Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/oQY8Ggs-WHGozgLdlzn62PGvTmo.roa
File:                     oQY8Ggs-WHGozgLdlzn62PGvTmo.roa (raw, json)
Hash identifier:          Rm3b27WZnppZmsClSvXbSesr4c+ogRwCEVrSLNbiwvA=
Subject key identifier:   A1:06:3C:1A:0B:3E:58:71:A8:CE:02:DD:97:39:FA:D8:F1:AF:4E:6A
Certificate issuer:       /CN=746365355b665564a210c358c68a0117b7fbeb9a
Certificate serial:       019423D7E9934A91DA8C96D8C5B99E460A22
Authority key identifier: 74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/oQY8Ggs-WHGozgLdlzn62PGvTmo.roa
Signing time:             Wed 01 Jan 2025 21:49:00 +0000
ROA not before:           Wed 01 Jan 2025 21:49:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209242
IP address blocks:        212.22.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 06:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:e9:93:4a:91:da:8c:96:d8:c5:b9:9e:46:0a:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746365355b665564a210c358c68a0117b7fbeb9a
        Validity
            Not Before: Jan  1 21:49:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a1063c1a0b3e5871a8ce02dd9739fad8f1af4e6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:16:1d:9d:30:37:de:e3:9e:65:14:ae:02:41:
                    1e:0b:01:14:98:23:af:f4:27:8a:0e:46:87:fc:07:
                    ee:e4:0b:38:59:a6:9b:c7:d6:69:13:ac:e3:7b:da:
                    df:51:cd:3d:9b:60:ed:a8:72:4b:c9:b7:26:2a:51:
                    4e:ab:11:48:1f:24:8f:81:a0:01:69:3f:2b:20:4b:
                    9c:87:15:b0:69:d3:6c:1a:09:c6:1d:c7:d7:0e:f5:
                    74:9d:e1:6d:02:76:65:5c:10:93:3d:15:8e:19:30:
                    38:df:3b:b4:54:74:2f:54:49:ed:f3:d2:7e:73:d9:
                    04:5a:d1:f2:61:53:83:e5:57:ce:1a:bf:d0:01:f6:
                    a8:4c:4e:9a:b5:68:95:cf:b1:76:f3:af:c7:8e:62:
                    c6:38:16:ab:64:8b:d6:54:e9:9b:c9:8f:57:6d:aa:
                    3e:3e:8b:76:3e:40:63:0c:24:8f:30:ab:47:21:49:
                    f3:e0:32:74:e2:1f:7c:b7:8c:5a:3c:7c:bd:5d:b2:
                    c0:d0:40:cd:57:71:c3:8a:f3:ba:b2:fb:fa:8d:d2:
                    ce:d9:41:1d:96:73:59:61:d1:5b:50:d7:72:1f:d5:
                    a6:94:47:03:db:c3:37:a2:37:aa:aa:56:16:9d:01:
                    20:56:7c:8e:5d:a2:9a:2a:39:4a:f9:ea:0b:78:b8:
                    ac:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:06:3C:1A:0B:3E:58:71:A8:CE:02:DD:97:39:FA:D8:F1:AF:4E:6A
            X509v3 Authority Key Identifier:
                keyid:74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/oQY8Ggs-WHGozgLdlzn62PGvTmo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.22.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:53:a6:a4:11:55:a7:39:15:25:65:f7:b2:7d:67:af:62:65:
         49:54:a8:d6:26:24:a1:58:ff:3a:7a:5e:32:48:7a:34:2c:3d:
         10:50:6c:39:23:b9:dc:5b:70:f2:7c:6c:59:21:2b:89:27:82:
         ba:b0:0b:e5:d8:e0:73:9c:29:5f:7c:dd:cd:58:0b:79:f6:a6:
         89:5e:da:31:49:8d:de:fe:ad:85:58:47:e3:b9:a1:a3:12:9e:
         ec:fa:a1:45:46:5f:7a:a6:05:9b:e8:db:5d:c0:aa:85:68:06:
         ad:0d:72:a9:e1:83:3f:fa:6a:e8:ce:ed:e4:83:e5:e5:db:61:
         9d:ef:a6:23:b7:9e:ae:dc:fe:49:a0:9e:53:c7:d3:e0:a0:ae:
         10:21:6f:d5:46:dc:54:cc:81:31:27:a8:49:26:a0:25:e9:04:
         6e:4c:79:8a:2d:9f:3f:ea:00:0b:f2:b5:ad:4d:7a:1b:cc:71:
         d4:a2:f4:9d:5f:5b:e0:76:54:d1:fd:73:82:b5:e1:dc:fe:04:
         c2:5d:7a:f1:c2:d1:5d:f5:cb:24:30:db:06:1b:40:08:9f:40:
         98:98:a0:bb:59:5c:f4:17:83:37:67:3c:1d:f7:19:37:a8:6a:
         c9:1c:d1:ac:2a:75:ca:f8:20:f1:bf:8b:6c:77:b2:0a:2d:21:
         57:fc:b0:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1+mTSpHajJbYxbmeRgoiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NjM2NTM1NWI2NjU1NjRhMjEwYzM1OGM2OGEwMTE3Yjdm
YmViOWEwHhcNMjUwMTAxMjE0OTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTA2M2MxYTBiM2U1ODcxYThjZTAyZGQ5NzM5ZmFkOGYxYWY0ZTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnxYdnTA33uOeZRSuAkEeCwEUmCOv
9CeKDkaH/Afu5As4Waabx9ZpE6zje9rfUc09m2DtqHJLybcmKlFOqxFIHySPgaAB
aT8rIEuchxWwadNsGgnGHcfXDvV0neFtAnZlXBCTPRWOGTA43zu0VHQvVEnt89J+
c9kEWtHyYVOD5VfOGr/QAfaoTE6atWiVz7F286/HjmLGOBarZIvWVOmbyY9Xbao+
Pot2PkBjDCSPMKtHIUnz4DJ04h98t4xaPHy9XbLA0EDNV3HDivO6svv6jdLO2UEd
lnNZYdFbUNdyH9WmlEcD28M3ojeqqlYWnQEgVnyOXaKaKjlK+eoLeLisYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKEGPBoLPlhxqM4C3Zc5+tjxr05qMB8GA1UdIwQY
MBaAFHRjZTVbZlVkohDDWMaKARe3++uaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGIt
NmE0ZWNhZjhiM2IxLzEvb1FZOEdncy1XSEdvemdMZGx6bjYyUEd2VG1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGItNmE0ZWNhZjhiM2Ix
LzEvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1BZMMA0G
CSqGSIb3DQEBCwUAA4IBAQCzU6akEVWnORUlZfeyfWevYmVJVKjWJiShWP86el4y
SHo0LD0QUGw5I7ncW3DyfGxZISuJJ4K6sAvl2OBznClffN3NWAt59qaJXtoxSY3e
/q2FWEfjuaGjEp7s+qFFRl96pgWb6NtdwKqFaAatDXKp4YM/+mrozu3kg+Xl22Gd
76Yjt56u3P5JoJ5Tx9PgoK4QIW/VRtxUzIExJ6hJJqAl6QRuTHmKLZ8/6gAL8rWt
TXobzHHUovSdX1vgdlTR/XOCteHc/gTCXXrxwtFd9cskMNsGG0AIn0CYmKC7WVz0
F4M3Zzwd9xk3qGrJHNGsKnXK+CDxv4tsd7IKLSFX/LB8
-----END CERTIFICATE-----