Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/Nu6zijQv-DL_hfJdU699EWekTRg.roa
File:                     Nu6zijQv-DL_hfJdU699EWekTRg.roa (raw, json)
Hash identifier:          771rwm16NJYUQ87KCX/qmM+TkgZCBwyWJcoh2RVWoMM=
Subject key identifier:   36:EE:B3:8A:34:2F:F8:32:FF:85:F2:5D:53:AF:7D:11:67:A4:4D:18
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       019428240FD380967522136C51E99B1DEEF2
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/Nu6zijQv-DL_hfJdU699EWekTRg.roa
Signing time:             Thu 02 Jan 2025 17:50:39 +0000
ROA not before:           Thu 02 Jan 2025 17:50:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     11426
IP address blocks:        46.20.212.0/22 maxlen: 24
                          130.255.64.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:0f:d3:80:96:75:22:13:6c:51:e9:9b:1d:ee:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Jan  2 17:50:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=36eeb38a342ff832ff85f25d53af7d1167a44d18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:ea:2c:3b:5c:fe:2f:3f:83:db:2f:34:a5:dd:
                    41:71:50:86:f9:9c:64:01:0b:ad:b6:d6:86:07:03:
                    12:ae:16:f1:1c:00:53:28:3d:7e:08:8f:c5:b1:63:
                    ec:4d:ea:f3:9a:a9:bf:c4:d3:ff:7a:9f:e1:e6:93:
                    3b:cb:90:a6:de:b8:83:90:c0:b5:29:ea:42:73:77:
                    6c:01:2b:3f:d1:47:08:d4:f2:45:40:40:b5:d3:ff:
                    d2:dd:bf:7b:a3:47:df:b3:80:44:63:94:79:be:5a:
                    ce:5e:ea:4a:00:06:b2:60:b2:c3:bd:1f:fa:4d:84:
                    41:5e:66:aa:77:ed:86:dc:53:77:26:76:ed:80:2a:
                    35:5a:12:a9:4e:7e:56:b5:15:c0:67:f9:61:90:61:
                    76:98:2c:69:89:e9:99:d1:3b:c5:4f:8f:ef:58:18:
                    9b:71:88:25:0d:9a:76:ce:a8:0e:1b:68:e2:10:ab:
                    09:df:b5:87:6b:46:13:38:5c:f3:a1:e4:34:ce:9b:
                    e1:7d:52:fc:71:11:6b:92:90:4c:61:38:83:ef:33:
                    1a:bc:86:e7:8e:6c:9a:ec:48:b3:65:b5:1e:e7:82:
                    7f:33:a7:d0:b5:ac:f6:2c:d1:58:2d:e6:da:e3:7a:
                    6f:5a:6e:33:25:96:90:92:9b:94:e3:9a:82:e4:ff:
                    29:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:EE:B3:8A:34:2F:F8:32:FF:85:F2:5D:53:AF:7D:11:67:A4:4D:18
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/Nu6zijQv-DL_hfJdU699EWekTRg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.20.212.0/22
                  130.255.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         85:84:b9:e3:19:c1:dc:42:09:7f:e4:3f:37:a3:6f:f9:84:9d:
         17:12:ae:1b:42:f0:ff:00:6c:ac:2d:05:70:43:5d:a8:58:41:
         d1:e9:84:43:ff:04:de:ce:9c:e3:00:a9:e6:0d:86:2a:18:e9:
         cd:3e:45:f5:1b:bf:30:33:7f:21:cc:62:b7:fa:5d:fc:5a:95:
         90:c1:1a:c6:82:8f:50:ce:e6:5a:d4:fc:0b:08:3c:2e:8c:b3:
         08:2d:b2:72:08:49:dc:e0:8c:f3:ac:1f:f2:95:a5:09:75:90:
         2d:43:33:6b:00:6e:9a:76:ad:db:0c:a6:f1:e1:45:8c:2f:0e:
         2d:08:05:2e:3a:89:bc:41:f8:a5:b5:d8:4f:fa:ce:21:f7:3f:
         44:5f:77:d3:25:e3:ac:e3:80:2e:de:0e:d1:c9:2e:37:8b:e9:
         89:84:ff:89:5f:0b:81:7d:c0:66:f0:ff:e2:8b:de:a6:35:a5:
         81:18:37:a7:a8:49:ae:0a:fa:0f:ef:68:ea:a6:68:ea:3d:56:
         1b:ad:d7:6b:df:c8:c2:a8:b4:d3:29:80:73:3b:12:c7:92:c1:
         58:81:7d:c1:a9:97:66:29:73:d0:08:2b:44:95:70:39:7d:7c:
         30:98:51:4d:d9:ba:05:18:63:2c:c4:dc:b6:94:67:5f:a8:45:
         f6:f7:2e:1f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQoJA/TgJZ1IhNsUembHe7yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjUwMTAyMTc1MDM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmVlYjM4YTM0MmZmODMyZmY4NWYyNWQ1M2FmN2QxMTY3YTQ0ZDE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAruosO1z+Lz+D2y80pd1BcVCG+Zxk
AQutttaGBwMSrhbxHABTKD1+CI/FsWPsTerzmqm/xNP/ep/h5pM7y5Cm3riDkMC1
KepCc3dsASs/0UcI1PJFQEC10//S3b97o0ffs4BEY5R5vlrOXupKAAayYLLDvR/6
TYRBXmaqd+2G3FN3JnbtgCo1WhKpTn5WtRXAZ/lhkGF2mCxpiemZ0TvFT4/vWBib
cYglDZp2zqgOG2jiEKsJ37WHa0YTOFzzoeQ0zpvhfVL8cRFrkpBMYTiD7zMavIbn
jmya7EizZbUe54J/M6fQtaz2LNFYLeba43pvWm4zJZaQkpuU45qC5P8p/QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDbus4o0L/gy/4XyXVOvfRFnpE0YMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvTnU2emlqUXYtRExfaGZKZFU2OTlFV2VrVFJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLhTUAwQC
gv9AMA0GCSqGSIb3DQEBCwUAA4IBAQCFhLnjGcHcQgl/5D83o2/5hJ0XEq4bQvD/
AGysLQVwQ12oWEHR6YRD/wTezpzjAKnmDYYqGOnNPkX1G78wM38hzGK3+l38WpWQ
wRrGgo9QzuZa1PwLCDwujLMILbJyCEnc4IzzrB/ylaUJdZAtQzNrAG6adq3bDKbx
4UWMLw4tCAUuOom8QfiltdhP+s4h9z9EX3fTJeOs44Au3g7RyS43i+mJhP+JXwuB
fcBm8P/ii96mNaWBGDenqEmuCvoP72jqpmjqPVYbrddr38jCqLTTKYBzOxLHksFY
gX3BqZdmKXPQCCtElXA5fXwwmFFN2boFGGMsxNy2lGdfqEX29y4f
-----END CERTIFICATE-----