Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/d32cd4-ba93-4f16-899c-ccdadf7f65f2/1/vYaPE7wk6Qo5Lm2fpqZ1rhvLpDU.roa
File:                     vYaPE7wk6Qo5Lm2fpqZ1rhvLpDU.roa (raw, json)
Hash identifier:          ZL2srvtFB3ZUj0RuUE6dDGpy3UL8CY63qkKeS+BMJ20=
Subject key identifier:   BD:86:8F:13:BC:24:E9:0A:39:2E:6D:9F:A6:A6:75:AE:1B:CB:A4:35
Certificate issuer:       /CN=3b3363e47e69ebc5d1c2251ddd5dac7c98989922
Certificate serial:       0194236A48861258917749F0157327DB8962
Authority key identifier: 3B:33:63:E4:7E:69:EB:C5:D1:C2:25:1D:DD:5D:AC:7C:98:98:99:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OzNj5H5p68XRwiUd3V2sfJiYmSI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/d32cd4-ba93-4f16-899c-ccdadf7f65f2/1/vYaPE7wk6Qo5Lm2fpqZ1rhvLpDU.roa
Signing time:             Wed 01 Jan 2025 19:49:15 +0000
ROA not before:           Wed 01 Jan 2025 19:49:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206355
IP address blocks:        185.192.136.0/22 maxlen: 22
                          2a0a:2cc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/d32cd4-ba93-4f16-899c-ccdadf7f65f2/1/OzNj5H5p68XRwiUd3V2sfJiYmSI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/d32cd4-ba93-4f16-899c-ccdadf7f65f2/1/OzNj5H5p68XRwiUd3V2sfJiYmSI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OzNj5H5p68XRwiUd3V2sfJiYmSI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:48:86:12:58:91:77:49:f0:15:73:27:db:89:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b3363e47e69ebc5d1c2251ddd5dac7c98989922
        Validity
            Not Before: Jan  1 19:49:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bd868f13bc24e90a392e6d9fa6a675ae1bcba435
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:87:e3:78:23:ad:44:a2:60:c0:41:96:cb:16:
                    eb:50:45:3d:0a:e4:d7:42:71:bc:e0:b7:39:2d:d2:
                    4e:e6:aa:5d:00:94:f2:b9:ff:c5:02:09:2a:98:20:
                    50:61:d9:05:41:89:67:8d:1c:65:0f:4a:4b:6e:dc:
                    99:be:d9:29:43:f9:f5:b2:45:26:5c:17:76:64:6f:
                    0d:fa:e8:1e:9b:d4:6a:9e:6f:db:cb:f2:63:f8:32:
                    93:a1:54:92:e2:50:d1:31:4b:88:24:7d:87:10:5b:
                    f7:2c:06:f0:c8:09:92:46:1c:14:d8:61:e1:60:de:
                    a7:14:4f:61:39:42:9c:ef:dc:51:58:4f:1d:f2:7f:
                    c1:78:33:f2:ae:95:8d:bf:cc:6f:4f:85:dd:41:4e:
                    4f:6a:91:3a:94:36:a3:1b:54:81:be:26:b4:15:51:
                    0c:20:35:d0:c9:fe:4c:57:d5:11:4e:61:a6:54:ee:
                    b7:60:97:34:84:62:b1:a1:5f:1d:5b:1d:a1:11:72:
                    85:4c:c6:76:23:69:38:8d:2e:fc:b4:9d:13:29:63:
                    e8:13:42:40:5a:8d:2e:66:4d:46:80:8e:22:08:20:
                    1f:48:20:d5:71:b4:00:92:d1:52:b0:e6:50:68:4b:
                    70:ca:de:0e:bd:9d:51:86:3c:da:74:67:e0:12:bd:
                    72:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:86:8F:13:BC:24:E9:0A:39:2E:6D:9F:A6:A6:75:AE:1B:CB:A4:35
            X509v3 Authority Key Identifier:
