Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/6e6df8-e72a-4155-9e08-0e47ede305b3/1/NrQlovA-ENvWm52W_XszKtgFuEM.roa
File:                     NrQlovA-ENvWm52W_XszKtgFuEM.roa (raw, json)
Hash identifier:          CEb3/pIl0j5Q+iEy5jGadkT0Uot6DJeWgORkKHAYYJw=
Subject key identifier:   36:B4:25:A2:F0:3E:10:DB:D6:9B:9D:96:FD:7B:33:2A:D8:05:B8:43
Certificate issuer:       /CN=c3b88be5513f1ae72493522fa6697eff33692ae0
Certificate serial:       019425FDC3D9F8B895CF3EA0BB7DFEA2DD2F
Authority key identifier: C3:B8:8B:E5:51:3F:1A:E7:24:93:52:2F:A6:69:7E:FF:33:69:2A:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w7iL5VE_Guckk1Ivpml-_zNpKuA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/6e6df8-e72a-4155-9e08-0e47ede305b3/1/NrQlovA-ENvWm52W_XszKtgFuEM.roa
Signing time:             Thu 02 Jan 2025 07:49:35 +0000
ROA not before:           Thu 02 Jan 2025 07:49:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51514
IP address blocks:        37.221.216.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/6e6df8-e72a-4155-9e08-0e47ede305b3/1/w7iL5VE_Guckk1Ivpml-_zNpKuA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/6e6df8-e72a-4155-9e08-0e47ede305b3/1/w7iL5VE_Guckk1Ivpml-_zNpKuA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w7iL5VE_Guckk1Ivpml-_zNpKuA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:c3:d9:f8:b8:95:cf:3e:a0:bb:7d:fe:a2:dd:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3b88be5513f1ae72493522fa6697eff33692ae0
        Validity
            Not Before: Jan  2 07:49:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=36b425a2f03e10dbd69b9d96fd7b332ad805b843
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:69:dd:f0:2e:36:8a:17:ce:3e:7e:69:29:aa:
                    85:1a:21:9d:ed:13:31:f5:95:3c:b9:cf:12:bc:fc:
                    83:b5:b2:fd:9d:95:20:15:ee:cb:8b:57:b5:e5:a3:
                    cc:6f:90:07:3f:02:c3:2c:e2:75:97:39:cc:e8:33:
                    68:22:34:6c:3a:cd:f0:47:bd:e7:5b:c3:86:ab:25:
                    6f:55:59:a7:0e:12:a2:87:d2:e8:96:3f:da:9a:6e:
                    9f:dd:ce:24:33:cd:6c:55:8a:35:cb:12:40:78:ff:
                    50:6f:a1:18:56:d8:8e:f5:30:66:a1:ff:1b:58:8b:
                    24:82:f8:9a:57:3e:7c:bd:80:d9:e3:6c:07:c0:31:
                    5e:32:74:9b:0f:36:70:69:6b:69:d4:49:d2:7e:a0:
                    de:66:56:ed:bc:ef:09:47:a3:72:c2:35:50:5e:85:
                    db:a6:ad:15:eb:7d:a2:40:93:67:3f:a2:8f:09:52:
                    32:8d:6b:93:71:c9:68:da:54:d2:91:f6:76:43:33:
                    30:b5:75:f8:56:39:e0:b2:78:05:92:db:2f:a5:9d:
                    04:9a:db:21:9b:76:20:f7:31:2c:5c:0a:a6:96:31:
                    d2:4c:bb:ca:9d:28:f9:c5:44:5d:99:9f:51:70:1e:
                    cf:b1:26:16:a1:89:65:99:26:94:93:bb:04:4e:5b:
                    e5:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:B4:25:A2:F0:3E:10:DB:D6:9B:9D:96:FD:7B:33:2A:D8:05:B8:43
            X509v3 Authority Key Identifier:
