Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/32b4a2-2b2f-4f6a-9b48-c1f3b9ede4db/1/nCGmubCJiSGpdDfmtDjyCBhbirE.roa
File:                     nCGmubCJiSGpdDfmtDjyCBhbirE.roa (raw, json)
Hash identifier:          DBvXchMzo0c+o7gBr3asd/okXNFiJinaSi6NEP9igBA=
Subject key identifier:   9C:21:A6:B9:B0:89:89:21:A9:74:37:E6:B4:38:F2:08:18:5B:8A:B1
Certificate issuer:       /CN=78bd1c6c688a175abc8d598fbcd107fca5254bde
Certificate serial:       019427B566A9E7053B68942943685AC72560
Authority key identifier: 78:BD:1C:6C:68:8A:17:5A:BC:8D:59:8F:BC:D1:07:FC:A5:25:4B:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eL0cbGiKF1q8jVmPvNEH_KUlS94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/32b4a2-2b2f-4f6a-9b48-c1f3b9ede4db/1/nCGmubCJiSGpdDfmtDjyCBhbirE.roa
Signing time:             Thu 02 Jan 2025 15:49:47 +0000
ROA not before:           Thu 02 Jan 2025 15:49:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60419
IP address blocks:        185.31.84.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/32b4a2-2b2f-4f6a-9b48-c1f3b9ede4db/1/eL0cbGiKF1q8jVmPvNEH_KUlS94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/32b4a2-2b2f-4f6a-9b48-c1f3b9ede4db/1/eL0cbGiKF1q8jVmPvNEH_KUlS94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eL0cbGiKF1q8jVmPvNEH_KUlS94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:66:a9:e7:05:3b:68:94:29:43:68:5a:c7:25:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=78bd1c6c688a175abc8d598fbcd107fca5254bde
        Validity
            Not Before: Jan  2 15:49:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9c21a6b9b0898921a97437e6b438f208185b8ab1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:f3:dc:44:f3:d2:5b:23:58:35:22:75:67:d8:
                    79:ae:01:cd:ba:e2:04:08:7b:c3:7b:c9:43:bc:d9:
                    05:12:12:dd:4e:7b:7e:82:96:fa:ee:2b:6b:0c:f5:
                    2a:ca:03:de:b3:55:63:67:e8:cd:b7:5b:81:12:5d:
                    f7:33:f1:a7:ce:a5:ea:38:70:97:ed:2f:c5:8b:1d:
                    a7:1b:ad:bb:05:6d:05:9b:cb:7f:71:bd:a3:1b:78:
                    44:93:45:f3:92:63:48:4f:0e:39:f7:08:d2:e3:df:
                    f8:65:dd:ac:a6:56:74:08:86:a9:fa:33:af:d2:74:
                    1d:72:4c:ab:12:59:5f:bd:62:78:20:c9:68:a9:8f:
                    5d:ce:87:cb:ac:b8:e0:06:3e:05:00:9b:0a:e2:ff:
                    fa:95:06:c3:36:f8:90:d7:3f:2b:8b:c0:4b:ea:1f:
                    8a:c8:48:f4:1e:32:f4:c9:c4:49:d9:7b:80:da:47:
                    3e:ff:2e:74:3a:77:ba:4a:fa:df:cb:bf:99:98:18:
                    a6:94:87:9a:2a:71:55:d0:62:9b:26:ea:19:14:e2:
                    b1:12:d0:b9:80:0c:8e:1f:c5:76:5d:de:84:51:4d:
                    a7:ca:6a:b5:dc:88:c6:6e:ea:c5:5d:bb:ec:ef:b3:
                    e3:86:20:fb:32:26:92:f2:f3:5b:ea:1d:5e:93:e8:
                    10:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:21:A6:B9:B0:89:89:21:A9:74:37:E6:B4:38:F2:08:18:5B:8A:B1
            X509v3 Authority Key Identifier:
