Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/c37c16-0603-4845-b4d4-95ddb0974e4b/1/hI-d9_-nLNRhqznA_vGtUzzzpi4.roa
File:                     hI-d9_-nLNRhqznA_vGtUzzzpi4.roa (raw, json)
Hash identifier:          1ticuQGef+AQNaEeVWAc8kEXscPJuukVCdQXQ58jy44=
Subject key identifier:   84:8F:9D:F7:FF:A7:2C:D4:61:AB:39:C0:FE:F1:AD:53:3C:F3:A6:2E
Certificate issuer:       /CN=841f36fcbf7334eff6b91e80297ea5b25c4ecfd2
Certificate serial:       019426D9F4025EC2D020403716B955198200
Authority key identifier: 84:1F:36:FC:BF:73:34:EF:F6:B9:1E:80:29:7E:A5:B2:5C:4E:CF:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hB82_L9zNO_2uR6AKX6lslxOz9I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/c37c16-0603-4845-b4d4-95ddb0974e4b/1/hI-d9_-nLNRhqznA_vGtUzzzpi4.roa
Signing time:             Thu 02 Jan 2025 11:50:05 +0000
ROA not before:           Thu 02 Jan 2025 11:50:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35334
IP address blocks:        176.57.80.0/21 maxlen: 24
                          185.218.172.0/22 maxlen: 24
                          2a00:ef80::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/c37c16-0603-4845-b4d4-95ddb0974e4b/1/hB82_L9zNO_2uR6AKX6lslxOz9I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/c37c16-0603-4845-b4d4-95ddb0974e4b/1/hB82_L9zNO_2uR6AKX6lslxOz9I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hB82_L9zNO_2uR6AKX6lslxOz9I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 14:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:f4:02:5e:c2:d0:20:40:37:16:b9:55:19:82:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=841f36fcbf7334eff6b91e80297ea5b25c4ecfd2
        Validity
            Not Before: Jan  2 11:50:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=848f9df7ffa72cd461ab39c0fef1ad533cf3a62e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:bb:ba:2f:e5:ce:fa:64:22:6c:39:fb:2c:5e:
                    fc:87:2a:a9:15:9e:55:09:fa:18:5e:e1:f3:c1:c0:
                    9a:81:cc:44:4c:21:33:a3:93:ee:40:dc:ca:a8:3b:
                    40:a9:e6:08:73:14:2b:72:18:4f:22:16:e2:ba:7f:
                    2e:e9:60:de:51:96:b3:87:0b:e7:26:54:4c:0b:81:
                    1a:90:f4:6d:5e:81:0f:5c:d4:25:39:e4:a8:ec:c6:
                    26:19:f8:0a:c3:ff:bd:6e:d1:10:36:61:88:d4:4f:
                    ed:fd:14:1f:1e:c8:fd:2c:bd:71:59:b5:1e:3c:e0:
                    0e:74:c0:27:16:7a:08:1b:f4:d5:24:03:18:aa:d5:
                    fc:8b:22:c0:fe:b4:63:83:3e:b9:fe:c8:80:54:2d:
                    86:a2:7f:f7:25:67:b0:0d:98:17:d3:fb:f9:83:b4:
                    8c:28:45:4c:d9:42:10:e8:f7:72:1a:16:cf:b5:08:
                    f6:af:18:b3:03:a2:5d:2d:57:d0:c0:7e:0c:6c:6f:
                    d0:c2:6f:47:7c:65:8f:fa:46:37:a6:1d:00:22:94:
                    bf:c3:d1:34:46:03:45:73:92:cf:ce:e1:0b:a4:97:
                    11:1b:4c:2a:04:28:8c:7c:60:c7:4c:69:90:12:30:
                    67:dc:01:70:be:ae:36:f4:3b:ec:e3:26:b8:a5:ea:
                    c5:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:8F:9D:F7:FF:A7:2C:D4:61:AB:39:C0:FE:F1:AD:53:3C:F3:A6:2E
            X509v3 Authority Key Identifier:
