Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/edc17a-427f-40bf-9ff4-be2b3eab4d74/1/NS4aUYlRSBiLTkLyyg7u-X42X1Q.roa
File:                     NS4aUYlRSBiLTkLyyg7u-X42X1Q.roa (raw, json)
Hash identifier:          r06qcWYpFC8YgZh35Sp5HzeJjcmGRBfHKZK7KBnJFGA=
Subject key identifier:   35:2E:1A:51:89:51:48:18:8B:4E:42:F2:CA:0E:EE:F9:7E:36:5F:54
Certificate issuer:       /CN=8f3640173342fae8b3d2c8cc1f9b5ddd1494893f
Certificate serial:       019426D8F8A296DF0CC89339888CFEA25CDA
Authority key identifier: 8F:36:40:17:33:42:FA:E8:B3:D2:C8:CC:1F:9B:5D:DD:14:94:89:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jzZAFzNC-uiz0sjMH5td3RSUiT8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/edc17a-427f-40bf-9ff4-be2b3eab4d74/1/NS4aUYlRSBiLTkLyyg7u-X42X1Q.roa
Signing time:             Thu 02 Jan 2025 11:49:01 +0000
ROA not before:           Thu 02 Jan 2025 11:49:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213362
IP address blocks:        185.163.49.0/24 maxlen: 24
                          2a10:5100::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/edc17a-427f-40bf-9ff4-be2b3eab4d74/1/jzZAFzNC-uiz0sjMH5td3RSUiT8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/edc17a-427f-40bf-9ff4-be2b3eab4d74/1/jzZAFzNC-uiz0sjMH5td3RSUiT8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jzZAFzNC-uiz0sjMH5td3RSUiT8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d8:f8:a2:96:df:0c:c8:93:39:88:8c:fe:a2:5c:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f3640173342fae8b3d2c8cc1f9b5ddd1494893f
        Validity
            Not Before: Jan  2 11:49:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=352e1a51895148188b4e42f2ca0eeef97e365f54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:c5:1d:2d:f7:86:fe:8e:c4:fe:52:c7:00:c9:
                    fd:ac:fe:fe:23:d8:ea:52:c6:56:6b:c5:f6:ad:8f:
                    1e:7e:d1:eb:7c:ab:75:b2:00:e4:55:a9:33:dd:1e:
                    0d:d2:8a:b4:aa:26:5f:09:4f:b6:79:d5:6b:75:34:
                    1f:f5:86:b0:b0:e7:7f:20:15:25:e6:d5:8f:ee:4f:
                    2a:de:68:54:fd:bb:3e:9c:46:79:b3:51:fd:77:00:
                    0b:06:00:e6:08:70:cc:19:cb:76:c9:53:07:9e:13:
                    74:64:ac:e7:d6:79:7a:d8:19:c4:7a:f6:26:fa:c2:
                    e9:03:7c:eb:55:3b:8b:95:2b:61:77:d0:35:d1:6c:
                    4e:e9:71:db:65:f4:b5:18:db:53:26:5f:1f:39:47:
                    d9:56:e1:50:18:e8:a4:ac:d6:e9:8f:4f:d0:11:a1:
                    c1:8c:74:17:e2:4e:42:b7:ae:f2:cf:38:c8:ef:fa:
                    6a:85:e2:8a:dd:7b:94:05:19:71:09:76:08:c6:0b:
                    a4:c0:f7:71:d9:60:05:16:43:fc:87:70:c5:45:e0:
                    e9:6f:0d:c3:52:dd:6a:c5:11:8b:c5:a2:0a:de:6e:
                    0c:c0:42:c9:7e:24:04:d3:28:fb:c8:26:c9:3d:38:
                    78:80:49:b4:75:34:85:36:1d:52:11:da:8e:4f:a6:
                    c0:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:2E:1A:51:89:51:48:18:8B:4E:42:F2:CA:0E:EE:F9:7E:36:5F:54
            X509v3 Authority Key Identifier:
