Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/Nn-ApfIk9aaRaey91ZWLyX5wqM0.roa
File:                     Nn-ApfIk9aaRaey91ZWLyX5wqM0.roa (raw, json)
Hash identifier:          14erkdx8WX3xu6haq1SKNyJiB4KCwkt4zswja4uFhqM=
Subject key identifier:   36:7F:80:A5:F2:24:F5:A6:91:69:EC:BD:D5:95:8B:C9:7E:70:A8:CD
Certificate issuer:       /CN=4dd74fbbbae58dd0876d99e80ec82a11a4477f7e
Certificate serial:       0194C0BB470ABF82CF519A4641DF69290B3B
Authority key identifier: 4D:D7:4F:BB:BA:E5:8D:D0:87:6D:99:E8:0E:C8:2A:11:A4:47:7F:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TddPu7rljdCHbZnoDsgqEaRHf34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/Nn-ApfIk9aaRaey91ZWLyX5wqM0.roa
Signing time:             Sat 01 Feb 2025 08:58:06 +0000
ROA not before:           Sat 01 Feb 2025 08:58:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35372
IP address blocks:        109.162.248.0/24 maxlen: 24
                          109.162.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/TddPu7rljdCHbZnoDsgqEaRHf34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/TddPu7rljdCHbZnoDsgqEaRHf34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TddPu7rljdCHbZnoDsgqEaRHf34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 16:11:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:c0:bb:47:0a:bf:82:cf:51:9a:46:41:df:69:29:0b:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd74fbbbae58dd0876d99e80ec82a11a4477f7e
        Validity
            Not Before: Feb  1 08:58:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=367f80a5f224f5a69169ecbdd5958bc97e70a8cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:e4:02:97:f8:bc:b1:62:7f:e6:93:d6:54:2d:
                    e8:39:84:fe:45:ac:0b:eb:d8:d1:42:53:ea:78:94:
                    59:05:32:5b:1c:d8:a5:48:2f:f6:6d:a2:87:de:9c:
                    5c:d4:59:bb:cd:f7:d1:a6:29:5c:72:db:b7:98:c9:
                    a9:00:47:fe:1f:c5:a2:f7:e9:ab:eb:a6:8c:16:64:
                    a3:e7:77:81:ae:a0:e2:2a:a6:11:c0:b5:d0:2e:bf:
                    fe:29:c3:fd:a2:7d:3e:81:8d:41:6e:19:92:4d:fc:
                    ce:ec:5e:5c:86:2a:c2:99:9e:4f:8d:83:0a:1b:3b:
                    c4:a0:ae:d7:81:e6:a3:d5:60:ec:da:9b:2c:64:00:
                    b5:8b:4a:c9:77:0f:eb:db:36:b4:f9:d0:6e:5b:56:
                    68:67:f1:63:b8:19:70:3b:bc:0a:94:23:af:75:22:
                    e9:f4:e0:78:0a:f5:d0:1a:3a:43:8a:72:97:ea:45:
                    0c:d4:61:31:1d:0d:18:ce:b1:e1:bf:3a:aa:21:0b:
                    6c:51:5a:15:38:38:ac:c3:39:0b:1e:94:6e:22:9c:
                    a1:e1:dc:11:1f:18:21:df:e1:36:e4:33:8c:bb:6d:
                    5c:24:f7:b2:55:80:ce:23:e4:1c:af:c6:b5:75:a4:
                    37:5e:86:cc:0c:6f:5c:75:7a:06:f7:44:a1:9d:ba:
                    f9:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:7F:80:A5:F2:24:F5:A6:91:69:EC:BD:D5:95:8B:C9:7E:70:A8:CD
            X509v3 Authority Key Identifier:
