Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/9c6546-5811-4194-bfeb-2ab9046ebc11/1/NwhX1fpUUKISwRaP6RgnnH_Cl-k.roa
File:                     NwhX1fpUUKISwRaP6RgnnH_Cl-k.roa (raw, json)
Hash identifier:          46uueaf8TwY6xllVk4bGf8Po+XSFPtY1TUSEHJE8zWc=
Subject key identifier:   37:08:57:D5:FA:54:50:A2:12:C1:16:8F:E9:18:27:9C:7F:C2:97:E9
Certificate issuer:       /CN=524e5f7961225fbfe341f6bfd6be8e1a21ef8c0f
Certificate serial:       0194258EFE435E286891228F3DB3553DA8C7
Authority key identifier: 52:4E:5F:79:61:22:5F:BF:E3:41:F6:BF:D6:BE:8E:1A:21:EF:8C:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uk5feWEiX7_jQfa_1r6OGiHvjA8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/9c6546-5811-4194-bfeb-2ab9046ebc11/1/NwhX1fpUUKISwRaP6RgnnH_Cl-k.roa
Signing time:             Thu 02 Jan 2025 05:48:35 +0000
ROA not before:           Thu 02 Jan 2025 05:48:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204515
IP address blocks:        185.230.76.0/22 maxlen: 22
                          2a0c:700::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/9c6546-5811-4194-bfeb-2ab9046ebc11/1/Uk5feWEiX7_jQfa_1r6OGiHvjA8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/9c6546-5811-4194-bfeb-2ab9046ebc11/1/Uk5feWEiX7_jQfa_1r6OGiHvjA8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uk5feWEiX7_jQfa_1r6OGiHvjA8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 23:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:fe:43:5e:28:68:91:22:8f:3d:b3:55:3d:a8:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=524e5f7961225fbfe341f6bfd6be8e1a21ef8c0f
        Validity
            Not Before: Jan  2 05:48:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=370857d5fa5450a212c1168fe918279c7fc297e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:d5:ef:9b:7f:29:4d:b7:c3:66:1d:37:60:b1:
                    5a:75:4f:85:bc:10:6b:ea:fc:90:31:13:48:34:a0:
                    3f:02:d3:8d:dc:38:de:54:b1:fe:63:f5:5a:09:23:
                    52:cc:37:4b:82:bb:9c:d9:8e:d0:fc:c2:11:34:97:
                    b4:08:1e:a3:3d:b4:85:11:6e:5e:d9:fc:6d:ac:f3:
                    c3:4d:59:35:19:61:e9:d5:95:3b:eb:a9:7f:d0:4f:
                    08:cd:bd:ef:ee:99:d4:e6:2d:5a:a0:25:0a:61:9f:
                    9f:ed:8e:b9:e6:79:8f:0e:3c:96:b2:ed:08:33:25:
                    67:03:5b:f3:e3:ed:00:9d:c4:66:b3:5b:11:b8:29:
                    c4:40:1f:15:17:8d:d6:d0:c5:18:9f:d4:2c:6f:18:
                    cc:cc:93:05:2b:c2:7b:e2:0d:73:98:fc:21:7c:67:
                    2f:e2:67:87:2e:19:f1:a0:d7:37:0d:64:52:ff:35:
                    6f:e1:e6:0c:86:5e:c2:ea:7b:92:5f:70:0b:54:65:
                    a3:45:8a:2a:15:c7:af:97:ad:a7:f0:14:7b:f5:dd:
                    68:72:fd:af:a5:0c:c9:51:f2:48:2c:f1:5b:8d:50:
                    0d:17:75:1f:67:51:25:6c:c2:e7:45:3e:16:ad:30:
                    0a:29:48:e2:4f:00:87:34:9c:16:48:00:8d:31:e6:
                    81:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:08:57:D5:FA:54:50:A2:12:C1:16:8F:E9:18:27:9C:7F:C2:97:E9
            X509v3 Authority Key Identifier:
                keyid:52:4E:5F:79:61:22:5F:BF:E3:41:F6:BF:D6:BE:8E:1A:21:EF:8C:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uk5feWEiX7_jQfa_1r6OGiHvjA8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/9c6546-5811-4194-bfeb-2ab9046ebc11/1/NwhX1fpUUKISwRaP6RgnnH_Cl-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/9c6546-5811-4194-bfeb-2ab9046ebc11/1/Uk5feWEiX7_jQfa_1r6OGiHvjA8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.230.76.0/22
                IPv6:
                  2a0c:700::/32

    Signature Algorithm: sha256WithRSAEncryption
         1e:a8:a8:42:5b:a4:24:9e:4a:35:05:12:ec:a1:cc:71:90:49:
         5d:a6:cf:08:eb:bd:1d:3c:7e:07:b8:f0:ef:4c:1d:6b:15:1b:
         5f:e9:06:a1:c5:94:b9:e1:71:61:3e:6e:82:80:2f:3c:ad:2f:
         72:3c:93:2b:4b:ae:5b:cf:b9:5a:77:d4:09:79:98:db:99:d7:
         08:e6:06:ef:ae:70:a6:25:8c:da:46:62:8f:1d:e0:75:69:b0:
         60:16:34:b1:e9:b6:62:51:9a:b6:2d:8c:7f:28:83:2a:ba:0d:
         fe:28:2a:4d:68:ac:cf:92:5e:7d:f8:5f:db:df:4d:57:c9:08:
         a3:ff:a3:80:ca:5c:10:5e:1c:b5:07:bd:9f:fc:30:81:61:7b:
         c3:8f:f9:f9:c1:a6:50:f8:1d:10:f9:be:54:47:3e:45:ab:a6:
         2f:e5:0b:f6:98:45:fd:a0:4d:8c:bb:d1:17:b7:82:77:f5:23:
         46:19:cb:ec:98:ff:5d:5f:9a:4b:23:da:fb:22:eb:08:d9:8a:
         c5:cc:74:48:50:2f:8c:13:ec:24:fe:21:5b:36:7a:5f:1a:38:
         b7:bc:74:7f:58:73:79:68:2f:29:be:51:cf:1f:87:04:33:5e:
         c6:fd:12:87:c6:60:88:6c:7a:cd:3c:08:cf:a4:40:5e:71:04:
         fb:23:d4:64
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQljv5DXihokSKPPbNVPajHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyNGU1Zjc5NjEyMjVmYmZlMzQxZjZiZmQ2YmU4ZTFhMjFl
ZjhjMGYwHhcNMjUwMTAyMDU0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzA4NTdkNWZhNTQ1MGEyMTJjMTE2OGZlOTE4Mjc5YzdmYzI5N2U5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtNXvm38pTbfDZh03YLFadU+FvBBr
6vyQMRNINKA/AtON3DjeVLH+Y/VaCSNSzDdLgruc2Y7Q/MIRNJe0CB6jPbSFEW5e
2fxtrPPDTVk1GWHp1ZU766l/0E8Izb3v7pnU5i1aoCUKYZ+f7Y655nmPDjyWsu0I
MyVnA1vz4+0AncRms1sRuCnEQB8VF43W0MUYn9QsbxjMzJMFK8J74g1zmPwhfGcv
4meHLhnxoNc3DWRS/zVv4eYMhl7C6nuSX3ALVGWjRYoqFcevl62n8BR79d1ocv2v
pQzJUfJILPFbjVANF3UfZ1ElbMLnRT4WrTAKKUjiTwCHNJwWSACNMeaB3QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDcIV9X6VFCiEsEWj+kYJ5x/wpfpMB8GA1UdIwQY
MBaAFFJOX3lhIl+/40H2v9a+jhoh74wPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWs1ZmVXRWlYN19qUWZhXzFyNk9HaUh2akE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi85YzY1NDYtNTgxMS00MTk0LWJmZWIt
MmFiOTA0NmViYzExLzEvTndoWDFmcFVVS0lTd1JhUDZSZ25uSF9DbC1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi85YzY1NDYtNTgxMS00MTk0LWJmZWItMmFiOTA0NmViYzEx
LzEvVWs1ZmVXRWlYN19qUWZhXzFyNk9HaUh2akE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCueZMMA0E
AgACMAcDBQAqDAcAMA0GCSqGSIb3DQEBCwUAA4IBAQAeqKhCW6Qknko1BRLsocxx
kEldps8I670dPH4HuPDvTB1rFRtf6QahxZS54XFhPm6CgC88rS9yPJMrS65bz7la
d9QJeZjbmdcI5gbvrnCmJYzaRmKPHeB1abBgFjSx6bZiUZq2LYx/KIMqug3+KCpN
aKzPkl59+F/b301XyQij/6OAylwQXhy1B72f/DCBYXvDj/n5waZQ+B0Q+b5URz5F
q6Yv5Qv2mEX9oE2Mu9EXt4J39SNGGcvsmP9dX5pLI9r7IusI2YrFzHRIUC+ME+wk
/iFbNnpfGji3vHR/WHN5aC8pvlHPH4cEM17G/RKHxmCIbHrNPAjPpEBecQT7I9Rk
-----END CERTIFICATE-----