                keyid:C3:B8:8B:E5:51:3F:1A:E7:24:93:52:2F:A6:69:7E:FF:33:69:2A:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w7iL5VE_Guckk1Ivpml-_zNpKuA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/6e6df8-e72a-4155-9e08-0e47ede305b3/1/NrQlovA-ENvWm52W_XszKtgFuEM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/6e6df8-e72a-4155-9e08-0e47ede305b3/1/w7iL5VE_Guckk1Ivpml-_zNpKuA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.221.216.0/21

    Signature Algorithm: sha256WithRSAEncryption
         94:f1:0e:9d:0d:a2:db:b9:09:be:79:a7:5a:75:13:f8:c8:33:
         e6:c4:f4:29:72:82:e9:6d:17:46:cc:4d:82:91:2a:82:f2:4c:
         8b:4b:10:4e:d6:81:a6:36:e5:e7:e2:7b:8e:4a:b3:ad:26:e2:
         e5:44:be:41:71:b6:83:85:ec:f2:10:93:47:0c:e6:69:29:64:
         16:be:65:55:cf:5d:4d:d3:db:21:4d:41:e3:39:c3:bc:34:0d:
         2b:81:f6:23:05:ad:89:11:58:e9:f7:24:70:31:45:ff:65:e2:
         da:32:6b:f3:11:e7:fd:34:bc:b0:c9:69:27:c7:fe:f0:ac:94:
         ac:38:c4:21:89:24:3e:41:1f:3f:96:46:d9:4d:de:54:5a:be:
         59:d3:a8:a3:c4:a4:00:c5:e5:cd:5a:19:21:33:c7:e2:68:26:
         69:f0:f4:68:e4:ea:fd:35:ba:de:b6:92:3b:71:f8:97:4e:bc:
         70:f2:04:b1:c3:a5:64:da:26:be:d0:9b:c6:24:72:ca:f4:2f:
         fa:98:e4:ff:98:93:f7:d1:92:e7:5e:91:d3:a1:9e:ea:80:ca:
         20:5d:00:85:3d:8e:53:d6:d2:03:f1:01:19:e1:f3:c7:81:28:
         8e:62:d5:75:ae:c1:ac:01:d8:74:ed:20:d8:c3:30:46:64:72:
         c2:d8:86:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/cPZ+LiVzz6gu33+ot0vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYjg4YmU1NTEzZjFhZTcyNDkzNTIyZmE2Njk3ZWZmMzM2
OTJhZTAwHhcNMjUwMTAyMDc0OTM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmI0MjVhMmYwM2UxMGRiZDY5YjlkOTZmZDdiMzMyYWQ4MDViODQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz2nd8C42ihfOPn5pKaqFGiGd7RMx
9ZU8uc8SvPyDtbL9nZUgFe7Li1e15aPMb5AHPwLDLOJ1lznM6DNoIjRsOs3wR73n
W8OGqyVvVVmnDhKih9Lolj/amm6f3c4kM81sVYo1yxJAeP9Qb6EYVtiO9TBmof8b
WIskgviaVz58vYDZ42wHwDFeMnSbDzZwaWtp1EnSfqDeZlbtvO8JR6NywjVQXoXb
pq0V632iQJNnP6KPCVIyjWuTcclo2lTSkfZ2QzMwtXX4VjngsngFktsvpZ0Emtsh
m3Yg9zEsXAqmljHSTLvKnSj5xURdmZ9RcB7PsSYWoYllmSaUk7sETlvlswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDa0JaLwPhDb1pudlv17MyrYBbhDMB8GA1UdIwQY
MBaAFMO4i+VRPxrnJJNSL6Zpfv8zaSrgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzdpTDVWRV9HdWNrazFJdnBtbC1fek5wS3VBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy82ZTZkZjgtZTcyYS00MTU1LTllMDgt
MGU0N2VkZTMwNWIzLzEvTnJRbG92QS1FTnZXbTUyV19Yc3pLdGdGdUVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy82ZTZkZjgtZTcyYS00MTU1LTllMDgtMGU0N2VkZTMwNWIz
LzEvdzdpTDVWRV9HdWNrazFJdnBtbC1fek5wS3VBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDJd3YMA0G
CSqGSIb3DQEBCwUAA4IBAQCU8Q6dDaLbuQm+eadadRP4yDPmxPQpcoLpbRdGzE2C
kSqC8kyLSxBO1oGmNuXn4nuOSrOtJuLlRL5BcbaDhezyEJNHDOZpKWQWvmVVz11N
09shTUHjOcO8NA0rgfYjBa2JEVjp9yRwMUX/ZeLaMmvzEef9NLywyWknx/7wrJSs
OMQhiSQ+QR8/lkbZTd5UWr5Z06ijxKQAxeXNWhkhM8fiaCZp8PRo5Or9NbretpI7
cfiXTrxw8gSxw6Vk2ia+0JvGJHLK9C/6mOT/mJP30ZLnXpHToZ7qgMogXQCFPY5T
1tID8QEZ4fPHgSiOYtV1rsGsAdh07SDYwzBGZHLC2IYf
-----END CERTIFICATE-----