                keyid:4D:D7:4F:BB:BA:E5:8D:D0:87:6D:99:E8:0E:C8:2A:11:A4:47:7F:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TddPu7rljdCHbZnoDsgqEaRHf34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/Nn-ApfIk9aaRaey91ZWLyX5wqM0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/TddPu7rljdCHbZnoDsgqEaRHf34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.162.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1c:1e:dc:fb:65:8c:2c:88:67:ed:d2:a9:c4:5f:66:be:1c:d7:
         bc:20:e7:0f:9e:99:7d:bc:21:e3:28:b8:cb:77:03:d4:f3:a0:
         2a:d1:33:bc:bf:16:0f:d6:50:25:58:4b:c2:56:08:17:96:32:
         25:0f:38:6c:a9:f9:d2:16:d2:ed:f7:ed:62:d9:1f:8a:03:55:
         ed:dc:40:ea:b4:3a:9b:d7:e8:16:f1:f4:63:f4:90:cd:fa:d4:
         f2:40:68:90:09:1c:4f:24:4f:77:0b:0a:b4:e5:ac:52:30:5e:
         bc:a4:98:16:e5:db:d3:42:9d:54:c5:4f:08:c1:a2:22:7c:03:
         d0:9a:60:48:2e:14:98:8c:6d:74:b3:3d:36:9a:1a:ff:32:ec:
         58:29:2e:9f:f1:52:8d:42:4a:64:c3:3f:35:da:81:de:83:1b:
         ee:9a:f3:ef:d6:89:82:81:14:4e:5b:33:28:2d:2a:5c:4a:d4:
         92:a4:ba:84:d5:d8:dd:df:b5:79:ac:e0:5e:49:d6:50:31:8f:
         e5:ff:6f:94:bd:14:a0:58:ef:79:19:3f:c7:e6:8f:b3:6a:23:
         2b:18:5d:5d:5f:a3:53:8b:00:91:bc:5c:8e:ff:90:c4:23:93:
         b7:d3:4d:ef:02:47:fc:68:bb:36:35:d9:b6:38:e4:05:6b:57:
         79:48:8f:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZTAu0cKv4LPUZpGQd9pKQs7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDc0ZmJiYmFlNThkZDA4NzZkOTllODBlYzgyYTExYTQ0
NzdmN2UwHhcNMjUwMjAxMDg1ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjdmODBhNWYyMjRmNWE2OTE2OWVjYmRkNTk1OGJjOTdlNzBhOGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtuQCl/i8sWJ/5pPWVC3oOYT+RawL
69jRQlPqeJRZBTJbHNilSC/2baKH3pxc1Fm7zffRpilcctu3mMmpAEf+H8Wi9+mr
66aMFmSj53eBrqDiKqYRwLXQLr/+KcP9on0+gY1BbhmSTfzO7F5chirCmZ5PjYMK
GzvEoK7Xgeaj1WDs2pssZAC1i0rJdw/r2za0+dBuW1ZoZ/FjuBlwO7wKlCOvdSLp
9OB4CvXQGjpDinKX6kUM1GExHQ0YzrHhvzqqIQtsUVoVODiswzkLHpRuIpyh4dwR
Hxgh3+E25DOMu21cJPeyVYDOI+Qcr8a1daQ3XobMDG9cdXoG90Shnbr5ywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDZ/gKXyJPWmkWnsvdWVi8l+cKjNMB8GA1UdIwQY
MBaAFE3XT7u65Y3Qh22Z6A7IKhGkR39+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRkUHU3cmxqZENIYlpub0RzZ3FFYVJIZjM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi85ZjVmNTctZTgyOC00YmNmLThkMmIt
OGVhYjdmNGZlNzdlLzEvTm4tQXBmSWs5YWFSYWV5OTFaV0x5WDV3cU0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi85ZjVmNTctZTgyOC00YmNmLThkMmItOGVhYjdmNGZlNzdl
LzEvVGRkUHU3cmxqZENIYlpub0RzZ3FFYVJIZjM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBbaL4MA0G
CSqGSIb3DQEBCwUAA4IBAQAcHtz7ZYwsiGft0qnEX2a+HNe8IOcPnpl9vCHjKLjL
dwPU86Aq0TO8vxYP1lAlWEvCVggXljIlDzhsqfnSFtLt9+1i2R+KA1Xt3EDqtDqb
1+gW8fRj9JDN+tTyQGiQCRxPJE93Cwq05axSMF68pJgW5dvTQp1UxU8IwaIifAPQ
mmBILhSYjG10sz02mhr/MuxYKS6f8VKNQkpkwz812oHegxvumvPv1omCgRROWzMo
LSpcStSSpLqE1djd37V5rOBeSdZQMY/l/2+UvRSgWO95GT/H5o+zaiMrGF1dX6NT
iwCRvFyO/5DEI5O3003vAkf8aLs2Ndm2OOQFa1d5SI96
-----END CERTIFICATE-----