Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/PTXMH93XMpVaPhvI52z6WS9kOzc.roa
File:                     PTXMH93XMpVaPhvI52z6WS9kOzc.roa (raw, json)
Hash identifier:          sd8DSiVtXObSFayh3h42erGjYxM/r8aTOq4WNtYI6cI=
Subject key identifier:   3D:35:CC:1F:DD:D7:32:95:5A:3E:1B:C8:E7:6C:FA:59:2F:64:3B:37
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019422203829C818939A467C9069D406C014
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/PTXMH93XMpVaPhvI52z6WS9kOzc.roa
Signing time:             Wed 01 Jan 2025 13:48:44 +0000
ROA not before:           Wed 01 Jan 2025 13:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209155
IP address blocks:        45.156.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:38:29:c8:18:93:9a:46:7c:90:69:d4:06:c0:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 13:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3d35cc1fddd732955a3e1bc8e76cfa592f643b37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:1f:19:3e:08:63:9f:c9:7a:28:87:73:4d:cf:
                    ff:76:ec:9d:98:b5:42:72:92:a6:82:42:ef:30:b7:
                    a8:1a:c7:d6:4b:b7:e2:f5:ea:8e:f4:d5:58:44:b7:
                    42:1f:5f:84:cf:0f:02:58:50:d9:f5:bd:cf:52:c2:
                    f8:77:2d:89:d3:28:9a:ca:64:bb:2a:bd:d1:8a:d3:
                    62:f3:d0:93:3e:88:9b:f0:2f:29:2e:68:af:b4:b9:
                    ff:6e:c5:10:17:60:3a:03:38:80:36:ef:60:fe:57:
                    a9:38:3e:9a:89:32:2e:e4:20:b1:cf:63:e1:f1:7d:
                    7d:65:7b:a6:74:52:34:9b:02:f7:ef:12:f8:b7:44:
                    d2:40:b1:07:45:de:48:0e:07:3e:6d:e2:82:90:2c:
                    fe:3f:20:5b:79:81:e7:43:66:45:53:04:b7:0b:70:
                    ec:9d:14:e0:0b:71:68:3f:ca:c0:8d:cc:ab:03:9a:
                    7f:84:88:50:d2:f3:06:48:a6:98:4c:6a:d8:81:78:
                    98:74:ea:fa:c5:31:9f:0a:40:41:5b:7d:6a:f5:f4:
                    50:0a:c5:d1:de:62:da:e8:e4:c4:98:ae:30:ca:d4:
                    a6:c1:85:58:68:7f:b0:ab:de:e5:e0:0c:63:7c:7d:
                    47:93:db:93:09:17:b2:a9:08:d8:7f:c2:d8:05:48:
                    db:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:35:CC:1F:DD:D7:32:95:5A:3E:1B:C8:E7:6C:FA:59:2F:64:3B:37
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/PTXMH93XMpVaPhvI52z6WS9kOzc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:48:0a:45:70:d7:83:24:ab:0e:01:18:8e:1f:8c:2b:b3:ea:
         ca:1d:64:be:99:a0:a1:d3:14:6f:38:8a:95:db:c5:41:87:31:
         c4:ef:5e:77:9b:61:97:8f:40:73:e9:c9:8f:9d:15:e8:10:c9:
         a3:e9:90:f8:30:81:9e:64:67:ba:35:9b:3f:24:da:9d:57:42:
         b8:5a:cf:d8:8e:c2:4d:ba:7d:82:34:1f:d4:6d:99:69:e5:dd:
         49:cd:6a:ec:23:c3:70:52:2b:17:9b:da:ae:43:db:0c:5f:ff:
         c9:7e:2b:bb:8f:e3:29:40:1c:be:e5:64:84:69:ce:6d:ca:53:
         6c:ba:ff:0a:a9:e8:14:61:03:e4:5d:a4:6c:79:ca:63:5e:63:
         d1:32:95:73:3f:d2:8a:67:df:1e:e1:3a:6f:96:cf:5b:f7:c8:
         c4:c9:d0:4c:c4:91:49:bc:dd:8c:65:c9:d0:1d:b6:1c:51:24:
         b8:34:1d:75:8c:6b:39:b4:09:af:df:60:df:34:c1:67:f5:6d:
         ac:7a:b9:e3:0d:57:ec:94:9b:b7:9f:6a:a3:e5:fd:dd:8b:e1:
         eb:74:e0:1f:d8:c9:09:5a:6d:eb:39:23:5c:10:53:0f:88:7c:
         d6:1c:32:6d:d7:cf:9e:63:3e:ad:68:bc:b2:dd:72:bb:7c:ea:
         55:db:df:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIDgpyBiTmkZ8kGnUBsAUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDM1Y2MxZmRkZDczMjk1NWEzZTFiYzhlNzZjZmE1OTJmNjQzYjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqx8ZPghjn8l6KIdzTc//duydmLVC
cpKmgkLvMLeoGsfWS7fi9eqO9NVYRLdCH1+Ezw8CWFDZ9b3PUsL4dy2J0yiaymS7
Kr3RitNi89CTPoib8C8pLmivtLn/bsUQF2A6AziANu9g/lepOD6aiTIu5CCxz2Ph
8X19ZXumdFI0mwL37xL4t0TSQLEHRd5IDgc+beKCkCz+PyBbeYHnQ2ZFUwS3C3Ds
nRTgC3FoP8rAjcyrA5p/hIhQ0vMGSKaYTGrYgXiYdOr6xTGfCkBBW31q9fRQCsXR
3mLa6OTEmK4wytSmwYVYaH+wq97l4AxjfH1Hk9uTCReyqQjYf8LYBUjbqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD01zB/d1zKVWj4byOds+lkvZDs3MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvUFRYTUg5M1hNcFZhUGh2STUyejZXUzlrT3pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZyeMA0G
CSqGSIb3DQEBCwUAA4IBAQCJSApFcNeDJKsOARiOH4wrs+rKHWS+maCh0xRvOIqV
28VBhzHE7153m2GXj0Bz6cmPnRXoEMmj6ZD4MIGeZGe6NZs/JNqdV0K4Ws/YjsJN
un2CNB/UbZlp5d1JzWrsI8NwUisXm9quQ9sMX//Jfiu7j+MpQBy+5WSEac5tylNs
uv8KqegUYQPkXaRsecpjXmPRMpVzP9KKZ98e4Tpvls9b98jEydBMxJFJvN2MZcnQ
HbYcUSS4NB11jGs5tAmv32DfNMFn9W2sernjDVfslJu3n2qj5f3di+HrdOAf2MkJ
Wm3rOSNcEFMPiHzWHDJt18+eYz6taLyy3XK7fOpV29+j
-----END CERTIFICATE-----