Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/pNHssXejqwV7rUGPq3MFmYgyLtU.roa
File:                     pNHssXejqwV7rUGPq3MFmYgyLtU.roa (raw, json)
Hash identifier:          dWQmrPcbR32N6rYMWx+/Sg1VwaL2w7rPTDqxpwPEdKQ=
Subject key identifier:   A4:D1:EC:B1:77:A3:AB:05:7B:AD:41:8F:AB:73:05:99:88:32:2E:D5
Certificate issuer:       /CN=3718b734349bf327d9453b96501e44b192e55142
Certificate serial:       0191B99D0B8EC65203C02E3C115E1B66E1FD
Authority key identifier: 37:18:B7:34:34:9B:F3:27:D9:45:3B:96:50:1E:44:B1:92:E5:51:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/pNHssXejqwV7rUGPq3MFmYgyLtU.roa
Signing time:             Tue 03 Sep 2024 20:39:22 +0000
ROA not before:           Tue 03 Sep 2024 20:39:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        185.155.54.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:b9:9d:0b:8e:c6:52:03:c0:2e:3c:11:5e:1b:66:e1:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3718b734349bf327d9453b96501e44b192e55142
        Validity
            Not Before: Sep  3 20:39:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a4d1ecb177a3ab057bad418fab73059988322ed5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:fc:f6:77:12:92:68:15:dd:e2:38:2e:db:43:
                    45:39:5e:de:07:3b:71:8b:db:82:3e:4e:3a:ac:b3:
                    63:d3:ec:ac:c5:e2:60:59:4d:70:46:2d:b0:e9:35:
                    6f:2a:9b:c1:ad:5c:c7:80:24:75:f7:62:19:74:b2:
                    17:1a:e1:77:73:9c:51:cb:ec:0f:5b:7c:c9:5f:80:
                    d6:cf:30:5c:59:de:c4:e2:43:a8:eb:41:bc:39:9f:
                    94:4a:91:4c:98:a0:fc:84:4d:ee:39:10:91:42:6f:
                    f9:1e:1b:9a:55:92:05:b6:3f:bc:ab:d1:ec:94:1b:
                    32:64:4b:ce:57:38:71:dc:be:05:bd:28:7e:23:95:
                    14:a3:e6:36:04:bf:de:7e:51:ff:1f:83:a2:0c:02:
                    35:11:5e:88:03:53:80:ee:92:f4:d2:c7:a6:ec:66:
                    18:58:b6:10:83:ee:d9:9f:64:3b:19:be:9c:e0:22:
                    f2:7f:2b:83:aa:c8:91:d7:7b:48:46:5e:1c:17:bb:
                    c3:3e:61:11:9e:86:12:fb:02:3b:f6:48:ca:50:38:
                    ce:4e:cb:f8:f9:28:b1:78:bc:84:bf:9e:42:73:54:
                    46:81:af:43:61:8a:ee:12:a1:c5:24:b6:fb:2f:85:
                    a4:be:96:3a:c1:2d:1d:29:ab:4e:b5:a5:a8:cd:3d:
                    6c:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:D1:EC:B1:77:A3:AB:05:7B:AD:41:8F:AB:73:05:99:88:32:2E:D5
            X509v3 Authority Key Identifier:
                keyid:37:18:B7:34:34:9B:F3:27:D9:45:3B:96:50:1E:44:B1:92:E5:51:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/pNHssXejqwV7rUGPq3MFmYgyLtU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.155.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:c2:7c:e6:6f:52:9b:7d:3f:b0:35:a0:a6:14:e4:ee:5e:31:
         9d:f6:a2:11:3f:10:27:af:38:b5:0f:19:93:1a:69:17:ee:38:
         73:82:32:e1:bd:f7:4f:ff:35:e9:a6:c5:ab:c8:26:c5:a2:77:
         af:7f:8e:cd:5c:aa:f2:be:b6:4d:db:29:cd:54:4c:de:f1:41:
         69:9e:24:22:34:a8:eb:8f:78:19:91:56:ef:09:f0:2c:50:13:
         80:48:3b:99:88:79:19:cd:6a:17:ff:04:28:32:f9:26:c7:f5:
         d9:81:97:db:f3:04:a7:e1:2c:a9:fb:48:04:4f:4f:91:49:7e:
         40:6c:90:09:2b:97:36:aa:61:f6:75:a6:17:12:1c:7e:66:a0:
         69:ce:02:74:42:2e:09:5e:a7:33:2b:dd:96:a0:0d:37:3f:30:
         76:c3:93:0d:8d:de:f3:c6:ea:a8:83:9a:ba:7f:0f:41:5a:1b:
         b2:7c:14:4f:c5:4c:de:ad:8c:20:d2:33:6a:dc:4b:0e:44:da:
         89:71:27:66:47:52:39:1c:d4:b5:7e:81:f7:36:87:63:03:98:
         b6:f2:65:ee:62:fc:18:c6:1b:67:89:a1:54:62:22:d8:cb:a8:
         52:18:29:0b:9a:07:88:70:96:c7:9a:fe:68:be:71:ea:b0:e6:
         60:ce:aa:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZG5nQuOxlIDwC48EV4bZuH9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3MThiNzM0MzQ5YmYzMjdkOTQ1M2I5NjUwMWU0NGIxOTJl
NTUxNDIwHhcNMjQwOTAzMjAzOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGQxZWNiMTc3YTNhYjA1N2JhZDQxOGZhYjczMDU5OTg4MzIyZWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArvz2dxKSaBXd4jgu20NFOV7eBztx
i9uCPk46rLNj0+ysxeJgWU1wRi2w6TVvKpvBrVzHgCR192IZdLIXGuF3c5xRy+wP
W3zJX4DWzzBcWd7E4kOo60G8OZ+USpFMmKD8hE3uORCRQm/5HhuaVZIFtj+8q9Hs
lBsyZEvOVzhx3L4FvSh+I5UUo+Y2BL/eflH/H4OiDAI1EV6IA1OA7pL00sem7GYY
WLYQg+7Zn2Q7Gb6c4CLyfyuDqsiR13tIRl4cF7vDPmERnoYS+wI79kjKUDjOTsv4
+SixeLyEv55Cc1RGga9DYYruEqHFJLb7L4WkvpY6wS0dKatOtaWozT1sQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKTR7LF3o6sFe61Bj6tzBZmIMi7VMB8GA1UdIwQY
MBaAFDcYtzQ0m/Mn2UU7llAeRLGS5VFCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnhpM05EU2I4eWZaUlR1V1VCNUVzWkxsVVVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My83YmY4YTgtZTQ5Yy00MDZlLThlYjct
YzgyM2NjOGYzODM3LzEvcE5Ic3NYZWpxd1Y3clVHUHEzTUZtWWd5THRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My83YmY4YTgtZTQ5Yy00MDZlLThlYjctYzgyM2NjOGYzODM3
LzEvTnhpM05EU2I4eWZaUlR1V1VCNUVzWkxsVVVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZs2MA0G
CSqGSIb3DQEBCwUAA4IBAQBiwnzmb1KbfT+wNaCmFOTuXjGd9qIRPxAnrzi1DxmT
GmkX7jhzgjLhvfdP/zXppsWryCbFonevf47NXKryvrZN2ynNVEze8UFpniQiNKjr
j3gZkVbvCfAsUBOASDuZiHkZzWoX/wQoMvkmx/XZgZfb8wSn4Syp+0gET0+RSX5A
bJAJK5c2qmH2daYXEhx+ZqBpzgJ0Qi4JXqczK92WoA03PzB2w5MNjd7zxuqog5q6
fw9BWhuyfBRPxUzerYwg0jNq3EsORNqJcSdmR1I5HNS1foH3NodjA5i28mXuYvwY
xhtniaFUYiLYy6hSGCkLmgeIcJbHmv5ovnHqsOZgzqor
-----END CERTIFICATE-----