                keyid:8F:36:40:17:33:42:FA:E8:B3:D2:C8:CC:1F:9B:5D:DD:14:94:89:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jzZAFzNC-uiz0sjMH5td3RSUiT8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/edc17a-427f-40bf-9ff4-be2b3eab4d74/1/NS4aUYlRSBiLTkLyyg7u-X42X1Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/edc17a-427f-40bf-9ff4-be2b3eab4d74/1/jzZAFzNC-uiz0sjMH5td3RSUiT8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.163.49.0/24
                IPv6:
                  2a10:5100::/29

    Signature Algorithm: sha256WithRSAEncryption
         06:b7:79:98:c1:27:3b:9c:6a:f9:ea:e2:81:1b:bf:56:0d:6a:
         01:59:d4:e9:71:0d:c6:c3:00:1d:0e:95:c0:ce:f9:2b:6c:e0:
         89:18:64:23:01:1b:cd:c0:aa:80:b0:d0:4b:cf:61:5e:28:77:
         92:fa:14:34:d0:71:cd:07:ca:28:a3:b2:41:0c:09:4e:ad:c5:
         58:1a:23:04:4d:7f:63:ef:8b:da:1b:e3:b7:06:96:7c:5f:19:
         72:c0:77:17:e5:11:95:a8:33:b7:a8:cf:f3:5d:8b:94:02:7f:
         94:65:ed:b2:c7:8e:7d:47:4e:60:fb:0c:84:fd:38:e1:f6:ca:
         25:97:57:95:ff:bc:54:bc:17:7d:4c:e3:b5:a3:a3:7a:cc:1e:
         4c:22:e9:89:c1:7f:a2:e9:09:ae:4a:e0:2a:3a:b1:0d:73:c0:
         de:8e:db:04:eb:37:fc:d5:09:03:2a:36:d6:2b:91:f4:72:51:
         38:86:6e:45:b9:d5:f5:df:da:ac:1c:d9:12:40:af:9b:6b:50:
         cf:1e:b2:52:89:09:7e:0c:de:d3:e1:2a:c8:e7:82:63:87:a8:
         67:ca:99:d9:a5:fd:76:fc:a2:0a:91:65:81:46:b9:ab:ef:c4:
         95:f6:cc:eb:c9:44:aa:6f:f9:ef:c5:f8:00:22:c2:77:6d:d9:
         a5:68:b5:57
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQm2Piilt8MyJM5iIz+olzaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmMzY0MDE3MzM0MmZhZThiM2QyYzhjYzFmOWI1ZGRkMTQ5
NDg5M2YwHhcNMjUwMTAyMTE0OTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTJlMWE1MTg5NTE0ODE4OGI0ZTQyZjJjYTBlZWVmOTdlMzY1ZjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAusUdLfeG/o7E/lLHAMn9rP7+I9jq
UsZWa8X2rY8eftHrfKt1sgDkVakz3R4N0oq0qiZfCU+2edVrdTQf9YawsOd/IBUl
5tWP7k8q3mhU/bs+nEZ5s1H9dwALBgDmCHDMGct2yVMHnhN0ZKzn1nl62BnEevYm
+sLpA3zrVTuLlSthd9A10WxO6XHbZfS1GNtTJl8fOUfZVuFQGOikrNbpj0/QEaHB
jHQX4k5Ct67yzzjI7/pqheKK3XuUBRlxCXYIxgukwPdx2WAFFkP8h3DFReDpbw3D
Ut1qxRGLxaIK3m4MwELJfiQE0yj7yCbJPTh4gEm0dTSFNh1SEdqOT6bAIQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDUuGlGJUUgYi05C8soO7vl+Nl9UMB8GA1UdIwQY
MBaAFI82QBczQvros9LIzB+bXd0UlIk/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanpaQUZ6TkMtdWl6MHNqTUg1dGQzUlNVaVQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9lZGMxN2EtNDI3Zi00MGJmLTlmZjQt
YmUyYjNlYWI0ZDc0LzEvTlM0YVVZbFJTQmlMVGtMeXlnN3UtWDQyWDFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9lZGMxN2EtNDI3Zi00MGJmLTlmZjQtYmUyYjNlYWI0ZDc0
LzEvanpaQUZ6TkMtdWl6MHNqTUg1dGQzUlNVaVQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuaMxMA0E
AgACMAcDBQMqEFEAMA0GCSqGSIb3DQEBCwUAA4IBAQAGt3mYwSc7nGr56uKBG79W
DWoBWdTpcQ3GwwAdDpXAzvkrbOCJGGQjARvNwKqAsNBLz2FeKHeS+hQ00HHNB8oo
o7JBDAlOrcVYGiMETX9j74vaG+O3BpZ8XxlywHcX5RGVqDO3qM/zXYuUAn+UZe2y
x459R05g+wyE/Tjh9soll1eV/7xUvBd9TOO1o6N6zB5MIumJwX+i6QmuSuAqOrEN
c8DejtsE6zf81QkDKjbWK5H0clE4hm5FudX139qsHNkSQK+ba1DPHrJSiQl+DN7T
4SrI54Jjh6hnypnZpf12/KIKkWWBRrmr78SV9szryUSqb/nvxfgAIsJ3bdmlaLVX
-----END CERTIFICATE-----