                keyid:3B:33:63:E4:7E:69:EB:C5:D1:C2:25:1D:DD:5D:AC:7C:98:98:99:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OzNj5H5p68XRwiUd3V2sfJiYmSI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/d32cd4-ba93-4f16-899c-ccdadf7f65f2/1/vYaPE7wk6Qo5Lm2fpqZ1rhvLpDU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/d32cd4-ba93-4f16-899c-ccdadf7f65f2/1/OzNj5H5p68XRwiUd3V2sfJiYmSI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.192.136.0/22
                IPv6:
                  2a0a:2cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         ca:d2:3f:4b:8f:e8:2e:90:b8:98:fd:b2:ad:50:8d:fe:7c:e3:
         df:bb:47:5c:dc:20:65:a7:23:93:14:e8:76:00:da:c3:3a:5b:
         6f:79:8b:22:f9:ce:4b:74:e3:a0:47:20:e8:26:64:8f:23:9a:
         8e:5a:5d:93:6e:41:a1:d5:00:0a:7d:d8:96:56:f7:ee:96:71:
         84:64:20:c0:46:ac:36:ba:e2:29:6b:dc:f5:8b:2b:c9:06:67:
         23:88:08:87:4b:3a:47:5c:ea:99:ea:eb:74:bd:f8:72:7a:38:
         dd:30:22:c0:e1:5f:08:64:49:2c:07:67:63:c7:24:29:15:31:
         f0:df:03:28:c3:28:4c:98:1d:79:b8:a6:83:db:4b:aa:42:bb:
         24:6f:4f:f5:96:85:d8:db:76:25:5c:30:06:1b:bc:eb:40:d8:
         fe:17:9f:75:8e:6a:be:30:49:6d:f7:28:50:bd:67:d4:8d:6c:
         08:15:17:c5:8b:68:ff:a2:8d:ef:89:83:8b:04:d7:25:5b:e0:
         46:bb:39:cd:53:82:4f:36:93:c5:d5:af:f0:df:bb:2e:aa:a6:
         d4:07:15:ce:48:3b:1c:3e:2d:76:f9:0a:84:29:28:b2:7e:d1:
         5c:b3:38:5a:7d:b1:53:e7:4d:4d:b6:ad:dd:fa:ea:83:82:17:
         df:b1:80:a7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQjakiGEliRd0nwFXMn24liMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiMzM2M2U0N2U2OWViYzVkMWMyMjUxZGRkNWRhYzdjOTg5
ODk5MjIwHhcNMjUwMTAxMTk0OTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDg2OGYxM2JjMjRlOTBhMzkyZTZkOWZhNmE2NzVhZTFiY2JhNDM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYfjeCOtRKJgwEGWyxbrUEU9CuTX
QnG84Lc5LdJO5qpdAJTyuf/FAgkqmCBQYdkFQYlnjRxlD0pLbtyZvtkpQ/n1skUm
XBd2ZG8N+ugem9Rqnm/by/Jj+DKToVSS4lDRMUuIJH2HEFv3LAbwyAmSRhwU2GHh
YN6nFE9hOUKc79xRWE8d8n/BeDPyrpWNv8xvT4XdQU5PapE6lDajG1SBvia0FVEM
IDXQyf5MV9URTmGmVO63YJc0hGKxoV8dWx2hEXKFTMZ2I2k4jS78tJ0TKWPoE0JA
Wo0uZk1GgI4iCCAfSCDVcbQAktFSsOZQaEtwyt4OvZ1RhjzadGfgEr1ylQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFL2GjxO8JOkKOS5tn6amda4by6Q1MB8GA1UdIwQY
MBaAFDszY+R+aevF0cIlHd1drHyYmJkiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3pOajVINXA2OFhSd2lVZDNWMnNmSmlZbVNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC9kMzJjZDQtYmE5My00ZjE2LTg5OWMt
Y2NkYWRmN2Y2NWYyLzEvdllhUEU3d2s2UW81TG0yZnBxWjFyaHZMcERVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC9kMzJjZDQtYmE5My00ZjE2LTg5OWMtY2NkYWRmN2Y2NWYy
LzEvT3pOajVINXA2OFhSd2lVZDNWMnNmSmlZbVNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCucCIMA0E
AgACMAcDBQMqCizAMA0GCSqGSIb3DQEBCwUAA4IBAQDK0j9Lj+gukLiY/bKtUI3+
fOPfu0dc3CBlpyOTFOh2ANrDOltveYsi+c5LdOOgRyDoJmSPI5qOWl2TbkGh1QAK
fdiWVvfulnGEZCDARqw2uuIpa9z1iyvJBmcjiAiHSzpHXOqZ6ut0vfhyejjdMCLA
4V8IZEksB2djxyQpFTHw3wMowyhMmB15uKaD20uqQrskb0/1loXY23YlXDAGG7zr
QNj+F591jmq+MElt9yhQvWfUjWwIFRfFi2j/oo3viYOLBNclW+BGuznNU4JPNpPF
1a/w37suqqbUBxXOSDscPi12+QqEKSiyftFcszhafbFT501Ntq3d+uqDghffsYCn
-----END CERTIFICATE-----