Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/G2EGr4Xk3Qm8XvkLsb7IIH7fCS4.roa
File:                     G2EGr4Xk3Qm8XvkLsb7IIH7fCS4.roa (raw, json)
Hash identifier:          dzNBhxrLy+o1EwkVYXbVKkWQAsXXj4NfspZ7Dt9SxEk=
Subject key identifier:   1B:61:06:AF:85:E4:DD:09:BC:5E:F9:0B:B1:BE:C8:20:7E:DF:09:2E
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019422201B28B55B2E0292ED7DF347177E5D
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/G2EGr4Xk3Qm8XvkLsb7IIH7fCS4.roa
Signing time:             Wed 01 Jan 2025 13:48:36 +0000
ROA not before:           Wed 01 Jan 2025 13:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     45929
IP address blocks:        185.245.112.0/22 maxlen: 22
                          195.38.4.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:1b:28:b5:5b:2e:02:92:ed:7d:f3:47:17:7e:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 13:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1b6106af85e4dd09bc5ef90bb1bec8207edf092e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:4c:54:ff:a0:f6:9e:3f:fb:50:08:b3:42:45:
                    96:20:21:6d:b7:83:9b:4f:b0:c6:be:7a:8a:f6:f6:
                    c5:c7:f4:b2:d6:3d:ea:e6:2b:77:97:08:5e:7d:a1:
                    3b:02:42:7c:e5:8c:85:cd:93:53:6e:09:12:2b:ad:
                    3b:e2:70:ca:07:e5:b5:be:28:c8:73:e8:5a:fd:ab:
                    c0:4c:3d:f3:18:54:be:6e:d8:f3:8d:60:e2:3b:c5:
                    0d:96:de:fa:e0:93:89:12:9a:1f:14:9c:d5:66:78:
                    84:60:d9:cf:e8:d0:17:01:a7:de:25:1c:05:49:f6:
                    39:88:33:d6:8a:5e:75:4d:12:8c:a6:3f:a0:42:28:
                    1e:c6:b3:18:17:e4:25:11:68:d4:c7:ef:6e:f6:7e:
                    3a:ec:12:dd:46:bf:c7:e3:30:54:b8:46:36:15:96:
                    c5:e5:0d:c0:db:73:86:dd:1b:c3:86:8f:f4:52:2d:
                    dc:92:d0:58:7f:f9:98:36:68:ee:6e:33:b5:0a:b2:
                    ff:34:fb:ae:03:4e:62:82:4d:35:17:83:a0:37:1a:
                    54:7f:26:dc:a2:c8:c1:b4:3c:d4:cd:2c:f5:0f:8b:
                    7f:f5:7a:20:3a:2a:35:3e:28:67:6c:f5:51:30:23:
                    2f:15:53:e0:a3:3b:84:ca:ca:cd:51:60:c5:97:ab:
                    52:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:61:06:AF:85:E4:DD:09:BC:5E:F9:0B:B1:BE:C8:20:7E:DF:09:2E
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/G2EGr4Xk3Qm8XvkLsb7IIH7fCS4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.245.112.0/22
                  195.38.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0b:89:b5:68:8e:08:47:6f:fa:f4:13:da:e4:6a:08:2f:0e:2f:
         90:d1:96:91:43:e8:f3:92:a8:42:41:1d:22:a3:ff:15:b2:95:
         76:c0:5e:ac:d1:24:37:71:4a:41:67:0f:13:d5:d0:e0:94:03:
         d4:5f:d8:f6:8a:f0:54:78:f0:94:6f:a9:ff:74:49:c8:ff:46:
         e8:31:2c:92:d4:0c:55:2b:4c:f0:fc:96:cc:43:8b:8a:b3:f1:
         80:27:87:00:85:8d:a1:ab:22:24:d8:5b:67:10:08:67:df:8a:
         5f:d0:f0:bd:66:58:32:55:3a:aa:96:b2:11:ca:05:a5:30:d4:
         2a:a3:db:06:da:2c:eb:fc:1f:16:28:8f:2d:b9:16:d0:5d:b8:
         7e:e5:cd:36:58:30:a9:aa:e7:aa:4c:13:24:4d:48:d5:3c:a8:
         79:1d:82:78:98:86:b9:1f:77:e6:91:d3:14:8d:db:a3:10:40:
         c4:f0:b6:90:ae:77:0e:51:4a:4d:c0:52:49:b0:85:6f:0f:25:
         a5:72:8c:4d:1d:63:1b:25:b9:03:b3:9e:23:67:1a:dc:a9:f4:
         f3:7a:44:35:7a:dc:ed:f9:9f:d2:9d:e1:c2:53:13:89:ae:94:
         c3:57:10:a7:78:2c:9b:f4:11:e5:55:21:c4:eb:77:ee:f3:21:
         d0:63:ec:ab
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiIBsotVsuApLtffNHF35dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjYxMDZhZjg1ZTRkZDA5YmM1ZWY5MGJiMWJlYzgyMDdlZGYwOTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlUxU/6D2nj/7UAizQkWWICFtt4Ob
T7DGvnqK9vbFx/Sy1j3q5it3lwhefaE7AkJ85YyFzZNTbgkSK6074nDKB+W1vijI
c+ha/avATD3zGFS+btjzjWDiO8UNlt764JOJEpofFJzVZniEYNnP6NAXAafeJRwF
SfY5iDPWil51TRKMpj+gQigexrMYF+QlEWjUx+9u9n467BLdRr/H4zBUuEY2FZbF
5Q3A23OG3RvDho/0Ui3cktBYf/mYNmjubjO1CrL/NPuuA05igk01F4OgNxpUfybc
osjBtDzUzSz1D4t/9XogOio1PihnbPVRMCMvFVPgozuEysrNUWDFl6tS8QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBthBq+F5N0JvF75C7G+yCB+3wkuMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvRzJFR3I0WGszUW04WHZrTHNiN0lJSDdmQ1M0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCufVwAwQC
wyYEMA0GCSqGSIb3DQEBCwUAA4IBAQALibVojghHb/r0E9rkaggvDi+Q0ZaRQ+jz
kqhCQR0io/8VspV2wF6s0SQ3cUpBZw8T1dDglAPUX9j2ivBUePCUb6n/dEnI/0bo
MSyS1AxVK0zw/JbMQ4uKs/GAJ4cAhY2hqyIk2FtnEAhn34pf0PC9ZlgyVTqqlrIR
ygWlMNQqo9sG2izr/B8WKI8tuRbQXbh+5c02WDCpqueqTBMkTUjVPKh5HYJ4mIa5
H3fmkdMUjdujEEDE8LaQrncOUUpNwFJJsIVvDyWlcoxNHWMbJbkDs54jZxrcqfTz
ekQ1etzt+Z/SneHCUxOJrpTDVxCneCyb9BHlVSHE63fu8yHQY+yr
-----END CERTIFICATE-----