Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/69Y1GjDXkdial689sFGk8eNRwi8.roa
File:                     69Y1GjDXkdial689sFGk8eNRwi8.roa (raw, json)
Hash identifier:          +d2jXDS4+ZSm6tNlU5ge3QFhIxNxse5zKrPUt+5C42I=
Subject key identifier:   EB:D6:35:1A:30:D7:91:D8:9A:97:AF:3D:B0:51:A4:F1:E3:51:C2:2F
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019422203DB705735A49E228BDB822BDC4CC
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/69Y1GjDXkdial689sFGk8eNRwi8.roa
Signing time:             Wed 01 Jan 2025 13:48:45 +0000
ROA not before:           Wed 01 Jan 2025 13:48:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212396
IP address blocks:        45.83.30.0/24 maxlen: 24
                          185.150.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:3d:b7:05:73:5a:49:e2:28:bd:b8:22:bd:c4:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 13:48:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ebd6351a30d791d89a97af3db051a4f1e351c22f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:a5:05:54:be:da:87:fb:9f:aa:c3:7d:13:16:
                    bc:fe:23:0d:26:09:6f:f9:e5:e2:0c:03:29:87:90:
                    e4:b2:8d:7e:bd:26:ac:aa:fe:9d:69:28:78:e4:4c:
                    50:85:2f:7a:61:93:1f:50:a0:ba:41:1c:47:b3:ad:
                    16:36:9f:46:fd:4e:f1:2e:b1:8a:3d:a7:f8:f0:c6:
                    a6:b3:dc:14:96:a2:1b:5f:0e:9c:52:28:14:c9:39:
                    53:8b:e4:e7:6b:1f:59:f1:f3:5d:70:81:a4:64:e8:
                    6f:26:ea:eb:f3:b0:ac:ba:d9:b7:58:04:9e:10:12:
                    c2:43:cc:cc:c2:3a:26:7c:44:21:42:b9:d9:71:6b:
                    1e:8d:78:d1:51:2c:92:e3:9e:26:d7:80:c0:b6:fb:
                    e1:df:48:75:ef:54:e3:9d:58:9b:e2:e5:f4:d9:77:
                    8a:6b:42:58:99:39:b6:f5:d5:0b:4e:c9:e6:1b:f5:
                    ab:89:2f:0a:81:a7:ca:12:c9:74:4f:d6:75:15:49:
                    1e:bc:a6:62:b9:20:68:04:bb:82:45:bc:b6:9f:e9:
                    56:ba:2e:99:b7:d9:bc:d3:97:34:f8:f7:7b:1b:22:
                    01:ef:7b:87:3c:0a:b3:8d:2a:29:b4:c5:b1:f0:69:
                    6d:02:ac:bb:1e:13:2a:c8:a7:6d:cf:12:3a:78:d8:
                    b6:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:D6:35:1A:30:D7:91:D8:9A:97:AF:3D:B0:51:A4:F1:E3:51:C2:2F
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/69Y1GjDXkdial689sFGk8eNRwi8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.83.30.0/24
                  185.150.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:fc:4b:1f:1e:f1:94:10:7d:40:d7:25:a5:b4:d9:66:5a:32:
         44:78:71:31:32:05:79:37:b6:31:d8:97:1e:bb:24:5b:b1:65:
         95:76:85:1a:d4:56:17:a5:30:c3:1d:a4:83:bc:35:32:6d:f9:
         75:e5:3f:10:fc:cc:21:80:a9:ae:48:08:4b:4d:6b:75:3b:69:
         97:fc:a6:c7:cd:89:a9:ce:0d:c1:6e:25:0f:44:42:50:31:2c:
         e6:c1:bf:21:24:e2:14:99:66:16:ed:b1:ad:20:0b:cb:bf:14:
         f8:03:10:9a:94:0b:96:4a:da:12:24:68:60:a4:87:fd:f0:25:
         dc:eb:57:b3:a6:f0:0c:0d:14:95:46:3a:f9:f4:b3:0d:f4:d9:
         e7:b6:8e:af:65:60:76:d4:3e:07:e0:c7:f8:1d:ad:a9:24:4a:
         a6:4d:fa:f6:37:54:61:f6:8b:a0:b6:3e:72:f3:1b:65:b7:a8:
         33:de:bf:97:9d:fd:b7:b8:f0:eb:13:ca:20:ce:88:ab:1b:08:
         e9:5b:05:8e:91:52:64:8f:2c:f5:86:39:a1:e8:22:25:97:1d:
         44:a6:c8:58:46:66:0f:44:8d:7d:55:60:d2:91:f8:4a:f5:ca:
         11:87:c0:b3:c0:6a:12:6a:c3:6d:1e:90:1a:7d:24:27:72:9d:
         54:b7:21:f0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiID23BXNaSeIovbgivcTMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmQ2MzUxYTMwZDc5MWQ4OWE5N2FmM2RiMDUxYTRmMWUzNTFjMjJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxaUFVL7ah/ufqsN9Exa8/iMNJglv
+eXiDAMph5Dkso1+vSasqv6daSh45ExQhS96YZMfUKC6QRxHs60WNp9G/U7xLrGK
Paf48Mams9wUlqIbXw6cUigUyTlTi+Tnax9Z8fNdcIGkZOhvJurr87Csutm3WASe
EBLCQ8zMwjomfEQhQrnZcWsejXjRUSyS454m14DAtvvh30h171TjnVib4uX02XeK
a0JYmTm29dULTsnmG/WriS8KgafKEsl0T9Z1FUkevKZiuSBoBLuCRby2n+lWui6Z
t9m805c0+Pd7GyIB73uHPAqzjSoptMWx8GltAqy7HhMqyKdtzxI6eNi2GQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOvWNRow15HYmpevPbBRpPHjUcIvMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvNjlZMUdqRFhrZGlhbDY4OXNGR2s4ZU5Sd2k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALVMeAwQA
uZYBMA0GCSqGSIb3DQEBCwUAA4IBAQAa/EsfHvGUEH1A1yWltNlmWjJEeHExMgV5
N7Yx2JceuyRbsWWVdoUa1FYXpTDDHaSDvDUybfl15T8Q/MwhgKmuSAhLTWt1O2mX
/KbHzYmpzg3BbiUPREJQMSzmwb8hJOIUmWYW7bGtIAvLvxT4AxCalAuWStoSJGhg
pIf98CXc61ezpvAMDRSVRjr59LMN9Nnnto6vZWB21D4H4Mf4Ha2pJEqmTfr2N1Rh
9ougtj5y8xtlt6gz3r+Xnf23uPDrE8ogzoirGwjpWwWOkVJkjyz1hjmh6CIllx1E
pshYRmYPRI19VWDSkfhK9coRh8CzwGoSasNtHpAafSQncp1UtyHw
-----END CERTIFICATE-----