8:
                    40:a7:0e:21:ab:1b:09:94:de:19:fa:9d:69:ef:0c:
                    65:b1:15:e9:0e:75:f1:48:a9:82:01:f1:cc:6d:d4:
                    91:a0:50:5e:6d:23:2e:16:5a:83:0a:41:5f:c4:ea:
                    3b:6c:86:bb:da:9a:ef:b2:1f:99:6f:1b:97:dc:48:
                    60:20:0d:5b:2a:bf:33:1f:70:d7:ce:4b:26:84:60:
                    84:5b:dc:4b:5a:37:b1:64:c6:ac:06:f2:39:94:69:
                    64:01:dc:ca:1b:59:c8:c8:f6:73:26:91:95:21:24:
                    9b:8b:db:66:12:10:51:68:d3:0c:bd:31:88:69:8e:
                    0b:84:35:29:43:21:f3:d8:2a:e9:b6:c4:be:8e:59:
                    dd:07:44:10:c8:b1:92:fb:4b:c1:b1:1a:c8:88:91:
                    86:e8:70:ea:72:5a:b1:9e:5b:e3:75:3c:cd:23:81:
                    d9:e9:a3:a3:2f:cb:49:d3:1d:70:fb:d1:01:76:3e:
                    e6:60:9d:e8:9c:39:cc:b4:49:16:78:33:e3:93:24:
                    a3:cc:57:6c:fc:17:7c:e3:67:a6:f9:99:64:c3:3a:
                    c9:9d:c5:c2:7d:db:cb:25:00:f8:90:e4:6d:5a:8a:
                    6f:57:b6:b7:4d:11:08:14:b8:c8:be:3d:31:35:7a:
                    58:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:2D:61:D7:41:CA:B8:A3:0B:15:15:CD:E1:C0:46:67:69:91:C8:93
            X509v3 Authority Key Identifier:
                keyid:74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/1i1h10HKuKMLFRXN4cBGZ2mRyJM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.22.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:96:8a:18:15:72:1e:41:07:c6:2c:9c:24:f4:be:be:bd:d6:
         1d:82:e3:20:6b:b0:73:59:09:fe:a1:ff:9b:16:01:7e:e9:22:
         09:a7:2b:88:41:06:dc:8c:2c:71:f6:de:45:92:92:1c:20:1a:
         46:89:18:4e:78:79:6e:11:f8:bd:b2:60:55:90:ec:a7:14:b2:
         cd:1b:49:b0:5b:18:d7:45:84:3a:fb:b5:9c:58:76:aa:66:7f:
         f4:c2:a2:b3:a2:cf:bd:8e:1f:6d:2c:a5:36:77:38:51:c9:7d:
         7e:9a:8f:aa:33:df:5d:60:3c:fe:8a:22:b9:ca:6a:43:18:e3:
         1c:f6:f9:e5:dd:e0:01:5c:1a:a3:90:83:a4:eb:1c:01:e6:96:
         c6:83:58:98:29:e8:5c:6b:81:df:b1:8d:96:91:47:85:fe:4d:
         07:d2:06:4c:de:26:31:c4:d9:88:cc:27:de:97:98:b2:bf:61:
         a2:d2:fa:6c:5c:4f:a3:67:2c:91:e4:a9:7e:43:b2:23:18:1e:
         07:e3:62:99:a5:60:3f:91:82:02:4e:39:55:85:12:9b:b7:9f:
         71:b1:21:0f:4a:e5:69:d5:68:63:d4:ab:3a:e2:3a:8b:5a:5c:
         56:62:ad:f6:3b:03:9d:b5:81:51:38:7b:36:93:be:36:74:21:
         82:10:fa:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj192GA0KeMH+p5WPb4v0FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NjM2NTM1NWI2NjU1NjRhMjEwYzM1OGM2OGEwMTE3Yjdm
YmViOWEwHhcNMjUwMTAxMjE0ODU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjJkNjFkNzQxY2FiOGEzMGIxNTE1Y2RlMWMwNDY2NzY5OTFjODkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvmtIqbMTnQNfKy5SQMhApw4hqxsJ
lN4Z+p1p7wxlsRXpDnXxSKmCAfHMbdSRoFBebSMuFlqDCkFfxOo7bIa72prvsh+Z
bxuX3EhgIA1bKr8zH3DXzksmhGCEW9xLWjexZMasBvI5lGlkAdzKG1nIyPZzJpGV
ISSbi9tmEhBRaNMMvTGIaY4LhDUpQyHz2CrptsS+jlndB0QQyLGS+0vBsRrIiJGG
6HDqclqxnlvjdTzNI4HZ6aOjL8tJ0x1w+9EBdj7mYJ3onDnMtEkWeDPjkySjzFds
/Bd842em+ZlkwzrJncXCfdvLJQD4kORtWopvV7a3TREIFLjIvj0xNXpYAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNYtYddByrijCxUVzeHARmdpkciTMB8GA1UdIwQY
MBaAFHRjZTVbZlVkohDDWMaKARe3++uaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGIt
NmE0ZWNhZjhiM2IxLzEvMWkxaDEwSEt1S01MRlJYTjRjQkdaMm1SeUpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGItNmE0ZWNhZjhiM2Ix
LzEvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1BZTMA0G
CSqGSIb3DQEBCwUAA4IBAQBflooYFXIeQQfGLJwk9L6+vdYdguMga7BzWQn+of+b
FgF+6SIJpyuIQQbcjCxx9t5FkpIcIBpGiRhOeHluEfi9smBVkOynFLLNG0mwWxjX
RYQ6+7WcWHaqZn/0wqKzos+9jh9tLKU2dzhRyX1+mo+qM99dYDz+iiK5ympDGOMc
9vnl3eABXBqjkIOk6xwB5pbGg1iYKehca4HfsY2WkUeF/k0H0gZM3iYxxNmIzCfe
l5iyv2Gi0vpsXE+jZyyR5Kl+Q7IjGB4H42KZpWA/kYICTjlVhRKbt59xsSEPSuVp
1Whj1Ks64jqLWlxWYq32OwOdtYFROHs2k742dCGCEPqX
-----END CERTIFICATE-----