Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/244a71-e6af-4905-bf65-dfe3c4c5288c/1/NNs7_agCq4a5LGK9vlJAbRyPMSw.roa
File:                     NNs7_agCq4a5LGK9vlJAbRyPMSw.roa (raw, json)
Hash identifier:          /RavIGbCYx2zogfJiuXee/WpGjlrh9UdwbzPF7/qVAE=
Subject key identifier:   34:DB:3B:FD:A8:02:AB:86:B9:2C:62:BD:BE:52:40:6D:1C:8F:31:2C
Certificate issuer:       /CN=f691ab3245ff895a72dd6ff0743c377b6f0f89a6
Certificate serial:       0194258F7784DA7D9087623BCC4C8586B80D
Authority key identifier: F6:91:AB:32:45:FF:89:5A:72:DD:6F:F0:74:3C:37:7B:6F:0F:89:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9pGrMkX_iVpy3W_wdDw3e28PiaY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/244a71-e6af-4905-bf65-dfe3c4c5288c/1/NNs7_agCq4a5LGK9vlJAbRyPMSw.roa
Signing time:             Thu 02 Jan 2025 05:49:06 +0000
ROA not before:           Thu 02 Jan 2025 05:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31673
IP address blocks:        185.185.164.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/244a71-e6af-4905-bf65-dfe3c4c5288c/1/9pGrMkX_iVpy3W_wdDw3e28PiaY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/244a71-e6af-4905-bf65-dfe3c4c5288c/1/9pGrMkX_iVpy3W_wdDw3e28PiaY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9pGrMkX_iVpy3W_wdDw3e28PiaY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 23:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:77:84:da:7d:90:87:62:3b:cc:4c:85:86:b8:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f691ab3245ff895a72dd6ff0743c377b6f0f89a6
        Validity
            Not Before: Jan  2 05:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=34db3bfda802ab86b92c62bdbe52406d1c8f312c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:fc:aa:55:3f:a9:65:71:8b:b9:ac:d5:76:56:
                    1a:ac:a3:5a:5d:f6:ef:02:b0:00:d1:3d:36:a7:a7:
                    f8:91:54:4d:bc:d5:22:87:70:4a:2d:c6:9d:e1:34:
                    44:bb:31:29:b1:aa:28:e0:6d:8b:c2:fd:b3:4c:e6:
                    87:b7:2e:67:7f:88:fd:9e:9e:ed:09:14:c4:8b:be:
                    83:ca:de:77:c9:49:ef:2e:40:8d:56:2a:a4:29:0d:
                    66:3d:37:08:1f:f0:78:94:5c:67:78:71:7e:ee:84:
                    b2:1c:7e:c0:4f:47:7e:e5:55:f8:0b:65:4d:44:1d:
                    de:e7:49:93:27:7e:43:0c:5f:29:ef:21:8a:5d:57:
                    20:ac:9d:45:12:8e:69:ba:f2:db:a6:5a:a6:7c:32:
                    b1:46:62:f6:8b:ab:8f:18:df:e7:0a:bb:d1:95:08:
                    0c:41:12:01:af:41:73:fc:2c:dd:b5:5b:1b:ce:30:
                    a5:cb:16:44:57:69:26:6e:d8:2d:dc:dd:a7:5d:55:
                    11:17:c5:a7:69:8e:f6:a0:64:37:47:5a:4e:48:4c:
                    fe:34:c9:6c:3a:b0:b3:fc:d7:ce:e9:f2:06:50:56:
                    4d:54:ea:78:b1:19:63:40:59:58:62:3b:26:10:64:
                    be:0e:1b:44:43:dd:64:e0:3c:8d:df:9a:4c:e2:63:
                    b1:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:DB:3B:FD:A8:02:AB:86:B9:2C:62:BD:BE:52:40:6D:1C:8F:31:2C
            X509v3 Authority Key Identifier:
                keyid:F6:91:AB:32:45:FF:89:5A:72:DD:6F:F0:74:3C:37:7B:6F:0F:89:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9pGrMkX_iVpy3W_wdDw3e28PiaY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/244a71-e6af-4905-bf65-dfe3c4c5288c/1/NNs7_agCq4a5LGK9vlJAbRyPMSw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/244a71-e6af-4905-bf65-dfe3c4c5288c/1/9pGrMkX_iVpy3W_wdDw3e28PiaY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.185.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7f:37:67:41:6a:76:2a:66:06:56:d2:6f:dc:4c:c7:8d:46:81:
         98:e0:e8:db:1b:63:6f:72:61:2d:54:5e:9b:59:e6:50:5f:44:
         8d:13:e7:95:4a:86:37:14:0a:ae:28:90:df:76:78:ea:9f:c5:
         cb:cc:a3:e5:ce:bc:3d:5c:f4:3f:90:91:a0:ce:06:07:20:f6:
         6a:00:9a:e9:31:06:40:6b:ed:4d:8e:95:ac:4e:27:68:ff:cb:
         13:14:e6:2b:71:16:57:8b:02:5a:3c:19:dc:a7:21:34:6f:8d:
         da:b7:7a:32:28:49:14:ca:7a:a8:17:2d:3b:ef:00:66:99:67:
         1d:fd:a1:58:54:9e:56:d1:0c:3a:8c:64:1b:45:03:38:11:a6:
         6a:0d:3e:04:1d:75:c1:20:46:af:94:01:aa:1d:5b:64:52:cf:
         1d:32:87:7c:ae:64:2d:93:34:a1:8c:2d:27:52:4b:49:2c:0c:
         37:5a:a1:78:dd:e5:db:b7:93:f5:1c:89:9c:a3:15:de:cc:4a:
         b9:5a:16:97:ee:e9:c3:e3:bb:94:2e:0f:ea:bc:79:93:6f:2d:
         d8:e7:27:d3:f5:3a:18:6f:d6:ea:92:ee:ee:d2:a1:a8:f7:9e:
         e7:e4:6f:98:25:03:0b:61:1a:83:5b:1a:22:08:44:80:8a:77:
         8e:1c:78:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj3eE2n2Qh2I7zEyFhrgNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2OTFhYjMyNDVmZjg5NWE3MmRkNmZmMDc0M2MzNzdiNmYw
Zjg5YTYwHhcNMjUwMTAyMDU0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGRiM2JmZGE4MDJhYjg2YjkyYzYyYmRiZTUyNDA2ZDFjOGYzMTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/yqVT+pZXGLuazVdlYarKNaXfbv
ArAA0T02p6f4kVRNvNUih3BKLcad4TREuzEpsaoo4G2Lwv2zTOaHty5nf4j9np7t
CRTEi76Dyt53yUnvLkCNViqkKQ1mPTcIH/B4lFxneHF+7oSyHH7AT0d+5VX4C2VN
RB3e50mTJ35DDF8p7yGKXVcgrJ1FEo5puvLbplqmfDKxRmL2i6uPGN/nCrvRlQgM
QRIBr0Fz/CzdtVsbzjClyxZEV2kmbtgt3N2nXVURF8WnaY72oGQ3R1pOSEz+NMls
OrCz/NfO6fIGUFZNVOp4sRljQFlYYjsmEGS+DhtEQ91k4DyN35pM4mOx8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDTbO/2oAquGuSxivb5SQG0cjzEsMB8GA1UdIwQY
MBaAFPaRqzJF/4lact1v8HQ8N3tvD4mmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXBHck1rWF9pVnB5M1dfd2REdzNlMjhQaWFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS8yNDRhNzEtZTZhZi00OTA1LWJmNjUt
ZGZlM2M0YzUyODhjLzEvTk5zN19hZ0NxNGE1TEdLOXZsSkFiUnlQTVN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS8yNDRhNzEtZTZhZi00OTA1LWJmNjUtZGZlM2M0YzUyODhj
LzEvOXBHck1rWF9pVnB5M1dfd2REdzNlMjhQaWFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubmkMA0G
CSqGSIb3DQEBCwUAA4IBAQB/N2dBanYqZgZW0m/cTMeNRoGY4OjbG2NvcmEtVF6b
WeZQX0SNE+eVSoY3FAquKJDfdnjqn8XLzKPlzrw9XPQ/kJGgzgYHIPZqAJrpMQZA
a+1NjpWsTido/8sTFOYrcRZXiwJaPBncpyE0b43at3oyKEkUynqoFy077wBmmWcd
/aFYVJ5W0Qw6jGQbRQM4EaZqDT4EHXXBIEavlAGqHVtkUs8dMod8rmQtkzShjC0n
UktJLAw3WqF43eXbt5P1HImcoxXezEq5WhaX7unD47uULg/qvHmTby3Y5yfT9ToY
b9bqku7u0qGo957n5G+YJQMLYRqDWxoiCESAineOHHjr
-----END CERTIFICATE-----