Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/JAqUc1iz-zl74eo6cVH6mN5OvSY.roa
File:                     JAqUc1iz-zl74eo6cVH6mN5OvSY.roa (raw, json)
Hash identifier:          tJ0hcb59uVimaPY2a6Ri5eHkVRZF94+sFsdt1KcZfUc=
Subject key identifier:   24:0A:94:73:58:B3:FB:39:7B:E1:EA:3A:71:51:FA:98:DE:4E:BD:26
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019422204159D4CD75DBAB8F99E2AFB5A71F
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/JAqUc1iz-zl74eo6cVH6mN5OvSY.roa
Signing time:             Wed 01 Jan 2025 13:48:46 +0000
ROA not before:           Wed 01 Jan 2025 13:48:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     263824
IP address blocks:        80.67.32.0/22 maxlen: 24
                          178.238.12.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:41:59:d4:cd:75:db:ab:8f:99:e2:af:b5:a7:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 13:48:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=240a947358b3fb397be1ea3a7151fa98de4ebd26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:8d:7b:5b:5e:25:88:d6:ea:89:9b:10:62:70:
                    33:cd:05:9b:99:07:fe:60:ad:41:0b:8d:c0:16:71:
                    8d:0b:66:be:4a:07:2c:30:f4:0e:1e:dd:38:8d:f5:
                    37:bb:e3:24:7d:41:1a:ee:ca:41:3f:00:72:81:7b:
                    4b:e5:a2:46:21:c5:2f:9d:d1:6c:43:ab:9d:65:a5:
                    a4:e5:67:13:05:4f:88:bc:7b:e8:6e:76:0c:68:fb:
                    97:89:d5:ab:6c:64:87:39:63:e7:28:6b:19:1d:42:
                    8e:23:3d:50:d2:3e:4a:55:68:04:90:41:2c:50:22:
                    3b:9a:72:7e:99:f4:d9:44:01:31:d3:9a:15:c0:3e:
                    cd:08:9b:d0:7f:8e:71:91:4c:df:fa:55:f9:39:0f:
                    ef:28:74:15:50:65:01:87:5a:aa:a7:e3:00:58:6d:
                    b2:51:60:1e:27:91:96:98:91:e0:ad:d0:a1:ef:1e:
                    98:64:e6:38:1c:51:9b:87:11:97:45:70:70:71:27:
                    81:4d:8f:d6:04:60:23:26:d2:89:a9:e9:ee:b5:da:
                    50:3a:f2:43:7e:14:7b:59:0c:73:e1:44:61:d6:81:
                    c5:67:9a:87:27:e4:6d:00:3c:98:b2:11:c3:f3:0a:
                    56:80:d9:e8:85:41:71:4e:45:16:42:3e:9d:c4:e4:
                    3a:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:0A:94:73:58:B3:FB:39:7B:E1:EA:3A:71:51:FA:98:DE:4E:BD:26
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/JAqUc1iz-zl74eo6cVH6mN5OvSY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.67.32.0/22
                  178.238.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3c:27:97:86:24:6e:ef:ff:3c:8c:0c:04:0c:77:06:c5:07:35:
         13:df:1e:76:cd:25:d5:1d:2e:f5:f4:fd:5e:6f:c7:78:29:46:
         98:41:5a:81:1a:ed:d4:b0:d7:40:97:b8:fd:3c:9a:75:6c:49:
         ea:df:38:4e:58:96:12:1c:4a:f9:4d:10:25:13:0e:bd:30:1c:
         ad:f3:26:00:bc:fe:1e:84:c5:4d:f8:ce:32:0a:18:a7:ec:9a:
         ff:f2:8d:d5:56:fc:61:d0:8e:5d:15:15:18:3a:42:c5:e0:6c:
         20:9a:2f:62:ce:d2:3a:37:58:d2:35:13:69:aa:a7:11:b9:08:
         bb:ac:e9:20:37:d2:e1:17:0c:82:12:12:03:f5:c3:9b:b1:df:
         d2:6b:ed:62:0d:ae:fb:42:bb:22:b8:9f:c6:6c:37:8f:4b:52:
         5f:8d:b7:e6:ba:30:96:fd:7e:0c:57:f8:3c:8a:73:84:6f:1f:
         4d:01:9b:db:73:31:78:1b:8e:2d:1f:32:5a:9d:d9:26:f9:fe:
         bf:0d:d9:9c:4f:fe:b3:32:72:f7:28:60:be:e9:00:b6:a3:2f:
         09:10:20:fc:fb:d4:8e:89:71:a4:b9:c7:38:7f:54:a4:3e:70:
         f8:a6:0b:b1:3a:69:ab:6a:cc:da:21:44:e1:29:56:0f:00:ec:
         70:0f:d3:5c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiIEFZ1M1126uPmeKvtacfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDBhOTQ3MzU4YjNmYjM5N2JlMWVhM2E3MTUxZmE5OGRlNGViZDI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyI17W14liNbqiZsQYnAzzQWbmQf+
YK1BC43AFnGNC2a+SgcsMPQOHt04jfU3u+MkfUEa7spBPwBygXtL5aJGIcUvndFs
Q6udZaWk5WcTBU+IvHvobnYMaPuXidWrbGSHOWPnKGsZHUKOIz1Q0j5KVWgEkEEs
UCI7mnJ+mfTZRAEx05oVwD7NCJvQf45xkUzf+lX5OQ/vKHQVUGUBh1qqp+MAWG2y
UWAeJ5GWmJHgrdCh7x6YZOY4HFGbhxGXRXBwcSeBTY/WBGAjJtKJqenutdpQOvJD
fhR7WQxz4URh1oHFZ5qHJ+RtADyYshHD8wpWgNnohUFxTkUWQj6dxOQ6GQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCQKlHNYs/s5e+HqOnFR+pjeTr0mMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvSkFxVWMxaXotemw3NGVvNmNWSDZtTjVPdlNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCUEMgAwQC
su4MMA0GCSqGSIb3DQEBCwUAA4IBAQA8J5eGJG7v/zyMDAQMdwbFBzUT3x52zSXV
HS719P1eb8d4KUaYQVqBGu3UsNdAl7j9PJp1bEnq3zhOWJYSHEr5TRAlEw69MByt
8yYAvP4ehMVN+M4yChin7Jr/8o3VVvxh0I5dFRUYOkLF4Gwgmi9iztI6N1jSNRNp
qqcRuQi7rOkgN9LhFwyCEhID9cObsd/Sa+1iDa77QrsiuJ/GbDePS1JfjbfmujCW
/X4MV/g8inOEbx9NAZvbczF4G44tHzJandkm+f6/DdmcT/6zMnL3KGC+6QC2oy8J
ECD8+9SOiXGkucc4f1SkPnD4pguxOmmraszaIUThKVYPAOxwD9Nc
-----END CERTIFICATE-----