Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/S-q1GipI5xAjoSwWeFpcb9frqVI.roa
File:                     S-q1GipI5xAjoSwWeFpcb9frqVI.roa (raw, json)
Hash identifier:          twgtY2xEn6OzIugxpjME5xImO670Qr4m5fLUeaxbMFc=
Subject key identifier:   4B:EA:B5:1A:2A:48:E7:10:23:A1:2C:16:78:5A:5C:6F:D7:EB:A9:52
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0194222014359AF6B9865A8DC31CDAFCE348
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/S-q1GipI5xAjoSwWeFpcb9frqVI.roa
Signing time:             Wed 01 Jan 2025 13:48:35 +0000
ROA not before:           Wed 01 Jan 2025 13:48:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29066
IP address blocks:        185.217.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:14:35:9a:f6:b9:86:5a:8d:c3:1c:da:fc:e3:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 13:48:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4beab51a2a48e71023a12c16785a5c6fd7eba952
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:ff:f0:23:00:71:1b:0d:e6:ad:a4:94:e8:94:
                    a2:25:80:19:e2:56:24:75:14:d0:9b:b7:bf:63:75:
                    13:d1:9d:18:f5:d2:93:be:c7:b4:ea:e0:09:97:e6:
                    db:79:a1:8a:db:04:9e:ff:bc:90:68:4b:b0:48:d5:
                    59:df:f5:29:6a:a9:c4:36:15:3f:d2:53:35:0d:e7:
                    83:d3:5e:63:3e:2b:b4:e4:a1:e1:98:ff:1c:5f:77:
                    fe:c1:25:f9:28:53:8d:ef:c5:b8:03:da:98:dc:85:
                    6b:22:51:9a:fd:06:96:9b:80:92:f0:53:a8:d1:4e:
                    7f:0d:81:8c:e6:6a:49:7a:cd:fd:e7:9a:f6:17:23:
                    9b:fc:58:f7:bb:89:a9:ed:86:d1:7c:93:ae:34:ed:
                    87:b1:87:24:e5:4d:f8:45:4a:44:95:ae:3d:a8:7f:
                    56:51:9f:b2:08:85:74:af:5e:ee:51:16:ed:89:d0:
                    d1:3d:30:bf:0f:2b:ad:f4:0a:0e:4c:11:35:e3:44:
                    30:dc:0e:52:7a:e7:2f:f2:3f:9e:2d:08:d1:84:bd:
                    fd:ce:21:df:8f:23:85:84:62:00:4c:d8:a4:bf:18:
                    31:1a:99:9c:46:ab:82:30:de:be:c4:46:c5:bf:3d:
                    e2:a1:6e:07:7f:21:11:28:d4:16:15:6e:59:85:38:
                    17:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:EA:B5:1A:2A:48:E7:10:23:A1:2C:16:78:5A:5C:6F:D7:EB:A9:52
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/S-q1GipI5xAjoSwWeFpcb9frqVI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:41:a5:ab:ac:0c:fe:67:fd:e1:47:12:1b:eb:53:59:2e:86:
         e2:a6:36:d1:08:e4:a0:23:59:91:ba:26:17:32:29:16:96:1b:
         39:24:94:7b:1d:5e:72:9d:2e:de:cc:bf:7f:e2:e5:09:fb:7a:
         b8:3e:1f:2d:39:48:f4:37:6d:49:ca:0b:c8:ba:19:e1:73:4a:
         37:d9:b8:b3:87:9c:02:e4:47:8b:a6:b7:b8:fe:8c:e1:35:94:
         cd:ae:59:7b:fe:69:9b:c8:df:70:b5:f6:46:10:76:ce:54:80:
         64:50:c4:0e:cd:5b:04:bb:eb:7b:6f:cd:38:0a:e1:fb:ec:ce:
         c4:bb:07:6f:81:0e:be:21:15:d3:96:03:4c:35:69:6b:fb:3d:
         02:79:e0:88:35:f6:30:f1:49:9f:54:11:90:00:7d:1c:2e:89:
         38:5a:3b:dd:b9:b0:70:d9:96:6f:94:3c:4a:38:ac:be:b9:4a:
         36:c3:ab:86:fe:72:b3:ca:ef:64:ca:c3:2d:48:7d:7c:3b:2f:
         5b:43:22:3e:cb:d1:3d:5c:8e:50:18:91:2f:32:63:bb:48:53:
         fc:af:b2:1f:b5:2a:68:9d:2c:de:b3:c3:f7:56:e0:9f:f2:d7:
         6f:c5:62:8a:a2:92:7c:10:ac:e5:61:fd:fa:dc:c7:c8:f3:a0:
         90:33:ac:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIBQ1mva5hlqNwxza/ONIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmVhYjUxYTJhNDhlNzEwMjNhMTJjMTY3ODVhNWM2ZmQ3ZWJhOTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1f/wIwBxGw3mraSU6JSiJYAZ4lYk
dRTQm7e/Y3UT0Z0Y9dKTvse06uAJl+bbeaGK2wSe/7yQaEuwSNVZ3/UpaqnENhU/
0lM1DeeD015jPiu05KHhmP8cX3f+wSX5KFON78W4A9qY3IVrIlGa/QaWm4CS8FOo
0U5/DYGM5mpJes3955r2FyOb/Fj3u4mp7YbRfJOuNO2HsYck5U34RUpEla49qH9W
UZ+yCIV0r17uURbtidDRPTC/Dyut9AoOTBE140Qw3A5Seucv8j+eLQjRhL39ziHf
jyOFhGIATNikvxgxGpmcRquCMN6+xEbFvz3ioW4HfyERKNQWFW5ZhTgXswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEvqtRoqSOcQI6EsFnhaXG/X66lSMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvUy1xMUdpcEk1eEFqb1N3V2VGcGNiOWZycVZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudl3MA0G
CSqGSIb3DQEBCwUAA4IBAQB9QaWrrAz+Z/3hRxIb61NZLobipjbRCOSgI1mRuiYX
MikWlhs5JJR7HV5ynS7ezL9/4uUJ+3q4Ph8tOUj0N21JygvIuhnhc0o32bizh5wC
5EeLpre4/ozhNZTNrll7/mmbyN9wtfZGEHbOVIBkUMQOzVsEu+t7b804CuH77M7E
uwdvgQ6+IRXTlgNMNWlr+z0CeeCINfYw8UmfVBGQAH0cLok4WjvdubBw2ZZvlDxK
OKy+uUo2w6uG/nKzyu9kysMtSH18Oy9bQyI+y9E9XI5QGJEvMmO7SFP8r7IftSpo
nSzes8P3VuCf8tdvxWKKopJ8EKzlYf363MfI86CQM6zL
-----END CERTIFICATE-----