Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/NAmoDnUjsSUgyqQNSqaeJioeWC0.roa
File:                     NAmoDnUjsSUgyqQNSqaeJioeWC0.roa (raw, json)
Hash identifier:          G+2UFEHtuAD4NNq4kS+cLg5NJ3H3PpatR/iew7xB0oM=
Subject key identifier:   34:09:A8:0E:75:23:B1:25:20:CA:A4:0D:4A:A6:9E:26:2A:1E:58:2D
Certificate issuer:       /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial:       0194228DB1F52D2353C2F8FA9A89065842AD
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/NAmoDnUjsSUgyqQNSqaeJioeWC0.roa
Signing time:             Wed 01 Jan 2025 15:48:19 +0000
ROA not before:           Wed 01 Jan 2025 15:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212805
IP address blocks:        85.153.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 02:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:b1:f5:2d:23:53:c2:f8:fa:9a:89:06:58:42:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
        Validity
            Not Before: Jan  1 15:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3409a80e7523b12520caa40d4aa69e262a1e582d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:6d:b2:3d:c7:87:11:7a:52:98:04:0d:e2:aa:
                    d6:e7:d3:a0:65:f0:04:59:ef:f3:6f:fa:c2:c1:61:
                    b3:ad:9f:92:64:e0:b4:35:ba:aa:e1:bf:23:f0:ca:
                    2a:86:00:1c:33:f9:c4:a7:d4:5d:20:db:ef:aa:5e:
                    06:18:ad:7e:41:db:3c:62:31:01:d4:17:59:e4:22:
                    37:8f:e4:43:2f:19:7d:a7:20:78:ae:d4:6e:f7:b8:
                    58:8e:8d:3b:18:47:18:53:c6:ff:20:d5:86:0e:83:
                    65:e7:98:79:ef:b6:b3:bc:fe:60:f8:95:dd:f3:e4:
                    8b:56:6a:f2:7e:26:f3:50:3e:18:c0:49:fd:82:d8:
                    24:3c:55:f2:93:64:c6:1f:54:23:67:40:fc:03:04:
                    6b:07:da:76:3e:49:79:6e:45:94:71:05:6d:6b:a8:
                    05:d6:ce:6a:78:db:48:0f:46:91:7f:e7:06:78:62:
                    81:7c:b2:c1:6f:52:4a:fb:3b:b0:7f:c7:83:a2:f4:
                    13:a7:77:49:a6:c5:d4:82:12:40:b0:0d:80:e0:2a:
                    99:d9:5b:c4:b0:08:65:62:23:09:38:5b:57:fc:f3:
                    1f:ef:40:d4:dc:b6:64:35:11:70:06:f5:22:c8:0d:
                    23:8f:c6:46:56:3d:f0:79:b2:80:e4:a9:e5:e6:bb:
                    b0:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:09:A8:0E:75:23:B1:25:20:CA:A4:0D:4A:A6:9E:26:2A:1E:58:2D
            X509v3 Authority Key Identifier:
                keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/NAmoDnUjsSUgyqQNSqaeJioeWC0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.153.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:71:b6:35:22:98:46:53:a8:60:14:64:f9:c4:3f:32:8c:a3:
         e3:50:d4:db:5b:79:1f:22:17:35:fb:2f:2b:c9:8b:4f:6a:1f:
         c6:38:0b:65:bd:c0:a9:f4:d1:68:8f:ae:0c:1c:29:91:b2:32:
         9d:2c:13:e5:af:7e:08:04:b0:10:f1:a0:cf:ae:87:61:b3:e8:
         8c:e5:56:3d:8a:ff:d5:c0:e9:ff:6d:91:87:a5:0e:00:4f:68:
         c8:96:ae:f3:60:a3:32:36:05:f7:2f:ef:c6:ae:f5:50:f2:2b:
         c1:6e:f6:df:db:ef:20:ec:5e:86:5b:49:6e:d5:ee:d0:1d:7f:
         e0:7c:8b:9d:63:c8:dc:50:e2:d6:25:79:16:ce:82:1e:9c:d5:
         aa:fb:14:4d:86:1e:bc:c3:9b:6b:60:ad:91:bc:b3:33:e5:33:
         71:1b:f1:9b:ce:8e:e1:b1:29:7d:7b:05:ae:d3:be:82:78:1c:
         27:33:34:c7:5b:ee:34:f1:e2:c2:cb:3e:59:ee:c3:91:b6:fe:
         2b:f3:13:48:05:b1:d6:eb:a5:b6:b0:8b:03:56:62:60:4b:26:
         6b:77:51:60:64:34:e7:04:5c:52:c0:f2:1f:d3:47:6c:0f:ee:
         c0:c2:82:99:90:8d:8b:a2:c8:af:82:ed:ae:21:04:f8:74:d3:
         eb:72:22:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijbH1LSNTwvj6mokGWEKtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjUwMTAxMTU0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDA5YTgwZTc1MjNiMTI1MjBjYWE0MGQ0YWE2OWUyNjJhMWU1ODJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzm2yPceHEXpSmAQN4qrW59OgZfAE
We/zb/rCwWGzrZ+SZOC0Nbqq4b8j8MoqhgAcM/nEp9RdINvvql4GGK1+Qds8YjEB
1BdZ5CI3j+RDLxl9pyB4rtRu97hYjo07GEcYU8b/INWGDoNl55h577azvP5g+JXd
8+SLVmryfibzUD4YwEn9gtgkPFXyk2TGH1QjZ0D8AwRrB9p2Pkl5bkWUcQVta6gF
1s5qeNtID0aRf+cGeGKBfLLBb1JK+zuwf8eDovQTp3dJpsXUghJAsA2A4CqZ2VvE
sAhlYiMJOFtX/PMf70DU3LZkNRFwBvUiyA0jj8ZGVj3webKA5Knl5ruwGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDQJqA51I7ElIMqkDUqmniYqHlgtMB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvTkFtb0RuVWpzU1VneXFRTlNxYWVKaW9lV0MwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVZmSMA0G
CSqGSIb3DQEBCwUAA4IBAQAFcbY1IphGU6hgFGT5xD8yjKPjUNTbW3kfIhc1+y8r
yYtPah/GOAtlvcCp9NFoj64MHCmRsjKdLBPlr34IBLAQ8aDProdhs+iM5VY9iv/V
wOn/bZGHpQ4AT2jIlq7zYKMyNgX3L+/GrvVQ8ivBbvbf2+8g7F6GW0lu1e7QHX/g
fIudY8jcUOLWJXkWzoIenNWq+xRNhh68w5trYK2RvLMz5TNxG/Gbzo7hsSl9ewWu
076CeBwnMzTHW+408eLCyz5Z7sORtv4r8xNIBbHW66W2sIsDVmJgSyZrd1FgZDTn
BFxSwPIf00dsD+7AwoKZkI2Losivgu2uIQT4dNPrciIa
-----END CERTIFICATE-----