Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/U9y1uTgz4_lHmHQDp02OIFRiYUg.roa
File:                     U9y1uTgz4_lHmHQDp02OIFRiYUg.roa (raw, json)
Hash identifier:          tR9sCgut96Pg65nuo59Tnt4dQGMJ7m+k3bC/IVnm8RU=
Subject key identifier:   53:DC:B5:B9:38:33:E3:F9:47:98:74:03:A7:4D:8E:20:54:62:61:48
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       01942220048AEB6C8F3020D1C71BC152CFFB
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/U9y1uTgz4_lHmHQDp02OIFRiYUg.roa
Signing time:             Wed 01 Jan 2025 13:48:31 +0000
ROA not before:           Wed 01 Jan 2025 13:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        103.212.80.0/24 maxlen: 24
                          185.121.122.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:04:8a:eb:6c:8f:30:20:d1:c7:1b:c1:52:cf:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 13:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=53dcb5b93833e3f947987403a74d8e2054626148
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:a1:43:2c:c2:d8:0e:0b:ec:9a:1e:ad:cf:2c:
                    05:00:f6:91:17:c8:51:d0:7e:ae:0d:dd:d0:2e:69:
                    b5:d8:a9:0f:56:a7:6a:15:95:c8:71:a4:9d:8c:03:
                    ab:ab:c4:61:4d:77:46:5f:8f:29:75:eb:65:40:fb:
                    d4:42:e6:f3:3d:80:44:9e:0a:e6:51:f4:c6:3d:99:
                    50:4d:c1:ff:2f:3d:a7:2d:71:75:3d:0c:33:db:d5:
                    df:7e:cd:3c:56:39:bf:b1:a0:87:66:52:2c:a2:7b:
                    7c:7b:9e:28:73:c8:4c:f1:ea:1f:a9:5f:b0:c0:c6:
                    9c:0a:f2:8f:68:e3:ee:f1:13:43:78:6b:e3:5a:45:
                    43:4c:9e:c9:8c:fc:f4:73:0d:6b:18:68:1f:9e:e3:
                    2e:67:9f:cc:49:bf:2b:c2:5c:da:15:e0:6e:d7:d6:
                    8a:c6:ae:f3:97:76:f6:2e:8d:c9:16:29:c5:ac:33:
                    ef:fa:6b:e9:ee:2d:65:24:69:a5:e1:c7:87:f1:8a:
                    29:72:8a:3e:57:fe:a4:97:05:00:eb:74:a5:50:dd:
                    bb:97:e7:58:c3:65:66:89:c0:5f:37:61:e4:13:d4:
                    52:68:26:2e:40:dc:1c:33:54:37:c9:e9:ef:9d:16:
                    f6:e1:b9:ab:33:63:7d:b8:79:4c:0f:b5:fe:47:c8:
                    a3:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:DC:B5:B9:38:33:E3:F9:47:98:74:03:A7:4D:8E:20:54:62:61:48
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/U9y1uTgz4_lHmHQDp02OIFRiYUg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.212.80.0/24
                  185.121.122.0/23

    Signature Algorithm: sha256WithRSAEncryption
         51:ec:8f:bb:dc:72:ea:ed:ac:b1:5a:c6:f7:88:3e:60:17:80:
         c6:34:b5:84:a3:5a:04:36:8a:27:d7:44:d9:b7:6a:7e:b3:01:
         59:b1:7d:24:e4:a9:fa:ca:f1:a0:bb:7d:9e:f2:bb:bb:e0:dc:
         79:66:8a:07:4b:6b:17:ae:8d:c2:c8:33:61:fb:11:1e:db:c7:
         07:42:eb:cf:82:b7:19:db:b3:fb:3c:b4:b3:88:83:f7:f6:b5:
         f9:b5:b4:bc:5f:d6:50:2f:c6:e1:57:65:8c:c6:12:79:e6:13:
         e0:f1:9e:8b:89:3a:f2:5c:be:a2:e7:34:8c:f3:19:e9:bc:3d:
         fb:d7:b1:70:b3:51:0f:5b:40:16:dd:a8:a9:50:09:fe:bb:a3:
         04:7e:38:51:aa:2e:a8:50:6e:28:0c:b2:01:43:2a:a1:bc:46:
         e9:5c:4c:17:19:f6:88:12:0f:04:26:34:bb:21:55:30:70:a4:
         23:9a:5c:d2:d7:bc:29:f6:aa:81:3a:12:dd:1d:d2:a5:9d:40:
         4c:15:c6:8f:1c:7f:b9:3b:1e:b1:ba:76:c6:fe:3b:c2:8e:89:
         fd:7d:0f:b1:dd:27:98:49:b5:9e:74:ba:12:6c:75:25:64:89:
         1d:6d:bd:6d:e0:a8:5f:8d:74:9f:a2:50:0a:49:48:19:15:f5:
         2a:d7:1d:0a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiIASK62yPMCDRxxvBUs/7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2RjYjViOTM4MzNlM2Y5NDc5ODc0MDNhNzRkOGUyMDU0NjI2MTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuKFDLMLYDgvsmh6tzywFAPaRF8hR
0H6uDd3QLmm12KkPVqdqFZXIcaSdjAOrq8RhTXdGX48pdetlQPvUQubzPYBEngrm
UfTGPZlQTcH/Lz2nLXF1PQwz29Xffs08Vjm/saCHZlIsont8e54oc8hM8eofqV+w
wMacCvKPaOPu8RNDeGvjWkVDTJ7JjPz0cw1rGGgfnuMuZ5/MSb8rwlzaFeBu19aK
xq7zl3b2Lo3JFinFrDPv+mvp7i1lJGml4ceH8Yopcoo+V/6klwUA63SlUN27l+dY
w2VmicBfN2HkE9RSaCYuQNwcM1Q3yenvnRb24bmrM2N9uHlMD7X+R8ijlQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFPctbk4M+P5R5h0A6dNjiBUYmFIMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvVTl5MXVUZ3o0X2xIbUhRRHAwMk9JRlJpWVVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAZ9RQAwQB
uXl6MA0GCSqGSIb3DQEBCwUAA4IBAQBR7I+73HLq7ayxWsb3iD5gF4DGNLWEo1oE
Noon10TZt2p+swFZsX0k5Kn6yvGgu32e8ru74Nx5ZooHS2sXro3CyDNh+xEe28cH
QuvPgrcZ27P7PLSziIP39rX5tbS8X9ZQL8bhV2WMxhJ55hPg8Z6LiTryXL6i5zSM
8xnpvD3717Fws1EPW0AW3aipUAn+u6MEfjhRqi6oUG4oDLIBQyqhvEbpXEwXGfaI
Eg8EJjS7IVUwcKQjmlzS17wp9qqBOhLdHdKlnUBMFcaPHH+5Ox6xunbG/jvCjon9
fQ+x3SeYSbWedLoSbHUlZIkdbb1t4KhfjXSfolAKSUgZFfUq1x0K
-----END CERTIFICATE-----