                keyid:78:BD:1C:6C:68:8A:17:5A:BC:8D:59:8F:BC:D1:07:FC:A5:25:4B:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eL0cbGiKF1q8jVmPvNEH_KUlS94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/32b4a2-2b2f-4f6a-9b48-c1f3b9ede4db/1/nCGmubCJiSGpdDfmtDjyCBhbirE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/32b4a2-2b2f-4f6a-9b48-c1f3b9ede4db/1/eL0cbGiKF1q8jVmPvNEH_KUlS94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.31.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         50:0e:4b:f4:2d:ca:3a:b0:af:67:91:4e:a3:0f:78:5b:fb:8c:
         38:c6:0d:1f:ba:a6:d1:c8:4c:eb:75:97:fc:b6:b0:3c:d0:8d:
         2d:b7:75:8d:6e:66:e7:80:db:4e:05:44:e4:95:8a:23:41:66:
         a9:1f:07:ff:96:4f:2c:a4:82:b6:95:e5:67:98:21:ae:07:92:
         20:a8:f3:70:b6:3f:1a:f1:2e:9d:f0:dd:4f:c7:b7:50:be:b2:
         64:d7:83:b6:9c:48:dd:c4:a7:b5:22:55:59:21:a1:85:55:40:
         a6:02:84:76:28:5b:97:c1:7c:c2:e9:54:fb:bc:0f:ff:7b:06:
         01:ee:ad:4a:44:a1:8f:d6:de:0d:24:6f:e6:2b:89:cc:58:d0:
         a6:12:d0:78:d6:e0:ee:67:2b:6f:cf:c8:50:3e:ff:9f:4d:0b:
         81:08:8f:bb:c4:fe:e5:d5:3b:0f:cc:f7:3c:01:f9:af:40:cf:
         3f:f5:c7:3c:41:6a:92:d5:c6:b0:87:ef:60:ca:21:82:07:cb:
         90:40:f7:60:ae:27:b7:84:a1:ef:3d:27:95:26:bd:3f:48:6e:
         99:e7:5d:90:f0:4d:74:82:14:e6:80:e4:56:64:c1:58:bd:dd:
         87:7f:4f:df:1c:cf:86:d7:fd:61:a0:fc:06:76:46:08:e3:6c:
         04:a5:a1:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntWap5wU7aJQpQ2haxyVgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4YmQxYzZjNjg4YTE3NWFiYzhkNTk4ZmJjZDEwN2ZjYTUy
NTRiZGUwHhcNMjUwMTAyMTU0OTQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzIxYTZiOWIwODk4OTIxYTk3NDM3ZTZiNDM4ZjIwODE4NWI4YWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0PPcRPPSWyNYNSJ1Z9h5rgHNuuIE
CHvDe8lDvNkFEhLdTnt+gpb67itrDPUqygPes1VjZ+jNt1uBEl33M/GnzqXqOHCX
7S/Fix2nG627BW0Fm8t/cb2jG3hEk0XzkmNITw459wjS49/4Zd2splZ0CIap+jOv
0nQdckyrEllfvWJ4IMloqY9dzofLrLjgBj4FAJsK4v/6lQbDNviQ1z8ri8BL6h+K
yEj0HjL0ycRJ2XuA2kc+/y50One6Svrfy7+ZmBimlIeaKnFV0GKbJuoZFOKxEtC5
gAyOH8V2Xd6EUU2nymq13IjGburFXbvs77PjhiD7MiaS8vNb6h1ek+gQiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJwhprmwiYkhqXQ35rQ48ggYW4qxMB8GA1UdIwQY
MBaAFHi9HGxoihdavI1Zj7zRB/ylJUveMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUwwY2JHaUtGMXE4alZtUHZORUhfS1VsUzk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMmI0YTItMmIyZi00ZjZhLTliNDgt
YzFmM2I5ZWRlNGRiLzEvbkNHbXViQ0ppU0dwZERmbXREanlDQmhiaXJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMmI0YTItMmIyZi00ZjZhLTliNDgtYzFmM2I5ZWRlNGRi
LzEvZUwwY2JHaUtGMXE4alZtUHZORUhfS1VsUzk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuR9UMA0G
CSqGSIb3DQEBCwUAA4IBAQBQDkv0Lco6sK9nkU6jD3hb+4w4xg0fuqbRyEzrdZf8
trA80I0tt3WNbmbngNtOBUTklYojQWapHwf/lk8spIK2leVnmCGuB5IgqPNwtj8a
8S6d8N1Px7dQvrJk14O2nEjdxKe1IlVZIaGFVUCmAoR2KFuXwXzC6VT7vA//ewYB
7q1KRKGP1t4NJG/mK4nMWNCmEtB41uDuZytvz8hQPv+fTQuBCI+7xP7l1TsPzPc8
AfmvQM8/9cc8QWqS1cawh+9gyiGCB8uQQPdgrie3hKHvPSeVJr0/SG6Z512Q8E10
ghTmgORWZMFYvd2Hf0/fHM+G1/1hoPwGdkYI42wEpaFA
-----END CERTIFICATE-----