Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/RVxp4-ksNfqNhfuOfh7y976a_Xo.roa
File:                     RVxp4-ksNfqNhfuOfh7y976a_Xo.roa (raw, json)
Hash identifier:          h2tuSdL6mTh/jGKmSJVyCxsHw5H2FIlmmGHy5bR1U6k=
Subject key identifier:   45:5C:69:E3:E9:2C:35:FA:8D:85:FB:8E:7E:1E:F2:F7:BE:9A:FD:7A
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0194222039B69A4171DDD1C6F5B6D65AC4CF
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/RVxp4-ksNfqNhfuOfh7y976a_Xo.roa
Signing time:             Wed 01 Jan 2025 13:48:44 +0000
ROA not before:           Wed 01 Jan 2025 13:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210740
IP address blocks:        194.32.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:39:b6:9a:41:71:dd:d1:c6:f5:b6:d6:5a:c4:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 13:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=455c69e3e92c35fa8d85fb8e7e1ef2f7be9afd7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:bf:a4:f0:f1:5c:de:b3:d5:0e:14:36:83:f9:
                    69:f7:f4:e9:e3:b3:47:ce:96:b9:74:b4:8d:d1:1e:
                    72:43:d5:19:3b:ac:a5:4e:46:f0:23:a3:92:d2:b1:
                    b4:dd:78:d7:d8:0d:e7:c7:03:aa:76:c6:cc:97:28:
                    3e:97:be:36:bb:8b:f1:e3:f4:2f:44:27:e9:ef:b3:
                    23:2e:7b:a5:05:64:1f:4c:7d:94:e7:4a:6b:af:e5:
                    03:94:fa:97:00:36:0f:26:25:57:63:9b:c1:1d:38:
                    b1:60:3c:9f:f8:ce:ad:de:4b:6c:2d:c4:4f:9a:33:
                    8c:f2:25:99:7b:ae:32:f7:cc:06:9f:27:66:59:3b:
                    d3:f4:f5:4c:d4:aa:b2:1e:f3:0e:ea:39:1e:ef:1d:
                    8d:87:08:a2:8b:85:fc:e7:dd:c9:61:90:7f:cb:8c:
                    21:1f:61:2f:68:ab:66:54:82:81:bc:9e:f8:55:25:
                    18:c6:04:ef:07:4a:28:39:2d:c9:90:29:5b:65:8b:
                    a0:59:cd:c6:28:e2:26:ea:75:06:4f:d8:51:00:18:
                    2e:61:16:38:26:f6:45:40:6b:09:58:ea:4f:69:18:
                    a7:49:bd:3d:81:63:bc:a8:09:a1:aa:79:9e:ad:a5:
                    a9:fd:f7:a4:f2:9c:3c:a8:b2:11:95:e8:71:49:36:
                    b4:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:5C:69:E3:E9:2C:35:FA:8D:85:FB:8E:7E:1E:F2:F7:BE:9A:FD:7A
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/RVxp4-ksNfqNhfuOfh7y976a_Xo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.32.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:eb:a2:d3:be:29:2d:73:c3:68:dc:e4:2d:5f:f3:70:4f:d3:
         c8:20:cc:4c:92:3c:d0:51:60:bf:af:4b:bd:e9:af:fe:f0:ed:
         61:75:5e:c5:5a:e1:3b:39:34:ec:a8:51:d2:c2:6e:f4:66:52:
         bc:70:02:d7:76:06:15:19:ac:f5:71:a2:29:9c:a1:a8:79:24:
         e2:64:11:95:c8:8d:1a:0d:97:87:91:48:39:07:84:f2:79:14:
         78:5b:26:01:57:5d:f0:2f:1f:bd:5d:bc:30:1a:2f:e2:48:42:
         85:b5:8c:3b:25:54:11:84:66:c7:57:b7:a0:2b:b0:1f:0e:d3:
         96:de:11:11:ac:01:ea:b5:23:4a:80:21:3a:12:6c:79:15:2e:
         f7:47:5d:d6:ca:c7:73:7d:31:33:44:1c:78:b1:25:26:50:99:
         3a:82:77:47:7d:ae:c2:8e:a4:07:02:02:6b:69:b9:55:c6:1b:
         d3:74:93:a3:18:36:04:70:d4:d6:38:46:41:bf:a6:cd:0f:73:
         d9:55:b1:44:1a:7d:f8:e4:2b:6b:53:af:c7:69:fd:1a:27:65:
         f5:1c:07:d9:bf:7e:05:7f:85:e8:e5:3b:db:44:03:85:4f:41:
         5f:8f:0d:a3:35:68:e2:b5:98:05:5c:97:95:af:ed:61:02:77:
         10:f8:75:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIDm2mkFx3dHG9bbWWsTPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTVjNjllM2U5MmMzNWZhOGQ4NWZiOGU3ZTFlZjJmN2JlOWFmZDdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1r+k8PFc3rPVDhQ2g/lp9/Tp47NH
zpa5dLSN0R5yQ9UZO6ylTkbwI6OS0rG03XjX2A3nxwOqdsbMlyg+l742u4vx4/Qv
RCfp77MjLnulBWQfTH2U50prr+UDlPqXADYPJiVXY5vBHTixYDyf+M6t3ktsLcRP
mjOM8iWZe64y98wGnydmWTvT9PVM1KqyHvMO6jke7x2Nhwiii4X8593JYZB/y4wh
H2EvaKtmVIKBvJ74VSUYxgTvB0ooOS3JkClbZYugWc3GKOIm6nUGT9hRABguYRY4
JvZFQGsJWOpPaRinSb09gWO8qAmhqnmeraWp/fek8pw8qLIRlehxSTa05wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEVcaePpLDX6jYX7jn4e8ve+mv16MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvUlZ4cDQta3NOZnFOaGZ1T2ZoN3k5NzZhX1hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiB5MA0G
CSqGSIb3DQEBCwUAA4IBAQCG66LTviktc8No3OQtX/NwT9PIIMxMkjzQUWC/r0u9
6a/+8O1hdV7FWuE7OTTsqFHSwm70ZlK8cALXdgYVGaz1caIpnKGoeSTiZBGVyI0a
DZeHkUg5B4TyeRR4WyYBV13wLx+9XbwwGi/iSEKFtYw7JVQRhGbHV7egK7AfDtOW
3hERrAHqtSNKgCE6Emx5FS73R13WysdzfTEzRBx4sSUmUJk6gndHfa7CjqQHAgJr
ablVxhvTdJOjGDYEcNTWOEZBv6bND3PZVbFEGn345CtrU6/Haf0aJ2X1HAfZv34F
f4Xo5TvbRAOFT0Ffjw2jNWjitZgFXJeVr+1hAncQ+HU4
-----END CERTIFICATE-----