                keyid:84:1F:36:FC:BF:73:34:EF:F6:B9:1E:80:29:7E:A5:B2:5C:4E:CF:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hB82_L9zNO_2uR6AKX6lslxOz9I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/c37c16-0603-4845-b4d4-95ddb0974e4b/1/hI-d9_-nLNRhqznA_vGtUzzzpi4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/c37c16-0603-4845-b4d4-95ddb0974e4b/1/hB82_L9zNO_2uR6AKX6lslxOz9I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.57.80.0/21
                  185.218.172.0/22
                IPv6:
                  2a00:ef80::/32

    Signature Algorithm: sha256WithRSAEncryption
         a8:4c:3d:08:91:dc:50:00:e3:46:d9:63:ed:58:62:82:86:59:
         e5:9e:ef:94:4e:64:20:28:97:a4:78:b9:41:16:22:8b:93:3a:
         fb:f4:b8:17:2a:a0:f9:4f:f8:98:e9:fc:6c:5f:91:0b:2d:03:
         ae:10:82:eb:96:39:c2:e5:a0:55:09:5e:38:97:66:c9:34:74:
         52:d5:ce:c6:cd:02:94:4b:4d:f8:68:8c:13:8a:b0:13:6e:3f:
         db:f9:0c:cd:8b:76:a3:7d:85:7a:0b:98:94:85:8f:49:c8:fd:
         1a:ac:13:9c:35:60:21:17:97:4f:13:0b:b3:ac:a7:17:b3:f6:
         62:d3:4b:95:dc:43:fe:eb:12:3c:d4:f6:40:3e:5e:9e:fe:d9:
         ed:26:d6:ac:76:5a:c6:0e:ea:8a:04:c4:53:bb:6f:37:af:cd:
         13:a4:e9:8e:63:89:9a:5d:63:de:16:76:ea:5f:84:05:63:52:
         10:ae:01:b4:f2:63:b7:ec:dc:00:d5:ba:7a:6e:0c:0c:d1:af:
         7a:b9:ef:7e:92:52:13:58:e3:35:fe:96:66:a3:29:d0:3e:10:
         64:fb:96:75:0d:a2:2b:20:d7:61:1d:2d:08:23:56:82:5a:b4:
         1a:d2:b6:12:be:c4:25:c4:66:26:61:93:b4:a7:a4:6e:61:a0:
         21:3e:5c:1a
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQm2fQCXsLQIEA3FrlVGYIAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0MWYzNmZjYmY3MzM0ZWZmNmI5MWU4MDI5N2VhNWIyNWM0
ZWNmZDIwHhcNMjUwMTAyMTE1MDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDhmOWRmN2ZmYTcyY2Q0NjFhYjM5YzBmZWYxYWQ1MzNjZjNhNjJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3bu6L+XO+mQibDn7LF78hyqpFZ5V
CfoYXuHzwcCagcxETCEzo5PuQNzKqDtAqeYIcxQrchhPIhbiun8u6WDeUZazhwvn
JlRMC4EakPRtXoEPXNQlOeSo7MYmGfgKw/+9btEQNmGI1E/t/RQfHsj9LL1xWbUe
POAOdMAnFnoIG/TVJAMYqtX8iyLA/rRjgz65/siAVC2Gon/3JWewDZgX0/v5g7SM
KEVM2UIQ6PdyGhbPtQj2rxizA6JdLVfQwH4MbG/Qwm9HfGWP+kY3ph0AIpS/w9E0
RgNFc5LPzuELpJcRG0wqBCiMfGDHTGmQEjBn3AFwvq429Dvs4ya4perFrQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFISPnff/pyzUYas5wP7xrVM886YuMB8GA1UdIwQY
MBaAFIQfNvy/czTv9rkegCl+pbJcTs/SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEI4Ml9MOXpOT18ydVI2QUtYNmxzbHhPejlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9jMzdjMTYtMDYwMy00ODQ1LWI0ZDQt
OTVkZGIwOTc0ZTRiLzEvaEktZDlfLW5MTlJocXpuQV92R3RVenp6cGk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9jMzdjMTYtMDYwMy00ODQ1LWI0ZDQtOTVkZGIwOTc0ZTRi
LzEvaEI4Ml9MOXpOT18ydVI2QUtYNmxzbHhPejlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDsDlQAwQC
udqsMA0EAgACMAcDBQAqAO+AMA0GCSqGSIb3DQEBCwUAA4IBAQCoTD0IkdxQAONG
2WPtWGKChlnlnu+UTmQgKJekeLlBFiKLkzr79LgXKqD5T/iY6fxsX5ELLQOuEILr
ljnC5aBVCV44l2bJNHRS1c7GzQKUS034aIwTirATbj/b+QzNi3ajfYV6C5iUhY9J
yP0arBOcNWAhF5dPEwuzrKcXs/Zi00uV3EP+6xI81PZAPl6e/tntJtasdlrGDuqK
BMRTu283r80TpOmOY4maXWPeFnbqX4QFY1IQrgG08mO37NwA1bp6bgwM0a96ue9+
klITWOM1/pZmoynQPhBk+5Z1DaIrINdhHS0II1aCWrQa0rYSvsQlxGYmYZO0p6Ru
YaAhPlwa
-----END CERTIFICATE-----